I've been trying to get the PKCS#7 stuff in openssl-0.9.2b work
with S/MIME emails to/from Netscape Messenger and MS Outlook.
After some research in the openssl code and by analyzing the
pkcs7 encodings from Messenger and Outlook I have concluded that
the following changes (or at least some of them) are necessary.
Please correct me if I'm wrong about any of this. With these changes
S/MIME messages can be decoded/verified and encoded for use with
Messenger and Outlook (I haven't managed to make signatures
verify in Outlook yet ... still something missing?).
I have done the following, rows added/changed are marked with
a + and function context is shown as **** function_decl
(patches and example program follows as attachments):
crypt/objects/objects.h:
#define SN_rc2_40_cbc "RC2-40-CBC"
#define LN_rc2_40_cbc "rc2-40-cbc"
#define NID_rc2_40_cbc 98
+ /* OID added, sak */
+ #define OBJ_rc2_40_cbc OBJ_rsadsi,3L,2L
...
+ /* NID_rc2_64_cbc added by sak */
+ #define SN_rc2_64_cbc "RC2-64-CBC"
+ #define LN_rc2_64_cbc "rc2-64-cbc"
+ #define NID_rc2_64_cbc 143
+ /* OID added, sak */
+ #define OBJ_rc2_64_cbc OBJ_rsadsi,3L,2L
Comments: No OBJ defined for 40 bit rc2. Same as for 128 bit but needs to be
there for encoding.
crypt/evp/m_sha1.c:
static EVP_MD sha1_md=
{
NID_sha1,
+ NID_rsaEncryption, /* Had to change this from sha1WithRSAEncryption, sak */
SHA_DIGEST_LENGTH,
SHA1_Init,
SHA1_Update,
SHA1_Final,
EVP_PKEY_RSA_method,
SHA_CBLOCK,
sizeof(EVP_MD *)+sizeof(SHA_CTX),
};
Comments: Bad encryption algorithm in sha1 struct.
crypt/evp/bio_enc.c: **** static int enc_read(b,out,outl)
/* Should be continue next time we are called? */
if (!BIO_should_retry(b->next_bio))
{
ctx->cont=i;
i=EVP_CipherFinal(&(ctx->cipher),
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok=i;
ctx->buf_off=0;
+ /* Last block copy needed. sak */
+ i=outl<ctx->buf_len ? outl:ctx->buf_len;
+ memcpy(out,ctx->buf,i);
+ outl-=i;
+ out+=i;
+ ret+=i;
}
Comments: I frequently loose data at the end when decrypting. May be a padding problem
but this
hack fixes it for now. This would cause a lot of other problems for other applications
so I'm most
likely doing something wrong.
crypt/evp/e_cbc_r2.c:
static EVP_CIPHER r2_64_cbc_cipher=
{
+ NID_rc2_64_cbc, /* NID_rc2_40_cbc, sak */
8,8 /* 64 bit */,8,
rc2_cbc_init_key,
rc2_cbc_cipher,
NULL,
sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
rc2_set_asn1_type_and_iv,
rc2_get_asn1_type_and_iv,
};
... **** static EVP_CIPHER *rc2_magic_to_meth(i)
static int rc2_meth_to_magic(e)
EVP_CIPHER *e;
{
int i;
i=EVP_CIPHER_key_length(e);
+ if (i == 16) return(RC2_128_MAGIC); /* i == 128 sak */
+ else if (i == 8) return(RC2_64_MAGIC); /* i == 64 sak */
+ else if (i == 5) return(RC2_40_MAGIC); /* i == 40 sak */
else return(0);
}
Comments: Bad NID for 64 bit rc2 (had to hitch with 40 bit previously). The magic
number matching failed, should be bytes not bits.
crypt/pkcs7/pk7_doit.c: **** BIO *PKCS7_dataInit(p7,bio)
+ #if 0
os=ASN1_OCTET_STRING_new();
ASN1_OCTET_STRING_set(os,iv,ivlen);
/* XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX this needs to change */
if (xalg->parameter == NULL)
xalg->parameter=ASN1_TYPE_new();
ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
(char *)os);
+ #endif
...
