Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[openssl.org #1261] [PATCH] Binary S/MIME handling in openssl smime (0.9.8a)

2 views
Skip to first unread message

Antti Tapio via RT

unread,
Dec 29, 2005, 6:49:10 AM12/29/05
to

Hi,

Attached is a patch that enables binary "encoded" S/MIME signatures and
encryption in OpenSSL smime-module. Messages can be signed and
encrypted in binary form using the new "-transenc binary" command line
option.

This patch includes the "openssl smime -verify on binary files"
patch submitted by Robert Reitenbach.
http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=828

In addition to the changes in the older patch, the following
modifications have been made:

apps/smime.c
Added handling for the transenc parameter.

crypto/pkcs7/pk7_mime.c
New functions BINARY_write_PKCS7 and BINARY_read_PKCS7.

crypto/pkcs7/pkcs7.h
New flag PKCS7_TRANSFER_ENCODING_BINARY.
New function codes PKCS7_F_BINARY_READ_PKCS7 and
PKCS7_F_BINARY_WRITE_PKCS.

crypto/pkcs7/pkcs7err.c
Added proper error messages for unsupported content transfer
encodings.

doc/apps/smime.pod
Added documentation for the transenc parameter.

Please note that if a Content-Transfer-Encoding header is not present,
the content is handled as base64. This is against the RFC but consistent
with the functionality of older versions of OpenSSL.

Please consider applying this patch to some upcoming version of OpenSSL.
Although there are still limitations in handling more complex MIME
messages, support for simple binary S/MIME messages would be nice to
have in OpenSSL.

Best Regards
Antti Tapio
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org

Stephen Henson via RT

unread,
Dec 29, 2005, 9:30:53 AM12/29/05
to

[Antti...@elma.net - Thu Dec 29 12:48:32 2005]:

Adding the extra parameter to SMIME_read_PKCS7() is problematical in
terms of compatibility with older versions of OpenSSL. Though a new
function with the extra flag wouldn't be a problem and them
SMIME_read_PKCS7() would just call the new function with the 'flags'
parameter set to zero.

Is there some reason why SMIME_read_PKCS7 can't automatically work out
what to do based on the MIME headers?

Antti Tapio via RT

unread,
Dec 30, 2005, 5:51:39 AM12/30/05
to

On Thu, Dec 29, 2005 at 03:30:32PM +0100, Stephen Henson via RT wrote:
> Adding the extra parameter to SMIME_read_PKCS7() is problematical in
> terms of compatibility with older versions of OpenSSL. Though a new
> function with the extra flag wouldn't be a problem and them
> SMIME_read_PKCS7() would just call the new function with the 'flags'
> parameter set to zero.
>
> Is there some reason why SMIME_read_PKCS7 can't automatically work out
> what to do based on the MIME headers?

Actually, multi_split_binary() should be able to handle both binary and
text parts. I removed the extra parameter from SMIME_read_PKCS7() and
modified it to use only the multi_split_binary function. According to
some quick tests, the parser seems to handle both types of parts
correctly.

The modified patch is as an attachment.

--
Antti Tapio

0 new messages