Keep a not of original encoding in certificate requests. (34216c04) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+11 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,17 @@

		Changes between 0.9.5a and 0.9.6 [xx XXX 2000]

		*) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
		excludes S/MIME capabilities.
		[Steve Henson]

		*) When a certificate request is read in keep a copy of the
		original encoding of the signed data and use it when outputing
		again. Signatures then use the original encoding rather than
		a decoded, encoded version which may cause problems if the
		request is improperly encoded.
		[Steve Henson]

		*) For consistency with other BIO_puts implementations, call
		buffer_write(b, ...) directly in buffer_puts instead of calling
		BIO_write(b, ...).

+2 −0

Original line number	Diff line number	Diff line
		@@ -141,6 +141,8 @@ int MAIN(int argc, char **argv)
		flags \|= PKCS7_NOATTR;
		else if (!strcmp (*args, "-nodetach"))
		flags &= ~PKCS7_DETACHED;
		else if (!strcmp (*args, "-nosmimecap"))
		flags \|= PKCS7_NOSMIMECAP;
		else if (!strcmp (*args, "-binary"))
		flags \|= PKCS7_BINARY;
		else if (!strcmp (*args, "-nosigs"))

+21 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,14 @@ int i2d_X509_REQ_INFO(X509_REQ_INFO a, unsigned char *pp)
		{
		M_ASN1_I2D_vars(a);

		if(a->asn1) {
		if(pp) {
		memcpy(*pp, a->asn1, a->length);
		*pp += a->length;
		}
		return a->length;
		}

		M_ASN1_I2D_len(a->version, i2d_ASN1_INTEGER);
		M_ASN1_I2D_len(a->subject, i2d_X509_NAME);
		M_ASN1_I2D_len(a->pubkey, i2d_X509_PUBKEY);
		@@ -152,6 +160,7 @@ X509_REQ_INFO *X509_REQ_INFO_new(void)
		M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
		M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null);
		ret->req_kludge=0;
		ret->asn1 = NULL;
		return(ret);
		M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
		}
		@@ -159,6 +168,7 @@ X509_REQ_INFO *X509_REQ_INFO_new(void)
		void X509_REQ_INFO_free(X509_REQ_INFO *a)
		{
		if (a == NULL) return;
		if(a->asn1) OPENSSL_free(a->asn1);
		M_ASN1_INTEGER_free(a->version);
		X509_NAME_free(a->subject);
		X509_PUBKEY_free(a->pubkey);
		@@ -189,6 +199,17 @@ X509_REQ d2i_X509_REQ(X509_REQ a, unsigned char *pp, long length)
		M_ASN1_D2I_Init();
		M_ASN1_D2I_start_sequence();
		M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);

		/* Keep a copy of the original encoding for signature checking */
		ret->req_info->length = c.p - c.q;
		if(!(ret->req_info->asn1 = OPENSSL_malloc(ret->req_info->length))) {
		c.line=__LINE__;
		c.error = ERR_R_MALLOC_FAILURE;
		goto err;
		}

		memcpy(ret->req_info->asn1, c.q, ret->req_info->length);

		M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
		M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
		M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);

+3 −0

Original line number	Diff line number	Diff line
		@@ -109,6 +109,8 @@ PKCS7 PKCS7_sign(X509 signcert, EVP_PKEY pkey, STACK_OF(X509) certs,
		PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
		V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
		/* Add SMIMECapabilities */
		if(!(flags & PKCS7_NOSMIMECAP))
		{
		if(!(smcap = sk_X509_ALGOR_new(NULL))) {
		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
		return NULL;
		@@ -129,6 +131,7 @@ PKCS7 PKCS7_sign(X509 signcert, EVP_PKEY pkey, STACK_OF(X509) certs,
		PKCS7_add_attrib_smimecap (si, smcap);
		sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
		}
		}

		if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);

+10 −9

Original line number	Diff line number	Diff line
		@@ -256,6 +256,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
		#define PKCS7_DETACHED 0x40
		#define PKCS7_BINARY 0x80
		#define PKCS7_NOATTR 0x100
		#define PKCS7_NOSMIMECAP 0x200

		/* Flags: for compatibility with older code */