From dbb87065cdd44be35002f7779ae5b2848575b156 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Tue, 5 Jun 2007 17:21:58 +0000 Subject: [PATCH] When we are not using pkcs7-data, avoid seing signedAttributes since some clients get upset by that (pkcs7 based or just plain broken). git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20926 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/cms.c | 67 +++++++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c index ea84c3a50..96dee7177 100644 --- a/lib/hx509/cms.c +++ b/lib/hx509/cms.c @@ -946,7 +946,7 @@ hx509_cms_create_signed_1(hx509_context context, AlgorithmIdentifier digest; hx509_name name; SignerInfo *signer_info; - heim_octet_string buf, content; + heim_octet_string buf, content, sigdata; SignedData sd; int ret; size_t size; @@ -1023,18 +1023,24 @@ hx509_cms_create_signed_1(hx509_context context, signer_info->signedAttrs = NULL; signer_info->unsignedAttrs = NULL; - ALLOC(signer_info->signedAttrs, 1); - if (signer_info->signedAttrs == NULL) { - ret = ENOMEM; + + ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm); + if (ret) { + hx509_clear_error_string(context); goto out; } - { + /* + * If its not pkcs7-data send signedAttributes + */ + + if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) { + CMSAttributes sa; heim_octet_string sig; - ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm); - if (ret) { - hx509_clear_error_string(context); + ALLOC(signer_info->signedAttrs, 1); + if (signer_info->signedAttrs == NULL) { + ret = ENOMEM; goto out; } @@ -1072,9 +1078,6 @@ hx509_cms_create_signed_1(hx509_context context, goto out; } - } - - if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) { ASN1_MALLOC_ENCODE(ContentType, buf.data, @@ -1095,19 +1098,13 @@ hx509_cms_create_signed_1(hx509_context context, hx509_clear_error_string(context); goto out; } - } - - { - CMSAttributes sa; - heim_octet_string os; - sa.val = signer_info->signedAttrs->val; sa.len = signer_info->signedAttrs->len; ASN1_MALLOC_ENCODE(CMSAttributes, - os.data, - os.length, + sigdata.data, + sigdata.length, &sa, &size, ret); @@ -1115,21 +1112,25 @@ hx509_cms_create_signed_1(hx509_context context, hx509_clear_error_string(context); goto out; } - if (size != os.length) + if (size != sigdata.length) _hx509_abort("internal ASN.1 encoder error"); - - ret = _hx509_create_signature(context, - _hx509_cert_private_key(cert), - _hx509_crypto_default_sig_alg, - &os, - &signer_info->signatureAlgorithm, - &signer_info->signature); - - der_free_octet_string(&os); - if (ret) { - hx509_clear_error_string(context); - goto out; - } + } else { + sigdata.data = content.data; + sigdata.length = content.length; + } + + + ret = _hx509_create_signature(context, + _hx509_cert_private_key(cert), + _hx509_crypto_default_sig_alg, + &sigdata, + &signer_info->signatureAlgorithm, + &signer_info->signature); + if (sigdata.data != content.data) + der_free_octet_string(&sigdata); + if (ret) { + hx509_clear_error_string(context); + goto out; } ALLOC_SEQ(&sd.digestAlgorithms, 1);