added and fixed debug output of version information

diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c
index 1244653b6202ed0a0169a17a014c3cf4101e5298..61d37511374a2ea8ba3bad6e625acb73a04f6b95 100644 (file)
--- a/src/pluto/pkcs7.c
+++ b/src/pluto/pkcs7.c
@@ -84,10 +84,12 @@ static const asn1Object_t signedDataObjects[] = {
        { 1,   "end loop",                      ASN1_EOC,          ASN1_END           }, /* 25 */
        { 0, "exit",                            ASN1_EOC,          ASN1_EXIT          }
 };
+#define PKCS7_SIGNED_VERSION             1
 #define PKCS7_DIGEST_ALG                 3
 #define PKCS7_SIGNED_CONTENT_INFO        5
 #define PKCS7_SIGNED_CERT                7
 #define PKCS7_SIGNER_INFO               13
+#define PKCS7_SIGNER_INFO_VERSION       14
 #define PKCS7_SIGNED_ISSUER             16
 #define PKCS7_SIGNED_SERIAL_NUMBER      17
 #define PKCS7_DIGEST_ALGORITHM          18
@@ -208,6 +210,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
        int digest_alg = OID_UNKNOWN;
        int enc_alg    = OID_UNKNOWN;
        int signerInfos = 0;
+       int version;
        int objectID;
        bool success = FALSE;
 
@@ -233,6 +236,10 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
 
                switch (objectID)
                {
+               case PKCS7_SIGNED_VERSION:
+                       version = object.len ? (int)*object.ptr : 0;
+                       DBG2("  v%d", version);
+                       break;
                case PKCS7_DIGEST_ALG:
                        digest_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
                        break;
@@ -266,6 +273,10 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
                        signerInfos++;
                        DBG2("  signer #%d", signerInfos);
                        break;
+               case PKCS7_SIGNER_INFO_VERSION:
+                       version = object.len ? (int)*object.ptr : 0;
+                       DBG2("  v%d", version);
+                       break;
                case PKCS7_SIGNED_ISSUER:
                        dntoa(buf, BUF_LEN, object);
                        DBG2("  '%s'",buf);
@@ -359,6 +370,7 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
        u_char buf[BUF_LEN];
        int enc_alg         = OID_UNKNOWN;
        int content_enc_alg = OID_UNKNOWN;
+       int version;
        int objectID;
        bool success = FALSE;
 
@@ -385,14 +397,18 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
                switch (objectID)
                {
                case PKCS7_ENVELOPED_VERSION:
-               if (*object.ptr != 0)
-               {
-                       DBG1("envelopedData version is not 0");
-                       goto end;
-               }
-               break;
+                       version = object.len ? (int)*object.ptr : 0;
+                       DBG2("  v%d", version);
+                       if (version != 0)
+                       {
+                               DBG1("envelopedData version is not 0");
+                               goto end;
+                       }
+                       break;
                case PKCS7_RECIPIENT_INFO_VERSION:
-                       if (*object.ptr != 0)
+                       version = object.len ? (int)*object.ptr : 0;
+                       DBG2("  v%d", version);
+                       if (version != 0)
                        {
                                DBG1("recipient info version is not 0");
                                goto end;