cms->d.signedData->version = 1;
cms->d.signedData->encapContentInfo->eContentType =
OBJ_nid2obj(NID_pkcs7_data);
+ cms->d.signedData->encapContentInfo->partial = 1;
ASN1_OBJECT_free(cms->contentType);
cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
return cms->d.signedData;
break;
case CMS_SIGNERINFO_KEYIDENTIFIER:
+ if (!cert->skid)
+ {
+ CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
+ CMS_R_CERTIFICATE_HAS_NO_KEYID);
+ return 0;
+ }
sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
if (!sid->d.subjectKeyIdentifier)
goto merr;
if (!(flags & CMS_NOATTR))
{
- /* Copy content type across */
- ASN1_OBJECT *ctype =
- OBJ_dup(sd->encapContentInfo->eContentType);
- if (!ctype)
- goto merr;
- i = CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
- V_ASN1_OBJECT, ctype, -1);
- ASN1_OBJECT_free(ctype);
- if (i <= 0)
- goto merr;
+ /* Initialialize signed attributes strutucture so other
+ * attributes such as signing time etc are added later
+ * even if we add none here.
+ */
+ if (!si->signedAttrs)
+ {
+ si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
+ if (!si->signedAttrs)
+ goto merr;
+ }
+
if (!(flags & CMS_NOSMIMECAP))
{
STACK_OF(X509_ALGOR) *smcap = NULL;
}
-int CMS_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
{
ASN1_TIME *tt;
int r = 0;
*psig = si->signatureAlgorithm;
}
-int cms_SignerInfo_content_sign(CMS_SignerInfo *si, BIO *chain)
+static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+ CMS_SignerInfo *si, BIO *chain)
{
EVP_MD_CTX mctx;
int r = 0;
if (CMS_signed_get_attr_count(si) >= 0)
{
+ ASN1_OBJECT *ctype =
+ cms->d.signedData->encapContentInfo->eContentType;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
EVP_DigestFinal_ex(&mctx, md, &mdlen);
V_ASN1_OCTET_STRING,
md, mdlen))
goto err;
+ /* Copy content type across */
+ if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+ V_ASN1_OBJECT, ctype, -1) <= 0)
+ goto err;
if (!CMS_SignerInfo_sign(si))
goto err;
}
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
{
si = sk_CMS_SignerInfo_value(sinfos, i);
- if (!cms_SignerInfo_content_sign(si, chain))
+ if (!cms_SignerInfo_content_sign(cms, si, chain))
return 0;
}
+ cms->d.signedData->encapContentInfo->partial = 0;
return 1;
}
if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
{
- if (!CMS_add1_signingTime(si, NULL))
+ if (!cms_add1_signingTime(si, NULL))
goto err;
}
CMS_SignedData *sd;
BIO *chain = NULL;
sd = cms_get0_signed(cms);
- cms_sd_set_version(sd);
if (!sd)
return NULL;
+ if (cms->d.signedData->encapContentInfo->partial)
+ cms_sd_set_version(sd);
for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
{
X509_ALGOR *digestAlgorithm;
CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
goto err;
}
- if (mlen != os->length)
+ if (mlen != (unsigned int)os->length)
{
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);