for (i=0; i<sk_num(rsk); i++)
{
ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
pkey=X509_get_pubkey(ri->cert);
jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
EVP_PKEY_free(pkey);
if (jj <= 0)
{
PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
Free(tmp);
goto err;
}
ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
}
Free(tmp);
+ /* Need to set the algorithm parameter using context. sak */
BIO_set_cipher(btmp,evp_cipher,key,iv,1);
+ if (ivlen > 0) {
+ BIO_get_cipher_ctx(btmp, &evp_ctx);
+ evp_cipher->set_asn1_parameters(evp_ctx,xalg->parameter);
+ }
... **** BIO *PKCS7_dataDecode(p7,pkey,in_bio,xs)
evp_ctx=NULL;
BIO_get_cipher_ctx(etmp,&evp_ctx);
EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
+ /* Added support for non RC2 ciphers, sak */
+ if (evp_cipher->get_asn1_parameters != NULL &&
+ evp_cipher->get_asn1_parameters(evp_ctx,enc_alg->parameter) < 0)
return(NULL);
... **** int PKCS7_dataFinal(p7,bio)
/* Add content type, sak */
PKCS7_add_signed_attribute(si,
NID_pkcs9_contentType,
V_ASN1_OBJECT,(char *)OBJ_nid2obj(NID_pkcs7_data));
/* Add signing time */
sign_time=X509_gmtime_adj(NULL,0);
PKCS7_add_signed_attribute(si,
NID_pkcs9_signingTime,
V_ASN1_UTCTIME,(char *)sign_time);
Coments: Bad decoding of RC2 parameter, it now decodes the magic
number and patches the cipher correctly (I hope?). Added a pkcs7
content type object to signed attributes.
The smime.c program demonstrates how to create a signed and
enveloped S/MIME message using the pkcs7 stuff. I only need to
figure out why Outlook wont recognize the signature.
Hope this is of use for someone.
Sebastian Akerman
Parallel Consulting Group Int
Only in openssl-0.9.2b/crypto/bf: blowfish.doc
Only in openssl-0.9.2b/crypto/bn/asm: bn86unix.cpp
Only in openssl-0.9.2b/crypto/bn/asm: co86unix.cpp
Only in openssl-0.9.2b/crypto/cast/asm: cx86unix.cpp
Only in openssl-0.9.2b/crypto: date.h
Only in openssl-0.9.2b/crypto/des/asm: dx86unix.cpp
Only in openssl-0.9.2b/crypto/des/asm: yx86unix.cpp
diff -ur openssl-0.9.2b-orig/crypto/evp/bio_enc.c openssl-0.9.2b/crypto/evp/bio_enc.c
--- openssl-0.9.2b-orig/crypto/evp/bio_enc.c Mon Dec 21 11:59:22 1998
+++ openssl-0.9.2b/crypto/evp/bio_enc.c Mon May 3 13:18:50 1999
@@ -199,6 +199,13 @@
&(ctx->buf_len));
ctx->ok=i;
ctx->buf_off=0;
+
+ /* Last block copy needed. sak */
+ i=outl<ctx->buf_len ? outl:ctx->buf_len;
+ memcpy(out,ctx->buf,i);
+ outl-=i;
+ out+=i;
+ ret+=i;
}
else
ret=(ret == 0)?i:ret;
Only in openssl-0.9.2b/crypto/evp: bio_enc.c~
diff -ur openssl-0.9.2b-orig/crypto/evp/e_cbc_r2.c openssl-0.9.2b/crypto/evp/e_cbc_r2.c
--- openssl-0.9.2b-orig/crypto/evp/e_cbc_r2.c Mon Dec 21 11:59:23 1998
+++ openssl-0.9.2b/crypto/evp/e_cbc_r2.c Tue Mar 30 17:26:39 1999
@@ -102,7 +102,7 @@
static EVP_CIPHER r2_64_cbc_cipher=
{
- NID_rc2_40_cbc,
+ NID_rc2_64_cbc, /* NID_rc2_40_cbc, sak */
8,8 /* 64 bit */,8,
rc2_cbc_init_key,
rc2_cbc_cipher,
@@ -173,9 +173,9 @@
int i;
i=EVP_CIPHER_key_length(e);
- if (i == 128) return(RC2_128_MAGIC);
- else if (i == 64) return(RC2_64_MAGIC);
- else if (i == 40) return(RC2_40_MAGIC);
+ if (i == 16) return(RC2_128_MAGIC); /* i == 128 sak */
+ else if (i == 8) return(RC2_64_MAGIC); /* i == 64 sak */
+ else if (i == 5) return(RC2_40_MAGIC); /* i == 40 sak */
else return(0);
}
diff -ur openssl-0.9.2b-orig/crypto/evp/m_sha1.c openssl-0.9.2b/crypto/evp/m_sha1.c
--- openssl-0.9.2b-orig/crypto/evp/m_sha1.c Mon Dec 21 11:55:18 1998
+++ openssl-0.9.2b/crypto/evp/m_sha1.c Fri Apr 23 17:40:55 1999
@@ -65,7 +65,7 @@
static EVP_MD sha1_md=
{
NID_sha1,
- NID_sha1WithRSAEncryption,
+ NID_rsaEncryption, /* Had to change this from sha1WithRSAEncryption, sak */
SHA_DIGEST_LENGTH,
SHA1_Init,
SHA1_Update,
Only in openssl-0.9.2b/crypto/md5/asm: mx86unix.cpp
diff -ur openssl-0.9.2b-orig/crypto/objects/obj_dat.h
openssl-0.9.2b/crypto/objects/obj_dat.h
