1 files changed, 14 insertions, 103 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index f2490941a3..ee1817c7af 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -138,10 +138,6 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
                p7->d.sign->contents=p7_data;
                break;
        case NID_pkcs7_digest:
-                if (p7->d.digest->contents != NULL)
-                        PKCS7_free(p7->d.digest->contents);
-                p7->d.digest->contents=p7_data;
-                break;
        case NID_pkcs7_data:
        case NID_pkcs7_enveloped:
        case NID_pkcs7_signedAndEnveloped:
@@ -210,12 +206,6 @@ int PKCS7_set_type(PKCS7 *p7, int type)
                break;
        case NID_pkcs7_digest:
-                p7->type=obj;
-                if ((p7->d.digest=PKCS7_DIGEST_new())
-                        == NULL) goto err;
-                if (!ASN1_INTEGER_set(p7->d.digest->version,0))
-                        goto err;
-                break;
        default:
                PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                goto err;
@@ -225,13 +215,6 @@ err:
        return(0);
        }
-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
-        {
-        p7->type = OBJ_nid2obj(type);
-        p7->d.other = other;
-        return 1;
-        }
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
        {
        int i,j,nid;
@@ -271,23 +254,16 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
        if (!j) /* we need to add another algorithm */
                {
                if(!(alg=X509_ALGOR_new())
-                        || !(alg->parameter = ASN1_TYPE_new()))
+                        || !(alg->parameter = ASN1_TYPE_new())) {
-                        {
-                        X509_ALGOR_free(alg);
                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
                        return(0);
-                        }
+                }
                alg->algorithm=OBJ_nid2obj(nid);
                alg->parameter->type = V_ASN1_NULL;
-                if (!sk_X509_ALGOR_push(md_sk,alg))
+                sk_X509_ALGOR_push(md_sk,alg);
-                        {
-                        X509_ALGOR_free(alg);
-                        return 0;
-                        }
                }
-        if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))
+        sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
-                return 0;
        return(1);
        }
@@ -312,17 +288,8 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
        if (*sk == NULL)
                *sk=sk_X509_new_null();
-        if (*sk == NULL)
-                {
-                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-        if (!sk_X509_push(*sk,x509))
+        sk_X509_push(*sk,x509);
-                {
-                X509_free(x509);
-                return 0;
-                }
        return(1);
        }
@@ -347,31 +314,18 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
        if (*sk == NULL)
                *sk=sk_X509_CRL_new_null();
-        if (*sk == NULL)
-                {
-                PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
        CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-        if (!sk_X509_CRL_push(*sk,crl))
+        sk_X509_CRL_push(*sk,crl);
-                {
-                X509_CRL_free(crl);
-                return 0;
-                }
        return(1);
        }
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
             const EVP_MD *dgst)
        {
-        int nid;
        char is_dsa;
+        if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
-        if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
+        else is_dsa = 0;
-                is_dsa = 1;
-        else
-                is_dsa = 0;
        /* We now need to add another PKCS7_SIGNER_INFO entry */
        if (!ASN1_INTEGER_set(p7i->version,1))
                goto err;
@@ -401,38 +355,16 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                goto err;
        p7i->digest_alg->parameter->type=V_ASN1_NULL;
+        p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
        if (p7i->digest_enc_alg->parameter != NULL)
                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-        nid = EVP_PKEY_type(pkey->type);
+        if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
-        if (nid == EVP_PKEY_RSA)
+        else {
-                {
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
-                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
-                        goto err;
-                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-                }
-        else if (nid == EVP_PKEY_DSA)
-                {
-#if 1
-                /* use 'dsaEncryption' OID for compatibility with other software
-                 * (PKCS #7 v1.5 does specify how to handle DSA) ... */
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
-#else
-                /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
-                 * would make more sense. */
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
-#endif
-                p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
-                }
-        else if (nid == EVP_PKEY_EC)
-                {
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
                        goto err;
                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-                }
