X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fcms%2Fcms_sd.c;h=681ee7e34803eff8a5bc7ca52e478d85852478c8;hb=c18440956dd4a756e778b05d6ceadc27bd034edb;hp=8f672890a076f6089b7ef41ab988e025c0f0533a;hpb=e0f7cfda68881da6829ea39430e1a5c28ed05ece;p=oweals%2Fopenssl.git

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 8f672890a0..681ee7e348 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -54,6 +54,7 @@
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
+#include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
@@ -158,8 +159,8 @@ static void cms_sd_set_version(CMS_SignedData *sd)
 			if (sd->version < 3)
 				sd->version = 3;
 			}
-		else
-			sd->version = 1;
+		else if (si->version < 1)
+			si->version = 1;
 		}
 
 	if (sd->version < 1)
@@ -212,29 +213,13 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
 	switch(type)
 		{
 		case CMS_SIGNERINFO_ISSUER_SERIAL:
-		sid->d.issuerAndSerialNumber =
-			M_ASN1_new_of(CMS_IssuerAndSerialNumber);
-		if (!sid->d.issuerAndSerialNumber)
-			goto merr;
-		if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
-					X509_get_issuer_name(cert)))
-			goto merr;
-		if (!ASN1_STRING_copy(
-			sid->d.issuerAndSerialNumber->serialNumber,
-				X509_get_serialNumber(cert)))
-			goto merr;
+		if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert))
+			return 0;
 		break;
 
 		case CMS_SIGNERINFO_KEYIDENTIFIER:
-		if (!cert->skid)
-			{
-			CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
-					CMS_R_CERTIFICATE_HAS_NO_KEYID);
+		if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert))
 			return 0;
-			}
-		sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
-		if (!sid->d.subjectKeyIdentifier)
-			goto merr;
 		break;
 
 		default:
@@ -245,11 +230,6 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
 	sid->type = type;
 
 	return 1;
-
-	merr:
-	CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
-	return 0;
-
 	}
 
 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
@@ -275,24 +255,10 @@ int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
 
 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
 	{
-	int ret;
 	if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
-		{
-		ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
-					X509_get_issuer_name(cert));
-		if (ret)
-			return ret;
-		return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
-					X509_get_serialNumber(cert));
-		}
+		return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
 	else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
-		{
-		X509_check_purpose(cert, -1, -1);
-		if (!cert->skid)
-			return -1;
-		return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
-							cert->skid);
-		}
+		return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert);
 	else
 		return -1;
 	}
@@ -650,6 +616,11 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
 		*psig = si->signatureAlgorithm;
 	}
 
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
+	{
+	return si->signature;
+	}
+
 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
 					CMS_SignerInfo *si, BIO *chain)
 	{
@@ -709,7 +680,10 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
 			goto err;
 			}
 		if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0)
+			{
+			OPENSSL_free(sig);
 			goto err;
+			}
 		ASN1_STRING_set0(si->signature, sig, siglen);
 		}
 	else