1 /* asn_mime.c */
   2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   3  * project.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer. 
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    licensing@OpenSSL.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  *
  53  */
  54 
  55 #include <stdio.h>
  56 #include <ctype.h>
  57 #include "cryptlib.h"
  58 #include <openssl/rand.h>
  59 #include <openssl/x509.h>
  60 #include <openssl/asn1.h>
  61 #include <openssl/asn1t.h>
  62 #include "asn1_locl.h"
  63 
  64 /* Generalised MIME like utilities for streaming ASN1. Although many
  65  * have a PKCS7/CMS like flavour others are more general purpose.
  66  */
  67 
  68 /* MIME format structures
  69  * Note that all are translated to lower case apart from
  70  * parameter values. Quotes are stripped off
  71  */
  72 
  73 typedef struct {
  74 char *param_name;                       /* Param name e.g. "micalg" */
  75 char *param_value;                      /* Param value e.g. "sha1" */
  76 } MIME_PARAM;
  77 
  78 DECLARE_STACK_OF(MIME_PARAM)
  79 IMPLEMENT_STACK_OF(MIME_PARAM)
  80 
  81 typedef struct {
  82 char *name;                             /* Name of line e.g. "content-type" */
  83 char *value;                            /* Value of line e.g. "text/plain" */
  84 STACK_OF(MIME_PARAM) *params;           /* Zero or more parameters */
  85 } MIME_HEADER;
  86 
  87 DECLARE_STACK_OF(MIME_HEADER)
  88 IMPLEMENT_STACK_OF(MIME_HEADER)
  89 
  90 static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
  91                                         const ASN1_ITEM *it);
  92 static char * strip_ends(char *name);
  93 static char * strip_start(char *name);
  94 static char * strip_end(char *name);
  95 static MIME_HEADER *mime_hdr_new(char *name, char *value);
  96 static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
  97 static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
  98 static int mime_hdr_cmp(const MIME_HEADER * const *a,
  99                         const MIME_HEADER * const *b);
 100 static int mime_param_cmp(const MIME_PARAM * const *a,
 101                         const MIME_PARAM * const *b);
 102 static void mime_param_free(MIME_PARAM *param);
 103 static int mime_bound_check(char *line, int linelen, char *bound, int blen);
 104 static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
 105 static int strip_eol(char *linebuf, int *plen);
 106 static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
 107 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
 108 static void mime_hdr_free(MIME_HEADER *hdr);
 109 
 110 #define MAX_SMLEN 1024
 111 #define mime_debug(x) /* x */
 112 
 113 /* Output an ASN1 structure in BER format streaming if necessary */
 114 
 115 int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
 116                                 const ASN1_ITEM *it)
 117         {
 118         /* If streaming create stream BIO and copy all content through it */
 119         if (flags & SMIME_STREAM)
 120                 {
 121                 BIO *bio, *tbio;
 122                 bio = BIO_new_NDEF(out, val, it);
 123                 if (!bio)
 124                         {
 125                         ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM,ERR_R_MALLOC_FAILURE);
 126                         return 0;
 127                         }
 128                 SMIME_crlf_copy(in, bio, flags);
 129                 (void)BIO_flush(bio);
 130                 /* Free up successive BIOs until we hit the old output BIO */
 131                 do
 132                         {
 133                         tbio = BIO_pop(bio);
 134                         BIO_free(bio);
 135                         bio = tbio;
 136                         } while (bio != out);
 137                 }
 138         /* else just write out ASN1 structure which will have all content
 139          * stored internally
 140          */
 141         else
 142                 ASN1_item_i2d_bio(it, out, val);
 143         return 1;
 144         }
 145 
 146 /* Base 64 read and write of ASN1 structure */
 147 
 148 static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
 149                                 const ASN1_ITEM *it)
 150         {
 151         BIO *b64;
 152         int r;
 153         b64 = BIO_new(BIO_f_base64());
 154         if(!b64)
 155                 {
 156                 ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
 157                 return 0;
 158                 }
 159         /* prepend the b64 BIO so all data is base64 encoded.
