2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
5 /* ====================================================================
6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
59 © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
64 #include <openssl/rand.h>
65 #include <openssl/x509.h>
67 /* MIME and related routines */
69 /* MIME format structures
70 * Note that all are translated to lower case apart from
71 * parameter values. Quotes are stripped off
75 char *param_name; /* Param name e.g. "micalg" */
76 char *param_value; /* Param value e.g. "sha1" */
79 DECLARE_STACK_OF(MIME_PARAM)
80 IMPLEMENT_STACK_OF(MIME_PARAM)
83 char *name; /* Name of line e.g. "content-type" */
84 char *value; /* Value of line e.g. "text/plain" */
85 STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
88 DECLARE_STACK_OF(MIME_HEADER)
89 IMPLEMENT_STACK_OF(MIME_HEADER)
91 static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags);
92 static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
93 static PKCS7 *B64_read_PKCS7(BIO *bio);
94 static char * strip_ends(char *name);
95 static char * strip_start(char *name);
96 static char * strip_end(char *name);
97 static MIME_HEADER *mime_hdr_new(char *name, char *value);
98 static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
99 static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
100 static int mime_hdr_cmp(const MIME_HEADER * const *a,
101 const MIME_HEADER * const *b);
102 static int mime_param_cmp(const MIME_PARAM * const *a,
103 const MIME_PARAM * const *b);
104 static void mime_param_free(MIME_PARAM *param);
105 static int mime_bound_check(char *line, int linelen, char *bound, int blen);
106 static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
107 static int strip_eol(char *linebuf, int *plen);
108 static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
109 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
110 static void mime_hdr_free(MIME_HEADER *hdr);
112 #define MAX_SMLEN 1024
113 #define mime_debug(x) /* x */
115 /* Base 64 read and write of PKCS#7 structure */
117 static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
120 if(!(b64 = BIO_new(BIO_f_base64()))) {
121 PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
124 bio = BIO_push(b64, bio);
125 i2d_PKCS7_bio(bio, p7);
126 (void)BIO_flush(bio);
132 static PKCS7 *B64_read_PKCS7(BIO *bio)
136 if(!(b64 = BIO_new(BIO_f_base64()))) {
137 PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
140 bio = BIO_push(b64, bio);
141 if(!(p7 = d2i_PKCS7_bio(bio, NULL)))
142 PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
143 (void)BIO_flush(bio);
151 EXPORT_C int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
155 char *mime_prefix, *mime_eol, *msg_type=NULL;
156 if (flags & PKCS7_NOOLDMIMETYPE)
157 mime_prefix = "application/pkcs7-";
159 mime_prefix = "application/x-pkcs7-";
161 if (flags & PKCS7_CRLFEOL)
165 if((flags & PKCS7_DETACHED) && data) {
166 /* We want multipart/signed */
167 /* Generate a random boundary */
168 RAND_pseudo_bytes((unsigned char *)bound, 32);
169 for(i = 0; i < 32; i++) {
176 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
177 BIO_printf(bio, "Content-Type: multipart/signed;");
178 BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
179 BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
180 bound, mime_eol, mime_eol);
181 BIO_printf(bio, "This is an S/MIME signed message%s%s",
183 /* Now write out the first part */
184 BIO_printf(bio, "------%s%s", bound, mime_eol);
185 pkcs7_output_data(bio, data, p7, flags);
186 BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
188 /* Headers for signature */
190 BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
191 BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
192 BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
194 BIO_printf(bio, "Content-Disposition: attachment;");
195 BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
197 B64_write_PKCS7(bio, p7);
198 BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
203 /* Determine smime-type header */
205 if (PKCS7_type_is_enveloped(p7))
206 msg_type = "enveloped-data";
207 else if (PKCS7_type_is_signed(p7))
209 /* If we have any signers it is signed-data othewise
212 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
213 sinfos = PKCS7_get_signer_info(p7);
214 if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0)
215 msg_type = "signed-data";
217 msg_type = "certs-only";
220 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
221 BIO_printf(bio, "Content-Disposition: attachment;");
222 BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
223 BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
225 BIO_printf(bio, " smime-type=%s;", msg_type);
226 BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
227 BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
229 B64_write_PKCS7(bio, p7);
230 BIO_printf(bio, "%s", mime_eol);
234 /* Handle output of PKCS#7 data */
237 static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags)
241 if (!(flags & PKCS7_STREAM))
243 SMIME_crlf_copy(data, out, flags);
247 /* Partial sign operation */
249 /* Initialize sign operation */
250 p7bio = PKCS7_dataInit(p7, out);
252 /* Copy data across, computing digests etc */
253 SMIME_crlf_copy(data, p7bio, flags);
255 /* Must be detached */
256 PKCS7_set_detached(p7, 1);
258 /* Finalize signatures */
259 PKCS7_dataFinal(p7, p7bio);
261 /* Now remove any digests prepended to the BIO */
265 tmpbio = BIO_pop(p7bio);
274 /* SMIME reader: handle multipart/signed and opaque signing.
