oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

When we are not using pkcs7-data, avoid seing signedAttributes since

Browse Source 
some clients get upset by that (pkcs7 based or just plain broken).


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20926 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-06-05 17:21:58 +00:00
parent 7e3fbc9232
commit dbb87065cd
1 changed files with 34 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
lib/hx509/cms.c
View File

@@ -946,7 +946,7 @@ hx509_cms_create_signed_1(hx509_context context,
AlgorithmIdentifier digest; AlgorithmIdentifier digest;
hx509_name name; hx509_name name;
SignerInfo *signer_info; SignerInfo *signer_info;
heim_octet_string buf, content; heim_octet_string buf, content, sigdata;
SignedData sd; SignedData sd;
int ret; int ret;
size_t size; size_t size;
@@ -1023,14 +1023,6 @@ hx509_cms_create_signed_1(hx509_context context,
signer_info->signedAttrs = NULL; signer_info->signedAttrs = NULL;
signer_info->unsignedAttrs = NULL; signer_info->unsignedAttrs = NULL;
ALLOC(signer_info->signedAttrs, 1);
if (signer_info->signedAttrs == NULL) {
ret = ENOMEM;
goto out;
}
{
heim_octet_string sig;
ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm); ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm);
if (ret) { if (ret) {
@@ -1038,6 +1030,20 @@ hx509_cms_create_signed_1(hx509_context context,
goto out; goto out;
} }
/*
* If its not pkcs7-data send signedAttributes
*/
if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) {
CMSAttributes sa;
heim_octet_string sig;
ALLOC(signer_info->signedAttrs, 1);
if (signer_info->signedAttrs == NULL) {
ret = ENOMEM;
goto out;
}
ret = _hx509_create_signature(context, ret = _hx509_create_signature(context,
NULL, NULL,
&digest, &digest,
@@ -1072,9 +1078,6 @@ hx509_cms_create_signed_1(hx509_context context,
goto out; goto out;
} }
}
if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) {
ASN1_MALLOC_ENCODE(ContentType, ASN1_MALLOC_ENCODE(ContentType,
buf.data, buf.data,
@@ -1095,19 +1098,13 @@ hx509_cms_create_signed_1(hx509_context context,
hx509_clear_error_string(context); hx509_clear_error_string(context);
goto out; goto out;
} }
}
{
CMSAttributes sa;
heim_octet_string os;
sa.val = signer_info->signedAttrs->val; sa.val = signer_info->signedAttrs->val;
sa.len = signer_info->signedAttrs->len; sa.len = signer_info->signedAttrs->len;
ASN1_MALLOC_ENCODE(CMSAttributes, ASN1_MALLOC_ENCODE(CMSAttributes,
os.data, sigdata.data,
os.length, sigdata.length,
&sa, &sa,
&size, &size,
ret); ret);
@@ -1115,22 +1112,26 @@ hx509_cms_create_signed_1(hx509_context context,
hx509_clear_error_string(context); hx509_clear_error_string(context);
goto out; goto out;
} }
if (size != os.length) if (size != sigdata.length)
_hx509_abort("internal ASN.1 encoder error"); _hx509_abort("internal ASN.1 encoder error");
} else {
sigdata.data = content.data;
sigdata.length = content.length;
}
ret = _hx509_create_signature(context, ret = _hx509_create_signature(context,
_hx509_cert_private_key(cert), _hx509_cert_private_key(cert),
_hx509_crypto_default_sig_alg, _hx509_crypto_default_sig_alg,
&os, &sigdata,
&signer_info->signatureAlgorithm, &signer_info->signatureAlgorithm,
&signer_info->signature); &signer_info->signature);
if (sigdata.data != content.data)
der_free_octet_string(&os); der_free_octet_string(&sigdata);
if (ret) { if (ret) {
hx509_clear_error_string(context); hx509_clear_error_string(context);
goto out; goto out;
} }
}
ALLOC_SEQ(&sd.digestAlgorithms, 1); ALLOC_SEQ(&sd.digestAlgorithms, 1);
if (sd.digestAlgorithms.val == NULL) { if (sd.digestAlgorithms.val == NULL) {