diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 1999-05-11 00:52:46 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 1999-05-11 00:52:46 +0000 |
| commit | 10243d97fd9d8d3162af7ec4dc582da21703eb62 (patch) | |
| tree | 0a8690f25889f01e603f6e1ffab965987ab97384 | |
| parent | d5a2ea4b73220d58f12b2d6bdd378dc8e0a23bf9 (diff) | |
Various PKCS#7 related fixes,tidies and comments.
| -rw-r--r-- | STATUS | 4 | ||||
| -rw-r--r-- | crypto/objects/obj_dat.h | 16 | ||||
| -rw-r--r-- | crypto/objects/objects.h | 5 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_doit.c | 36 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_lib.c | 6 | ||||
| -rw-r--r-- | crypto/pkcs7/sign.c | 10 | ||||
| -rwxr-xr-x | util/libeay.num | 5 |
7 files changed, 44 insertions, 38 deletions
@@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 1999/05/10 23:56:11 $ + ______________ $Date: 1999/05/11 00:52:39 $ DEVELOPMENT STATE @@ -37,9 +37,9 @@ o Steve is currently working on (in no particular order): Proper (or at least usable) certificate chain verification. Documentation on X509 V3 extension code. - PKCS#12 code cleanup and enhancement. PKCS #8 and PKCS#5 v2.0 support. Private key, certificate and CRL API and implementation. + Checking and bugfixing PKCS#7 (S/MIME code). o Mark is currently working on: Folding in any changes that are in the C2Net code base that were diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 05def89340..0db4550c72 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -61,12 +61,12 @@ * perl obj_dat.pl < objects.h > obj_dat.h */ -#define NUM_NID 167 -#define NUM_SN 118 -#define NUM_LN 163 -#define NUM_OBJ 138 +#define NUM_NID 168 +#define NUM_SN 119 +#define NUM_LN 164 +#define NUM_OBJ 139 -static unsigned char lvalues[956]={ +static unsigned char lvalues[957]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -205,6 +205,7 @@ static unsigned char lvalues[956]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [931] OBJ_hmacWithSHA1 */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [939] OBJ_id_qt_cps */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [947] OBJ_id_qt_unotice */ +0x0F, /* [955] OBJ_SMIMECapabilities */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -440,6 +441,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, &(lvalues[947]),0}, {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL}, +{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,1, + &(lvalues[955]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -515,6 +518,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[100]),/* "S" */ &(nid_objs[41]),/* "SHA" */ &(nid_objs[64]),/* "SHA1" */ +&(nid_objs[167]),/* "SMIME-CAPS" */ &(nid_objs[105]),/* "SN" */ &(nid_objs[16]),/* "ST" */ &(nid_objs[143]),/* "SXNetID" */ @@ -590,6 +594,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[162]),/* "PBMAC1" */ &(nid_objs[164]),/* "Policy Qualifier CPS" */ &(nid_objs[165]),/* "Policy Qualifier User Notice" */ +&(nid_objs[167]),/* "S/MIME Capabilities" */ &(nid_objs[143]),/* "Strong Extranet ID" */ &(nid_objs[130]),/* "TLS Web Client Authentication" */ &(nid_objs[129]),/* "TLS Web Server Authentication" */ @@ -731,6 +736,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 0]),/* OBJ_undef 0 */ +&(nid_objs[167]),/* OBJ_SMIMECapabilities 15 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ &(nid_objs[12]),/* OBJ_X509 2 5 4 */ &(nid_objs[81]),/* OBJ_ld_ce 2 5 29 */ diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index 9bb035b637..52c5f4ca32 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -870,6 +870,11 @@ extern "C" { #define LN_rc2_64_cbc "rc2-64-cbc" #define NID_rc2_64_cbc 166 +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_id_pkcs9,15L + #include <openssl/bio.h> #include <openssl/asn1.h> diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index