 160          */
 161         out = BIO_push(b64, out);
 162         r = i2d_ASN1_bio_stream(out, val, in, flags, it);
 163         (void)BIO_flush(out);
 164         BIO_pop(out);
 165         BIO_free(b64);
 166         return r;
 167         }
 168 
 169 /* Streaming ASN1 PEM write */
 170 
 171 int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
 172                                 const char *hdr,
 173                                 const ASN1_ITEM *it)
 174         {
 175         int r;
 176         BIO_printf(out, "-----BEGIN %s-----\n", hdr);
 177         r = B64_write_ASN1(out, val, in, flags, it);
 178         BIO_printf(out, "-----END %s-----\n", hdr);
 179         return r;
 180         }
 181 
 182 static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
 183 {
 184         BIO *b64;
 185         ASN1_VALUE *val;
 186         if(!(b64 = BIO_new(BIO_f_base64()))) {
 187                 ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
 188                 return 0;
 189         }
 190         bio = BIO_push(b64, bio);
 191         val = ASN1_item_d2i_bio(it, bio, NULL);
 192         if(!val)
 193                 ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
 194         (void)BIO_flush(bio);
 195         bio = BIO_pop(bio);
 196         BIO_free(b64);
 197         return val;
 198 }
 199 
 200 /* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
 201 
 202 static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
 203         {
 204         const EVP_MD *md;
 205         int i, have_unknown = 0, write_comma, ret = 0, md_nid;
 206         have_unknown = 0;
 207         write_comma = 0;
 208         for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
 209                 {
 210                 if (write_comma)
 211                         BIO_write(out, ",", 1);
 212                 write_comma = 1;
 213                 md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
 214                 md = EVP_get_digestbynid(md_nid);
 215                 if (md && md->md_ctrl)
 216                         {
 217                         int rv;
 218                         char *micstr;
 219                         rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
 220                         if (rv > 0)
 221                                 {
 222                                 BIO_puts(out, micstr);
 223                                 OPENSSL_free(micstr);
 224                                 continue;
 225                                 }
 226                         if (rv != -2)
 227                                 goto err;
 228                         }
 229                 switch(md_nid)
 230                         {
 231                         case NID_sha1:
 232                         BIO_puts(out, "sha1");
 233                         break;
 234 
 235                         case NID_md5:
 236                         BIO_puts(out, "md5");
 237                         break;
 238 
 239                         case NID_sha256:
 240                         BIO_puts(out, "sha-256");
 241                         break;
 242 
 243                         case NID_sha384:
 244                         BIO_puts(out, "sha-384");
 245                         break;
 246 
 247                         case NID_sha512:
 248                         BIO_puts(out, "sha-512");
 249                         break;
 250 
 251                         case NID_id_GostR3411_94:
 252                         BIO_puts(out, "gostr3411-94");
 253                                 goto err;
 254                         break;
 255 
 256                         default:
 257                         if (have_unknown)
 258                                 write_comma = 0;
 259                         else
 260                                 {
 261                                 BIO_puts(out, "unknown");
 262                                 have_unknown = 1;
 263                                 }
 264                         break;
 265 
 266                         }
 267                 }
 268 
 269         ret = 1;
 270         err:
 271 
 272         return ret;
 273 
 274         }
 275 
 276 /* SMIME sender */
 277 
 278 int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
 279                                 int ctype_nid, int econt_nid,
 280                                 STACK_OF(X509_ALGOR) *mdalgs,
 281                                 const ASN1_ITEM *it)
 282 {
 283         char bound[33], c;
 284         int i;
 285         const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
 286         const char *msg_type=NULL;
 287         if (flags & SMIME_OLDMIME)
 288                 mime_prefix = "application/x-pkcs7-";
 289         else
 290                 mime_prefix = "application/pkcs7-";
 291 
 292         if (flags & SMIME_CRLFEOL)
 293                 mime_eol = "\r\n";
 294         else
 295                 mime_eol = "\n";
 296         if((flags & SMIME_DETACHED) && data) {
 297         /* We want multipart/signed */
 298                 /* Generate a random boundary */
 299                 RAND_pseudo_bytes((unsigned char *)bound, 32);
 300                 for(i = 0; i < 32; i++) {
 301                         c = bound[i] & 0xf;
 302                         if(c < 10) c += '0';
 303                         else c += 'A' - 10;
 304                         bound[i] = c;
