From eaa28181898b8ca0b54552a3290789bb17444c8a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 21 Aug 2000 22:02:23 +0000
Subject: [PATCH] Various fixes...

initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.
---
 CHANGES                 |  7 ++++
 apps/pkcs12.c           |  2 +
 crypto/asn1/p7_lib.c    | 92 +++++++++++++++++++++++++++++++++++++++++
 crypto/asn1/x_x509.c    |  1 +
 crypto/pkcs7/pk7_mime.c |  2 +-
 crypto/x509/x509_vfy.c  |  1 +
 6 files changed, 104 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index e545b5002e..b01f3a07f8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
 
+  *) Modification to PKCS#7 encoding routines to output definite
+     length encoding. Since currently the whole structures are in
+     memory there's not real point in using indefinite length 
+     constructed encoding. However if OpenSSL is compiled with
+     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+     [Steve Henson]
+
   *) Added BIO_vprintf() and BIO_vsnprintf().
      [Richard Levitte]
 
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 963797155f..0f3ac4977a 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -502,6 +502,8 @@ int MAIN(int argc, char **argv)
 	}
 	sk_X509_pop_free(certs, X509_free);
 	certs = NULL;
+	/* ucert is part of certs so it is already freed */
+	ucert = NULL;
 
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
diff --git a/crypto/asn1/p7_lib.c b/crypto/asn1/p7_lib.c
index 90ead17dbc..76cb675497 100644
--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -62,6 +62,8 @@
 #include <openssl/pkcs7.h>
 #include <openssl/objects.h>
 
+#ifdef PKCS7_INDEFINITE_ENCODING
+
 int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
@@ -144,6 +146,96 @@ int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
 	M_ASN1_I2D_finish();
 	}
 
+#else
+
+int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
+	{
+	int explen = 0;
+	M_ASN1_I2D_vars(a);
+
+	if (a->asn1 != NULL)
+		{
+		if (pp == NULL)
+			return((int)a->length);
+		memcpy(*pp,a->asn1,(int)a->length);
+		*pp+=a->length;
+		return((int)a->length);
+		}
+
+	M_ASN1_I2D_len(a->type,i2d_ASN1_OBJECT);
+	if (a->d.ptr != NULL)
+		{
+		/* Save current length */
+		r = ret;
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_len(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_len(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_len(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_len(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_len(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_len(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		/* Work out explicit tag content size */
+		explen = ret - r;
+		/* Work out explicit tag size: Note: ASN1_object_size
+		 * includes the content length.
+		 */
+		ret =  r + ASN1_object_size(1, explen, 0);
+		}
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->type,i2d_ASN1_OBJECT);
+
+	if (a->d.ptr != NULL)
+		{
+		ASN1_put_object(&p, 1, explen, 0, V_ASN1_CONTEXT_SPECIFIC);
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_put(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_put(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_put(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_put(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_put(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_put(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		}
+	M_ASN1_I2D_finish();
+	}
+
+#endif
+
 PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7 *,PKCS7_new);
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index ea71a29c9a..36f0e4743e 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -117,6 +117,7 @@ X509 *X509_new(void)
 	ret->references=1;
 	ret->valid=0;
 	ret->ex_flags = 0;
+	ret->ex_pathlen = -1;
 	ret->name=NULL;
 	ret->aux=NULL;
 	M_ASN1_New(ret->cert_info,X509_CINF_new);
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
index 9741aa578e..a7b6929436 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -170,7 +170,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 		BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
 		BIO_printf(bio, "This is an S/MIME signed message\n\n");
 		/* Now write out the first part */
-		BIO_printf(bio, "------%s\r\n", bound);
+		BIO_printf(bio, "------%s\n", bound);
 		if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
 		while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) 
 						BIO_write(bio, linebuf, i);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 0d5273d51a..ccc031377a 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -582,6 +582,7 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 
 	time(&t);
 	t+=adj;
+	if(!s) return ASN1_TIME_set(s, t);
 	if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
 	return ASN1_GENERALIZEDTIME_set(s, t);
 	}
-- 
2.34.1