Keep a not of original encoding in certificate requests.
Add new option to PKCS7_sign to exclude S/MIME capabilities.
This commit is contained in:
Dr. Stephen Henson
parent
22c7ea4068
commit
34216c0422
11
CHANGES
11
CHANGES
@ -4,6 +4,17 @@
|
|||||||
|
|
||||||
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
|
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
|
||||||
|
|
||||||
|
*) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
|
||||||
|
excludes S/MIME capabilities.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) When a certificate request is read in keep a copy of the
|
||||||
|
original encoding of the signed data and use it when outputing
|
||||||
|
again. Signatures then use the original encoding rather than
|
||||||
|
a decoded, encoded version which may cause problems if the
|
||||||
|
request is improperly encoded.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) For consistency with other BIO_puts implementations, call
|
*) For consistency with other BIO_puts implementations, call
|
||||||
buffer_write(b, ...) directly in buffer_puts instead of calling
|
buffer_write(b, ...) directly in buffer_puts instead of calling
|
||||||
BIO_write(b, ...).
|
BIO_write(b, ...).
|
||||||
|
|||||||
@ -141,6 +141,8 @@ int MAIN(int argc, char **argv)
|
|||||||
flags |= PKCS7_NOATTR;
|
flags |= PKCS7_NOATTR;
|
||||||
else if (!strcmp (*args, "-nodetach"))
|
else if (!strcmp (*args, "-nodetach"))
|
||||||
flags &= ~PKCS7_DETACHED;
|
flags &= ~PKCS7_DETACHED;
|
||||||
|
else if (!strcmp (*args, "-nosmimecap"))
|
||||||
|
flags |= PKCS7_NOSMIMECAP;
|
||||||
else if (!strcmp (*args, "-binary"))
|
else if (!strcmp (*args, "-binary"))
|
||||||
flags |= PKCS7_BINARY;
|
flags |= PKCS7_BINARY;
|
||||||
else if (!strcmp (*args, "-nosigs"))
|
else if (!strcmp (*args, "-nosigs"))
|
||||||
|
|||||||
@ -65,6 +65,14 @@ int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp)
|
|||||||
{
|
{
|
||||||
M_ASN1_I2D_vars(a);
|
M_ASN1_I2D_vars(a);
|
||||||
|
|
||||||
|
if(a->asn1) {
|
||||||
|
if(pp) {
|
||||||
|
memcpy(*pp, a->asn1, a->length);
|
||||||
|
*pp += a->length;
|
||||||
|
}
|
||||||
|
return a->length;
|
||||||
|
}
|
||||||
|
|
||||||
M_ASN1_I2D_len(a->version, i2d_ASN1_INTEGER);
|
M_ASN1_I2D_len(a->version, i2d_ASN1_INTEGER);
|
||||||
M_ASN1_I2D_len(a->subject, i2d_X509_NAME);
|
M_ASN1_I2D_len(a->subject, i2d_X509_NAME);
|
||||||
M_ASN1_I2D_len(a->pubkey, i2d_X509_PUBKEY);
|
M_ASN1_I2D_len(a->pubkey, i2d_X509_PUBKEY);
|
||||||
@ -152,6 +160,7 @@ X509_REQ_INFO *X509_REQ_INFO_new(void)
|
|||||||
M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
|
M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
|
||||||
M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null);
|
M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null);
|
||||||
ret->req_kludge=0;
|
ret->req_kludge=0;
|
||||||
|
ret->asn1 = NULL;
|
||||||
return(ret);
|
return(ret);
|
||||||
M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
|
M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
|
||||||
}
|
}
|
||||||
@ -159,6 +168,7 @@ X509_REQ_INFO *X509_REQ_INFO_new(void)
|
|||||||
void X509_REQ_INFO_free(X509_REQ_INFO *a)
|
void X509_REQ_INFO_free(X509_REQ_INFO *a)
|
||||||
{
|
{
|
||||||
if (a == NULL) return;
|
if (a == NULL) return;
|
||||||
|
if(a->asn1) OPENSSL_free(a->asn1);
|
||||||
M_ASN1_INTEGER_free(a->version);
|
M_ASN1_INTEGER_free(a->version);
|
||||||
X509_NAME_free(a->subject);
|
X509_NAME_free(a->subject);
|
||||||
X509_PUBKEY_free(a->pubkey);
|
X509_PUBKEY_free(a->pubkey);
|
||||||
@ -189,6 +199,17 @@ X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length)
|
|||||||
M_ASN1_D2I_Init();
|
M_ASN1_D2I_Init();
|
||||||
