Various S/MIME bug and compatibility fixes.

beab098d · Dr. Stephen Henson · 02b95b74 · beab098d · beab098d · beab098d
5 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.7a and 0.9.8  [xx XXX xxxx]
+ Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]

  *) Add support for STORE in ENGINE.
     [Richard Levitte]
@@ -533,7 +533,17 @@
     differing sizes.
     [Richard Levitte]

- Changes between 0.9.7a and 0.9.7b  [xx XXX 2003]
+ Changes between 0.9.7b and 0.9.7c  [xx XXX 2003]
+
+  *) Various S/MIME bugfixes and compatibility changes:
+     output correct application/pkcs7 MIME type if
+     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+     of files as .eml work). Correctly handle very long lines in MIME
+     parser.
+     [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]

  *) Countermeasure against the Klima-Pokorny-Rosa extension of
     Bleichbacher's attack on PKCS #1 v1.5 padding: treat

--- a/apps/smime.c
+++ b/apps/smime.c
@@ -168,6 +168,10 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_BINARY;
 		else if (!strcmp (*args, "-nosigs"))
 				flags |= PKCS7_NOSIGS;
+		else if (!strcmp (*args, "-nooldmime"))
+				flags |= PKCS7_NOOLDMIMETYPE;
+		else if (!strcmp (*args, "-crlfeol"))
+				flags |= PKCS7_CRLFEOL;
 		else if (!strcmp (*args, "-crl_check"))
 				store_flags |= X509_V_FLAG_CRL_CHECK;
 		else if (!strcmp (*args, "-crl_check_all"))

--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -771,6 +771,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 			}
 		if (EVP_MD_CTX_type(mdc) == md_type)
 			break;
+		/* Workaround for some broken clients that put the signature
+		 * OID instead of the digest OID in digest_alg->algorithm
+		 */
+		if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+			break;
 		btmp=BIO_next(btmp);
 		}


--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -153,6 +153,15 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 {
 	char bound[33], c;
 	int i;
+	char *mime_prefix, *mime_eol;
+	if (flags & PKCS7_NOOLDMIMETYPE)
+		mime_prefix = "application/pkcs7-";
+	else
+		mime_prefix = "application/x-pkcs7-";
+	if (flags & PKCS7_CRLFEOL)
+		mime_eol = "\r\n";
+	else
+		mime_eol = "\n";
 	if((flags & PKCS7_DETACHED) && data) {
 	/* We want multipart/signed */
 		/* Generate a random boundary */
@@ -164,34 +173,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 			bound[i] = c;
 		}
 		bound[32] = 0;
-		BIO_printf(bio, "MIME-Version: 1.0\n");
+		BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
 		BIO_printf(bio, "Content-Type: multipart/signed;");
-		BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
-		BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
-		BIO_printf(bio, "This is an S/MIME signed message\n\n");
+		BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+		BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
+						bound, mime_eol, mime_eol);
+		BIO_printf(bio, "This is an S/MIME signed message%s%s",
+						mime_eol, mime_eol);
 		/* Now write out the first part */
-		BIO_printf(bio, "------%s\r\n", bound);
-
+		BIO_printf(bio, "------%s%s", bound, mime_eol);
 		pkcs7_output_data(bio, data, p7, flags);
-
-		BIO_printf(bio, "\n------%s\n", bound);
+		BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);

 		/* Headers for signature */

-		BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
-		BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
-		BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
+		BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
+		BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+		BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+								mime_eol);
+		BIO_printf(bio, "Content-Disposition: attachment;");
+		BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+							mime_eol, mime_eol);
 		B64_write_PKCS7(bio, p7);
-		BIO_printf(bio,"\n------%s--\n\n", bound);
+		BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+							mime_eol, mime_eol);
 		return 1;
 	}
 	/* MIME headers */
-	BIO_printf(bio, "MIME-Version: 1.0\n");
-	BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
-	BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
-	BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
+	BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+	BIO_printf(bio, "Content-Disposition: attachment;");
+	BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
+	BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+	BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
+	BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+						mime_eol, mime_eol);
 	B64_write_PKCS7(bio, p7);
-	BIO_printf(bio, "\n");
+	BIO_printf(bio, "%s", mime_eol);
 	return 1;
 }


--- a/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
@@ -260,7 +260,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_BINARY		0x80
 #define PKCS7_NOATTR		0x100
 #define	PKCS7_NOSMIMECAP	0x200
-#define	PKCS7_STREAM		0x400
+#define PKCS7_NOOLDMIMETYPE	0x400
+#define PKCS7_CRLFEOL		0x800
+#define PKCS7_STREAM		0x1000

 /* Flags: for compatibility with older code */