Dr Stephen Henson wrote:
> I've had a quick look at this and some things in this are more than a
> bit naughty. Having the same OID with multiple NIDs is one. The SHA1
> change to use NID_rsaEncryption is another.
>
> Both could have nasty repercussions which would break other code.
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
I backtracked a bit and removed the OID and NID stuff from objects.h.
It works alright anyway. I guess that the set_asn1_parameter removed
the lookup problem (which I fixed with the OIDs before doing the
set_asn1_parameter stuff).
I did not remove the NID and SN defines for RC2_40, however (not
my contribution). I don't need them and the tests pass w/o them.
New patches follow. Sorry for all the xtra hazzle with my "naughty" and
"drastic" changes. I plan to look into some other pkcs9 things like
SMIME-Capabilities e.g., whenever time permits.
Sak
--- crypto/evp/e_cbc_r2.c.orig Fri May 7 16:36:38 1999
+++ crypto/evp/e_cbc_r2.c Mon May 10 16:33:32 1999
@@ -102,7 +102,7 @@
static EVP_CIPHER r2_64_cbc_cipher=
{
- NID_rc2_40_cbc,
+ NID_rc2_cbc,
8,8 /* 64 bit */,8,
rc2_cbc_init_key,
rc2_cbc_cipher,
@@ -115,7 +115,7 @@
static EVP_CIPHER r2_40_cbc_cipher=
{
- NID_rc2_40_cbc,
+ NID_rc2_cbc,
8,5 /* 40 bit */,8,
rc2_cbc_init_key,
rc2_cbc_cipher,
@@ -173,9 +173,9 @@
int i;
i=EVP_CIPHER_key_length(e);
- if (i == 128) return(RC2_128_MAGIC);
- else if (i == 64) return(RC2_64_MAGIC);
- else if (i == 40) return(RC2_40_MAGIC);
+ if (i == 16) return(RC2_128_MAGIC);
+ else if (i == 8) return(RC2_64_MAGIC);
+ else if (i == 5) return(RC2_40_MAGIC);
else return(0);
}
--- crypto/evp/m_sha1.c.orig Fri May 7 16:36:53 1999
+++ crypto/evp/m_sha1.c Mon May 10 16:26:56 1999
@@ -65,7 +65,7 @@
static EVP_MD sha1_md=
{
NID_sha1,
- NID_sha1WithRSAEncryption,
+ NID_rsaEncryption,
SHA_DIGEST_LENGTH,
SHA1_Init,
SHA1_Update,
--- crypto/pkcs7/pk7_doit.c.orig Fri May 7 16:35:50 1999
+++ crypto/pkcs7/pk7_doit.c Mon May 10 16:31:40 1999
@@ -160,16 +160,7 @@
if (ivlen > 0)
{
- ASN1_OCTET_STRING *os;
-
RAND_bytes(iv,ivlen);
- os=ASN1_OCTET_STRING_new();
- ASN1_OCTET_STRING_set(os,iv,ivlen);
-/* XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX this needs to change */
- if (xalg->parameter == NULL)
- xalg->parameter=ASN1_TYPE_new();
- ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
- (char *)os);
}
RAND_bytes(key,keylen);
@@ -210,6 +201,13 @@
Free(tmp);
BIO_set_cipher(btmp,evp_cipher,key,iv,1);
+ if (ivlen > 0) {
+ EVP_CIPHER_CTX *evp_ctx;
+ BIO_get_cipher_ctx(btmp, &evp_ctx);
+ if (xalg->parameter == NULL)
+ xalg->parameter=ASN1_TYPE_new();
+ evp_cipher->set_asn1_parameters(evp_ctx,xalg->parameter);
+ }
if (out == NULL)
out=btmp;
@@ -217,7 +215,6 @@
BIO_push(out,btmp);
btmp=NULL;
}
-
if (bio == NULL) /* ??????????? */
{
if (p7->detached)
@@ -417,7 +414,8 @@
evp_ctx=NULL;
BIO_get_cipher_ctx(etmp,&evp_ctx);
EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
- if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+ if (evp_cipher->get_asn1_parameters != NULL &&
+ evp_cipher->get_asn1_parameters(evp_ctx,enc_alg->parameter) < 0)
return(NULL);
if (jj != EVP_CIPHER_CTX_key_length(evp_ctx))
@@ -569,6 +567,10 @@
ASN1_OCTET_STRING *digest;
ASN1_UTCTIME *sign_time;
EVP_MD *md_tmp;
+
+ PKCS7_add_signed_attribute(si,
+ NID_pkcs9_contentType,
+ V_ASN1_OBJECT,(char
+*)OBJ_nid2obj(NID_pkcs7_data));
/* Add signing time */
sign_time=X509_gmtime_adj(NULL,0);
begin: vcard
fn: Sebastian Akerman
n: Akerman;Sebastian
org: <img src="http://www.parallelconsulting.com/content_img/pslogga.gif" alt="Parallel Systems">
email;internet: [EMAIL PROTECTED]
title: Security Expert
note: If you care to trust us download our CA certificate from www.parallelconsulting.com
x-mozilla-cpt: ;0
x-mozilla-html: TRUE
version: 2.1
end: vcard
