Various S/MIME fixes. Fix for memory leak, recipient list bug
authorDr. Stephen Henson <steve@openssl.org>
Tue, 14 Dec 1999 02:44:27 +0000 (02:44 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 14 Dec 1999 02:44:27 +0000 (02:44 +0000)
and not excluding parameters with DSA keys.

apps/smime.c
crypto/pkcs7/pk7_lib.c

index f87b419..882838c 100644 (file)
@@ -261,13 +261,13 @@ int MAIN(int argc, char **argv)
 
        if(operation == SMIME_ENCRYPT) {
                if (!cipher) cipher = EVP_rc2_40_cbc();
+               encerts = sk_X509_new_null();
                while (*args) {
-                       encerts = sk_X509_new_null();
                        if(!(cert = load_cert(*args))) {
                                BIO_printf(bio_err, "Can't read recipent certificate file %s\n", *args);
                                goto end;
                        }
-                       sk_X509_push (encerts, cert);
+                       sk_X509_push(encerts, cert);
                        cert = NULL;
                        args++;
                }
@@ -356,13 +356,13 @@ int MAIN(int argc, char **argv)
                }
        } else if(operation == SMIME_VERIFY) {
                STACK_OF(X509) *signers;
-               signers = PKCS7_iget_signers(p7, other, flags);
                if(PKCS7_verify(p7, other, store, indata, out, flags)) {
                        BIO_printf(bio_err, "Verification Successful\n");
                } else {
                        BIO_printf(bio_err, "Verification Failure\n");
                        goto end;
                }
+               signers = PKCS7_iget_signers(p7, other, flags);
                if(!save_certs(signerfile, signers)) {
                        BIO_printf(bio_err, "Error writing signers to %s\n",
                                                                signerfile);
index a13be9a..889fb9b 100644 (file)
@@ -297,6 +297,9 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
             EVP_MD *dgst)
        {
+       char is_dsa;
+       if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
+       else is_dsa = 0;
        /* We now need to add another PKCS7_SIGNER_INFO entry */
        ASN1_INTEGER_set(p7i->version,1);
        X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -313,8 +316,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
        p7i->pkey=pkey;
 
        /* Set the algorithms */
-       if (pkey->type == EVP_PKEY_DSA)
-               p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
+       if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
        else    
                p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
 
@@ -328,9 +330,12 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
 
        if (p7i->digest_enc_alg->parameter != NULL)
                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-       if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
-               goto err;
-       p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+       if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
+       else {
+               if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+                       goto err;
+               p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+       }
 
        return(1);
 err: