Various PKCS#7 related fixes,tidies and comments.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 11 May 1999 00:52:46 +0000 (00:52 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 11 May 1999 00:52:46 +0000 (00:52 +0000)
STATUS
crypto/objects/obj_dat.h
crypto/objects/objects.h
crypto/pkcs7/pk7_doit.c
crypto/pkcs7/pk7_lib.c
crypto/pkcs7/sign.c
util/libeay.num

diff --git a/STATUS b/STATUS
index 70d0421..593284b 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/05/10 23:56:11 $
+  ______________                           $Date: 1999/05/11 00:52:39 $
 
   DEVELOPMENT STATE
 
@@ -37,9 +37,9 @@
     o Steve is currently working on (in no particular order):
         Proper (or at least usable) certificate chain verification.
         Documentation on X509 V3 extension code.
-        PKCS#12 code cleanup and enhancement.
        PKCS #8 and PKCS#5 v2.0 support.
        Private key, certificate and CRL API and implementation.
+       Checking and bugfixing PKCS#7 (S/MIME code).
 
     o Mark is currently working on:
         Folding in any changes that are in the C2Net code base that were
index 05def89..0db4550 100644 (file)
  * perl obj_dat.pl < objects.h > obj_dat.h
  */
 
-#define NUM_NID 167
-#define NUM_SN 118
-#define NUM_LN 163
-#define NUM_OBJ 138
+#define NUM_NID 168
+#define NUM_SN 119
+#define NUM_LN 164
+#define NUM_OBJ 139
 
-static unsigned char lvalues[956]={
+static unsigned char lvalues[957]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -205,6 +205,7 @@ static unsigned char lvalues[956]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [931] OBJ_hmacWithSHA1 */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [939] OBJ_id_qt_cps */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [947] OBJ_id_qt_unotice */
+0x0F,                                        /* [955] OBJ_SMIMECapabilities */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -440,6 +441,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
        &(lvalues[947]),0},
 {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
+{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,1,
+       &(lvalues[955]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -515,6 +518,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[100]),/* "S" */
 &(nid_objs[41]),/* "SHA" */
 &(nid_objs[64]),/* "SHA1" */
+&(nid_objs[167]),/* "SMIME-CAPS" */
 &(nid_objs[105]),/* "SN" */
 &(nid_objs[16]),/* "ST" */
 &(nid_objs[143]),/* "SXNetID" */
@@ -590,6 +594,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[162]),/* "PBMAC1" */
 &(nid_objs[164]),/* "Policy Qualifier CPS" */
 &(nid_objs[165]),/* "Policy Qualifier User Notice" */
+&(nid_objs[167]),/* "S/MIME Capabilities" */
 &(nid_objs[143]),/* "Strong Extranet ID" */
 &(nid_objs[130]),/* "TLS Web Client Authentication" */
 &(nid_objs[129]),/* "TLS Web Server Authentication" */
@@ -731,6 +736,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 
 static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 0]),/* OBJ_undef                        0 */
+&(nid_objs[167]),/* OBJ_SMIMECapabilities             15 */
 &(nid_objs[11]),/* OBJ_X500                         2 5 */
 &(nid_objs[12]),/* OBJ_X509                         2 5 4 */
 &(nid_objs[81]),/* OBJ_ld_ce                        2 5 29 */
index 9bb035b..52c5f4c 100644 (file)
@@ -870,6 +870,11 @@ extern "C" {
 #define LN_rc2_64_cbc                  "rc2-64-cbc"
 #define NID_rc2_64_cbc                 166
 
+#define SN_SMIMECapabilities           "SMIME-CAPS"
+#define LN_SMIMECapabilities           "S/MIME Capabilities"
+#define NID_SMIMECapabilities          167
+#define OBJ_SMIMECapabilities          OBJ_id_pkcs9,15L
+
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
 
index d19ee41..030bc92 100644 (file)
@@ -65,7 +65,6 @@
 static int add_attribute(STACK **sk, int nid, int atrtype, void *value);
 static ASN1_TYPE *get_attribute(STACK *sk, int nid);
 
