Various S/MIME bug and compatibility fixes.

author Dr. Stephen Henson <steve@openssl.org>

Sun, 1 Jun 2003 20:51:58 +0000 (20:51 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Sun, 1 Jun 2003 20:51:58 +0000 (20:51 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 1 Jun 2003 20:51:58 +0000 (20:51 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Sun, 1 Jun 2003 20:51:58 +0000 (20:51 +0000)
diff --git a/CHANGES b/CHANGES

index a8402846220ca68e1e1515c17c99cab698b16093..1d279103dc1cf15a9bbda1eae81d082140e6951f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
   OpenSSL CHANGES
   _______________
  
   OpenSSL CHANGES
   _______________
  
- Changes between 0.9.7a and 0.9.8  [xx XXX xxxx]
+ Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]
  
    *) Add support for STORE in ENGINE.
       [Richard Levitte]
  
    *) Add support for STORE in ENGINE.
       [Richard Levitte]
@@ -533,7 +533,17 @@
       differing sizes.
       [Richard Levitte]
  
       differing sizes.
       [Richard Levitte]
  
- Changes between 0.9.7a and 0.9.7b  [xx XXX 2003]
+ Changes between 0.9.7b and 0.9.7c  [xx XXX 2003]
+
+  *) Various S/MIME bugfixes and compatibility changes:
+     output correct application/pkcs7 MIME type if
+     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+     of files as .eml work). Correctly handle very long lines in MIME
+     parser.
+     [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
  
    *) Countermeasure against the Klima-Pokorny-Rosa extension of
       Bleichbacher's attack on PKCS #1 v1.5 padding: treat
  
    *) Countermeasure against the Klima-Pokorny-Rosa extension of
       Bleichbacher's attack on PKCS #1 v1.5 padding: treat
diff --git a/apps/smime.c b/apps/smime.c

index 1d7d828e01f4150fa0de5e2b1b32162dde093a8f..418e03cd66dbb5c7ac7e5a144ed5d6ca72ce9c54 100644 (file)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -168,6 +168,10 @@ int MAIN(int argc, char **argv)
                                 flags |= PKCS7_BINARY;
                 else if (!strcmp (*args, "-nosigs"))
                                 flags |= PKCS7_NOSIGS;
                                 flags |= PKCS7_BINARY;
                 else if (!strcmp (*args, "-nosigs"))
                                 flags |= PKCS7_NOSIGS;
+               else if (!strcmp (*args, "-nooldmime"))
+                               flags |= PKCS7_NOOLDMIMETYPE;
+               else if (!strcmp (*args, "-crlfeol"))
+                               flags |= PKCS7_CRLFEOL;
                 else if (!strcmp (*args, "-crl_check"))
                                 store_flags |= X509_V_FLAG_CRL_CHECK;
                 else if (!strcmp (*args, "-crl_check_all"))
                 else if (!strcmp (*args, "-crl_check"))
                                 store_flags |= X509_V_FLAG_CRL_CHECK;
                 else if (!strcmp (*args, "-crl_check_all"))
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c

index 123671b43edd96ad70070542234ef0fde2590e4e..9382f47767b0d141fc8d76b69147c2eee7188bd4 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -771,6 +771,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
                         }
                 if (EVP_MD_CTX_type(mdc) == md_type)
                         break;
                         }
                 if (EVP_MD_CTX_type(mdc) == md_type)
                         break;
+               /* Workaround for some broken clients that put the signature
+                * OID instead of the digest OID in digest_alg->algorithm
+                */
+               if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+                       break;
                 btmp=BIO_next(btmp);
                 }
  
