Keep a not of original encoding in certificate requests.
Add new option to PKCS7_sign to exclude S/MIME capabilities.
This commit is contained in:
		
							
								
								
									
										11
									
								
								CHANGES
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								CHANGES
									
									
									
									
									
								
							| @@ -4,6 +4,17 @@ | ||||
|  | ||||
|  Changes between 0.9.5a and 0.9.6  [xx XXX 2000] | ||||
|  | ||||
|   *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which  | ||||
|      excludes S/MIME capabilities. | ||||
|      [Steve Henson] | ||||
|  | ||||
|   *) When a certificate request is read in keep a copy of the | ||||
|      original encoding of the signed data and use it when outputing | ||||
|      again. Signatures then use the original encoding rather than | ||||
|      a decoded, encoded version which may cause problems if the | ||||
|      request is improperly encoded. | ||||
|      [Steve Henson] | ||||
|  | ||||
|   *) For consistency with other BIO_puts implementations, call | ||||
|      buffer_write(b, ...) directly in buffer_puts instead of calling | ||||
|      BIO_write(b, ...). | ||||
|   | ||||
| @@ -141,6 +141,8 @@ int MAIN(int argc, char **argv) | ||||
| 				flags |= PKCS7_NOATTR; | ||||
| 		else if (!strcmp (*args, "-nodetach"))  | ||||
| 				flags &= ~PKCS7_DETACHED; | ||||
| 		else if (!strcmp (*args, "-nosmimecap")) | ||||
| 				flags |= PKCS7_NOSMIMECAP; | ||||
| 		else if (!strcmp (*args, "-binary")) | ||||
| 				flags |= PKCS7_BINARY; | ||||
| 		else if (!strcmp (*args, "-nosigs")) | ||||
|   | ||||
| @@ -65,6 +65,14 @@ int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp) | ||||
| 	{ | ||||
| 	M_ASN1_I2D_vars(a); | ||||
|  | ||||
| 	if(a->asn1) { | ||||
| 		if(pp) { | ||||
| 			memcpy(*pp, a->asn1, a->length); | ||||
| 			*pp += a->length; | ||||
| 		} | ||||
| 		return a->length; | ||||
| 	} | ||||
|  | ||||
| 	M_ASN1_I2D_len(a->version,		i2d_ASN1_INTEGER); | ||||
| 	M_ASN1_I2D_len(a->subject,		i2d_X509_NAME); | ||||
| 	M_ASN1_I2D_len(a->pubkey,		i2d_X509_PUBKEY); | ||||
| @@ -152,6 +160,7 @@ X509_REQ_INFO *X509_REQ_INFO_new(void) | ||||
| 	M_ASN1_New(ret->pubkey,X509_PUBKEY_new); | ||||
| 	M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null); | ||||
| 	ret->req_kludge=0; | ||||
| 	ret->asn1 = NULL; | ||||
| 	return(ret); | ||||
| 	M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW); | ||||
| 	} | ||||
| @@ -159,6 +168,7 @@ X509_REQ_INFO *X509_REQ_INFO_new(void) | ||||
| void X509_REQ_INFO_free(X509_REQ_INFO *a) | ||||
| 	{ | ||||
| 	if (a == NULL) return; | ||||
| 	if(a->asn1) OPENSSL_free(a->asn1); | ||||
| 	M_ASN1_INTEGER_free(a->version); | ||||
| 	X509_NAME_free(a->subject); | ||||
| 	X509_PUBKEY_free(a->pubkey); | ||||
| @@ -189,6 +199,17 @@ X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length) | ||||
| 	M_ASN1_D2I_Init(); | ||||
| 	M_ASN1_D2I_start_sequence(); | ||||
| 	M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO); | ||||
|  | ||||
| 	/* Keep a copy of the original encoding for signature checking */ | ||||
| 	ret->req_info->length = c.p - c.q; | ||||
| 	if(!(ret->req_info->asn1 = OPENSSL_malloc(ret->req_info->length))) { | ||||
| 		c.line=__LINE__; | ||||
| 		c.error = ERR_R_MALLOC_FAILURE; | ||||
| 		goto err; | ||||
| 	} | ||||
|  | ||||
| 	memcpy(ret->req_info->asn1, c.q, ret->req_info->length); | ||||
|  | ||||
| 	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); | ||||
| 	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); | ||||
| 	M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ); | ||||
|   | ||||
| @@ -109,6 +109,8 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, | ||||
| 		PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, | ||||
| 				V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); | ||||
| 		/* Add SMIMECapabilities */ | ||||
| 		if(!(flags & PKCS7_NOSMIMECAP)) | ||||
| 		{ | ||||
| 		if(!(smcap = sk_X509_ALGOR_new(NULL))) { | ||||
| 			PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); | ||||
| 			return NULL; | ||||
| @@ -129,6 +131,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, | ||||
| 		PKCS7_add_attrib_smimecap (si, smcap); | ||||
| 		sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); | ||||
|  | ||||
|   | ||||
| @@ -256,6 +256,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7) | ||||
| #define PKCS7_DETACHED		0x40 | ||||
| #define PKCS7_BINARY		0x80 | ||||
| #define PKCS7_NOATTR		0x100 | ||||
| #define	PKCS7_NOSMIMECAP	0x200 | ||||
|  | ||||
| /* Flags: for compatibility with older code */ | ||||
|  | ||||
|   | ||||
| @@ -213,6 +213,8 @@ DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) | ||||
|  | ||||
| typedef struct X509_req_info_st | ||||
| 	{ | ||||
| 	unsigned char *asn1; | ||||
| 	int length; | ||||
| 	ASN1_INTEGER *version; | ||||
| 	X509_NAME *subject; | ||||
| 	X509_PUBKEY *pubkey; | ||||
|   | ||||
| @@ -1846,8 +1846,6 @@ int ssl_init_wbio_buffer(SSL *s,int push) | ||||
|  | ||||
| void ssl_free_wbio_buffer(SSL *s) | ||||
| 	{ | ||||
| 	BIO *under; | ||||
|  | ||||
| 	if (s->bbio == NULL) return; | ||||
|  | ||||
| 	if (s->bbio == s->wbio) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Dr. Stephen Henson
					Dr. Stephen Henson