 305                 }
 306                 bound[32] = 0;
 307                 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
 308                 BIO_printf(bio, "Content-Type: multipart/signed;");
 309                 BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
 310                 BIO_puts(bio, " micalg=\"");
 311                 asn1_write_micalg(bio, mdalgs);
 312                 BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
 313                                                 bound, mime_eol, mime_eol);
 314                 BIO_printf(bio, "This is an S/MIME signed message%s%s",
 315                                                 mime_eol, mime_eol);
 316                 /* Now write out the first part */
 317                 BIO_printf(bio, "------%s%s", bound, mime_eol);
 318                 if (!asn1_output_data(bio, data, val, flags, it))
 319                         return 0;
 320                 BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
 321 
 322                 /* Headers for signature */
 323 
 324                 BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
 325                 BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
 326                 BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
 327                                                                 mime_eol);
 328                 BIO_printf(bio, "Content-Disposition: attachment;");
 329                 BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
 330                                                         mime_eol, mime_eol);
 331                 B64_write_ASN1(bio, val, NULL, 0, it);
 332                 BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
 333                                                         mime_eol, mime_eol);
 334                 return 1;
 335         }
 336 
 337         /* Determine smime-type header */
 338 
 339         if (ctype_nid == NID_pkcs7_enveloped)
 340                 msg_type = "enveloped-data";
 341         else if (ctype_nid == NID_pkcs7_signed)
 342                 {
 343                 if (econt_nid == NID_id_smime_ct_receipt)
 344                         msg_type = "signed-receipt";
 345                 else if (sk_X509_ALGOR_num(mdalgs) >= 0)
 346                         msg_type = "signed-data";
 347                 else
 348                         msg_type = "certs-only";
 349                 }
 350         else if (ctype_nid == NID_id_smime_ct_compressedData)
 351                 {
 352                 msg_type = "compressed-data";
 353                 cname = "smime.p7z";
 354                 }
 355         /* MIME headers */
 356         BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
 357         BIO_printf(bio, "Content-Disposition: attachment;");
 358         BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
 359         BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
 360         if (msg_type)
 361                 BIO_printf(bio, " smime-type=%s;", msg_type);
 362         BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
 363         BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
 364                                                 mime_eol, mime_eol);
 365         if (!B64_write_ASN1(bio, val, data, flags, it))
 366                 return 0;
 367         BIO_printf(bio, "%s", mime_eol);
 368         return 1;
 369 }
 370 
 371 /* Handle output of ASN1 data */
 372 
 373 
 374 static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
 375                                         const ASN1_ITEM *it)
 376         {
 377         BIO *tmpbio;
 378         const ASN1_AUX *aux = it->funcs;
 379         ASN1_STREAM_ARG sarg;
 380         int rv = 1;
 381 
 382         /* If data is not deteched or resigning then the output BIO is
 383          * already set up to finalise when it is written through.
 384          */
 385         if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST))
 386                 {
 387                 SMIME_crlf_copy(data, out, flags);
 388                 return 1;
 389                 }
 390 
 391         if (!aux || !aux->asn1_cb)
 392                 {
 393                 ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
 394                                         ASN1_R_STREAMING_NOT_SUPPORTED);
 395                 return 0;
 396                 }
 397 
 398         sarg.out = out;
 399         sarg.ndef_bio = NULL;
 400         sarg.boundary = NULL;
 401 
 402         /* Let ASN1 code prepend any needed BIOs */
 403 
 404         if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
 405                 return 0;
 406 
 407         /* Copy data across, passing through filter BIOs for processing */
 408         SMIME_crlf_copy(data, sarg.ndef_bio, flags);
 409 
 410         /* Finalize structure */
 411         if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
 412                 rv = 0;
 413 
 414         /* Now remove any digests prepended to the BIO */
 415 
 416         while (sarg.ndef_bio != out)
 417                 {
 418                 tmpbio = BIO_pop(sarg.ndef_bio);
 419                 BIO_free(sarg.ndef_bio);
 420                 sarg.ndef_bio = tmpbio;
 421                 }
 422 
 423         return rv;
 424 
 425         }
 426 
 427 /* SMIME reader: handle multipart/signed and opaque signing.
