Various PKCS#7 related fixes,tidies and comments.

STATUS

 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/05/10 23:56:11 $
+  ______________                           $Date: 1999/05/11 00:52:39 $
 
   DEVELOPMENT STATE
 
@@ -37,9 +37,9 @@
     o Steve is currently working on (in no particular order):
         Proper (or at least usable) certificate chain verification.
         Documentation on X509 V3 extension code.
-        PKCS#12 code cleanup and enhancement.
 	PKCS #8 and PKCS#5 v2.0 support.
 	Private key, certificate and CRL API and implementation.
+	Checking and bugfixing PKCS#7 (S/MIME code).
 
     o Mark is currently working on:
         Folding in any changes that are in the C2Net code base that were

crypto/objects/obj_dat.h

@@ -61,12 +61,12 @@
  * perl obj_dat.pl < objects.h > obj_dat.h
  */
 
-#define NUM_NID 167
-#define NUM_SN 118
-#define NUM_LN 163
-#define NUM_OBJ 138
+#define NUM_NID 168
+#define NUM_SN 119
+#define NUM_LN 164
+#define NUM_OBJ 139
 
-static unsigned char lvalues[956]={
+static unsigned char lvalues[957]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -205,6 +205,7 @@ static unsigned char lvalues[956]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [931] OBJ_hmacWithSHA1 */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [939] OBJ_id_qt_cps */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [947] OBJ_id_qt_unotice */
+0x0F,                                        /* [955] OBJ_SMIMECapabilities */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -440,6 +441,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
 	&(lvalues[947]),0},
 {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
+{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,1,
+	&(lvalues[955]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -515,6 +518,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[100]),/* "S" */
 &(nid_objs[41]),/* "SHA" */
 &(nid_objs[64]),/* "SHA1" */
+&(nid_objs[167]),/* "SMIME-CAPS" */
 &(nid_objs[105]),/* "SN" */
 &(nid_objs[16]),/* "ST" */
 &(nid_objs[143]),/* "SXNetID" */
@@ -590,6 +594,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[162]),/* "PBMAC1" */
 &(nid_objs[164]),/* "Policy Qualifier CPS" */
 &(nid_objs[165]),/* "Policy Qualifier User Notice" */
+&(nid_objs[167]),/* "S/MIME Capabilities" */
 &(nid_objs[143]),/* "Strong Extranet ID" */
 &(nid_objs[130]),/* "TLS Web Client Authentication" */
 &(nid_objs[129]),/* "TLS Web Server Authentication" */
@@ -731,6 +736,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 
 static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 0]),/* OBJ_undef                        0 */
+&(nid_objs[167]),/* OBJ_SMIMECapabilities             15 */
 &(nid_objs[11]),/* OBJ_X500                         2 5 */
 &(nid_objs[12]),/* OBJ_X509                         2 5 4 */
 &(nid_objs[81]),/* OBJ_ld_ce                        2 5 29 */

crypto/objects/objects.h

@@ -870,6 +870,11 @@ extern "C" {
 #define LN_rc2_64_cbc			"rc2-64-cbc"
 #define NID_rc2_64_cbc			166
 
+#define SN_SMIMECapabilities		"SMIME-CAPS"
+#define LN_SMIMECapabilities		"S/MIME Capabilities"
+#define NID_SMIMECapabilities		167
+#define OBJ_SMIMECapabilities		OBJ_id_pkcs9,15L
+
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
 

crypto/pkcs7/pk7_doit.c

@@ -65,7 +65,6 @@
 static int add_attribute(STACK **sk, int nid, int atrtype, void *value);
 static ASN1_TYPE *get_attribute(STACK *sk, int nid);
 
-#if 1
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 	{
 	int i,j;
@@ -364,6 +363,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio,
 		if (rsk == NULL)
 			return(NULL);
 
