Various S/MIME bug and compatibility fixes. (beab098d) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+12 −2

Original line number	Diff line number	Diff line
		@@ -2,7 +2,7 @@
		OpenSSL CHANGES
		_______________

		Changes between 0.9.7a and 0.9.8 [xx XXX xxxx]
		Changes between 0.9.7c and 0.9.8 [xx XXX xxxx]

		*) Add support for STORE in ENGINE.
		[Richard Levitte]
		@@ -533,7 +533,17 @@
		differing sizes.
		[Richard Levitte]

		Changes between 0.9.7a and 0.9.7b [xx XXX 2003]
		Changes between 0.9.7b and 0.9.7c [xx XXX 2003]

		*) Various S/MIME bugfixes and compatibility changes:
		output correct application/pkcs7 MIME type if
		PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
		Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
		of files as .eml work). Correctly handle very long lines in MIME
		parser.
		[Steve Henson]

		Changes between 0.9.7a and 0.9.7b [10 Apr 2003]

		*) Countermeasure against the Klima-Pokorny-Rosa extension of
		Bleichbacher's attack on PKCS #1 v1.5 padding: treat

apps/smime.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -168,6 +168,10 @@ int MAIN(int argc, char **argv)
		flags \|= PKCS7_BINARY;
		else if (!strcmp (*args, "-nosigs"))
		flags \|= PKCS7_NOSIGS;
		else if (!strcmp (*args, "-nooldmime"))
		flags \|= PKCS7_NOOLDMIMETYPE;
		else if (!strcmp (*args, "-crlfeol"))
		flags \|= PKCS7_CRLFEOL;
		else if (!strcmp (*args, "-crl_check"))
		store_flags \|= X509_V_FLAG_CRL_CHECK;
		else if (!strcmp (*args, "-crl_check_all"))

crypto/pkcs7/pk7_doit.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -771,6 +771,11 @@ int PKCS7_signatureVerify(BIO bio, PKCS7 p7, PKCS7_SIGNER_INFO *si,
		}
		if (EVP_MD_CTX_type(mdc) == md_type)
		break;
		/* Workaround for some broken clients that put the signature
		* OID instead of the digest OID in digest_alg->algorithm
		*/
		if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
		break;
		btmp=BIO_next(btmp);
		}

crypto/pkcs7/pk7_mime.c

+34 −17

Original line number	Diff line number	Diff line
		@@ -153,6 +153,15 @@ int SMIME_write_PKCS7(BIO bio, PKCS7 p7, BIO *data, int flags)
		{
		char bound[33], c;
		int i;
		char mime_prefix, mime_eol;
		if (flags & PKCS7_NOOLDMIMETYPE)
		mime_prefix = "application/pkcs7-";
		else
		mime_prefix = "application/x-pkcs7-";
		if (flags & PKCS7_CRLFEOL)
		mime_eol = "\r\n";
		else
		mime_eol = "\n";
		if((flags & PKCS7_DETACHED) && data) {
		/* We want multipart/signed */
		/* Generate a random boundary */
		@@ -164,34 +173,42 @@ int SMIME_write_PKCS7(BIO bio, PKCS7 p7, BIO *data, int flags)
		bound[i] = c;
		}
		bound[32] = 0;
		BIO_printf(bio, "MIME-Version: 1.0\n");
		BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
		BIO_printf(bio, "Content-Type: multipart/signed;");
		BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
		BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
		BIO_printf(bio, "This is an S/MIME signed message\n\n");
		BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
		BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
		bound, mime_eol, mime_eol);
		BIO_printf(bio, "This is an S/MIME signed message%s%s",
		mime_eol, mime_eol);
		/* Now write out the first part */
		BIO_printf(bio, "------%s\r\n", bound);

		BIO_printf(bio, "------%s%s", bound, mime_eol);
		pkcs7_output_data(bio, data, p7, flags);

		BIO_printf(bio, "\n------%s\n", bound);
		BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);

		/* Headers for signature */

		BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
		BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
		BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
		BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
		BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
		BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
		mime_eol);
		BIO_printf(bio, "Content-Disposition: attachment;");
		BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
		mime_eol, mime_eol);
		B64_write_PKCS7(bio, p7);
		BIO_printf(bio,"\n------%s--\n\n", bound);
		BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
		mime_eol, mime_eol);
		return 1;
		}
		/* MIME headers */
		BIO_printf(bio, "MIME-Version: 1.0\n");
		BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
		BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
		BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
		BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
		BIO_printf(bio, "Content-Disposition: attachment;");
		BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
		BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
		BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
		BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
		mime_eol, mime_eol);
		B64_write_PKCS7(bio, p7);
		BIO_printf(bio, "\n");
		BIO_printf(bio, "%s", mime_eol);
		return 1;
		}

crypto/pkcs7/pkcs7.h

+3 −1

Original line number	Diff line number	Diff line
		@@ -260,7 +260,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
		#define PKCS7_BINARY 0x80
		#define PKCS7_NOATTR 0x100
		#define PKCS7_NOSMIMECAP 0x200
		#define PKCS7_STREAM 0x400
		#define PKCS7_NOOLDMIMETYPE 0x400
		#define PKCS7_CRLFEOL 0x800
		#define PKCS7_STREAM 0x1000

		/* Flags: for compatibility with older code */