 428  * in multipart case the content is placed in a memory BIO
 429  * pointed to by "bcont". In opaque this is set to NULL
 430  */
 431 
 432 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
 433 {
 434         BIO *asnin;
 435         STACK_OF(MIME_HEADER) *headers = NULL;
 436         STACK_OF(BIO) *parts = NULL;
 437         MIME_HEADER *hdr;
 438         MIME_PARAM *prm;
 439         ASN1_VALUE *val;
 440         int ret;
 441 
 442         if(bcont) *bcont = NULL;
 443 
 444         if (!(headers = mime_parse_hdr(bio))) {
 445                 ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
 446                 return NULL;
 447         }
 448 
 449         if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
 450                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 451                 ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
 452                 return NULL;
 453         }
 454 
 455         /* Handle multipart/signed */
 456 
 457         if(!strcmp(hdr->value, "multipart/signed")) {
 458                 /* Split into two parts */
 459                 prm = mime_param_find(hdr, "boundary");
 460                 if(!prm || !prm->param_value) {
 461                         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 462                         ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
 463                         return NULL;
 464                 }
 465                 ret = multi_split(bio, prm->param_value, &parts);
 466                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 467                 if(!ret || (sk_BIO_num(parts) != 2) ) {
 468                         ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
 469                         sk_BIO_pop_free(parts, BIO_vfree);
 470                         return NULL;
 471                 }
 472 
 473                 /* Parse the signature piece */
 474                 asnin = sk_BIO_value(parts, 1);
 475 
 476                 if (!(headers = mime_parse_hdr(asnin))) {
 477                         ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
 478                         sk_BIO_pop_free(parts, BIO_vfree);
 479                         return NULL;
 480                 }
 481 
 482                 /* Get content type */
 483 
 484                 if(!(hdr = mime_hdr_find(headers, "content-type")) ||
 485                                                                  !hdr->value) {
 486                         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 487                         ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
 488                         return NULL;
 489                 }
 490 
 491                 if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
 492                         strcmp(hdr->value, "application/pkcs7-signature")) {
 493                         ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
 494                         ERR_add_error_data(2, "type: ", hdr->value);
 495                         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 496                         sk_BIO_pop_free(parts, BIO_vfree);
 497                         return NULL;
 498                 }
 499                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 500                 /* Read in ASN1 */
 501                 if(!(val = b64_read_asn1(asnin, it))) {
 502                         ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
 503                         sk_BIO_pop_free(parts, BIO_vfree);
 504                         return NULL;
 505                 }
 506 
 507                 if(bcont) {
 508                         *bcont = sk_BIO_value(parts, 0);
 509                         BIO_free(asnin);
 510                         sk_BIO_free(parts);
 511                 } else sk_BIO_pop_free(parts, BIO_vfree);
 512                 return val;
 513         }
 514                 
 515         /* OK, if not multipart/signed try opaque signature */
 516 
 517         if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
 518             strcmp (hdr->value, "application/pkcs7-mime")) {
 519                 ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
 520                 ERR_add_error_data(2, "type: ", hdr->value);
 521                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 522                 return NULL;
 523         }
 524 
 525         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 526         
 527         if(!(val = b64_read_asn1(bio, it))) {
 528                 ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
 529                 return NULL;
 530         }
 531         return val;
 532 
 533 }
 534 
 535 /* Copy text from one BIO to another making the output CRLF at EOL */
 536 int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
 537 {
 538         BIO *bf;
 539         char eol;
 540         int len;
 541         char linebuf[MAX_SMLEN];
 542         /* Buffer output so we don't write one line at a time. This is
 543          * useful when streaming as we don't end up with one OCTET STRING
 544          * per line.