d19ee41073..030bc92eeb 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -65,7 +65,6 @@ static int add_attribute(STACK **sk, int nid, int atrtype, void *value); static ASN1_TYPE *get_attribute(STACK *sk, int nid); -#if 1 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { int i,j; @@ -364,6 +363,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, if (rsk == NULL) return(NULL); + /* FIXME: this assumes that the passed private key + * corresponds to the first RecipientInfo. This in + * general is not true + */ + ri=(PKCS7_RECIP_INFO *)sk_value(rsk,0); #if 0 X509_STORE_CTX_init(&s_ctx,xs,NULL,NULL); @@ -458,7 +462,6 @@ err: Free(tmp); return(out); } -#endif int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) { @@ -569,7 +572,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) EVP_DigestFinal(&ctx_tmp,md_data,&md_len); digest=ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(digest,md_data,md_len); - PKCS7_add_signed_attribute(si,NID_pkcs9_messageDigest, + PKCS7_add_signed_attribute(si, + NID_pkcs9_messageDigest, V_ASN1_OCTET_STRING,digest); /* Now sign the mess */ @@ -798,7 +802,7 @@ static ASN1_TYPE *get_attribute(STACK *sk, int nid) ASN1_OBJECT *o; o=OBJ_nid2obj(nid); - if (o == NULL) return(NULL); + if (!o || !sk) return(NULL); for (i=0; i<sk_num(sk); i++) { xa=(X509_ATTRIBUTE *)sk_value(sk,i); @@ -814,27 +818,11 @@ static ASN1_TYPE *get_attribute(STACK *sk, int nid) } ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK *sk) - { - X509_ATTRIBUTE *attr; +{ ASN1_TYPE *astype; - int i; - if (!sk || !sk_num(sk)) return NULL; - /* Search the attributes for a digest */ - for (i = 0; i < sk_num(sk); i++) - { - attr = (X509_ATTRIBUTE *) sk_value(sk, i); - if (OBJ_obj2nid(attr->object) == NID_pkcs9_messageDigest) - { - if (!attr->set) return NULL; - if (!attr->value.set - || !sk_ASN1_TYPE_num(attr->value.set) ) - return NULL; - astype = sk_ASN1_TYPE_value(attr->value.set, 0); - return astype->value.octet_string; - } - } - return NULL; - } + if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; + return astype->value.octet_string; +} int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk) { diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 43d991580a..ea3a5a2c76 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -310,6 +310,12 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, else p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); + if (p7i->digest_alg->parameter != NULL) + ASN1_TYPE_free(p7i->digest_alg->parameter); + if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL) + goto err; + p7i->digest_alg->parameter->type=V_ASN1_NULL; + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); if (p7i->digest_enc_alg->parameter != NULL) diff --git a/crypto/pkcs7/sign.c b/crypto/pkcs7/sign.c index ccdd6737dd..4a1d998606 100644 --- a/crypto/pkcs7/sign.c +++ b/crypto/pkcs7/sign.c @@ -108,13 +108,9 @@ again: si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1()); if (si == NULL) goto err; - /* Add some extra attributes */ - if (!add_signed_time(si)) goto err; -#if 0 - /* Since these are made up attributes lets leave them out */ - if (!add_signed_string(si,"SIGNED STRING")) goto err; - if (!add_signed_seq2string(si,"STRING1","STRING2")) goto err; -#endif + /* If you do this then you get signing time automatically added */ + PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, + OBJ_nid2obj(NID_pkcs7_data)); /* we may want to add more */ PKCS7_add_certificate(p7,x509); diff --git a/util/libeay.num b/util/libeay.num index 1a1b21ad6a..01299b1f7a 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1619,3 +1619,8 @@ sk_X509_EXTENSION_shift 1643 sk_X509_EXTENSION_push 1644 sk_X509_NAME_ENTRY_find 1645 X509V3_EXT_i2d 1646 +X509V3_EXT_val_prn 1647 +X509V3_EXT_add_list 1648 +EVP_CIPHER_type 1649 +EVP_PBE_CipherInit 1650 +X509V3_add_value_bool_nf 1651 |