Allow alternate eContentType oids to be set in cms utility.

Add id-ct-asciiTextWithCRLF OID.

Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.

apps/cms.c

@@ -125,6 +125,8 @@ int MAIN(int argc, char **argv)
 	unsigned char *secret_key = NULL, *secret_keyid = NULL;
 	size_t secret_keylen = 0, secret_keyidlen = 0;
 
+	ASN1_OBJECT *econtent_type = NULL;
+
 	X509_VERIFY_PARAM *vpm = NULL;
 
 	args = argv + 1;
@@ -268,6 +270,18 @@ int MAIN(int argc, char **argv)
 				}
 			secret_keyidlen = (size_t)ltmp;
 			}
+		else if (!strcmp(*args,"-econtent_type"))
+			{
+			if (!args[1])
+				goto argerr;
+			args++;
+			econtent_type = OBJ_txt2obj(*args, 0);
+			if (!econtent_type)
+				{
+				BIO_printf(bio_err, "Invalid OID %s\n", *args);
+				goto argerr;
+				}
+			}
 		else if (!strcmp(*args,"-rand"))
 			{
 			if (!args[1])
@@ -797,6 +811,8 @@ int MAIN(int argc, char **argv)
 				}
 			flags |= CMS_PARTIAL;
 			cms = CMS_sign(NULL, NULL, other, in, flags);
+			if (econtent_type)
+				CMS_set1_eContentType(cms, econtent_type);
 			if (!cms)
 				goto end;
 			}
@@ -965,6 +981,8 @@ end:
 		OPENSSL_free(secret_key);
 	if (secret_keyid)
 		OPENSSL_free(secret_keyid);
+	if (econtent_type)
+		ASN1_OBJECT_free(econtent_type);
 	X509_STORE_free(store);
 	X509_free(cert);
 	X509_free(recip);

crypto/cms/cms.h

@@ -352,6 +352,7 @@ void ERR_load_CMS_strings(void);
 
 /* Reason codes. */
 #define CMS_R_ADD_SIGNER_ERROR				 99
+#define CMS_R_CERTIFICATE_HAS_NO_KEYID			 160
 #define CMS_R_CERTIFICATE_VERIFY_ERROR			 100
 #define CMS_R_CIPHER_INITIALISATION_ERROR		 101
 #define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR	 102

crypto/cms/cms_err.c

@@ -135,6 +135,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 static ERR_STRING_DATA CMS_str_reasons[]=
 	{
 {ERR_REASON(CMS_R_ADD_SIGNER_ERROR)      ,"add signer error"},
+{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
 {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
 {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
 {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},

crypto/cms/cms_sd.c

@@ -226,6 +226,12 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
 		break;
 
 		case CMS_SIGNERINFO_KEYIDENTIFIER:
+		if (!cert->skid)
+			{
+			CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
+					CMS_R_CERTIFICATE_HAS_NO_KEYID);
+			return 0;
+			}
 		sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
 		if (!sid->d.subjectKeyIdentifier)
 			goto merr;

crypto/objects/obj_dat.h

@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 855
-#define NUM_SN 848
-#define NUM_LN 848
-#define NUM_OBJ 802
+#define NUM_NID 856
+#define NUM_SN 849
+#define NUM_LN 849
+#define NUM_OBJ 803
 
-static const unsigned char lvalues[5691]={
+static const unsigned char lvalues[5702]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -870,6 +870,7 @@ static const unsigned char lvalues[5691]={
 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5663] OBJ_id_aes128_wrap */
 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5672] OBJ_id_aes192_wrap */
 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5681] OBJ_id_aes256_wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5690] OBJ_id_ct_asciiTextWithCRLF */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2250,6 +2251,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 	&(lvalues[5672]),0},
 {"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9,
 	&(lvalues[5681]),0},
+{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF",
+	NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5690]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -2636,6 +2639,7 @@ static const unsigned int sn_objs[NUM_SN]={
 332,	/* "id-cmc-senderNonce" */
 327,	/* "id-cmc-statusInfo" */
 331,	/* "id-cmc-transactionId" */
+855,	/* "id-ct-asciiTextWithCRLF" */
 408,	/* "id-ecPublicKey" */
 508,	/* "id-hex-multipart-message" */
 507,	/* "id-hex-partial-message" */
@@ -3482,6 +3486,7 @@ static const unsigned int ln_objs[NUM_LN]={
 332,	/* "id-cmc-senderNonce" */
 327,	/* "id-cmc-statusInfo" */
 331,	/* "id-cmc-transactionId" */
+855,	/* "id-ct-asciiTextWithCRLF" */
 408,	/* "id-ecPublicKey" */
 508,	/* "id-hex-multipart-message" */
 507,	/* "id-hex-partial-message" */
@@ -4704,6 +4709,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 210,	/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
 211,	/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
 851,	/* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
+855,	/* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
 212,	/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
 213,	/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
 214,	/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */

crypto/objects/obj_mac.h

@@ -833,6 +833,10 @@
 #define NID_id_smime_ct_compressedData		851
 #define OBJ_id_smime_ct_compressedData		OBJ_id_smime_ct,9L
 
+#define SN_id_ct_asciiTextWithCRLF		"id-ct-asciiTextWithCRLF"
+#define NID_id_ct_asciiTextWithCRLF		855
+#define OBJ_id_ct_asciiTextWithCRLF		OBJ_id_smime_ct,27L
+
 #define SN_id_smime_aa_receiptRequest		"id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest		212
 #define OBJ_id_smime_aa_receiptRequest		OBJ_id_smime_aa,1L

crypto/objects/obj_mac.num

@@ -852,3 +852,4 @@ id_smime_ct_compressedData		851
 id_aes128_wrap		852
 id_aes192_wrap		853
 id_aes256_wrap		854
+id_ct_asciiTextWithCRLF		855

crypto/objects/objects.txt

@@ -252,6 +252,7 @@ id-smime-ct 6		: id-smime-ct-contentInfo
 id-smime-ct 7		: id-smime-ct-DVCSRequestData
 id-smime-ct 8		: id-smime-ct-DVCSResponseData
 id-smime-ct 9		: id-smime-ct-compressedData
+id-smime-ct 27		: id-ct-asciiTextWithCRLF
 
 # S/MIME Attributes
 id-smime-aa 1		: id-smime-aa-receiptRequest