 545          */
 546         bf = BIO_new(BIO_f_buffer());
 547         if (!bf)
 548                 return 0;
 549         out = BIO_push(bf, out);
 550         if(flags & SMIME_BINARY)
 551                 {
 552                 while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
 553                                                 BIO_write(out, linebuf, len);
 554                 }
 555         else
 556                 {
 557                 if(flags & SMIME_TEXT)
 558                         BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
 559                 while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
 560                         {
 561                         eol = strip_eol(linebuf, &len);
 562                         if (len)
 563                                 BIO_write(out, linebuf, len);
 564                         if(eol) BIO_write(out, "\r\n", 2);
 565                         }
 566                 }
 567         (void)BIO_flush(out);
 568         BIO_pop(out);
 569         BIO_free(bf);
 570         return 1;
 571 }
 572 
 573 /* Strip off headers if they are text/plain */
 574 int SMIME_text(BIO *in, BIO *out)
 575 {
 576         char iobuf[4096];
 577         int len;
 578         STACK_OF(MIME_HEADER) *headers;
 579         MIME_HEADER *hdr;
 580 
 581         if (!(headers = mime_parse_hdr(in))) {
 582                 ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
 583                 return 0;
 584         }
 585         if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
 586                 ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
 587                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 588                 return 0;
 589         }
 590         if (strcmp (hdr->value, "text/plain")) {
 591                 ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
 592                 ERR_add_error_data(2, "type: ", hdr->value);
 593                 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 594                 return 0;
 595         }
 596         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
 597         while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
 598                                                 BIO_write(out, iobuf, len);
 599         if (len < 0)
 600                 return 0;
 601         return 1;
 602 }
 603 
 604 /* Split a multipart/XXX message body into component parts: result is
 605  * canonical parts in a STACK of bios
 606  */
 607 
 608 static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
 609 {
 610         char linebuf[MAX_SMLEN];
 611         int len, blen;
 612         int eol = 0, next_eol = 0;
 613         BIO *bpart = NULL;
 614         STACK_OF(BIO) *parts;
 615         char state, part, first;
 616 
 617         blen = strlen(bound);
 618         part = 0;
 619         state = 0;
 620         first = 1;
 621         parts = sk_BIO_new_null();
 622         *ret = parts;
 623         while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
 624                 state = mime_bound_check(linebuf, len, bound, blen);
 625                 if(state == 1) {
 626                         first = 1;
 627                         part++;
 628                 } else if(state == 2) {
 629                         sk_BIO_push(parts, bpart);
 630                         return 1;
 631                 } else if(part) {
 632                         /* Strip CR+LF from linebuf */
 633                         next_eol = strip_eol(linebuf, &len);
 634                         if(first) {
 635                                 first = 0;
 636                                 if(bpart) sk_BIO_push(parts, bpart);
 637                                 bpart = BIO_new(BIO_s_mem());
 638                                 BIO_set_mem_eof_return(bpart, 0);
 639                         } else if (eol)
 640                                 BIO_write(bpart, "\r\n", 2);
 641                         eol = next_eol;
 642                         if (len)
 643                                 BIO_write(bpart, linebuf, len);
 644                 }
 645         }
 646         return 0;
 647 }
 648 
 649 /* This is the big one: parse MIME header lines up to message body */
 650 
 651 #define MIME_INVALID    0
 652 #define MIME_START      1
 653 #define MIME_TYPE       2
 654 #define MIME_NAME       3
 655 #define MIME_VALUE      4
 656 #define MIME_QUOTE      5
 657 #define MIME_COMMENT    6
 658 
 659 
 660 static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
 661 {
 662         char *p, *q, c;
 663         char *ntmp;
 664         char linebuf[MAX_SMLEN];
 665         MIME_HEADER *mhdr = NULL;
 666         STACK_OF(MIME_HEADER) *headers;
 667         int len, state, save_state = 0;
 668 
 669         headers = sk_MIME_HEADER_new(mime_hdr_cmp);
 670         while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
 671         /* If whitespace at line start then continuation line */
 672         if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
 673         else state = MIME_START;
 674         ntmp = NULL;
 675         /* Go through all characters */
 676         for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