--- openssl-0.9.2b-orig/crypto/objects/obj_dat.h Fri Feb 19 02:29:26 1999
+++ openssl-0.9.2b/crypto/objects/obj_dat.h Tue Apr 20 11:52:14 1999
@@ -61,12 +61,12 @@
* perl obj_dat.pl < objects.h > obj_dat.h
*/
-#define NUM_NID 143
-#define NUM_SN 114
-#define NUM_LN 139
-#define NUM_OBJ 115
+#define NUM_NID 144
+#define NUM_SN 115
+#define NUM_LN 140
+#define NUM_OBJ 117
-static unsigned char lvalues[735]={
+static unsigned char lvalues[751]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
@@ -146,42 +146,44 @@
0x55,0x1D,0x23, /* [504] OBJ_authority_key_identifier */
0x55,0x08,0x03,0x65, /* [507] OBJ_mdc2 */
0x55,0x08,0x03,0x64, /* [511] OBJ_mdc2WithRSA */
-0x55,0x04,0x2A, /* [515] OBJ_givenName */
-0x55,0x04,0x04, /* [518] OBJ_surname */
-0x55,0x04,0x2B, /* [521] OBJ_initials */
-0x55,0x04,0x2D, /* [524] OBJ_uniqueIdentifier */
-0x55,0x1D,0x1F, /* [527] OBJ_crl_distribution_points */
-0x2B,0x0E,0x03,0x02,0x03, /* [530] OBJ_md5WithRSA */
-0x55,0x04,0x05, /* [535] OBJ_serialNumber */
-0x55,0x04,0x0C, /* [538] OBJ_title */
-0x55,0x04,0x0D, /* [541] OBJ_description */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [544] OBJ_cast5_cbc */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [553] OBJ_pbeWithMD5AndCast5_CBC */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [562] OBJ_dsaWithSHA1 */
-0x2B,0x0E,0x03,0x02,0x1D, /* [569] OBJ_sha1WithRSA */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [574] OBJ_dsa */
-0x2B,0x24,0x03,0x02,0x01, /* [581] OBJ_ripemd160 */
-0x2B,0x24,0x03,0x03,0x01,0x02, /* [586] OBJ_ripemd160WithRSA */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [592] OBJ_rc5_cbc */
-0x29,0x01,0x01,0x85,0x1A, /* [600] OBJ_rle_compression */
-0x29,0x01,0x01,0x85,0x1A, /* [605] OBJ_zlib_compression */
-0x55,0x1D,0x25, /* [610] OBJ_ext_key_usage */
-0x2B,0x06,0x01,0x05,0x05,0x07, /* [613] OBJ_id_pkix */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [619] OBJ_id_kp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [626] OBJ_server_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [634] OBJ_client_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [642] OBJ_code_sign */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [650] OBJ_email_protect */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [658] OBJ_time_stamp */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [666] OBJ_ms_code_ind */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [676] OBJ_ms_code_com */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [686] OBJ_ms_ctl_sign */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [696] OBJ_ms_sgc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [706] OBJ_ms_efs */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [716] OBJ_ns_sgc */
-0x55,0x1D,0x1B, /* [725] OBJ_delta_crl */
-0x55,0x1D,0x15, /* [728] OBJ_crl_reason */
-0x55,0x1D,0x18, /* [731] OBJ_invalidity_date */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [515] OBJ_rc2_40_cbc */
+0x55,0x04,0x2A, /* [523] OBJ_givenName */
+0x55,0x04,0x04, /* [526] OBJ_surname */
+0x55,0x04,0x2B, /* [529] OBJ_initials */
+0x55,0x04,0x2D, /* [532] OBJ_uniqueIdentifier */
+0x55,0x1D,0x1F, /* [535] OBJ_crl_distribution_points */
+0x2B,0x0E,0x03,0x02,0x03, /* [538] OBJ_md5WithRSA */
+0x55,0x04,0x05, /* [543] OBJ_serialNumber */
+0x55,0x04,0x0C, /* [546] OBJ_title */
+0x55,0x04,0x0D, /* [549] OBJ_description */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [552] OBJ_cast5_cbc */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [561] OBJ_pbeWithMD5AndCast5_CBC */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [570] OBJ_dsaWithSHA1 */
+0x2B,0x0E,0x03,0x02,0x1D, /* [577] OBJ_sha1WithRSA */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [582] OBJ_dsa */
+0x2B,0x24,0x03,0x02,0x01, /* [589] OBJ_ripemd160 */
