X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fpkcs7%2Fpk7_lib.c;h=2012d7c87aa3bd9a1a0242808882f04d0279f8c3;hb=37e48b88adda9334fedf83e18f1bff72b4b9c8cf;hp=22cbb174f8236b19a1fa68f7929318fa58106da7;hpb=c6c3450643ea00fde94e7f7471c9f134ec7d63b4;p=oweals%2Fopenssl.git diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 22cbb174f8..2012d7c87a 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -123,7 +123,7 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) { case NID_pkcs7_signed: if (p7->d.sign->contents != NULL) - PKCS7_content_free(p7->d.sign->contents); + PKCS7_free(p7->d.sign->contents); p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: @@ -157,7 +157,7 @@ int PKCS7_set_type(PKCS7 *p7, int type) break; case NID_pkcs7_data: p7->type=obj; - if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL) + if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) goto err; break; case NID_pkcs7_signedAndEnveloped: @@ -227,8 +227,13 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) } if (!j) /* we need to add another algorithm */ { - alg=X509_ALGOR_new(); + if(!(alg=X509_ALGOR_new()) + || !(alg->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); + return(0); + } alg->algorithm=OBJ_nid2obj(nid); + alg->parameter->type = V_ASN1_NULL; sk_X509_ALGOR_push(md_sk,alg); } @@ -292,6 +297,9 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, EVP_MD *dgst) { + char is_dsa; + if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; + else is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ ASN1_INTEGER_set(p7i->version,1); X509_NAME_set(&p7i->issuer_and_serial->issuer, @@ -299,17 +307,16 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, /* because ASN1_INTEGER_set is used to set a 'long' we will do * things the ugly way. */ - ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); p7i->issuer_and_serial->serial= - ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); /* lets keep the pkey around for a while */ CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); p7i->pkey=pkey; /* Set the algorithms */ - if (pkey->type == EVP_PKEY_DSA) - p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); + if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); else p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); @@ -323,9 +330,12 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, if (p7i->digest_enc_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_enc_alg->parameter); - if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL) - goto err; - p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + if(is_dsa) p7i->digest_enc_alg->parameter = NULL; + else { + if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) + goto err; + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + } return(1); err: @@ -400,9 +410,9 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) X509_NAME_set(&p7i->issuer_and_serial->issuer, X509_get_issuer_name(x509)); - ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); p7i->issuer_and_serial->serial= - ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); X509_ALGOR_free(p7i->key_enc_algor); p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR, @@ -428,6 +438,7 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) { int i; + ASN1_OBJECT *objtmp; PKCS7_ENC_CONTENT *ec; i=OBJ_obj2nid(p7->type); @@ -444,7 +455,12 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) return(0); } - /* Setup cipher OID */ + /* Check cipher OID exists and has data in it*/ + objtmp = OBJ_nid2obj(EVP_CIPHER_type(cipher)); + if(!objtmp || !objtmp->data) { + PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + return(0); + } ec->cipher = cipher; return 1;