From d5a37b029357b8ed8595f5cefc6654ac15302ae8 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 6 Apr 2008 15:41:25 +0000
Subject: [PATCH] Give consistent return value and add error code for duplicate
 certificates.

---
 crypto/cms/cms.h     | 2 ++
 crypto/cms/cms_err.c | 4 +++-
 crypto/cms/cms_lib.c | 7 +++++--
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
index 19fde29e93..ec48aabe0e 100644
--- a/crypto/cms/cms.h
+++ b/crypto/cms/cms.h
@@ -327,6 +327,7 @@ void ERR_load_CMS_strings(void);
 
 /* Function codes. */
 #define CMS_F_CHECK_CONTENT				 99
+#define CMS_F_CMS_ADD0_CERT				 164
 #define CMS_F_CMS_ADD0_RECIPIENT_KEY			 100
 #define CMS_F_CMS_ADD1_RECEIPTREQUEST			 158
 #define CMS_F_CMS_ADD1_RECIPIENT_CERT			 101
@@ -396,6 +397,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_ADD_SIGNER_ERROR				 99
 #define CMS_R_CERTIFICATE_HAS_NO_KEYID			 160
 #define CMS_R_CERTIFICATE_VERIFY_ERROR			 100
+#define CMS_R_CERTIFICTATE_ALREADY_PRESENT		 175
 #define CMS_R_CIPHER_INITIALISATION_ERROR		 101
 #define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR	 102
 #define CMS_R_CMS_DATAFINAL_ERROR			 103
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
index 9c813e5db6..5680be3974 100644
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
@@ -71,6 +71,7 @@
 static ERR_STRING_DATA CMS_str_functs[]=
 	{
 {ERR_FUNC(CMS_F_CHECK_CONTENT),	"CHECK_CONTENT"},
+{ERR_FUNC(CMS_F_CMS_ADD0_CERT),	"CMS_add0_cert"},
 {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY),	"CMS_add0_recipient_key"},
 {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST),	"CMS_add1_ReceiptRequest"},
 {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT),	"CMS_add1_recipient_cert"},
@@ -131,7 +132,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY),	"CMS_SignerInfo_verify"},
 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),	"CMS_SIGNERINFO_VERIFY_CERT"},
 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),	"CMS_SignerInfo_verify_content"},
-{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT),	"CMS_SIGN_RECEIPT"},
+{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT),	"CMS_sign_receipt"},
 {ERR_FUNC(CMS_F_CMS_STREAM),	"CMS_stream"},
 {ERR_FUNC(CMS_F_CMS_UNCOMPRESS),	"CMS_uncompress"},
 {ERR_FUNC(CMS_F_CMS_VERIFY),	"CMS_verify"},
@@ -143,6 +144,7 @@ static ERR_STRING_DATA CMS_str_reasons[]=
 {ERR_REASON(CMS_R_ADD_SIGNER_ERROR)      ,"add signer error"},
 {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
 {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(CMS_R_CERTIFICTATE_ALREADY_PRESENT),"certifictate already present"},
 {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
 {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
 {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR)   ,"cms datafinal error"},
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 8c3854dfc9..a715fc3ad5 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -472,8 +472,11 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
 		if (cch->type == CMS_CERTCHOICE_CERT)
 			{
 			if (!X509_cmp(cch->d.certificate, cert))
-				return -1;
-				
+				{
+				CMSerr(CMS_F_CMS_ADD0_CERT, 
+					CMS_R_CERTIFICTATE_ALREADY_PRESENT);
+				return 0;
+				}
 			}
 		}
 	cch = CMS_add0_CertificateChoices(cms);
-- 
2.34.1