+0x2B,0x24,0x03,0x03,0x01,0x02, /* [594] OBJ_ripemd160WithRSA */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [600] OBJ_rc5_cbc */
+0x29,0x01,0x01,0x85,0x1A, /* [608] OBJ_rle_compression */
+0x29,0x01,0x01,0x85,0x1A, /* [613] OBJ_zlib_compression */
+0x55,0x1D,0x25, /* [618] OBJ_ext_key_usage */
+0x2B,0x06,0x01,0x05,0x05,0x07, /* [621] OBJ_id_pkix */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [627] OBJ_id_kp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [634] OBJ_server_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [642] OBJ_client_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [650] OBJ_code_sign */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [658] OBJ_email_protect */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [666] OBJ_time_stamp */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [674] OBJ_ms_code_ind */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [684] OBJ_ms_code_com */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [694] OBJ_ms_ctl_sign */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [704] OBJ_ms_sgc */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [714] OBJ_ms_efs */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [724] OBJ_ns_sgc */
+0x55,0x1D,0x1B, /* [733] OBJ_delta_crl */
+0x55,0x1D,0x15, /* [736] OBJ_crl_reason */
+0x55,0x1D,0x18, /* [739] OBJ_invalidity_date */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [742] OBJ_rc2_64_cbc */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -322,64 +324,65 @@
{"MDC2","mdc2",NID_mdc2,4,&(lvalues[507]),0},
{"RSA-MDC2","mdc2withRSA",NID_mdc2WithRSA,4,&(lvalues[511]),0},
{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
-{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
-{"G","givenName",NID_givenName,3,&(lvalues[515]),0},
-{"S","surname",NID_surname,3,&(lvalues[518]),0},
-{"I","initials",NID_initials,3,&(lvalues[521]),0},
-{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[524]),0},
+{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,8,&(lvalues[515]),0},
+{"G","givenName",NID_givenName,3,&(lvalues[523]),0},
+{"S","surname",NID_surname,3,&(lvalues[526]),0},
+{"I","initials",NID_initials,3,&(lvalues[529]),0},
+{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[532]),0},
{"crlDistributionPoints","X509v3 CRL Distribution Points",
- NID_crl_distribution_points,3,&(lvalues[527]),0},
-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[530]),0},
-{"SN","serialNumber",NID_serialNumber,3,&(lvalues[535]),0},
-{"T","title",NID_title,3,&(lvalues[538]),0},
-{"D","description",NID_description,3,&(lvalues[541]),0},
-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[544]),0},
+ NID_crl_distribution_points,3,&(lvalues[535]),0},
+{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[538]),0},
+{"SN","serialNumber",NID_serialNumber,3,&(lvalues[543]),0},
+{"T","title",NID_title,3,&(lvalues[546]),0},
+{"D","description",NID_description,3,&(lvalues[549]),0},
+{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[552]),0},
{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
- NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[553]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[562]),0},
+ NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[561]),0},
+{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[570]),0},
{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[569]),0},
-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[574]),0},
-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[581]),0},
+{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[577]),0},
+{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[582]),0},
+{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[589]),0},
{NULL,NULL,NID_undef,0,NULL},
{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
- &(lvalues[586]),0},
-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[592]),0},