275 * in multipart case the content is placed in a memory BIO
276 * pointed to by "bcont". In opaque this is set to NULL
279 EXPORT_C PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
282 STACK_OF(MIME_HEADER) *headers = NULL;
283 STACK_OF(BIO) *parts = NULL;
289 if(bcont) *bcont = NULL;
291 if (!(headers = mime_parse_hdr(bio))) {
292 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
296 if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
297 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
298 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
302 /* Handle multipart/signed */
304 if(!strcmp(hdr->value, "multipart/signed")) {
305 /* Split into two parts */
306 prm = mime_param_find(hdr, "boundary");
307 if(!prm || !prm->param_value) {
308 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
309 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
312 ret = multi_split(bio, prm->param_value, &parts);
313 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
314 if(!ret || (sk_BIO_num(parts) != 2) ) {
315 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
316 sk_BIO_pop_free(parts, BIO_vfree);
320 /* Parse the signature piece */
321 p7in = sk_BIO_value(parts, 1);
323 if (!(headers = mime_parse_hdr(p7in))) {
324 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
325 sk_BIO_pop_free(parts, BIO_vfree);
329 /* Get content type */
331 if(!(hdr = mime_hdr_find(headers, "content-type")) ||
333 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
334 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
338 if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
339 strcmp(hdr->value, "application/pkcs7-signature")) {
340 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
341 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
342 ERR_add_error_data(2, "type: ", hdr->value);
343 sk_BIO_pop_free(parts, BIO_vfree);
346 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
348 if(!(p7 = B64_read_PKCS7(p7in))) {
349 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
350 sk_BIO_pop_free(parts, BIO_vfree);
355 *bcont = sk_BIO_value(parts, 0);
358 } else sk_BIO_pop_free(parts, BIO_vfree);
362 /* OK, if not multipart/signed try opaque signature */
364 if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
365 strcmp (hdr->value, "application/pkcs7-mime")) {
366 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
367 ERR_add_error_data(2, "type: ", hdr->value);
368 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
372 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
374 if(!(p7 = B64_read_PKCS7(bio))) {
375 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
382 /* Copy text from one BIO to another making the output CRLF at EOL */
383 EXPORT_C int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
387 char linebuf[MAX_SMLEN];
388 if(flags & PKCS7_BINARY) {
389 while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
390 BIO_write(out, linebuf, len);
393 if(flags & PKCS7_TEXT)
394 BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
395 while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
396 eol = strip_eol(linebuf, &len);
398 BIO_write(out, linebuf, len);
399 if(eol) BIO_write(out, "\r\n", 2);
404 /* Strip off headers if they are text/plain */
405 EXPORT_C int SMIME_text(BIO *in, BIO *out)
413 STACK_OF(MIME_HEADER) *headers;
416 if (!(headers = mime_parse_hdr(in))) {
417 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
420 if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
421 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
422 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
425 if (strcmp (hdr->value, "text/plain")) {
426 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
427 ERR_add_error_data(2, "type: ", hdr->value);
428 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
431 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
432 while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
433 BIO_write(out, iobuf, len);
437 /* Split a multipart/XXX message body into component parts: result is
438 * canonical parts in a STACK of bios
441 static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
443 char linebuf[MAX_SMLEN];
445 int eol = 0, next_eol = 0;
447 STACK_OF(BIO) *parts;
448 char state, part, first;
450 blen = strlen(bound);
454 parts = sk_BIO_new_null();
456 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
457 state = mime_bound_check(linebuf, len, bound, blen);
461 } else if(state == 2) {
462 sk_BIO_push(parts, bpart);
465 /* Strip CR+LF from linebuf */
466 next_eol = strip_eol(linebuf, &len);
469 if(bpart) sk_BIO_push(parts, bpart);
470 bpart = BIO_new(BIO_s_mem());
471 BIO_set_mem_eof_return(bpart, 0);
473 BIO_write(bpart, "\r\n", 2);
476 BIO_write(bpart, linebuf, len);
482 /* This is the big one: parse MIME header lines up to message body */
484 #define MIME_INVALID 0