 677 
 678         /* State machine to handle MIME headers
 679          * if this looks horrible that's because it *is*
 680          */
 681 
 682                 switch(state) {
 683                         case MIME_START:
 684                         if(c == ':') {
 685                                 state = MIME_TYPE;
 686                                 *p = 0;
 687                                 ntmp = strip_ends(q);
 688                                 q = p + 1;
 689                         }
 690                         break;
 691 
 692                         case MIME_TYPE:
 693                         if(c == ';') {
 694                                 mime_debug("Found End Value\n");
 695                                 *p = 0;
 696                                 mhdr = mime_hdr_new(ntmp, strip_ends(q));
 697                                 sk_MIME_HEADER_push(headers, mhdr);
 698                                 ntmp = NULL;
 699                                 q = p + 1;
 700                                 state = MIME_NAME;
 701                         } else if(c == '(') {
 702                                 save_state = state;
 703                                 state = MIME_COMMENT;
 704                         }
 705                         break;
 706 
 707                         case MIME_COMMENT:
 708                         if(c == ')') {
 709                                 state = save_state;
 710                         }
 711                         break;
 712 
 713                         case MIME_NAME:
 714                         if(c == '=') {
 715                                 state = MIME_VALUE;
 716                                 *p = 0;
 717                                 ntmp = strip_ends(q);
 718                                 q = p + 1;
 719                         }
 720                         break ;
 721 
 722                         case MIME_VALUE:
 723                         if(c == ';') {
 724                                 state = MIME_NAME;
 725                                 *p = 0;
 726                                 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
 727                                 ntmp = NULL;
 728                                 q = p + 1;
 729                         } else if (c == '"') {
 730                                 mime_debug("Found Quote\n");
 731                                 state = MIME_QUOTE;
 732                         } else if(c == '(') {
 733                                 save_state = state;
 734                                 state = MIME_COMMENT;
 735                         }
 736                         break;
 737 
 738                         case MIME_QUOTE:
 739                         if(c == '"') {
 740                                 mime_debug("Found Match Quote\n");
 741                                 state = MIME_VALUE;
 742                         }
 743                         break;
 744                 }
 745         }
 746 
 747         if(state == MIME_TYPE) {
 748                 mhdr = mime_hdr_new(ntmp, strip_ends(q));
 749                 sk_MIME_HEADER_push(headers, mhdr);
 750         } else if(state == MIME_VALUE)
 751                          mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
 752         if(p == linebuf) break; /* Blank line means end of headers */
 753 }
 754 
 755 return headers;
 756 
 757 }
 758 
 759 static char *strip_ends(char *name)
 760 {
 761         return strip_end(strip_start(name));
 762 }
 763 
 764 /* Strip a parameter of whitespace from start of param */
 765 static char *strip_start(char *name)
 766 {
 767         char *p, c;
 768         /* Look for first non white space or quote */
 769         for(p = name; (c = *p) ;p++) {
 770                 if(c == '"') {
 771                         /* Next char is start of string if non null */
 772                         if(p[1]) return p + 1;
 773                         /* Else null string */
 774                         return NULL;
 775                 }
 776                 if(!isspace((unsigned char)c)) return p;
 777         }
 778         return NULL;
 779 }
 780 
 781 /* As above but strip from end of string : maybe should handle brackets? */
 782 static char *strip_end(char *name)
 783 {
 784         char *p, c;
 785         if(!name) return NULL;
 786         /* Look for first non white space or quote */
 787         for(p = name + strlen(name) - 1; p >= name ;p--) {
 788                 c = *p;
 789                 if(c == '"') {
 790                         if(p - 1 == name) return NULL;
 791                         *p = 0;
 792                         return name;
 793                 }
 794                 if(isspace((unsigned char)c)) *p = 0;   
 795                 else return name;
 796         }
 797         return NULL;
 798 }
 799 
 800 static MIME_HEADER *mime_hdr_new(char *name, char *value)
 801 {
 802         MIME_HEADER *mhdr;
 803         char *tmpname, *tmpval, *p;
 804         int c;
 805         if(name) {
 806                 if(!(tmpname = BUF_strdup(name))) return NULL;
 807                 for(p = tmpname ; *p; p++) {