+ &(lvalues[594]),0},
+{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[600]),0},
{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
-{"RLE","run length compression",NID_rle_compression,5,&(lvalues[600]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,5,&(lvalues[605]),0},
+{"RLE","run length compression",NID_rle_compression,5,&(lvalues[608]),0},
+{"ZLIB","zlib compression",NID_zlib_compression,5,&(lvalues[613]),0},
{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
- &(lvalues[610]),0},
-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[613]),0},
-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[619]),0},
+ &(lvalues[618]),0},
+{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[621]),0},
+{"id-kp","id-kp",NID_id_kp,7,&(lvalues[627]),0},
{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
- &(lvalues[626]),0},
-{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
&(lvalues[634]),0},
-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[642]),0},
+{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
+ &(lvalues[642]),0},
+{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[650]),0},
{"emailProtection","E-mail Protection",NID_email_protect,8,
- &(lvalues[650]),0},
-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[658]),0},
+ &(lvalues[658]),0},
+{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[666]),0},
{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
- &(lvalues[666]),0},
+ &(lvalues[674]),0},
{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
- &(lvalues[676]),0},
+ &(lvalues[684]),0},
{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
- &(lvalues[686]),0},
-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[696]),0},
+ &(lvalues[694]),0},
+{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[704]),0},
{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
- &(lvalues[706]),0},
-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[716]),0},
+ &(lvalues[714]),0},
+{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[724]),0},
{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
- &(lvalues[725]),0},
-{"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0},
+ &(lvalues[733]),0},
+{"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[736]),0},
{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
- &(lvalues[731]),0},
+ &(lvalues[739]),0},
+{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,8,&(lvalues[742]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -430,6 +433,7 @@
&(nid_objs[18]),/* "OU" */
&(nid_objs[127]),/* "PKIX" */
&(nid_objs[98]),/* "RC2-40-CBC" */
+&(nid_objs[143]),/* "RC2-64-CBC" */
&(nid_objs[37]),/* "RC2-CBC" */
&(nid_objs[39]),/* "RC2-CFB" */
&(nid_objs[38]),/* "RC2-ECB" */
@@ -608,6 +612,7 @@
&(nid_objs[22]),/* "pkcs7-signedData" */
&(nid_objs[47]),/* "pkcs9" */
&(nid_objs[98]),/* "rc2-40-cbc" */
+&(nid_objs[143]),/* "rc2-64-cbc" */
&(nid_objs[37]),/* "rc2-cbc" */
&(nid_objs[39]),/* "rc2-cfb" */
&(nid_objs[38]),/* "rc2-ecb" */
@@ -705,6 +710,8 @@
&(nid_objs[47]),/* OBJ_pkcs9 1 2 840 113549 1 9 */
&(nid_objs[ 3]),/* OBJ_md2 1 2 840 113549 2 2 */
&(nid_objs[ 4]),/* OBJ_md5 1 2 840 113549 2 5 */
+&(nid_objs[98]),/* OBJ_rc2_40_cbc 1 2 840 113549 3 2 */
+&(nid_objs[143]),/* OBJ_rc2_64_cbc 1 2 840 113549 3 2 */
&(nid_objs[37]),/* OBJ_rc2_cbc 1 2 840 113549 3 2 */
&(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */
&(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */
diff -ur openssl-0.9.2b-orig/crypto/objects/objects.h
openssl-0.9.2b/crypto/objects/objects.h
--- openssl-0.9.2b-orig/crypto/objects/objects.h Fri Feb 19 02:29:26 1999
+++ openssl-0.9.2b/crypto/objects/objects.h Mon Apr 19 10:36:08 1999
@@ -1,4 +1,5 @@
/* crypto/objects/objects.h */
+
/* Copyright (C) 1995-1998 Eric Young ([EMAIL PROTECTED])
* All rights reserved.
