From beab098d5385850baa600d5788b2b8549f962c5e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 1 Jun 2003 20:51:58 +0000 Subject: [PATCH] Various S/MIME bug and compatibility fixes. --- CHANGES | 14 +++++++++-- apps/smime.c | 4 ++++ crypto/pkcs7/pk7_doit.c | 5 ++++ crypto/pkcs7/pk7_mime.c | 51 +++++++++++++++++++++++++++-------------- crypto/pkcs7/pkcs7.h | 4 +++- 5 files changed, 58 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index a840284622..1d279103dc 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] *) Add support for STORE in ENGINE. [Richard Levitte] @@ -533,7 +533,17 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7a and 0.9.7b [xx XXX 2003] + Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + + *) Various S/MIME bugfixes and compatibility changes: + output correct application/pkcs7 MIME type if + PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures. + Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening + of files as .eml work). Correctly handle very long lines in MIME + parser. + [Steve Henson] + + Changes between 0.9.7a and 0.9.7b [10 Apr 2003] *) Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat diff --git a/apps/smime.c b/apps/smime.c index 1d7d828e01..418e03cd66 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -168,6 +168,10 @@ int MAIN(int argc, char **argv) flags |= PKCS7_BINARY; else if (!strcmp (*args, "-nosigs")) flags |= PKCS7_NOSIGS; + else if (!strcmp (*args, "-nooldmime")) + flags |= PKCS7_NOOLDMIMETYPE; + else if (!strcmp (*args, "-crlfeol")) + flags |= PKCS7_CRLFEOL; else if (!strcmp (*args, "-crl_check")) store_flags |= X509_V_FLAG_CRL_CHECK; else if (!strcmp (*args, "-crl_check_all")) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 123671b43e..9382f47767 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -771,6 +771,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } if (EVP_MD_CTX_type(mdc) == md_type) break; + /* Workaround for some broken clients that put the signature + * OID instead of the digest OID in digest_alg->algorithm + */ + if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) + break; btmp=BIO_next(btmp); } diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 431aff94f0..16daf9ecdb 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -153,6 +153,15 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { char bound[33], c; int i; + char *mime_prefix, *mime_eol; + if (flags & PKCS7_NOOLDMIMETYPE) + mime_prefix = "application/pkcs7-"; + else + mime_prefix = "application/x-pkcs7-"; + if (flags & PKCS7_CRLFEOL) + mime_eol = "\r\n"; + else + mime_eol = "\n"; if((flags & PKCS7_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ @@ -164,34 +173,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) bound[i] = c; } bound[32] = 0; - BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); BIO_printf(bio, "Content-Type: multipart/signed;"); - BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); - BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); - BIO_printf(bio, "This is an S/MIME signed message\n\n"); + BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); + BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s", + bound, mime_eol, mime_eol); + BIO_printf(bio, "This is an S/MIME signed message%s%s", + mime_eol, mime_eol); /* Now write out the first part */ - BIO_printf(bio, "------%s\r\n", bound); - + BIO_printf(bio, "------%s%s", bound, mime_eol); pkcs7_output_data(bio, data, p7, flags); - - BIO_printf(bio, "\n------%s\n", bound); + BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); /* Headers for signature */ - BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); + BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s", + mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7s\"%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio,"\n------%s--\n\n", bound); + BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, + mime_eol, mime_eol); return 1; } /* MIME headers */ - BIO_printf(bio, "MIME-Version: 1.0\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Type: %smime;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio, "\n"); + BIO_printf(bio, "%s", mime_eol); return 1; } diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index e6f6572666..ab04d352ab 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -260,7 +260,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 -#define PKCS7_STREAM 0x400 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 /* Flags: for compatibility with older code */ -- GitLab