-#if 1
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
        {
        int i,j;
@@ -364,6 +363,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio,
                if (rsk == NULL)
                        return(NULL);
 
+               /* FIXME: this assumes that the passed private key
+                * corresponds to the first RecipientInfo. This in
+                * general is not true
+                */
+
                ri=(PKCS7_RECIP_INFO *)sk_value(rsk,0);
 #if 0
                X509_STORE_CTX_init(&s_ctx,xs,NULL,NULL);
@@ -458,7 +462,6 @@ err:
                Free(tmp);
        return(out);
        }
-#endif
 
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
        {
@@ -569,7 +572,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
                                digest=ASN1_OCTET_STRING_new();
                                ASN1_OCTET_STRING_set(digest,md_data,md_len);
-                               PKCS7_add_signed_attribute(si,NID_pkcs9_messageDigest,
+                               PKCS7_add_signed_attribute(si,
+                                       NID_pkcs9_messageDigest,
                                        V_ASN1_OCTET_STRING,digest);
 
                                /* Now sign the mess */
@@ -798,7 +802,7 @@ static ASN1_TYPE *get_attribute(STACK *sk, int nid)
        ASN1_OBJECT *o;
 
        o=OBJ_nid2obj(nid);
-       if (o == NULL) return(NULL);
+       if (!o || !sk) return(NULL);
        for (i=0; i<sk_num(sk); i++)
                {
                xa=(X509_ATTRIBUTE *)sk_value(sk,i);
@@ -814,27 +818,11 @@ static ASN1_TYPE *get_attribute(STACK *sk, int nid)
        }
 
 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK *sk)
-       {
-       X509_ATTRIBUTE *attr;
+{
        ASN1_TYPE *astype;
-       int i;
-       if (!sk || !sk_num(sk)) return NULL;
-       /* Search the attributes for a digest */
-       for (i = 0; i < sk_num(sk); i++)
-               {
-               attr = (X509_ATTRIBUTE *) sk_value(sk, i);
-               if (OBJ_obj2nid(attr->object) == NID_pkcs9_messageDigest)
-                       {
-                       if (!attr->set) return NULL;
-                       if (!attr->value.set
-                           || !sk_ASN1_TYPE_num(attr->value.set) )
-                           return NULL;
-                       astype = sk_ASN1_TYPE_value(attr->value.set, 0);
-                       return astype->value.octet_string;
-                       }
-               }
-       return NULL;
-       }
+       if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
+       return astype->value.octet_string;
+}
 
 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk)
        {
index 43d9915..ea3a5a2 100644 (file)
@@ -310,6 +310,12 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
        else    
                p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
 
+       if (p7i->digest_alg->parameter != NULL)
+               ASN1_TYPE_free(p7i->digest_alg->parameter);
+       if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+               goto err;
+       p7i->digest_alg->parameter->type=V_ASN1_NULL;
+
        p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
 
        if (p7i->digest_enc_alg->parameter != NULL)
index ccdd673..4a1d998 100644 (file)
@@ -108,13 +108,9 @@ again:
        si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
        if (si == NULL) goto err;
 
-       /* Add some extra attributes */
-       if (!add_signed_time(si)) goto err;
-#if 0
-       /* Since these are made up attributes lets leave them out */
-       if (!add_signed_string(si,"SIGNED STRING")) goto err;
-       if (!add_signed_seq2string(si,"STRING1","STRING2")) goto err;
-#endif
+       /* If you do this then you get signing time automatically added */
+       PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
+                                               OBJ_nid2obj(NID_pkcs7_data));
 
        /* we may want to add more */
        PKCS7_add_certificate(p7,x509);
index 1a1b21a..01299b1 100755 (executable)
@@ -1619,3 +1619,8 @@ sk_X509_EXTENSION_shift                 1643
 sk_X509_EXTENSION_push                  1644
 sk_X509_NAME_ENTRY_find                 1645
 X509V3_EXT_i2d                          1646
+X509V3_EXT_val_prn                      1647
+X509V3_EXT_add_list                     1648
+EVP_CIPHER_type                         1649
+EVP_PBE_CipherInit                      1650
+X509V3_add_value_bool_nf                1651