Fix PKCS7_ENC_CONTENT_new() to include a sensible default content type and add

support for encrypted content type in PKCS7_set_content().

Fix PKCS7_ENC_CONTENT_new() to include a sensible default content type and add
support for encrypted content type in PKCS7_set_content().
c6c34506 · Dr. Stephen Henson · 2cfa6921 · c6c34506 · c6c34506 · c6c34506
7 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

+  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+     NID_pkcs7_encrypted by default: this was wrong since this should almost
+     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+     the encrypted data type: this is a more sensible place to put it and it
+     allows the PKCS#12 code to be tidied up that duplicated this
+     functionality.
+     [Steve Henson]
+
  *) Changed obj_dat.pl script so it takes its input and output files on
     the command line. This should avoid shell escape redirection problems
     under Win32.

--- a/crypto/asn1/p7_enc_c.c
+++ b/crypto/asn1/p7_enc_c.c
@@ -101,7 +101,8 @@ PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void)

 	M_ASN1_New_Malloc(ret,PKCS7_ENC_CONTENT);
 	/* M_ASN1_New(ret->content_type,ASN1_OBJECT_new); */
-	ret->content_type=OBJ_nid2obj(NID_pkcs7_encrypted);
+	/* We will almost always want this: so make it the default */
+	ret->content_type=OBJ_nid2obj(NID_pkcs7_data);
 	M_ASN1_New(ret->algorithm,X509_ALGOR_new);
 	ret->enc_data=NULL;
 	return(ret);

--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -157,13 +157,11 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	p7->type = OBJ_nid2obj(NID_pkcs7_encrypted);
-	if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+	if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+				PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
 		return NULL;
 	}
-	ASN1_INTEGER_set (p7->d.encrypted->version, 0);
-	p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
 	if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
 		return NULL;

--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -99,6 +99,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[]=
 {PKCS12_R_DECODE_ERROR                   ,"decode error"},
 {PKCS12_R_ENCODE_ERROR                   ,"encode error"},
 {PKCS12_R_ENCRYPT_ERROR                  ,"encrypt error"},
+{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
 {PKCS12_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
 {PKCS12_R_INVALID_NULL_PKCS12_POINTER    ,"invalid null pkcs12 pointer"},
 {PKCS12_R_IV_GEN_ERROR                   ,"iv gen error"},

--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -313,6 +313,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
 #define PKCS12_R_DECODE_ERROR				 101
 #define PKCS12_R_ENCODE_ERROR				 102
 #define PKCS12_R_ENCRYPT_ERROR				 103
+#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE	 120
 #define PKCS12_R_INVALID_NULL_ARGUMENT			 104
 #define PKCS12_R_INVALID_NULL_PKCS12_POINTER		 105
 #define PKCS12_R_IV_GEN_ERROR				 106

--- a/crypto/pkcs7/dec.c
+++ b/crypto/pkcs7/dec.c
@@ -149,7 +149,7 @@ char *argv[];
 	/* We need to process the data */
 	/* We cannot support detached encryption */
 	p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
-	
+
 	if (p7bio == NULL)
 		{
 		printf("problems decoding\n");

--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -165,9 +165,6 @@ int PKCS7_set_type(PKCS7 *p7, int type)
 		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
-/*		p7->d.signed_and_enveloped->enc_data->content_type=
-			OBJ_nid2obj(NID_pkcs7_encrypted);*/
-			
 		break;
 	case NID_pkcs7_enveloped:
 		p7->type=obj;
@@ -175,8 +172,14 @@ int PKCS7_set_type(PKCS7 *p7, int type)
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.enveloped->version,0);
 		break;
-	case NID_pkcs7_digest:
 	case NID_pkcs7_encrypted:
+		p7->type=obj;
+		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
+			== NULL) goto err;
+		ASN1_INTEGER_set(p7->d.encrypted->version,0);
+		break;
+
+	case NID_pkcs7_digest:
 	default:
 		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
 		goto err;