add flags to hx509_cms_verify_signed

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24192 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-12-15 04:30:52 +00:00
parent ff17f1e5a1
commit ba69102e6b
3 changed files with 10 additions and 7 deletions
--- a/lib/hx509/Makefile.am
+++ b/lib/hx509/Makefile.am
@@ -4,7 +4,7 @@ include $(top_srcdir)/Makefile.am.common

 lib_LTLIBRARIES = libhx509.la
 noinst_LTLIBRARIES = libnhx509.la
-libhx509_la_LDFLAGS = -version-info 4:0:0
+libhx509_la_LDFLAGS = -version-info 5:0:0

 BUILT_SOURCES =				\
 	sel-gram.h			\
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -738,12 +738,13 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid)
 * Decode SignedData and verify that the signature is correct.
 *
 * @param context A hx509 context.
- * @param ctx a hx509 version context
- * @param data pointer to CMS SignedData encoded data
+ * @param ctx a hx509 verify context.
+ * @param flags to control the behaivor of the function.
+ * @param data pointer to CMS SignedData encoded data.
 * @param length length of the data that data point to.
- * @param signedContent external data used for signature
+ * @param signedContent external data used for signature.
 * @param pool certificate pool to build certificates paths.
- * @param contentType free with der_free_oid()
+ * @param contentType free with der_free_oid().
 * @param content the output of the function, free with
 * der_free_octet_string().
 * @param signer_certs list of the cerficates used to sign this
@@ -755,6 +756,7 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid)
 int
 hx509_cms_verify_signed(hx509_context context,
 			hx509_verify_ctx ctx,
+			unsigned int flags,
 			const void *data,
 			size_t length,
 			const heim_octet_string *signedContent,
@@ -949,7 +951,8 @@ hx509_cms_verify_signed(hx509_context context,
 	    match_oid = oid_id_pkcs7_data();
 	}

-	if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType)) {
+	if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType) &&
+	    (flags & HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH) == 0) {
 	    ret = HX509_CMS_DATA_OID_MISMATCH;
 	    hx509_set_error_string(context, 0, ret,
 				   "Oid in message mismatch from the expected");
--- a/lib/hx509/version-script.map
+++ b/lib/hx509/version-script.map
@@ -1,6 +1,6 @@
 # $Id$

-HEIMDAL_X509_1.1 {
+HEIMDAL_X509_1.2 {
 	global:
 		initialize_hx_error_table_r;
 		hx509_bitstring_print;