From eaa28181898b8ca0b54552a3290789bb17444c8a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 21 Aug 2000 22:02:23 +0000 Subject: [PATCH] Various fixes... initialize ex_pathlen to -1 so it isn't checked if pathlen is not present. set ucert to NULL in apps/pkcs12.c otherwise it gets freed twice. remove extraneous '\r' in MIME encoder. Allow a NULL to be passed to X509_gmtime_adj() Make PKCS#7 code use definite length encoding rather then the indefinite stuff it used previously. --- CHANGES | 7 ++++ apps/pkcs12.c | 2 + crypto/asn1/p7_lib.c | 92 +++++++++++++++++++++++++++++++++++++++++ crypto/asn1/x_x509.c | 1 + crypto/pkcs7/pk7_mime.c | 2 +- crypto/x509/x509_vfy.c | 1 + 6 files changed, 104 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index e545b5002e..b01f3a07f8 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) Modification to PKCS#7 encoding routines to output definite + length encoding. Since currently the whole structures are in + memory there's not real point in using indefinite length + constructed encoding. However if OpenSSL is compiled with + the flag PKCS7_INDEFINITE_ENCODING the old form is used. + [Steve Henson] + *) Added BIO_vprintf() and BIO_vsnprintf(). [Richard Levitte] diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 963797155f..0f3ac4977a 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -502,6 +502,8 @@ int MAIN(int argc, char **argv) } sk_X509_pop_free(certs, X509_free); certs = NULL; + /* ucert is part of certs so it is already freed */ + ucert = NULL; #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); diff --git a/crypto/asn1/p7_lib.c b/crypto/asn1/p7_lib.c index 90ead17dbc..76cb675497 100644 --- a/crypto/asn1/p7_lib.c +++ b/crypto/asn1/p7_lib.c @@ -62,6 +62,8 @@ #include #include +#ifdef PKCS7_INDEFINITE_ENCODING + int i2d_PKCS7(PKCS7 *a, unsigned char **pp) { M_ASN1_I2D_vars(a); @@ -144,6 +146,96 @@ int i2d_PKCS7(PKCS7 *a, unsigned char **pp) M_ASN1_I2D_finish(); } +#else + +int i2d_PKCS7(PKCS7 *a, unsigned char **pp) + { + int explen = 0; + M_ASN1_I2D_vars(a); + + if (a->asn1 != NULL) + { + if (pp == NULL) + return((int)a->length); + memcpy(*pp,a->asn1,(int)a->length); + *pp+=a->length; + return((int)a->length); + } + + M_ASN1_I2D_len(a->type,i2d_ASN1_OBJECT); + if (a->d.ptr != NULL) + { + /* Save current length */ + r = ret; + switch (OBJ_obj2nid(a->type)) + { + case NID_pkcs7_data: + M_ASN1_I2D_len(a->d.data,i2d_ASN1_OCTET_STRING); + break; + case NID_pkcs7_signed: + M_ASN1_I2D_len(a->d.sign,i2d_PKCS7_SIGNED); + break; + case NID_pkcs7_enveloped: + M_ASN1_I2D_len(a->d.enveloped,i2d_PKCS7_ENVELOPE); + break; + case NID_pkcs7_signedAndEnveloped: + M_ASN1_I2D_len(a->d.signed_and_enveloped, + i2d_PKCS7_SIGN_ENVELOPE); + break; + case NID_pkcs7_digest: + M_ASN1_I2D_len(a->d.digest,i2d_PKCS7_DIGEST); + break; + case NID_pkcs7_encrypted: + M_ASN1_I2D_len(a->d.encrypted,i2d_PKCS7_ENCRYPT); + break; + default: + break; + } + /* Work out explicit tag content size */ + explen = ret - r; + /* Work out explicit tag size: Note: ASN1_object_size + * includes the content length. + */ + ret = r + ASN1_object_size(1, explen, 0); + } + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put(a->type,i2d_ASN1_OBJECT); + + if (a->d.ptr != NULL) + { + ASN1_put_object(&p, 1, explen, 0, V_ASN1_CONTEXT_SPECIFIC); + switch (OBJ_obj2nid(a->type)) + { + case NID_pkcs7_data: + M_ASN1_I2D_put(a->d.data,i2d_ASN1_OCTET_STRING); + break; + case NID_pkcs7_signed: + M_ASN1_I2D_put(a->d.sign,i2d_PKCS7_SIGNED); + break; + case NID_pkcs7_enveloped: + M_ASN1_I2D_put(a->d.enveloped,i2d_PKCS7_ENVELOPE); + break; + case NID_pkcs7_signedAndEnveloped: + M_ASN1_I2D_put(a->d.signed_and_enveloped, + i2d_PKCS7_SIGN_ENVELOPE); + break; + case NID_pkcs7_digest: + M_ASN1_I2D_put(a->d.digest,i2d_PKCS7_DIGEST); + break; + case NID_pkcs7_encrypted: + M_ASN1_I2D_put(a->d.encrypted,i2d_PKCS7_ENCRYPT); + break; + default: + break; + } + } + M_ASN1_I2D_finish(); + } + +#endif + PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length) { M_ASN1_D2I_vars(a,PKCS7 *,PKCS7_new); diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index ea71a29c9a..36f0e4743e 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -117,6 +117,7 @@ X509 *X509_new(void) ret->references=1; ret->valid=0; ret->ex_flags = 0; + ret->ex_pathlen = -1; ret->name=NULL; ret->aux=NULL; M_ASN1_New(ret->cert_info,X509_CINF_new); diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 9741aa578e..a7b6929436 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -170,7 +170,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound); BIO_printf(bio, "This is an S/MIME signed message\n\n"); /* Now write out the first part */ - BIO_printf(bio, "------%s\r\n", bound); + BIO_printf(bio, "------%s\n", bound); if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) BIO_write(bio, linebuf, i); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 0d5273d51a..ccc031377a 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -582,6 +582,7 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) time(&t); t+=adj; + if(!s) return ASN1_TIME_set(s, t); if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t)); return ASN1_GENERALIZEDTIME_set(s, t); } -- 2.25.1