                 btmp=BIO_next(btmp);
                 }
  
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c

index 431aff94f0b0173870bab38ccb5fce6ac88b350e..16daf9ecdb70747d95d5350972424237060a6375 100644 (file)
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -153,6 +153,15 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
  {
         char bound[33], c;
         int i;
  {
         char bound[33], c;
         int i;
+       char *mime_prefix, *mime_eol;
+       if (flags & PKCS7_NOOLDMIMETYPE)
+               mime_prefix = "application/pkcs7-";
+       else
+               mime_prefix = "application/x-pkcs7-";
+       if (flags & PKCS7_CRLFEOL)
+               mime_eol = "\r\n";
+       else
+               mime_eol = "\n";
         if((flags & PKCS7_DETACHED) && data) {
         /* We want multipart/signed */
                 /* Generate a random boundary */
         if((flags & PKCS7_DETACHED) && data) {
         /* We want multipart/signed */
                 /* Generate a random boundary */
@@ -164,34 +173,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
                         bound[i] = c;
                 }
                 bound[32] = 0;
                         bound[i] = c;
                 }
                 bound[32] = 0;
-               BIO_printf(bio, "MIME-Version: 1.0\n");
+               BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
                 BIO_printf(bio, "Content-Type: multipart/signed;");
                 BIO_printf(bio, "Content-Type: multipart/signed;");
-               BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
-               BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
-               BIO_printf(bio, "This is an S/MIME signed message\n\n");
+               BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+               BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
+                                               bound, mime_eol, mime_eol);
+               BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                                               mime_eol, mime_eol);
                 /* Now write out the first part */
                 /* Now write out the first part */
-               BIO_printf(bio, "------%s\r\n", bound);
-
+               BIO_printf(bio, "------%s%s", bound, mime_eol);
                 pkcs7_output_data(bio, data, p7, flags);
                 pkcs7_output_data(bio, data, p7, flags);
-
-               BIO_printf(bio, "\n------%s\n", bound);
+               BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
  
                 /* Headers for signature */
  
  
                 /* Headers for signature */
  
-               BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
-               BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
-               BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
+               BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
+               BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+               BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+                                                               mime_eol);
+               BIO_printf(bio, "Content-Disposition: attachment;");
+               BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+                                                       mime_eol, mime_eol);
                 B64_write_PKCS7(bio, p7);
                 B64_write_PKCS7(bio, p7);
-               BIO_printf(bio,"\n------%s--\n\n", bound);
+               BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+                                                       mime_eol, mime_eol);
                 return 1;
         }
         /* MIME headers */
                 return 1;
         }
         /* MIME headers */
-       BIO_printf(bio, "MIME-Version: 1.0\n");
-       BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
-       BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
-       BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
+       BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+       BIO_printf(bio, "Content-Disposition: attachment;");
+       BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
+       BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+       BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
+       BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+                                               mime_eol, mime_eol);
         B64_write_PKCS7(bio, p7);
         B64_write_PKCS7(bio, p7);
-       BIO_printf(bio, "\n");
+       BIO_printf(bio, "%s", mime_eol);
         return 1;
  }
  
         return 1;
  }
  
diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h

index e6f65726661850d91d3d64308e6b4dc49346abcd..ab04d352abf702bde6daba52241732e76ebe3d69 100644 (file)
--- a/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
@@ -260,7 +260,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
  #define PKCS7_BINARY           0x80
  #define PKCS7_NOATTR           0x100
  #define        PKCS7_NOSMIMECAP        0x200
  #define PKCS7_BINARY           0x80
  #define PKCS7_NOATTR           0x100
  #define        PKCS7_NOSMIMECAP        0x200
-#define        PKCS7_STREAM            0x400
+#define PKCS7_NOOLDMIMETYPE    0x400
+#define PKCS7_CRLFEOL          0x800
+#define PKCS7_STREAM           0x1000
  
  /* Flags: for compatibility with older code */
  
  
  /* Flags: for compatibility with older code */
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 1 Jun 2003 20:51:58 +0000 (20:51 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sun, 1 Jun 2003 20:51:58 +0000 (20:51 +0000)
CHANGES		patch \| blob \| history
apps/smime.c		patch \| blob \| history
crypto/pkcs7/pk7_doit.c		patch \| blob \| history
crypto/pkcs7/pk7_mime.c		patch \| blob \| history
crypto/pkcs7/pkcs7.h		patch \| blob \| history