490 #define MIME_COMMENT 6
493 static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
497 char linebuf[MAX_SMLEN];
498 MIME_HEADER *mhdr = NULL;
499 STACK_OF(MIME_HEADER) *headers;
500 int len, state, save_state = 0;
502 headers = sk_MIME_HEADER_new(mime_hdr_cmp);
503 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
504 /* If whitespace at line start then continuation line */
505 if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
506 else state = MIME_START;
508 /* Go through all characters */
509 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
511 /* State machine to handle MIME headers
512 * if this looks horrible that's because it *is*
520 ntmp = strip_ends(q);
527 mime_debug("Found End Value\n");
529 mhdr = mime_hdr_new(ntmp, strip_ends(q));
530 sk_MIME_HEADER_push(headers, mhdr);
534 } else if(c == '(') {
536 state = MIME_COMMENT;
550 ntmp = strip_ends(q);
559 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
562 } else if (c == '"') {
563 mime_debug("Found Quote\n");
565 } else if(c == '(') {
567 state = MIME_COMMENT;
573 mime_debug("Found Match Quote\n");
580 if(state == MIME_TYPE) {
581 mhdr = mime_hdr_new(ntmp, strip_ends(q));
582 sk_MIME_HEADER_push(headers, mhdr);
583 } else if(state == MIME_VALUE)
584 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
585 if(p == linebuf) break; /* Blank line means end of headers */
592 static char *strip_ends(char *name)
594 return strip_end(strip_start(name));
597 /* Strip a parameter of whitespace from start of param */
598 static char *strip_start(char *name)
601 /* Look for first non white space or quote */
602 for(p = name; (c = *p) ;p++) {
604 /* Next char is start of string if non null */
605 if(p[1]) return p + 1;
606 /* Else null string */
609 if(!isspace((unsigned char)c)) return p;
614 /* As above but strip from end of string : maybe should handle brackets? */
615 static char *strip_end(char *name)
618 if(!name) return NULL;
619 /* Look for first non white space or quote */
620 for(p = name + strlen(name) - 1; p >= name ;p--) {
623 if(p - 1 == name) return NULL;
627 if(isspace((unsigned char)c)) *p = 0;
633 static MIME_HEADER *mime_hdr_new(char *name, char *value)
636 char *tmpname, *tmpval, *p;
639 if(!(tmpname = BUF_strdup(name))) return NULL;
640 for(p = tmpname ; *p; p++) {
647 } else tmpname = NULL;
649 if(!(tmpval = BUF_strdup(value))) return NULL;
650 for(p = tmpval ; *p; p++) {
657 } else tmpval = NULL;
658 mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
659 if(!mhdr) return NULL;
660 mhdr->name = tmpname;
661 mhdr->value = tmpval;
662 if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
666 static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
668 char *tmpname, *tmpval, *p;
672 tmpname = BUF_strdup(name);
673 if(!tmpname) return 0;
674 for(p = tmpname ; *p; p++) {
681 } else tmpname = NULL;
683 tmpval = BUF_strdup(value);
684 if(!tmpval) return 0;
685 } else tmpval = NULL;
686 /* Parameter values are case sensitive so leave as is */
687 mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
688 if(!mparam) return 0;
689 mparam->param_name = tmpname;
690 mparam->param_value = tmpval;
691 sk_MIME_PARAM_push(mhdr->params, mparam);
695 static int mime_hdr_cmp(const MIME_HEADER * const *a,
696 const MIME_HEADER * const *b)
698 return(strcmp((*a)->name, (*b)->name));
701 static int mime_param_cmp(const MIME_PARAM * const *a,
702 const MIME_PARAM * const *b)
704 return(strcmp((*a)->param_name, (*b)->param_name));
707 /* Find a header with a given name (if possible) */
709 static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
714 idx = sk_MIME_HEADER_find(hdrs, &htmp);
715 if(idx < 0) return NULL;
716 return sk_MIME_HEADER_value(hdrs, idx);
719 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
723 param.param_name = name;
724 idx = sk_MIME_PARAM_find(hdr->params, ¶m);
725 if(idx < 0) return NULL;
726 return sk_MIME_PARAM_value(hdr->params, idx);
729 static void mime_hdr_free(MIME_HEADER *hdr)
731 if(hdr->name) OPENSSL_free(hdr->name);
732 if(hdr->value) OPENSSL_free(hdr->value);
733 if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
737 static void mime_param_free(MIME_PARAM *param)
739 if(param->param_name) OPENSSL_free(param->param_name);
740 if(param->param_value) OPENSSL_free(param->param_value);
744 /* Check for a multipart boundary. Returns:
749 static int mime_bound_check(char *line, int linelen, char *bound, int blen)
751 if(linelen == -1) linelen = strlen(line);
752 if(blen == -1) blen = strlen(bound);
753 /* Quickly eliminate if line length too short */
754 if(blen + 2 > linelen) return 0;
755 /* Check for part boundary */
756 if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
757 if(!strncmp(line + blen + 2, "--", 2)) return 2;
763 static int strip_eol(char *linebuf, int *plen)
768 p = linebuf + len - 1;
769 for (p = linebuf + len - 1; len > 0; len--, p--)