diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-06-03 15:19:48 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-06-03 15:25:10 +1000 |
commit | d63d841fb510a920275c66d3e486089c5c718797 (patch) | |
tree | d031da4cb1262fd7a4f1dfc6709524abceb97be8 /crypto/err | |
parent | 9517295b7f3c3ea7bed254b426ee45dcb60e655a (diff) |
Add the content type attribute to additional CMS signerinfo.
Fixes #8923
Found using the openssl cms -resign option.
This uses an alternate path to do the signing which was not adding the required signed attribute
content type. The content type attribute should always exist since it is required is there are
any signed attributes.
As the signing time attribute is always added in code, the content type attribute is also required.
The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes
e.g. The message digest attribute is a signed attribute that must exist if any signed attributes
exist, it cannot be an unsigned attribute and there must only be one instance containing a single
value.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8944)
(cherry picked from commit 19e512a8244a6f527d0194339a8f9fc45468537a)
Diffstat (limited to 'crypto/err')
-rw-r--r-- | crypto/err/openssl.txt | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index feff1dccde..bf440f33b6 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -314,6 +314,7 @@ CMS_F_CMS_SIGNERINFO_VERIFY:152:CMS_SignerInfo_verify CMS_F_CMS_SIGNERINFO_VERIFY_CERT:153:cms_signerinfo_verify_cert CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT:154:CMS_SignerInfo_verify_content CMS_F_CMS_SIGN_RECEIPT:163:CMS_sign_receipt +CMS_F_CMS_SI_CHECK_ATTRIBUTES:183:CMS_si_check_attributes CMS_F_CMS_STREAM:155:CMS_stream CMS_F_CMS_UNCOMPRESS:156:CMS_uncompress CMS_F_CMS_VERIFY:157:CMS_verify @@ -1930,6 +1931,7 @@ BN_R_P_IS_NOT_PRIME:112:p is not prime BN_R_TOO_MANY_ITERATIONS:113:too many iterations BN_R_TOO_MANY_TEMPORARY_VARIABLES:109:too many temporary variables CMS_R_ADD_SIGNER_ERROR:99:add signer error +CMS_R_ATTRIBUTE_ERROR:161:attribute error CMS_R_CERTIFICATE_ALREADY_PRESENT:175:certificate already present CMS_R_CERTIFICATE_HAS_NO_KEYID:160:certificate has no keyid CMS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error |