pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
-pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it
- -- anyway
+IssuerAndSerialNumber ::= SEQUENCE {
+ issuer Name,
+ serialNumber CertificateSerialNumber
+}
+
+pkcs-7-SignerInfo ::= SEQUENCE {
+ version INTEGER,
+ sid SignerIdentifier,
+ digestAlgorithm AlgorithmIdentifier,
+ signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature OCTET STRING,
+ unsignedAttrs [1] IMPLICIT ANY OPTIONAL }
+
+SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+Attribute ::= SEQUENCE {
+ attrType OBJECT IDENTIFIER,
+ attrValues SET OF ANY
+}
+
+SignerIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier
+}
+
+pkcs-7-SignerInfos ::= SET OF pkcs-7-SignerInfo
-- BEGIN of RFC2986
{ "certificate", 13, NULL },
{ "pkcs-7-CertificateSet", 1610612751, NULL },
{ NULL, 2, "pkcs-7-CertificateChoices"},
- { "pkcs-7-SignerInfos", 1610612751, NULL },
+ { "IssuerAndSerialNumber", 1610612741, NULL },
+ { "issuer", 1073741826, "Name"},
+ { "serialNumber", 2, "CertificateSerialNumber"},
+ { "pkcs-7-SignerInfo", 1610612741, NULL },
+ { "version", 1073741827, NULL },
+ { "sid", 1073741826, "SignerIdentifier"},
+ { "digestAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signedAttrs", 1610637314, "SignedAttributes"},
+ { NULL, 4104, "0"},
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 1073741831, NULL },
+ { "unsignedAttrs", 536895501, NULL },
+ { NULL, 4104, "1"},
+ { "SignedAttributes", 1612709903, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "Attribute"},
+ { "Attribute", 1610612741, NULL },
+ { "attrType", 1073741836, NULL },
+ { "attrValues", 536870927, NULL },
{ NULL, 13, NULL },
+ { "SignerIdentifier", 1610612754, NULL },
+ { "issuerAndSerialNumber", 1073741826, "IssuerAndSerialNumber"},
+ { "subjectKeyIdentifier", 536879106, "SubjectKeyIdentifier"},
+ { NULL, 4104, "0"},
+ { "pkcs-7-SignerInfos", 1610612751, NULL },
+ { NULL, 2, "pkcs-7-SignerInfo"},
{ "pkcs-10-CertificationRequestInfo", 1610612741, NULL },
{ "version", 1073741827, NULL },
{ "subject", 1073741826, "Name"},
#include <x509_b64.h>
#define SIGNED_DATA_OID "1.2.840.113549.1.7.2"
+#define PLAIN_DATA_OID "1.2.840.113549.1.7.1"
/* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE,
* which holds them. If raw is non null then the raw decoded
goto cleanup;
}
+ /* read the encapsulated content */
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(c2, "encapContentInfo.eContentType", oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (strcmp(oid, PLAIN_DATA_OID) != 0) {
+ gnutls_assert();
+ _gnutls_debug_log("Unknown or unexpected PKCS7 Encapsulated Content OID '%s'\n", oid);
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
+ }
+
*sdata = c2;
return 0;
goto cleanup;
}
- if (need_free)
- _gnutls_free_datum(&_data);
-
- return 0;
+ result = 0;
cleanup:
if (need_free)
projects / thirdparty / gnutls.git / commitdiff
