projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Generate just one error code if iterated SSL_CTX_get() fails.
[oweals/openssl.git]
/
crypto
/
pkcs7
/
pk7_lib.c
diff --git
a/crypto/pkcs7/pk7_lib.c
b/crypto/pkcs7/pk7_lib.c
index 312a5ed064b9dd71e9435576a5b2323377fc7e8c..2012d7c87aa3bd9a1a0242808882f04d0279f8c3 100644
(file)
--- a/
crypto/pkcs7/pk7_lib.c
+++ b/
crypto/pkcs7/pk7_lib.c
@@
-123,7
+123,7
@@
int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
{
case NID_pkcs7_signed:
if (p7->d.sign->contents != NULL)
{
case NID_pkcs7_signed:
if (p7->d.sign->contents != NULL)
- PKCS7_
content_
free(p7->d.sign->contents);
+ PKCS7_free(p7->d.sign->contents);
p7->d.sign->contents=p7_data;
break;
case NID_pkcs7_digest:
p7->d.sign->contents=p7_data;
break;
case NID_pkcs7_digest:
@@
-227,8
+227,13
@@
int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
}
if (!j) /* we need to add another algorithm */
{
}
if (!j) /* we need to add another algorithm */
{
- alg=X509_ALGOR_new();
+ if(!(alg=X509_ALGOR_new())
+ || !(alg->parameter = ASN1_TYPE_new())) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
alg->algorithm=OBJ_nid2obj(nid);
alg->algorithm=OBJ_nid2obj(nid);
+ alg->parameter->type = V_ASN1_NULL;
sk_X509_ALGOR_push(md_sk,alg);
}
sk_X509_ALGOR_push(md_sk,alg);
}
@@
-292,6
+297,9
@@
int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
EVP_MD *dgst)
{
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
EVP_MD *dgst)
{
+ char is_dsa;
+ if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
+ else is_dsa = 0;
/* We now need to add another PKCS7_SIGNER_INFO entry */
ASN1_INTEGER_set(p7i->version,1);
X509_NAME_set(&p7i->issuer_and_serial->issuer,
/* We now need to add another PKCS7_SIGNER_INFO entry */
ASN1_INTEGER_set(p7i->version,1);
X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@
-308,8
+316,7
@@
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
p7i->pkey=pkey;
/* Set the algorithms */
p7i->pkey=pkey;
/* Set the algorithms */
- if (pkey->type == EVP_PKEY_DSA)
- p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
+ if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
else
p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
else
p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
@@
-323,9
+330,12
@@
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
if (p7i->digest_enc_alg->parameter != NULL)
ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
if (p7i->digest_enc_alg->parameter != NULL)
ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
- if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
- goto err;
- p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+ if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
+ else {
+ if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+ goto err;
+ p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+ }
return(1);
err:
return(1);
err:
@@
-428,6
+438,7
@@
X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
{
int i;
int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
{
int i;
+ ASN1_OBJECT *objtmp;
PKCS7_ENC_CONTENT *ec;
i=OBJ_obj2nid(p7->type);
PKCS7_ENC_CONTENT *ec;
i=OBJ_obj2nid(p7->type);
@@
-444,7
+455,12
@@
int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
return(0);
}
return(0);
}
- /* Setup cipher OID */
+ /* Check cipher OID exists and has data in it*/
+ objtmp = OBJ_nid2obj(EVP_CIPHER_type(cipher));
+ if(!objtmp || !objtmp->data) {
+ PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+ return(0);
+ }
ec->cipher = cipher;
return 1;
ec->cipher = cipher;
return 1;