Commit 054307e7 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Allow alternate eContentType oids to be set in cms utility. 

Add id-ct-asciiTextWithCRLF OID.

Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.
parent 8cd358be

apps/cms.c

+18 −0
Original line number Diff line number Diff line
@@ -125,6 +125,8 @@ int MAIN(int argc, char **argv) 
	unsigned char *secret_key = NULL, *secret_keyid = NULL;

	size_t secret_keylen = 0, secret_keyidlen = 0;



	ASN1_OBJECT *econtent_type = NULL;



	X509_VERIFY_PARAM *vpm = NULL;



	args = argv + 1;
@@ -268,6 +270,18 @@ int MAIN(int argc, char **argv) 
				}

			secret_keyidlen = (size_t)ltmp;

			}

		else if (!strcmp(*args,"-econtent_type"))

			{

			if (!args[1])

				goto argerr;

			args++;

			econtent_type = OBJ_txt2obj(*args, 0);

			if (!econtent_type)

				{

				BIO_printf(bio_err, "Invalid OID %s\n", *args);

				goto argerr;

				}

			}

		else if (!strcmp(*args,"-rand"))

			{

			if (!args[1])
@@ -797,6 +811,8 @@ int MAIN(int argc, char **argv) 
				}

			flags |= CMS_PARTIAL;

			cms = CMS_sign(NULL, NULL, other, in, flags);

			if (econtent_type)

				CMS_set1_eContentType(cms, econtent_type);

			if (!cms)

				goto end;

			}
@@ -965,6 +981,8 @@ end: 
		OPENSSL_free(secret_key);

	if (secret_keyid)

		OPENSSL_free(secret_keyid);

	if (econtent_type)

		ASN1_OBJECT_free(econtent_type);

	X509_STORE_free(store);

	X509_free(cert);

	X509_free(recip);

crypto/cms/cms.h

+1 −0
Original line number Diff line number Diff line
@@ -352,6 +352,7 @@ void ERR_load_CMS_strings(void); 


/* Reason codes. */

#define CMS_R_ADD_SIGNER_ERROR				 99

#define CMS_R_CERTIFICATE_HAS_NO_KEYID			 160

#define CMS_R_CERTIFICATE_VERIFY_ERROR			 100

#define CMS_R_CIPHER_INITIALISATION_ERROR		 101

#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR	 102

crypto/cms/cms_err.c

+1 −0
Original line number Diff line number Diff line
@@ -135,6 +135,7 @@ static ERR_STRING_DATA CMS_str_functs[]= 
static ERR_STRING_DATA CMS_str_reasons[]=

	{

{ERR_REASON(CMS_R_ADD_SIGNER_ERROR)      ,"add signer error"},

{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},

{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},

{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},

{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},

crypto/cms/cms_sd.c

+6 −0
Original line number Diff line number Diff line
@@ -226,6 +226,12 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) 
		break;



		case CMS_SIGNERINFO_KEYIDENTIFIER:

		if (!cert->skid)

			{

			CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,

					CMS_R_CERTIFICATE_HAS_NO_KEYID);

			return 0;

			}

		sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);

		if (!sid->d.subjectKeyIdentifier)

			goto merr;

crypto/objects/obj_dat.h

+11 −5
Original line number Diff line number Diff line
@@ -62,12 +62,12 @@ 
 * [including the GNU Public Licence.]

 */



#define NUM_NID 855

#define NUM_SN 848

#define NUM_LN 848

#define NUM_OBJ 802

#define NUM_NID 856

#define NUM_SN 849

#define NUM_LN 849

#define NUM_OBJ 803



static const unsigned char lvalues[5691]={

static const unsigned char lvalues[5702]={

0x00,                                        /* [  0] OBJ_undef */

0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */

0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -870,6 +870,7 @@ static const unsigned char lvalues[5691]={ 
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5663] OBJ_id_aes128_wrap */

0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5672] OBJ_id_aes192_wrap */

0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5681] OBJ_id_aes256_wrap */

0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5690] OBJ_id_ct_asciiTextWithCRLF */

};



static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2250,6 +2251,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ 
	&(lvalues[5672]),0},

{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9,

	&(lvalues[5681]),0},

{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF",

	NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5690]),0},

};



static const unsigned int sn_objs[NUM_SN]={
@@ -2636,6 +2639,7 @@ static const unsigned int sn_objs[NUM_SN]={ 
332,	/* "id-cmc-senderNonce" */

327,	/* "id-cmc-statusInfo" */

331,	/* "id-cmc-transactionId" */

855,	/* "id-ct-asciiTextWithCRLF" */

408,	/* "id-ecPublicKey" */

508,	/* "id-hex-multipart-message" */

507,	/* "id-hex-partial-message" */
@@ -3482,6 +3486,7 @@ static const unsigned int ln_objs[NUM_LN]={ 
332,	/* "id-cmc-senderNonce" */

327,	/* "id-cmc-statusInfo" */

331,	/* "id-cmc-transactionId" */

855,	/* "id-ct-asciiTextWithCRLF" */

408,	/* "id-ecPublicKey" */

508,	/* "id-hex-multipart-message" */

507,	/* "id-hex-partial-message" */
@@ -4704,6 +4709,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 
210,	/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */

211,	/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */

851,	/* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */

855,	/* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */

212,	/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */

213,	/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */

214,	/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */