wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CAdES: Fix SignerInfo attribute construction order.

Browse source 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8117)
This commit is contained in:
FdaSilvaYY 2019-01-29 23:54:30 +01:00 committed by Shane Lontis
parent f4a96507fb
commit 8c89c80a55
2 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
apps/cms.c
View file

@ -603,6 +603,14 @@ int cms_main(int argc, char **argv)
goto opthelp; goto opthelp;
} }
if (flags & CMS_CADES) {
if (flags & CMS_NOATTR) {
BIO_puts(bio_err, "Incompatible options: "
"CAdES required signed attributes\n");
goto opthelp;
}
}
if (operation & SMIME_SIGNERS) { if (operation & SMIME_SIGNERS) {
if (keyfile != NULL && signerfile == NULL) { if (keyfile != NULL && signerfile == NULL) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n"); BIO_puts(bio_err, "Illegal -inkey without -signer\n");

17
crypto/cms/cms_sd.c
View file

@ -325,13 +325,6 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (!i) if (!i)
goto merr; goto merr;
} }
if (flags & CMS_REUSE_DIGEST) {
if (!cms_copy_messageDigest(cms, si))
goto err;
if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
!CMS_SignerInfo_sign(si))
goto err;
}
if (flags & CMS_CADES) { if (flags & CMS_CADES) {
ESS_SIGNING_CERT *sc = NULL; ESS_SIGNING_CERT *sc = NULL;
ESS_SIGNING_CERT_V2 *sc2 = NULL; ESS_SIGNING_CERT_V2 *sc2 = NULL;
@ -353,6 +346,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (!add_sc) if (!add_sc)
goto err; goto err;
} }
if (flags & CMS_REUSE_DIGEST) {
if (!cms_copy_messageDigest(cms, si))
goto err;
if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
!CMS_SignerInfo_sign(si))
goto err;
}
} }
if (!(flags & CMS_NOCERTS)) { if (!(flags & CMS_NOCERTS)) {
@ -370,8 +370,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
goto err; goto err;
if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
goto err; goto err;
} else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 0)
0)
goto err; goto err;
} }