cms->d.signedData->version = 1;
cms->d.signedData->encapContentInfo->eContentType =
OBJ_nid2obj(NID_pkcs7_data);
+ cms->d.signedData->encapContentInfo->partial = 1;
ASN1_OBJECT_free(cms->contentType);
cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
return cms->d.signedData;
break;
case CMS_SIGNERINFO_KEYIDENTIFIER:
+ if (!cert->skid)
+ {
+ CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
+ CMS_R_CERTIFICATE_HAS_NO_KEYID);
+ return 0;
+ }
sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
if (!sid->d.subjectKeyIdentifier)
goto merr;
if (!(flags & CMS_NOATTR))
{
- /* Copy content type across */
- ASN1_OBJECT *ctype =
- OBJ_dup(sd->encapContentInfo->eContentType);
- if (!ctype)
- goto merr;
- i = CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
- V_ASN1_OBJECT, ctype, -1);
- ASN1_OBJECT_free(ctype);
- if (i <= 0)
- goto merr;
+ /* Initialialize signed attributes strutucture so other
+ * attributes such as signing time etc are added later
+ * even if we add none here.
+ */
+ if (!si->signedAttrs)
+ {
+ si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
+ if (!si->signedAttrs)
+ goto merr;
+ }
+
if (!(flags & CMS_NOSMIMECAP))
{
STACK_OF(X509_ALGOR) *smcap = NULL;
*psig = si->signatureAlgorithm;
}
-static int cms_SignerInfo_content_sign(CMS_SignerInfo *si, BIO *chain)
+static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+ CMS_SignerInfo *si, BIO *chain)
{
EVP_MD_CTX mctx;
int r = 0;
if (CMS_signed_get_attr_count(si) >= 0)
{
+ ASN1_OBJECT *ctype =
+ cms->d.signedData->encapContentInfo->eContentType;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
- EVP_DigestFinal_ex(&mctx, md, &mdlen);
+ if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
+ goto err;
if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING,
md, mdlen))
goto err;
+ /* Copy content type across */
+ if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+ V_ASN1_OBJECT, ctype, -1) <= 0)
+ goto err;
if (!CMS_SignerInfo_sign(si))
goto err;
}
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
{
si = sk_CMS_SignerInfo_value(sinfos, i);
- if (!cms_SignerInfo_content_sign(si, chain))
+ if (!cms_SignerInfo_content_sign(cms, si, chain))
return 0;
}
+ cms->d.signedData->encapContentInfo->partial = 0;
return 1;
}
}
r = EVP_DigestVerifyFinal(&mctx,
si->signature->data, si->signature->length);
- if (!r)
+ if (r <= 0)
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
err:
EVP_MD_CTX_cleanup(&mctx);
sd = cms_get0_signed(cms);
if (!sd)
return NULL;
- cms_sd_set_version(sd);
+ if (cms->d.signedData->encapContentInfo->partial)
+ cms_sd_set_version(sd);
for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
{
X509_ALGOR *digestAlgorithm;