From: Dr. Stephen Henson Date: Wed, 19 Mar 2008 19:34:30 +0000 (+0000) Subject: Allow alternate eContentType oids to be set in cms utility. X-Git-Tag: OpenSSL_0_9_8k^2~499 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=054307e7ed58b53f36e4dd28066b8f7c4315dfd7;hp=8cd358bef8c818916d32e4aed0a46d4e14f3a202;ds=sidebyside Allow alternate eContentType oids to be set in cms utility. Add id-ct-asciiTextWithCRLF OID. Give more meaninful error message is attempt to use key ID from a certificate without a key ID. --- diff --git a/apps/cms.c b/apps/cms.c index 2cbd43b2a6..70847d90b7 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -125,6 +125,8 @@ int MAIN(int argc, char **argv) unsigned char *secret_key = NULL, *secret_keyid = NULL; size_t secret_keylen = 0, secret_keyidlen = 0; + ASN1_OBJECT *econtent_type = NULL; + X509_VERIFY_PARAM *vpm = NULL; args = argv + 1; @@ -268,6 +270,18 @@ int MAIN(int argc, char **argv) } secret_keyidlen = (size_t)ltmp; } + else if (!strcmp(*args,"-econtent_type")) + { + if (!args[1]) + goto argerr; + args++; + econtent_type = OBJ_txt2obj(*args, 0); + if (!econtent_type) + { + BIO_printf(bio_err, "Invalid OID %s\n", *args); + goto argerr; + } + } else if (!strcmp(*args,"-rand")) { if (!args[1]) @@ -797,6 +811,8 @@ int MAIN(int argc, char **argv) } flags |= CMS_PARTIAL; cms = CMS_sign(NULL, NULL, other, in, flags); + if (econtent_type) + CMS_set1_eContentType(cms, econtent_type); if (!cms) goto end; } @@ -965,6 +981,8 @@ end: OPENSSL_free(secret_key); if (secret_keyid) OPENSSL_free(secret_keyid); + if (econtent_type) + ASN1_OBJECT_free(econtent_type); X509_STORE_free(store); X509_free(cert); X509_free(recip); diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h index 4f74cd14bf..1a316d7fd8 100644 --- a/crypto/cms/cms.h +++ b/crypto/cms/cms.h @@ -352,6 +352,7 @@ void ERR_load_CMS_strings(void); /* Reason codes. */ #define CMS_R_ADD_SIGNER_ERROR 99 +#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 #define CMS_R_CERTIFICATE_VERIFY_ERROR 100 #define CMS_R_CIPHER_INITIALISATION_ERROR 101 #define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 494544d836..51a3ade0cc 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -135,6 +135,7 @@ static ERR_STRING_DATA CMS_str_functs[]= static ERR_STRING_DATA CMS_str_reasons[]= { {ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"}, +{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"}, {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"}, {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"}, diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 302b93f805..6f31f6309f 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -226,6 +226,12 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) break; case CMS_SIGNERINFO_KEYIDENTIFIER: + if (!cert->skid) + { + CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, + CMS_R_CERTIFICATE_HAS_NO_KEYID); + return 0; + } sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid); if (!sid->d.subjectKeyIdentifier) goto merr; diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 5b3881ea35..6f7792bcd7 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 855 -#define NUM_SN 848 -#define NUM_LN 848 -#define NUM_OBJ 802 +#define NUM_NID 856 +#define NUM_SN 849 +#define NUM_LN 849 +#define NUM_OBJ 803 -static const unsigned char lvalues[5691]={ +static const unsigned char lvalues[5702]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -870,6 +870,7 @@ static const unsigned char lvalues[5691]={ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5663] OBJ_id_aes128_wrap */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5672] OBJ_id_aes192_wrap */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5681] OBJ_id_aes256_wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5690] OBJ_id_ct_asciiTextWithCRLF */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2250,6 +2251,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[5672]),0}, {"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, &(lvalues[5681]),0}, +{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", + NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5690]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2636,6 +2639,7 @@ static const unsigned int sn_objs[NUM_SN]={ 332, /* "id-cmc-senderNonce" */ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ +855, /* "id-ct-asciiTextWithCRLF" */ 408, /* "id-ecPublicKey" */ 508, /* "id-hex-multipart-message" */ 507, /* "id-hex-partial-message" */ @@ -3482,6 +3486,7 @@ static const unsigned int ln_objs[NUM_LN]={ 332, /* "id-cmc-senderNonce" */ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ +855, /* "id-ct-asciiTextWithCRLF" */ 408, /* "id-ecPublicKey" */ 508, /* "id-hex-multipart-message" */ 507, /* "id-hex-partial-message" */ @@ -4704,6 +4709,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ 211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ 851, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ +855, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index a373bc0c88..b45218dfb8 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -833,6 +833,10 @@ #define NID_id_smime_ct_compressedData 851 #define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 855 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 7aeafd719b..820650e6ef 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -852,3 +852,4 @@ id_smime_ct_compressedData 851 id_aes128_wrap 852 id_aes192_wrap 853 id_aes256_wrap 854 +id_ct_asciiTextWithCRLF 855 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 0060f3c64e..5d6b602a02 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -252,6 +252,7 @@ id-smime-ct 6 : id-smime-ct-contentInfo id-smime-ct 7 : id-smime-ct-DVCSRequestData id-smime-ct 8 : id-smime-ct-DVCSResponseData id-smime-ct 9 : id-smime-ct-compressedData +id-smime-ct 27 : id-ct-asciiTextWithCRLF # S/MIME Attributes id-smime-aa 1 : id-smime-aa-receiptRequest