X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fcms%2Fcms_lib.c;h=b62d1bfac02b750f59021e74de3d5c2fa81ad772;hp=7b118b8d989de820c8098df772b5748569a90297;hb=2712a2f6256a69e914b174e1915b029b1f4b9554;hpb=4f1aa191b33f0bbda29c3289d50fee2991b77df0 diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 7b118b8d98..b62d1bfac0 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -184,6 +184,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) { case NID_pkcs7_data: + case NID_pkcs7_enveloped: case NID_pkcs7_encrypted: case NID_id_smime_ct_compressedData: /* Nothing to do */ @@ -405,16 +406,17 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, return 0; } BIO_get_md_ctx(chain, &mtmp); - if (EVP_MD_CTX_type(mtmp) == nid) - { - EVP_MD_CTX_copy_ex(mctx, mtmp); - return 1; - } + if (EVP_MD_CTX_type(mtmp) == nid + /* Workaround for broken implementations that use signature + * algorithm OID instead of digest. + */ + || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) + return EVP_MD_CTX_copy_ex(mctx, mtmp); chain = BIO_next(chain); } } -STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms) +static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms) { switch (OBJ_obj2nid(cms->contentType)) { @@ -471,8 +473,11 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) if (cch->type == CMS_CERTCHOICE_CERT) { if (!X509_cmp(cch->d.certificate, cert)) - return -1; - + { + CMSerr(CMS_F_CMS_ADD0_CERT, + CMS_R_CERTIFICATE_ALREADY_PRESENT); + return 0; + } } } cch = CMS_add0_CertificateChoices(cms); @@ -492,7 +497,7 @@ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) return r; } -STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms) +static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms) { switch (OBJ_obj2nid(cms->contentType)) { @@ -544,6 +549,15 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) return 1; } +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) + { + int r; + r = CMS_add0_crl(cms, crl); + if (r > 0) + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + return r; + } + STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) { STACK_OF(X509) *certs = NULL;