Add OIDs for idea and blowfish. Unfortunately these are in

the middle of the OID table so the diff is rather large :-(

Add OIDs for idea and blowfish. Unfortunately these are in
the middle of the OID table so the diff is rather large :-(
f45f40ff · Dr. Stephen Henson · 6447cce3 · f45f40ff · f45f40ff · f45f40ff
10 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

+  *) Add OIDs for idea and blowfish in CBC mode. This will allow both
+     to be used in PKCS#5 v2.0 and S/MIME.  Also add checking to
+     some routines that use cipher OIDs: some ciphers do not have OIDs
+     defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
+     example.
+     [Steve Henson]
+
  *) Simplify the trust setting structure and code. Now we just have
     two sequences of OIDs for trusted and rejected settings. These will
     typically have values the same as the extended key usage extension

--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -999,6 +999,7 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_R_BN_LIB					 107
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 108
 #define ASN1_R_BUFFER_TOO_SMALL				 109
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 166
 #define ASN1_R_DATA_IS_WRONG				 110
 #define ASN1_R_DECODE_ERROR				 155
 #define ASN1_R_DECODING_ERROR				 111

--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -275,6 +275,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_BN_LIB                           ,"bn lib"},
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
+{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER  ,"cipher has no object identifier"},
 {ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
 {ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},

--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -175,15 +175,22 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	PBKDF2PARAM *kdf = NULL;
 	PBE2PARAM *pbe2 = NULL;
 	ASN1_OCTET_STRING *osalt = NULL;
+	ASN1_OBJECT *obj;
+
+	alg_nid = EVP_CIPHER_type(cipher);
+	obj = OBJ_nid2obj(alg_nid);
+	if(!obj || !obj->data) {
+		ASN1err(ASN1_F_PKCS5_PBE2_SET,
+				ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+		goto err;
+	}

 	if(!(pbe2 = PBE2PARAM_new())) goto merr;

 	/* Setup the AlgorithmIdentifier for the encryption scheme */
 	scheme = pbe2->encryption;

-	alg_nid = EVP_CIPHER_type(cipher);
-
-	scheme->algorithm = OBJ_nid2obj(alg_nid);
+	scheme->algorithm = obj;
 	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;

 	/* Create random IV */

--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -232,6 +232,7 @@ extern "C" {
 #define SN_idea_cbc			"IDEA-CBC"
 #define LN_idea_cbc			"idea-cbc"
 #define NID_idea_cbc			34
+#define OBJ_idea_cbc			1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L

 #define SN_idea_cfb64			"IDEA-CFB"
 #define LN_idea_cfb64			"idea-cfb"
@@ -502,6 +503,7 @@ extern "C" {
 #define SN_bf_cbc			"BF-CBC"
 #define LN_bf_cbc			"bf-cbc"
 #define NID_bf_cbc			91
+#define OBJ_bf_cbc			1L,3L,6L,1L,4L,1L,3029L,1L,2L

 #define SN_bf_ecb			"BF-ECB"
 #define LN_bf_ecb			"bf-ecb"

--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -189,14 +189,14 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,

 	if (!(p8 = X509_SIG_new())) {
 		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
-		return NULL;
+		goto err;
 	}

 	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
 	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
 	if(!pbe) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
-		return NULL;
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+		goto err;
 	}
 	X509_ALGOR_free(p8->algor);
 	p8->algor = pbe;
@@ -205,8 +205,12 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
 	PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
 						 (char *)p8inf, 0))) {
 		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
-		return NULL;
+		goto err;
 	}

 	return p8;
+
+	err:
+	X509_SIG_free(p8);
+	return NULL;
 }
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -438,6 +438,7 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
 	{
 	int i;
+	ASN1_OBJECT *objtmp;
 	PKCS7_ENC_CONTENT *ec;

 	i=OBJ_obj2nid(p7->type);
@@ -454,7 +455,12 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
 		return(0);
 		}

-	/* Setup cipher OID */
+	/* Check cipher OID exists and has data in it*/
+	objtmp = OBJ_nid2obj(EVP_CIPHER_type(cipher));
+	if(!objtmp || !objtmp->data) {
+		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+		return(0);
+	}

 	ec->cipher = cipher;
 	return 1;

--- a/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
@@ -445,6 +445,7 @@ int SMIME_text(BIO *in, BIO *out);

 /* Reason codes. */
 #define PKCS7_R_CERTIFICATE_VERIFY_ERROR		 117
+#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 144
 #define PKCS7_R_CIPHER_NOT_INITIALIZED			 116
 #define PKCS7_R_CONTENT_AND_DATA_PRESENT		 118
 #define PKCS7_R_DECODE_ERROR				 130

--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
@@ -95,6 +95,7 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
 static ERR_STRING_DATA PKCS7_str_reasons[]=
 	{
 {PKCS7_R_CERTIFICATE_VERIFY_ERROR        ,"certificate verify error"},
+{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"},
 {PKCS7_R_CIPHER_NOT_INITIALIZED          ,"cipher not initialized"},
 {PKCS7_R_CONTENT_AND_DATA_PRESENT        ,"content and data present"},
 {PKCS7_R_DECODE_ERROR                    ,"decode error"},