OpenSSL STATUS Last modified at
- ______________ $Date: 1999/05/10 23:56:11 $
+ ______________ $Date: 1999/05/11 00:52:39 $
DEVELOPMENT STATE
o Steve is currently working on (in no particular order):
Proper (or at least usable) certificate chain verification.
Documentation on X509 V3 extension code.
- PKCS#12 code cleanup and enhancement.
PKCS #8 and PKCS#5 v2.0 support.
Private key, certificate and CRL API and implementation.
+ Checking and bugfixing PKCS#7 (S/MIME code).
o Mark is currently working on:
Folding in any changes that are in the C2Net code base that were
* perl obj_dat.pl < objects.h > obj_dat.h
*/
-#define NUM_NID 167
-#define NUM_SN 118
-#define NUM_LN 163
-#define NUM_OBJ 138
+#define NUM_NID 168
+#define NUM_SN 119
+#define NUM_LN 164
+#define NUM_OBJ 139
-static unsigned char lvalues[956]={
+static unsigned char lvalues[957]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [931] OBJ_hmacWithSHA1 */
0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [939] OBJ_id_qt_cps */
0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [947] OBJ_id_qt_unotice */
+0x0F, /* [955] OBJ_SMIMECapabilities */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
&(lvalues[947]),0},
{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
+{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,1,
+ &(lvalues[955]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[100]),/* "S" */
&(nid_objs[41]),/* "SHA" */
&(nid_objs[64]),/* "SHA1" */
+&(nid_objs[167]),/* "SMIME-CAPS" */
&(nid_objs[105]),/* "SN" */
&(nid_objs[16]),/* "ST" */
&(nid_objs[143]),/* "SXNetID" */
&(nid_objs[162]),/* "PBMAC1" */
&(nid_objs[164]),/* "Policy Qualifier CPS" */
&(nid_objs[165]),/* "Policy Qualifier User Notice" */
+&(nid_objs[167]),/* "S/MIME Capabilities" */
&(nid_objs[143]),/* "Strong Extranet ID" */
&(nid_objs[130]),/* "TLS Web Client Authentication" */
&(nid_objs[129]),/* "TLS Web Server Authentication" */
static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[ 0]),/* OBJ_undef 0 */
+&(nid_objs[167]),/* OBJ_SMIMECapabilities 15 */
&(nid_objs[11]),/* OBJ_X500 2 5 */
&(nid_objs[12]),/* OBJ_X509 2 5 4 */
&(nid_objs[81]),/* OBJ_ld_ce 2 5 29 */
#define LN_rc2_64_cbc "rc2-64-cbc"
#define NID_rc2_64_cbc 166
+#define SN_SMIMECapabilities "SMIME-CAPS"
+#define LN_SMIMECapabilities "S/MIME Capabilities"
+#define NID_SMIMECapabilities 167
+#define OBJ_SMIMECapabilities OBJ_id_pkcs9,15L
+
#include <openssl/bio.h>
#include <openssl/asn1.h>
static int add_attribute(STACK **sk, int nid, int atrtype, void *value);
static ASN1_TYPE *get_attribute(STACK *sk, int nid);
-#if 1
BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
{
int i,j;
if (rsk == NULL)
return(NULL);
+ /* FIXME: this assumes that the passed private key
+ * corresponds to the first RecipientInfo. This in
+ * general is not true
+ */
+
ri=(PKCS7_RECIP_INFO *)sk_value(rsk,0);
#if 0
X509_STORE_CTX_init(&s_ctx,xs,NULL,NULL);
Free(tmp);
return(out);
}
-#endif
int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
{
EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
digest=ASN1_OCTET_STRING_new();
ASN1_OCTET_STRING_set(digest,md_data,md_len);
- PKCS7_add_signed_attribute(si,NID_pkcs9_messageDigest,
+ PKCS7_add_signed_attribute(si,
+ NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING,digest);
/* Now sign the mess */
ASN1_OBJECT *o;
o=OBJ_nid2obj(nid);
- if (o == NULL) return(NULL);
+ if (!o || !sk) return(NULL);
for (i=0; i<sk_num(sk); i++)
{
xa=(X509_ATTRIBUTE *)sk_value(sk,i);
}
ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK *sk)
- {
- X509_ATTRIBUTE *attr;
+{
ASN1_TYPE *astype;
- int i;
- if (!sk || !sk_num(sk)) return NULL;
- /* Search the attributes for a digest */
- for (i = 0; i < sk_num(sk); i++)
- {
- attr = (X509_ATTRIBUTE *) sk_value(sk, i);
- if (OBJ_obj2nid(attr->object) == NID_pkcs9_messageDigest)
- {
- if (!attr->set) return NULL;
- if (!attr->value.set
- || !sk_ASN1_TYPE_num(attr->value.set) )
- return NULL;
- astype = sk_ASN1_TYPE_value(attr->value.set, 0);
- return astype->value.octet_string;
- }
- }
- return NULL;
- }
+ if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
+ return astype->value.octet_string;
+}
int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk)
{
else
p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
+ if (p7i->digest_alg->parameter != NULL)
+ ASN1_TYPE_free(p7i->digest_alg->parameter);
+ if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+ goto err;
+ p7i->digest_alg->parameter->type=V_ASN1_NULL;
+
p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
if (p7i->digest_enc_alg->parameter != NULL)
si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
if (si == NULL) goto err;
- /* Add some extra attributes */
- if (!add_signed_time(si)) goto err;
-#if 0
- /* Since these are made up attributes lets leave them out */
- if (!add_signed_string(si,"SIGNED STRING")) goto err;
- if (!add_signed_seq2string(si,"STRING1","STRING2")) goto err;
-#endif
+ /* If you do this then you get signing time automatically added */
+ PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
+ OBJ_nid2obj(NID_pkcs7_data));
/* we may want to add more */
PKCS7_add_certificate(p7,x509);
sk_X509_EXTENSION_push 1644
sk_X509_NAME_ENTRY_find 1645
X509V3_EXT_i2d 1646
+X509V3_EXT_val_prn 1647
+X509V3_EXT_add_list 1648
+EVP_CIPHER_type 1649
+EVP_PBE_CipherInit 1650
+X509V3_add_value_bool_nf 1651
projects / oweals / openssl.git / commitdiff