Fix from stable branch.

[openssl.git] / crypto / pkcs7 / pk7_smime.c

diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 718f0db0ef634512d0051bc4cda7e8e32a83afe7..86742d0dcd501524e197f9460bba4ca60ada6723 100644 (file)
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -1,5 +1,5 @@
 /* pk7_smime.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -124,7 +124,7 @@ int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
 
        SMIME_crlf_copy(data, p7bio, flags);
 
-       BIO_flush(p7bio);
+       (void)BIO_flush(p7bio);
 
 
         if (!PKCS7_dataFinal(p7,p7bio))
@@ -163,7 +163,6 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
                                        int flags)
        {
        PKCS7_SIGNER_INFO *si = NULL;
-       int si_free = 1;
        STACK_OF(X509_ALGOR) *smcap = NULL;
        if(!X509_check_private_key(signcert, pkey))
                {
@@ -179,10 +178,6 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
                return NULL;
                }
 
-       /* si is now part of p7 so don't free it on error */
-
-       si_free = 0;
-
        if(!(flags & PKCS7_NOCERTS))
                {
                if (!PKCS7_add_certificate(p7, signcert))
@@ -221,7 +216,8 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
                        {
                        if (!pkcs7_copy_existing_digest(p7, si))
                                goto err;
-                       if (!PKCS7_SIGNER_INFO_sign(si))
+                       if (!(flags & PKCS7_PARTIAL) &&
+                                       !PKCS7_SIGNER_INFO_sign(si))
                                goto err;
                        }
                }
@@ -229,8 +225,6 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
        err:
        if (smcap)
                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-       if (si && si_free)
-               PKCS7_SIGNER_INFO_free(si);
        return NULL;
        }
 
@@ -333,8 +327,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                                sk_X509_free(signers);
                                return 0;
                                }
-                       X509_STORE_CTX_set_purpose(&cert_ctx,
-                                               X509_PURPOSE_SMIME_SIGN);
+                       X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
                } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
                        sk_X509_free(signers);
@@ -378,13 +371,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                tmpin = indata;
                
 
-       p7bio=PKCS7_dataInit(p7,tmpin);
+       if (!(p7bio=PKCS7_dataInit(p7,tmpin)))
+               goto err;
 
        if(flags & PKCS7_TEXT) {
                if(!(tmpout = BIO_new(BIO_s_mem()))) {
                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
+               BIO_set_mem_eof_return(tmpout, 0);
        } else tmpout = out;
 
        /* We now have to 'read' from p7bio to calculate digests etc. */
@@ -483,7 +478,10 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
                        return 0;
            }
 
-           sk_X509_push(signers, signer);
+           if (!sk_X509_push(signers, signer)) {
+               sk_X509_free(signers);
+               return NULL;
+           }
        }
        return signers;
 }
@@ -503,8 +501,9 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                return NULL;
        }
 
-       PKCS7_set_type(p7, NID_pkcs7_enveloped);
-       if(!PKCS7_set_cipher(p7, cipher)) {
+       if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
+               goto err;
+       if (!PKCS7_set_cipher(p7, cipher)) {
                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
                goto err;
        }
@@ -518,12 +517,15 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                }
        }
 
+       if (flags & PKCS7_STREAM)
+               return p7;
+
        if (PKCS7_final(p7, in, flags))
                return p7;
 
        err:
 
-       BIO_free(p7bio);
+       BIO_free_all(p7bio);
        PKCS7_free(p7);
        return NULL;
 
@@ -561,10 +563,13 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
                /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
                if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+                       BIO_free_all(tmpmem);
                        return 0;
                }
                if(!(bread = BIO_push(tmpbuf, tmpmem))) {
                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+                       BIO_free_all(tmpbuf);
+                       BIO_free_all(tmpmem);
                        return 0;
                }
                ret = SMIME_text(bread, data);