OpenSSL Developers -
Attached please find a compressed tar file containing patches and
sources implementing some additional pkcs#7 (aka cms) features.
You'll find these described in the specifications at:
http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-12.txt
http://www.ietf.org/internet-drafts/draft-ietf-smime-ess-12.txt
Note that the README in this directory issues the standard warning
about "experimental and subject to change." Nonetheless, it seemed
to me there was quite a bit of good stuff knocking around here that
only needed a little encouragement to become useful. With these
patches, you get command-line utilities "pk_sign" and "pk_ver" and
you get pkcs#7 signedData files with the content type and signing
certificate authenticated attributes. Note also these patches are
generated with respect to the 0.9.3 sources. If anybody would like
to see these WRT 0.9.2b, let me know. And of course, code review
and suggestions from the OpenSSL development team are always valuable
and much appreciated.
The first enhancement is a fairly trivial modification to the pkcs7
file pk7_doit.c that adds generation and verification of the pkcs#9
content type attribute to the authenticated attributes in the routines
pk7_doit.c:PKCS7_dataFinal and PKCS7_dataVerify. The attribute adds
coverage for the encapContentInfo field eContentType to the verify
process, as the digest in the message digest attribute doesn't cover
encapContentInfo.eContentType. Note that my patch to the verify
routine doesn't complain if the attribute is missing--only if it's
present and it's wrong. It'd probably have been better to be more
strict, but you'll have to make that decision based on your need for
compatibility with signed data messages that don't include the
attribute.
The second enhancement is equally trivial on the surface and a real
pain to implement. It just adds support for the signing certificate
attribute, as described in draft-ietf-smime-ess-12.txt. This ties the
certificate for the signer's private key to the signature and prevents
an attacker from substituting both certificate and signature in the
original message. See the ietf draft for details. The attribute is a
pain to implement due to the complexity created by its ASN.1-happy
authors, who decided to invent yet-another certificate identifier
(hehe, I couldn't resist, although I suppose the total population of
implementers of both OCSP and ESS specs is not very large... :)).
Anyway, you get a wad of files in the x509v3 directory that implement
the wad of ASN.1 that that starts from the SIGNING_CERTIFICATE ASN.1
in draft-ietf-smime-ess-12.txt. The verify side of things bags the
compare by DER-encoding a SIGNING_CERTIFICATE for the actual cert and
just memcmp'ing the one in the extension with the one from the actual
cert. So make sure *your* DER encoder sorts ASN.1 SETs properly, or
your mileage may vary, as they say. The OpenSSL one does.
I also mucked around with the pkcs7 Makefile.ssl and the sign.c,
verify.c, and example.c sources to create the rudimentary command-line
utilities pk7_sign and pk7_ver. I renamed sign.c and verify.c to
pk7_sign.c and pk7_ver.c to avoid name conflicts when building on
Windows/NT (all the object files wind up in one directory). And I
patched them up so they could generate the executables. Another cheap
trick was to copy the apps/apps.c #include of "bss_file.c" by sticking
an #include of "example.c" into pk7_sign.c and pk7_ver.c as a sort of
poor-man's library. It certainly didn't seem like a good idea to put
example.c into the crypto library, and I didn't want to figure out how
to make an application-specific library.
Finally, there's a minor patch to mk1mf.pl that implements the
EXSOURCE target for SSLeay makefiles. And there's a patch to add
numbers for the DEF files to ssleay.num.
Patches:
asn1.h.diff error codes for ASN.1 routines
asn1_err.c.diff ditto
bio.Makefile.ssl.diff EXSOURCE for bio_file.c
objects.h.diff add S/MIME ESS OIDS
obj_dat.h.diff output from perl on objects.h
example.c.diff add handlers for content type and signing cert attrs
pkcs7.Makefile.ssl.diff new executables and new sources (pk7_ver, pk7_sign).
pk7_doit.c.diff generate and verify new attributes
pkcs7.h.diff new reason code
sign.c.diff patches to compile executable, #include example.c
x509v3.Makefile.ssl.diff new sources for SIGNING_CERTIFICATE support
x509v3.h.diff new typedefs for internal versions of ASN.1 types
ssl_ciph.c.diff patch missing prototype for stack compare
mk1mf.pl.diff implement EXSOURCE target
libeay.num.diff more numbers for ASN.1 routines
New files:
crypto/pkcs7/pk7_ver.c source file formerly known by the name verify.c
crypto/pkcs7/pk7_sign.c source file formerly known by the name sign.c
crypto/x509v3/v3_pinf.c POLICY_INFO implementation
crypto/x509v3/v3_pqinf.c POLICY_QUALIFIER_INFO implmentation
crypto/x509v3/v3_unot.c USER_NOTICE implementation
crypto/x509v3/v3_nref.c NOTICE_REFERENCE implementation
update.sh script to copy from top-level patch directory
Executables:
pk7_sign
This guy wants a local PEM file named "server.pem" with both the
certificate and private key. Use the one in apps/server.pem (which
also has the advantage of not requiring a passphrase for the RSA
key). The command takes a single optional argument "-nd" for "no
detach" (i.e. create a pkcs#7 file with content) and it takes the
name of the file to sign as the second argument, e.g.:
-> echo foo > foo
-> pk7_sign -nd foo > foo.p7
pk7_ver
This guy just takes an optional argument "-d" for the name of the
file that you used to generate a detached signature with pk7_sign.
Then you supply the name of the pkcs#7 file, e.g. (following the
command above):
->pk7_ver foo.p7
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512
bit)
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512
bit)
verify error:num=21:unable to verify the first certificate
verify return:1
signer info
Signed time:Apr 16 15:19:38 1999 GMT
Content type: pkcs7-data
Signing certificate: ESSCertID:F4E97425CDCB9496E6B60BDE652D67A91E809B4D 4
(0x4)
done
TT
(tar -xzvf patch.tar untars the patch)
<<patch.tar>>
patch.tar
