Various PKCS#7 fixes to properly (maybe!) handle PKCS#7 enveloped data.

Containts elements of code by Sebastian Akerman <sak@parallelconsulting.com> and made a bit less "naughty" by Steve.
1999-05-10 00:47:42 +00:00 · 1999-05-10 00:47:42 +00:00 · 884e8ec615
commit 884e8ec615
parent 9d5cceac6f
9 changed files with 57 additions and 22 deletions
--- a/4
+++ b/4
@ -5,6 +5,10 @@

 Changes between 0.9.2b and 0.9.3

+  *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+     handle PKCS#7 enveloped data properly.
+     [Sebastian Akerman <sak@parallelconsulting.com>, modified by Steve]
+
  *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
     copying pointers.  The cert_st handling is changed by this in
     various ways (and thus what used to be known as ctx->default_cert
--- a/4
+++ b/4
@ -1,11 +1,11 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/04/29 21:56:13 $
+  ______________                           $Date: 1999/05/10 00:47:37 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.3:  Under development...
-                       Proposed freeze  date: Mon May  8th, 1999
+                       Proposed freeze  date: Mon May 10th, 1999
                       Proposed release date: Mon May 17th, 1999
    o  OpenSSL 0.9.2b: Released on March    22th, 1999
    o  OpenSSL 0.9.1c: Released on December 23th, 1998
--- a/crypto/evp/e_cbc_r2.c
+++ b/crypto/evp/e_cbc_r2.c
@ -155,9 +155,9 @@ static int rc2_meth_to_magic(const EVP_CIPHER *e)
 	int i;

 	i=EVP_CIPHER_key_length(e);
-	if 	(i == 128) return(RC2_128_MAGIC);
-	else if (i == 64)  return(RC2_64_MAGIC);
-	else if (i == 40)  return(RC2_40_MAGIC);
+	if 	(i == 16) return(RC2_128_MAGIC);
+	else if (i == 8)  return(RC2_64_MAGIC);
+	else if (i == 5)  return(RC2_40_MAGIC);
 	else return(0);
 	}

--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@ -433,6 +433,7 @@ typedef int (EVP_PBE_KEYGEN)(const char *pass, int passlen,
 #define EVP_CIPHER_CTX_iv_length(e)	((e)->cipher->iv_len)
 #define EVP_CIPHER_CTX_get_app_data(e)	((e)->app_data)
 #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))

 #define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
 #define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)
@ -623,6 +624,8 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
 int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b);

+int EVP_CIPHER_type(EVP_CIPHER *ctx);
+
 /* calls methods */
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@ -110,3 +110,29 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 		}
 	return(i);
 	}
+
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int EVP_CIPHER_type(EVP_CIPHER *ctx)
+{
+	int nid;
+	nid = EVP_CIPHER_nid(ctx);
+
+	switch(nid) {
+
+		case NID_rc2_cbc:
+		case NID_rc2_64_cbc:
+		case NID_rc2_40_cbc:
+
+		return NID_rc2_cbc;
+
+		case NID_rc4:
+		case NID_rc4_40:
+
+		return NID_rc4;
+
+		default:
+
+		return nid;
+	}
+}
+
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@ -61,9 +61,9 @@
 * perl obj_dat.pl < objects.h > obj_dat.h
 */

-#define NUM_NID 166
-#define NUM_SN 117
-#define NUM_LN 162
+#define NUM_NID 167
+#define NUM_SN 118
+#define NUM_LN 163
 #define NUM_OBJ 138

 static unsigned char lvalues[956]={
@ -439,6 +439,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[939]),0},
 {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
 	&(lvalues[947]),0},
+{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
 };

 static ASN1_OBJECT *sn_objs[NUM_SN]={
@ -489,6 +490,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[18]),/* "OU" */
 &(nid_objs[127]),/* "PKIX" */
 &(nid_objs[98]),/* "RC2-40-CBC" */
+&(nid_objs[166]),/* "RC2-64-CBC" */
 &(nid_objs[37]),/* "RC2-CBC" */
 &(nid_objs[39]),/* "RC2-CFB" */
 &(nid_objs[38]),/* "RC2-ECB" */
@ -688,6 +690,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
 &(nid_objs[47]),/* "pkcs9" */
 &(nid_objs[98]),/* "rc2-40-cbc" */
+&(nid_objs[166]),/* "rc2-64-cbc" */
 &(nid_objs[37]),/* "rc2-cbc" */
 &(nid_objs[39]),/* "rc2-cfb" */
 &(nid_objs[38]),/* "rc2-ecb" */
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@ -866,6 +866,10 @@ extern "C" {
 #define NID_id_qt_unotice	165
 #define OBJ_id_qt_unotice	OBJ_id_pkix,2L,2L

+#define SN_rc2_64_cbc			"RC2-64-CBC"
+#define LN_rc2_64_cbc			"rc2-64-cbc"
+#define NID_rc2_64_cbc			166
+
 #include <openssl/bio.h>
 #include <openssl/asn1.h>

--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@ -156,19 +156,14 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 		keylen=EVP_CIPHER_key_length(evp_cipher);
 		ivlen=EVP_CIPHER_iv_length(evp_cipher);

-		if (ivlen > 0)
-			{
-			ASN1_OCTET_STRING *os;
-
-			RAND_bytes(iv,ivlen);
-			os=ASN1_OCTET_STRING_new();
-			ASN1_OCTET_STRING_set(os,iv,ivlen);
-/* XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX this needs to change */
-			if (xalg->parameter == NULL)
-				xalg->parameter=ASN1_TYPE_new();
-			ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
-				(char *)os);
-			}
+		if (ivlen > 0) {
+			EVP_CIPHER_CTX *ctx;
+			BIO_get_cipher_ctx(btmp, &ctx);
+			if (xalg->parameter == NULL) 
+						xalg->parameter=ASN1_TYPE_new();
+			if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+								       goto err;
+		}
 		RAND_bytes(key,keylen);

 		/* Lets do the pub key stuff :-) */
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@ -435,7 +435,7 @@ int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher)
 		return(0);
 		}

-	ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher));
+	ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_type(cipher));
 	return(ec->algorithm->algorithm != NULL);
 	}