+		/* FIXME: this assumes that the passed private key
+		 * corresponds to the first RecipientInfo. This in
+		 * general is not true
+		 */
+
 		ri=(PKCS7_RECIP_INFO *)sk_value(rsk,0);
 #if 0
 		X509_STORE_CTX_init(&s_ctx,xs,NULL,NULL);
@@ -458,7 +462,6 @@ err:
 		Free(tmp);
 	return(out);
 	}
-#endif
 
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 	{
@@ -569,7 +572,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 				EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
 				digest=ASN1_OCTET_STRING_new();
 				ASN1_OCTET_STRING_set(digest,md_data,md_len);
-				PKCS7_add_signed_attribute(si,NID_pkcs9_messageDigest,
+				PKCS7_add_signed_attribute(si,
+					NID_pkcs9_messageDigest,
 					V_ASN1_OCTET_STRING,digest);
 
 				/* Now sign the mess */
@@ -798,7 +802,7 @@ static ASN1_TYPE *get_attribute(STACK *sk, int nid)
 	ASN1_OBJECT *o;
 
 	o=OBJ_nid2obj(nid);
-	if (o == NULL) return(NULL);
+	if (!o || !sk) return(NULL);
 	for (i=0; i<sk_num(sk); i++)
 		{
 		xa=(X509_ATTRIBUTE *)sk_value(sk,i);
@@ -814,27 +818,11 @@ static ASN1_TYPE *get_attribute(STACK *sk, int nid)
 	}
 
 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK *sk)
-	{
-	X509_ATTRIBUTE *attr;
+{
 	ASN1_TYPE *astype;
-	int i;
-	if (!sk || !sk_num(sk)) return NULL;
-	/* Search the attributes for a digest */
-	for (i = 0; i < sk_num(sk); i++)
-		{
-		attr = (X509_ATTRIBUTE *) sk_value(sk, i);
-		if (OBJ_obj2nid(attr->object) == NID_pkcs9_messageDigest)
-			{
-			if (!attr->set) return NULL;
-			if (!attr->value.set
-			    || !sk_ASN1_TYPE_num(attr->value.set) )
-			    return NULL;
-			astype = sk_ASN1_TYPE_value(attr->value.set, 0);
-			return astype->value.octet_string;
-			}
-		}
-	return NULL;
-	}
+	if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
+	return astype->value.octet_string;
+}
 
 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk)
 	{

crypto/pkcs7/pk7_lib.c

@@ -310,6 +310,12 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
 	else	
 		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
 
+	if (p7i->digest_alg->parameter != NULL)
+		ASN1_TYPE_free(p7i->digest_alg->parameter);
+	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+		goto err;
+	p7i->digest_alg->parameter->type=V_ASN1_NULL;
+
 	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
 
 	if (p7i->digest_enc_alg->parameter != NULL)

crypto/pkcs7/sign.c

@@ -108,13 +108,9 @@ again:
 	si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
 	if (si == NULL) goto err;
 
-	/* Add some extra attributes */
-	if (!add_signed_time(si)) goto err;
-#if 0
-	/* Since these are made up attributes lets leave them out */
-	if (!add_signed_string(si,"SIGNED STRING")) goto err;
-	if (!add_signed_seq2string(si,"STRING1","STRING2")) goto err;
-#endif
+	/* If you do this then you get signing time automatically added */
+	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
+						OBJ_nid2obj(NID_pkcs7_data));
 
 	/* we may want to add more */
 	PKCS7_add_certificate(p7,x509);

util/libeay.num

@@ -1619,3 +1619,8 @@ sk_X509_EXTENSION_shift                 1643
 sk_X509_EXTENSION_push                  1644
 sk_X509_NAME_ENTRY_find                 1645
 X509V3_EXT_i2d                          1646
+X509V3_EXT_val_prn                      1647
+X509V3_EXT_add_list                     1648
+EVP_CIPHER_type                         1649
+EVP_PBE_CipherInit                      1650
+X509V3_add_value_bool_nf                1651