From 8c89c80a5580419bcc3e35abf18dd187c73881e4 Mon Sep 17 00:00:00 2001
From: FdaSilvaYY <fdasilvayy@gmail.com>
Date: Tue, 29 Jan 2019 23:54:30 +0100
Subject: CAdES: Fix SignerInfo attribute construction order.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8117)
---
 apps/cms.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'apps/cms.c')

diff --git a/apps/cms.c b/apps/cms.c
index 2863a92eee..9c9f01d3ee 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -603,6 +603,14 @@ int cms_main(int argc, char **argv)
         goto opthelp;
     }
 
+    if (flags & CMS_CADES) {
+        if (flags & CMS_NOATTR) {
+            BIO_puts(bio_err, "Incompatible options: "
+                     "CAdES required signed attributes\n");
+            goto opthelp;
+        }
+    }
+
     if (operation & SMIME_SIGNERS) {
         if (keyfile != NULL && signerfile == NULL) {
             BIO_puts(bio_err, "Illegal -inkey without -signer\n");
-- 
cgit v1.2.3