From 55f30198ad4314baaa276e1a1156c046d5ad823f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 14 Dec 1999 02:44:27 +0000 Subject: [PATCH 1/1] Various S/MIME fixes. Fix for memory leak, recipient list bug and not excluding parameters with DSA keys. --- apps/smime.c | 6 +++--- crypto/pkcs7/pk7_lib.c | 15 ++++++++++----- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/apps/smime.c b/apps/smime.c index f87b41969d..882838c66f 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -261,13 +261,13 @@ int MAIN(int argc, char **argv) if(operation == SMIME_ENCRYPT) { if (!cipher) cipher = EVP_rc2_40_cbc(); + encerts = sk_X509_new_null(); while (*args) { - encerts = sk_X509_new_null(); if(!(cert = load_cert(*args))) { BIO_printf(bio_err, "Can't read recipent certificate file %s\n", *args); goto end; } - sk_X509_push (encerts, cert); + sk_X509_push(encerts, cert); cert = NULL; args++; } @@ -356,13 +356,13 @@ int MAIN(int argc, char **argv) } } else if(operation == SMIME_VERIFY) { STACK_OF(X509) *signers; - signers = PKCS7_iget_signers(p7, other, flags); if(PKCS7_verify(p7, other, store, indata, out, flags)) { BIO_printf(bio_err, "Verification Successful\n"); } else { BIO_printf(bio_err, "Verification Failure\n"); goto end; } + signers = PKCS7_iget_signers(p7, other, flags); if(!save_certs(signerfile, signers)) { BIO_printf(bio_err, "Error writing signers to %s\n", signerfile); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index a13be9ae3a..889fb9b355 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -297,6 +297,9 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, EVP_MD *dgst) { + char is_dsa; + if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; + else is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ ASN1_INTEGER_set(p7i->version,1); X509_NAME_set(&p7i->issuer_and_serial->issuer, @@ -313,8 +316,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, p7i->pkey=pkey; /* Set the algorithms */ - if (pkey->type == EVP_PKEY_DSA) - p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); + if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); else p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); @@ -328,9 +330,12 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, if (p7i->digest_enc_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_enc_alg->parameter); - if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL) - goto err; - p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + if(is_dsa) p7i->digest_enc_alg->parameter = NULL; + else { + if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) + goto err; + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + } return(1); err: -- 2.34.1