Detach pkcs7.c from the OID table.

It still depends on crypto/x509, but we will need a CRYPTO_BUFFER version of PKCS7_get_certificates for Chromium. Start with this. BUG=54 Change-Id: I62dcb9ba768091ce37dc9fe819f4f14ac025219c Reviewed-on: https://boringssl-review.googlesource.com/14372 Reviewed-by: Steven Valdez <svaldez@chromium.org> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@chromium.org> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-03-26 01:13:53 -05:00 · 2017-03-26 01:13:53 -05:00 · e000440982
commit e000440982
parent ca307ab6a3
1 changed files with 15 additions and 4 deletions
--- a/crypto/x509/pkcs7.c
+++ b/crypto/x509/pkcs7.c
@ -27,6 +27,14 @@
 #include "../bytestring/internal.h"


+/* 1.2.840.113549.1.7.1 */
+static const uint8_t kPKCS7Data[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
+                                     0x0d, 0x01, 0x07, 0x01};
+
+/* 1.2.840.113549.1.7.2 */
+static const uint8_t kPKCS7SignedData[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
+                                           0x0d, 0x01, 0x07, 0x02};
+
 /* pkcs7_parse_header reads the non-certificate/non-CRL prefix of a PKCS#7
 * SignedData blob from |cbs| and sets |*out| to point to the rest of the
 * input. If the input is in BER format, then |*der_bytes| will be set to a
@ -57,7 +65,8 @@ static int pkcs7_parse_header(uint8_t **der_bytes, CBS *out, CBS *cbs) {
    goto err;
  }

-  if (OBJ_cbs2nid(&content_type) != NID_pkcs7_signed) {
+  if (!CBS_mem_equal(&content_type, kPKCS7SignedData,
+                     sizeof(kPKCS7SignedData))) {
    OPENSSL_PUT_ERROR(X509, X509_R_NOT_PKCS7_SIGNED_DATA);
    goto err;
  }
@ -270,12 +279,13 @@ int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls, BIO *pem_bio) {
 * pkcs7_bundle returns one on success or zero on error. */
 static int pkcs7_bundle(CBB *out, int (*cb)(CBB *out, const void *arg),
                        const void *arg) {
-  CBB outer_seq, wrapped_seq, seq, version_bytes, digest_algos_set,
+  CBB outer_seq, oid, wrapped_seq, seq, version_bytes, digest_algos_set,
      content_info;

  /* See https://tools.ietf.org/html/rfc2315#section-7 */
  if (!CBB_add_asn1(out, &outer_seq, CBS_ASN1_SEQUENCE) ||
-      !OBJ_nid2cbb(&outer_seq, NID_pkcs7_signed) ||
+      !CBB_add_asn1(&outer_seq, &oid, CBS_ASN1_OBJECT) ||
+      !CBB_add_bytes(&oid, kPKCS7SignedData, sizeof(kPKCS7SignedData)) ||
      !CBB_add_asn1(&outer_seq, &wrapped_seq,
                    CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
      /* See https://tools.ietf.org/html/rfc2315#section-9.1 */
@ -284,7 +294,8 @@ static int pkcs7_bundle(CBB *out, int (*cb)(CBB *out, const void *arg),
      !CBB_add_u8(&version_bytes, 1) ||
      !CBB_add_asn1(&seq, &digest_algos_set, CBS_ASN1_SET) ||
      !CBB_add_asn1(&seq, &content_info, CBS_ASN1_SEQUENCE) ||
-      !OBJ_nid2cbb(&content_info, NID_pkcs7_data) ||
+      !CBB_add_asn1(&content_info, &oid, CBS_ASN1_OBJECT) ||
+      !CBB_add_bytes(&oid, kPKCS7Data, sizeof(kPKCS7Data)) ||
      !cb(&seq, arg)) {
    return 0;
  }