*
@@ -527,6 +528,8 @@
#define SN_rc2_40_cbc "RC2-40-CBC"
#define LN_rc2_40_cbc "rc2-40-cbc"
#define NID_rc2_40_cbc 98
+/* OID added, sak */
+#define OBJ_rc2_40_cbc OBJ_rsadsi,3L,2L
#define SN_givenName "G"
#define LN_givenName "givenName"
@@ -753,6 +756,13 @@
#define LN_invalidity_date "Invalidity Date"
#define NID_invalidity_date 142
#define OBJ_invalidity_date OBJ_ld_ce,24L
+
+/* NID_rc2_64_cbc added by sak */
+#define SN_rc2_64_cbc "RC2-64-CBC"
+#define LN_rc2_64_cbc "rc2-64-cbc"
+#define NID_rc2_64_cbc 143
+/* OID added, sak */
+#define OBJ_rc2_64_cbc OBJ_rsadsi,3L,2L
#include "bio.h"
#include "asn1.h"
diff -ur openssl-0.9.2b-orig/crypto/pkcs7/pk7_doit.c
openssl-0.9.2b/crypto/pkcs7/pk7_doit.c
--- openssl-0.9.2b-orig/crypto/pkcs7/pk7_doit.c Sun Mar 14 14:31:40 1999
+++ openssl-0.9.2b/crypto/pkcs7/pk7_doit.c Mon May 3 14:43:37 1999
@@ -75,6 +75,7 @@
X509_ALGOR *xa;
EVP_MD *evp_md;
EVP_CIPHER *evp_cipher=NULL;
+ EVP_CIPHER_CTX *evp_ctx;
STACK *md_sk=NULL,*rsk=NULL;
X509_ALGOR *xalg=NULL;
PKCS7_RECIP_INFO *ri=NULL;
@@ -163,6 +164,9 @@
ASN1_OCTET_STRING *os;
RAND_bytes(iv,ivlen);
+ if (xalg->parameter == NULL)
+ xalg->parameter=ASN1_TYPE_new();
+#if 0
os=ASN1_OCTET_STRING_new();
ASN1_OCTET_STRING_set(os,iv,ivlen);
/* XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX this needs to change */
@@ -170,6 +174,7 @@
xalg->parameter=ASN1_TYPE_new();
ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
(char *)os);
+#endif
}
RAND_bytes(key,keylen);
@@ -209,7 +214,12 @@
}
Free(tmp);
+ /* Need to set the algorithm parameter using context. sak */
BIO_set_cipher(btmp,evp_cipher,key,iv,1);
+ if (ivlen > 0) {
+ BIO_get_cipher_ctx(btmp, &evp_ctx);
+ evp_cipher->set_asn1_parameters(evp_ctx,xalg->parameter);
+ }
if (out == NULL)
out=btmp;
@@ -217,7 +227,6 @@
BIO_push(out,btmp);
btmp=NULL;
}
-
if (bio == NULL) /* ??????????? */
{
if (p7->detached)
@@ -417,7 +426,9 @@
evp_ctx=NULL;
BIO_get_cipher_ctx(etmp,&evp_ctx);
EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
- if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+ /* Added support for non RC2 ciphers, sak */
+ if (evp_cipher->get_asn1_parameters != NULL &&
+ evp_cipher->get_asn1_parameters(evp_ctx,enc_alg->parameter) < 0)
return(NULL);
if (jj != EVP_CIPHER_CTX_key_length(evp_ctx))
@@ -569,6 +580,11 @@
ASN1_OCTET_STRING *digest;
ASN1_UTCTIME *sign_time;
EVP_MD *md_tmp;
+
+ /* Add content type, sak */
+ PKCS7_add_signed_attribute(si,
+ NID_pkcs9_contentType,
+ V_ASN1_OBJECT,(char
+*)OBJ_nid2obj(NID_pkcs7_data));
/* Add signing time */
sign_time=X509_gmtime_adj(NULL,0);
Only in openssl-0.9.2b/crypto/pkcs7: pk7_doit.c~
Only in openssl-0.9.2b/crypto/rc4/asm: rx86unix.cpp
Only in openssl-0.9.2b/crypto/ripemd/asm: rm86unix.cpp
/*
* Simple test for creating S/MIME signed messages with openssl-0.9.2b
*
* Author: Sebastian �kerman
* Parallel Consulting Group
* [EMAIL PROTECTED]
*/
#include <string.h>
#include <stdio.h>
#include "bio.h"
#include "x509.h"
#include "pem.h"
char * msg = "Content-Type: text/plain; charset=us-ascii\r
