Fix from 1.0.0-stable.

[oweals/openssl.git] / crypto / cms / cms_sd.c

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 2b3c1c8dc75cf48a92551724e672262b2ee8f346..cdac3b870dd922aea7a1d8235f07e8f031383aab 100644 (file)
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -414,16 +414,17 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 
        if (!(flags & CMS_NOATTR))
                {
-               /* Copy content type across */
-               ASN1_OBJECT *ctype =
-                               OBJ_dup(sd->encapContentInfo->eContentType); 
-               if (!ctype)
-                       goto merr;
-               i = CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
-                                               V_ASN1_OBJECT, ctype, -1);
-               ASN1_OBJECT_free(ctype);
-               if (i <= 0)
-                       goto merr;
+               /* Initialialize signed attributes strutucture so other
+                * attributes such as signing time etc are added later
+                * even if we add none here.
+                */
+               if (!si->signedAttrs)
+                       {
+                       si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
+                       if (!si->signedAttrs)
+                               goto merr;
+                       }
+
                if (!(flags & CMS_NOSMIMECAP))
                        {
                        STACK_OF(X509_ALGOR) *smcap = NULL;
@@ -644,7 +645,8 @@ static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
 #endif
        }
 
-static int cms_SignerInfo_content_sign(CMS_SignerInfo *si, BIO *chain)
+static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+                                       CMS_SignerInfo *si, BIO *chain)
        {
        EVP_MD_CTX mctx;
        int r = 0;
@@ -664,6 +666,8 @@ static int cms_SignerInfo_content_sign(CMS_SignerInfo *si, BIO *chain)
 
        if (CMS_signed_get_attr_count(si) >= 0)
                {
+               ASN1_OBJECT *ctype =
+                       cms->d.signedData->encapContentInfo->eContentType; 
                unsigned char md[EVP_MAX_MD_SIZE];
                unsigned int mdlen;
                EVP_DigestFinal_ex(&mctx, md, &mdlen);
@@ -671,6 +675,10 @@ static int cms_SignerInfo_content_sign(CMS_SignerInfo *si, BIO *chain)
                                                V_ASN1_OCTET_STRING,
                                                md, mdlen))
                        goto err;
+               /* Copy content type across */
+               if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+                                       V_ASN1_OBJECT, ctype, -1) <= 0)
+                       goto err;
                if (!CMS_SignerInfo_sign(si))
                        goto err;
                }
@@ -713,7 +721,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
                {
                si = sk_CMS_SignerInfo_value(sinfos, i);
-               if (!cms_SignerInfo_content_sign(si, chain))
+               if (!cms_SignerInfo_content_sign(cms, si, chain))
                        return 0;
                }
        cms->d.signedData->encapContentInfo->partial = 0;
@@ -822,7 +830,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
        cms_fixup_mctx(&mctx, si->pkey);
        r = EVP_VerifyFinal(&mctx,
                        si->signature->data, si->signature->length, si->pkey);
-       if (!r)
+       if (r <= 0)
                CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
        err:
        EVP_MD_CTX_cleanup(&mctx);