Various S/MIME bug and compatibility fixes.

CHANGES

@@ -2,7 +2,7 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7a and 0.9.8  [xx XXX xxxx]
+ Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]
 
   *) Add support for STORE in ENGINE.
      [Richard Levitte]
@@ -533,7 +533,17 @@
      differing sizes.
      [Richard Levitte]
 
- Changes between 0.9.7a and 0.9.7b  [xx XXX 2003]
+ Changes between 0.9.7b and 0.9.7c  [xx XXX 2003]
+
+  *) Various S/MIME bugfixes and compatibility changes:
+     output correct application/pkcs7 MIME type if
+     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+     of files as .eml work). Correctly handle very long lines in MIME
+     parser.
+     [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
 
   *) Countermeasure against the Klima-Pokorny-Rosa extension of
      Bleichbacher's attack on PKCS #1 v1.5 padding: treat

apps/smime.c

@@ -168,6 +168,10 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_BINARY;
 		else if (!strcmp (*args, "-nosigs"))
 				flags |= PKCS7_NOSIGS;
+		else if (!strcmp (*args, "-nooldmime"))
+				flags |= PKCS7_NOOLDMIMETYPE;
+		else if (!strcmp (*args, "-crlfeol"))
+				flags |= PKCS7_CRLFEOL;
 		else if (!strcmp (*args, "-crl_check"))
 				store_flags |= X509_V_FLAG_CRL_CHECK;
 		else if (!strcmp (*args, "-crl_check_all"))

crypto/pkcs7/pk7_doit.c

@@ -771,6 +771,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 			}
 		if (EVP_MD_CTX_type(mdc) == md_type)
 			break;
+		/* Workaround for some broken clients that put the signature
+		 * OID instead of the digest OID in digest_alg->algorithm
+		 */
+		if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+			break;
 		btmp=BIO_next(btmp);
 		}
 

crypto/pkcs7/pk7_mime.c

@@ -153,6 +153,15 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 {
 	char bound[33], c;
 	int i;
+	char *mime_prefix, *mime_eol;
+	if (flags & PKCS7_NOOLDMIMETYPE)
+		mime_prefix = "application/pkcs7-";
+	else
+		mime_prefix = "application/x-pkcs7-";
+	if (flags & PKCS7_CRLFEOL)
+		mime_eol = "\r\n";
+	else
+		mime_eol = "\n";
 	if((flags & PKCS7_DETACHED) && data) {
 	/* We want multipart/signed */
 		/* Generate a random boundary */
@@ -164,34 +173,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 			bound[i] = c;
 		}
 		bound[32] = 0;
-		BIO_printf(bio, "MIME-Version: 1.0\n");
+		BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
 		BIO_printf(bio, "Content-Type: multipart/signed;");
-		BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
+		BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
-		BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
+		BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
-		BIO_printf(bio, "This is an S/MIME signed message\n\n");
+						bound, mime_eol, mime_eol);
+		BIO_printf(bio, "This is an S/MIME signed message%s%s",
+						mime_eol, mime_eol);
 		/* Now write out the first part */
-		BIO_printf(bio, "------%s\r\n", bound);
+		BIO_printf(bio, "------%s%s", bound, mime_eol);
-
 		pkcs7_output_data(bio, data, p7, flags);
-
+		BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
-		BIO_printf(bio, "\n------%s\n", bound);
 
 		/* Headers for signature */
 
-		BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
+		BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
-		BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
+		BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
-		BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
+		BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+								mime_eol);
+		BIO_printf(bio, "Content-Disposition: attachment;");
+		BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+							mime_eol, mime_eol);
 		B64_write_PKCS7(bio, p7);
-		BIO_printf(bio,"\n------%s--\n\n", bound);
+		BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+							mime_eol, mime_eol);
 		return 1;
 	}
 	/* MIME headers */
-	BIO_printf(bio, "MIME-Version: 1.0\n");
+	BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-	BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
+	BIO_printf(bio, "Content-Disposition: attachment;");
-	BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
+	BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
-	BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
+	BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+	BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
+	BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+						mime_eol, mime_eol);
 	B64_write_PKCS7(bio, p7);
-	BIO_printf(bio, "\n");
+	BIO_printf(bio, "%s", mime_eol);
 	return 1;
 }
 

crypto/pkcs7/pkcs7.h

@@ -260,7 +260,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_BINARY		0x80
 #define PKCS7_NOATTR		0x100
 #define	PKCS7_NOSMIMECAP	0x200
-#define	PKCS7_STREAM		0x400
+#define PKCS7_NOOLDMIMETYPE	0x400
+#define PKCS7_CRLFEOL		0x800
+#define PKCS7_STREAM		0x1000
 
 /* Flags: for compatibility with older code */