Content-Transfer-Encoding: 7bit\r\n\r
Hello, this is a signed message!\r\n";
char * mphead = "Content-Type: multipart/signed;
protocol=\"application/x-pkcs7-signature\"; micalg=sha1; boundary=\"next\"\n\nThis is
a digitally signed message in MIME format\n\n";
char * mpshead = "Content-Type: application/x-pkcs7-signature; name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
Content-Description: S/MIME Cryptographic Signature\n\n";
char * enchead = "Content-Type: application/x-pkcs7-mime; name=smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
Content-Description: S/MIME Encrypted Message\n\n";
main(void) {
PKCS7 * p7 = PKCS7_new();
X509 * x;
ASN1_UTCTIME *sign_time;
PKCS7_SIGNER_INFO *si;
EVP_PKEY *pkey;
BIO *in,*sign,*out;
char *p,*q;
int len;
SSLeay_add_all_algorithms();
/* read certificate and private key */
in=BIO_new_file("cert.pem","r");
x=PEM_read_bio_X509(in,NULL,NULL);
BIO_free(in);
in=BIO_new_file("key.pem","r");
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
BIO_free(in);
PKCS7_set_type(p7, NID_pkcs7_signed);
/* Add certificates */
PKCS7_add_certificate(p7,x);
/* Add signature info */
si=PKCS7_add_signature(p7,x,pkey,EVP_sha1());
#if 0
Not needed for Netscape Messenger
/* Add signed attributes */
sign_time=X509_gmtime_adj(NULL,0);
PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
V_ASN1_UTCTIME,(char *)sign_time);
#endif
PKCS7_content_new(p7,NID_pkcs7_data);
sign = PKCS7_dataInit(p7,NULL);
BIO_write(sign, msg, strlen(msg));
BIO_flush(sign);
PKCS7_dataFinal(p7,sign);
BIO_free(sign);
/* convert to PEM */
sign=BIO_new(BIO_s_mem());
PEM_write_bio_PKCS7(sign,p7);
PKCS7_free(p7);
len=BIO_get_mem_data(sign,&p);
/* Create Enveloped P7 */
p7=PKCS7_new();
PKCS7_set_type(p7,NID_pkcs7_enveloped);
PKCS7_add_recipient(p7,x);
PKCS7_set_cipher(p7, EVP_rc2_40_cbc());
out=PKCS7_dataInit(p7,NULL);
/* output to encryption bio */
BIO_write(out,mphead,strlen(mphead));
BIO_write(out,"--next\n",7); /* boundary */
/* msg better be in canonical form (end of line should be \r\n) */
BIO_write(out,msg,strlen(msg));
BIO_write(out,"\n--next\n",8); /* boundary */
BIO_write(out,mpshead,strlen(mpshead));
/* remove PEM header and footer */
q=strstr(p,"-----END");
if (q) *q=0;
p+=strlen("-----BEGIN PKCS7-----\n");
BIO_write(out,p,strlen(p));
BIO_write(out,"--next\n",7); /* boundary */
BIO_flush(out);
PKCS7_dataFinal(p7,out);
BIO_free(out);
printf(enchead);
out=BIO_new(BIO_s_mem());
PEM_write_bio_PKCS7(out,p7);
len=BIO_get_mem_data(out,&p);
q=strstr(p,"-----END");
if (q) *q=0;
p+=strlen("-----BEGIN PKCS7-----\n");
printf(p);
BIO_free(out);
BIO_free(sign);
PKCS7_free(p7);
}
begin: vcard
fn: Sebastian Akerman
n: Akerman;Sebastian
org: <img src="http://www.parallelconsulting.com/content_img/pslogga.gif" alt="Parallel Systems">
email;internet: [EMAIL PROTECTED]
title: Security Expert
note: If you care to trust us download our CA certificate from www.parallelconsulting.com
x-mozilla-cpt: ;0
x-mozilla-html: TRUE
version: 2.1
end: vcard