M_ASN1_D2I_start_sequence();
|
M_ASN1_D2I_start_sequence();
|
||||||
M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
|
M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
|
||||||
|
|
||||||
|
/* Keep a copy of the original encoding for signature checking */
|
||||||
|
ret->req_info->length = c.p - c.q;
|
||||||
|
if(!(ret->req_info->asn1 = OPENSSL_malloc(ret->req_info->length))) {
|
||||||
|
c.line=__LINE__;
|
||||||
|
c.error = ERR_R_MALLOC_FAILURE;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(ret->req_info->asn1, c.q, ret->req_info->length);
|
||||||
|
|
||||||
M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
|
M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
|
||||||
M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
|
M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
|
||||||
M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
|
M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
|
||||||
|
|||||||
@ -109,6 +109,8 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
|
|||||||
PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
|
PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
|
||||||
V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
|
V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
|
||||||
/* Add SMIMECapabilities */
|
/* Add SMIMECapabilities */
|
||||||
|
if(!(flags & PKCS7_NOSMIMECAP))
|
||||||
|
{
|
||||||
if(!(smcap = sk_X509_ALGOR_new(NULL))) {
|
if(!(smcap = sk_X509_ALGOR_new(NULL))) {
|
||||||
PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
|
PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -128,6 +130,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
|
|||||||
#endif
|
#endif
|
||||||
PKCS7_add_attrib_smimecap (si, smcap);
|
PKCS7_add_attrib_smimecap (si, smcap);
|
||||||
sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
|
sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
|
if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
|
||||||
|
|||||||
@ -247,15 +247,16 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
|
|||||||
|
|
||||||
/* S/MIME related flags */
|
/* S/MIME related flags */
|
||||||
|
|
||||||
#define PKCS7_TEXT 0x1
|
#define PKCS7_TEXT 0x1
|
||||||
#define PKCS7_NOCERTS 0x2
|
#define PKCS7_NOCERTS 0x2
|
||||||
#define PKCS7_NOSIGS 0x4
|
#define PKCS7_NOSIGS 0x4
|
||||||
#define PKCS7_NOCHAIN 0x8
|
#define PKCS7_NOCHAIN 0x8
|
||||||
#define PKCS7_NOINTERN 0x10
|
#define PKCS7_NOINTERN 0x10
|
||||||
#define PKCS7_NOVERIFY 0x20
|
#define PKCS7_NOVERIFY 0x20
|
||||||
#define PKCS7_DETACHED 0x40
|
#define PKCS7_DETACHED 0x40
|
||||||
#define PKCS7_BINARY 0x80
|
#define PKCS7_BINARY 0x80
|
||||||
#define PKCS7_NOATTR 0x100
|
#define PKCS7_NOATTR 0x100
|
||||||
|
#define PKCS7_NOSMIMECAP 0x200
|
||||||
|
|
||||||
/* Flags: for compatibility with older code */
|
/* Flags: for compatibility with older code */
|
||||||
|
|
||||||
|
|||||||
@ -213,6 +213,8 @@ DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
|
|||||||
|
|
||||||
typedef struct X509_req_info_st
|
typedef struct X509_req_info_st
|
||||||
{
|
{
|
||||||
|
unsigned char *asn1;
|
||||||
|
int length;
|
||||||
ASN1_INTEGER *version;
|
ASN1_INTEGER *version;
|
||||||
X509_NAME *subject;
|
X509_NAME *subject;
|
||||||
X509_PUBKEY *pubkey;
|
X509_PUBKEY *pubkey;
|
||||||
|
|||||||
@ -1846,8 +1846,6 @@ int ssl_init_wbio_buffer(SSL *s,int push)
|
|||||||
|
|
||||||
void ssl_free_wbio_buffer(SSL *s)
|
void ssl_free_wbio_buffer(SSL *s)
|
||||||
{
|
{
|
||||||
BIO *under;
|
|
||||||
|
|
||||||
if (s->bbio == NULL) return;
|
if (s->bbio == NULL) return;
|
||||||
|
|
||||||
if (s->bbio == s->wbio)
|
if (s->bbio == s->wbio)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user