 808                         c = (unsigned char)*p;
 809                         if(isupper(c)) {
 810                                 c = tolower(c);
 811                                 *p = c;
 812                         }
 813                 }
 814         } else tmpname = NULL;
 815         if(value) {
 816                 if(!(tmpval = BUF_strdup(value))) return NULL;
 817                 for(p = tmpval ; *p; p++) {
 818                         c = (unsigned char)*p;
 819                         if(isupper(c)) {
 820                                 c = tolower(c);
 821                                 *p = c;
 822                         }
 823                 }
 824         } else tmpval = NULL;
 825         mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
 826         if(!mhdr) return NULL;
 827         mhdr->name = tmpname;
 828         mhdr->value = tmpval;
 829         if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
 830         return mhdr;
 831 }
 832                 
 833 static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
 834 {
 835         char *tmpname, *tmpval, *p;
 836         int c;
 837         MIME_PARAM *mparam;
 838         if(name) {
 839                 tmpname = BUF_strdup(name);
 840                 if(!tmpname) return 0;
 841                 for(p = tmpname ; *p; p++) {
 842                         c = (unsigned char)*p;
 843                         if(isupper(c)) {
 844                                 c = tolower(c);
 845                                 *p = c;
 846                         }
 847                 }
 848         } else tmpname = NULL;
 849         if(value) {
 850                 tmpval = BUF_strdup(value);
 851                 if(!tmpval) return 0;
 852         } else tmpval = NULL;
 853         /* Parameter values are case sensitive so leave as is */
 854         mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
 855         if(!mparam) return 0;
 856         mparam->param_name = tmpname;
 857         mparam->param_value = tmpval;
 858         sk_MIME_PARAM_push(mhdr->params, mparam);
 859         return 1;
 860 }
 861 
 862 static int mime_hdr_cmp(const MIME_HEADER * const *a,
 863                         const MIME_HEADER * const *b)
 864 {
 865         if (!(*a)->name || !(*b)->name)
 866                 return !!(*a)->name - !!(*b)->name;
 867 
 868         return(strcmp((*a)->name, (*b)->name));
 869 }
 870 
 871 static int mime_param_cmp(const MIME_PARAM * const *a,
 872                         const MIME_PARAM * const *b)
 873 {
 874         if (!(*a)->param_name || !(*b)->param_name)
 875                 return !!(*a)->param_name - !!(*b)->param_name;
 876         return(strcmp((*a)->param_name, (*b)->param_name));
 877 }
 878 
 879 /* Find a header with a given name (if possible) */
 880 
 881 static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
 882 {
 883         MIME_HEADER htmp;
 884         int idx;
 885         htmp.name = name;
 886         idx = sk_MIME_HEADER_find(hdrs, &htmp);
 887         if(idx < 0) return NULL;
 888         return sk_MIME_HEADER_value(hdrs, idx);
 889 }
 890 
 891 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
 892 {
 893         MIME_PARAM param;
 894         int idx;
 895         param.param_name = name;
 896         idx = sk_MIME_PARAM_find(hdr->params, &param);
 897         if(idx < 0) return NULL;
 898         return sk_MIME_PARAM_value(hdr->params, idx);
 899 }
 900 
 901 static void mime_hdr_free(MIME_HEADER *hdr)
 902 {
 903         if(hdr->name) OPENSSL_free(hdr->name);
 904         if(hdr->value) OPENSSL_free(hdr->value);
 905         if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
 906         OPENSSL_free(hdr);
 907 }
 908 
 909 static void mime_param_free(MIME_PARAM *param)
 910 {
 911         if(param->param_name) OPENSSL_free(param->param_name);
 912         if(param->param_value) OPENSSL_free(param->param_value);
 913         OPENSSL_free(param);
 914 }
 915 
 916 /* Check for a multipart boundary. Returns:
 917  * 0 : no boundary
 918  * 1 : part boundary
 919  * 2 : final boundary
 920  */
 921 static int mime_bound_check(char *line, int linelen, char *bound, int blen)
 922 {
 923         if(linelen == -1) linelen = strlen(line);
 924         if(blen == -1) blen = strlen(bound);
 925         /* Quickly eliminate if line length too short */
 926         if(blen + 2 > linelen) return 0;
 927         /* Check for part boundary */
 928         if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
 929                 if(!strncmp(line + blen + 2, "--", 2)) return 2;
 930                 else return 1;
 931         }
 932         return 0;
 933 }
 934 
 935 static int strip_eol(char *linebuf, int *plen)
 936         {
 937         int len = *plen;
 938         char *p, c;
 939         int is_eol = 0;
 940         p = linebuf + len - 1;
 941         for (p = linebuf + len - 1; len > 0; len--, p--)
 942                 {
 943                 c = *p;
 944                 if (c == '\n')
 945                         is_eol = 1;
 946                 else if (c != '\r')
 947                         break;
 948                 }
 949         *plen = len;
 950         return is_eol;
 951         }