+        }
-        else
-                return(0);
        return(1);
 err:
@@ -449,28 +381,9 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
        if (!PKCS7_add_signer(p7,si)) goto err;
        return(si);
 err:
-        PKCS7_SIGNER_INFO_free(si);
        return(NULL);
        }
-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
-        {
-        if (PKCS7_type_is_digest(p7))
-                {
-                if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                p7->d.digest->md->parameter->type = V_ASN1_NULL;
-                p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
-                return 1;
-                }
-                
-        PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
-        return 1;
-        }
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
        {
        if (PKCS7_type_is_signed(p7))
@@ -494,7 +407,6 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
        if (!PKCS7_add_recipient_info(p7,ri)) goto err;
        return(ri);
 err:
-        PKCS7_RECIP_INFO_free(ri);
        return(NULL);
        }
@@ -517,8 +429,7 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
                return(0);
                }
-        if (!sk_PKCS7_RECIP_INFO_push(sk,ri))
+        sk_PKCS7_RECIP_INFO_push(sk,ri);
-                return 0;
        return(1);
        }

diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c index f2490941a3..ee1817c7af 100644 --- a/src/lib/libcrypto/pkcs7/pk7_lib.c +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -138,10 +138,6 @@ int PKCS7_set_content(PKCS7 p7, PKCS7 p7_data)
138	p7->d.sign->contents=p7_data;	138	p7->d.sign->contents=p7_data;
139	break;	139	break;
140	case NID_pkcs7_digest:	140	case NID_pkcs7_digest:
141	if (p7->d.digest->contents != NULL)
142	PKCS7_free(p7->d.digest->contents);
143	p7->d.digest->contents=p7_data;
144	break;
145	case NID_pkcs7_data:	141	case NID_pkcs7_data:
146	case NID_pkcs7_enveloped:	142	case NID_pkcs7_enveloped:
147	case NID_pkcs7_signedAndEnveloped:	143	case NID_pkcs7_signedAndEnveloped:
@@ -210,12 +206,6 @@ int PKCS7_set_type(PKCS7 *p7, int type)
210	break;	206	break;
211		207
212	case NID_pkcs7_digest:	208	case NID_pkcs7_digest:
213	p7->type=obj;
214	if ((p7->d.digest=PKCS7_DIGEST_new())
215	== NULL) goto err;
216	if (!ASN1_INTEGER_set(p7->d.digest->version,0))
217	goto err;
218	break;
219	default:	209	default:
220	PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);	210	PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
221	goto err;	211	goto err;
@@ -225,13 +215,6 @@ err:
225	return(0);	215	return(0);
226	}	216	}
227		217
228	int PKCS7_set0_type_other(PKCS7 p7, int type, ASN1_TYPE other)
229	{
230	p7->type = OBJ_nid2obj(type);
231	p7->d.other = other;
232	return 1;
233	}
234
235	int PKCS7_add_signer(PKCS7 p7, PKCS7_SIGNER_INFO psi)	218	int PKCS7_add_signer(PKCS7 p7, PKCS7_SIGNER_INFO psi)
236	{	219	{
237	int i,j,nid;	220	int i,j,nid;
@@ -271,23 +254,16 @@ int PKCS7_add_signer(PKCS7 p7, PKCS7_SIGNER_INFO psi)
271	if (!j) /* we need to add another algorithm */	254	if (!j) /* we need to add another algorithm */
272	{	255	{
273	if(!(alg=X509_ALGOR_new())	256	if(!(alg=X509_ALGOR_new())
274	\|\| !(alg->parameter = ASN1_TYPE_new()))	257	\|\| !(alg->parameter = ASN1_TYPE_new())) {
275	{
276	X509_ALGOR_free(alg);
277	PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);	258	PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
278	return(0);	259	return(0);
279	}	260	}
280	alg->algorithm=OBJ_nid2obj(nid);	261	alg->algorithm=OBJ_nid2obj(nid);
281	alg->parameter->type = V_ASN1_NULL;	262	alg->parameter->type = V_ASN1_NULL;
282	if (!sk_X509_ALGOR_push(md_sk,alg))	263	sk_X509_ALGOR_push(md_sk,alg);
283	{
284	X509_ALGOR_free(alg);
285	return 0;
286	}
287	}	264	}
288		265
289	if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))	266	sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
290	return 0;
291	return(1);	267	return(1);
292	}	268	}
293		269
@@ -312,17 +288,8 @@ int PKCS7_add_certificate(PKCS7 p7, X509 x509)
312		288
313	if (*sk == NULL)	289	if (*sk == NULL)
314	*sk=sk_X509_new_null();	290	*sk=sk_X509_new_null();
315	if (*sk == NULL)
316	{
317	PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);
318	return 0;
319	}
320	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);	291	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
321	if (!sk_X509_push(*sk,x509))	292	sk_X509_push(*sk,x509);
322	{
323	X509_free(x509);
324	return 0;
325	}
326	return(1);	293	return(1);
327	}	294	}
328		295
@@ -347,31 +314,18 @@ int PKCS7_add_crl(PKCS7 p7, X509_CRL crl)
347		314
348	if (*sk == NULL)	315	if (*sk == NULL)
349	*sk=sk_X509_CRL_new_null();	316	*sk=sk_X509_CRL_new_null();
350	if (*sk == NULL)
351	{
352	PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
353	return 0;
354	}
355		317
356	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);	318	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
357	if (!sk_X509_CRL_push(*sk,crl))	319	sk_X509_CRL_push(*sk,crl);
358	{
359	X509_CRL_free(crl);
360	return 0;
361	}
362	return(1);	320	return(1);
363	}	321	}
364		322
365	int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO p7i, X509 x509, EVP_PKEY *pkey,	323	int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO p7i, X509 x509, EVP_PKEY *pkey,
366	const EVP_MD *dgst)	324	const EVP_MD *dgst)
367	{	325	{
368	int nid;
369	char is_dsa;	326	char is_dsa;
370		327	if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
371	if (pkey->type == EVP_PKEY_DSA \|\| pkey->type == EVP_PKEY_EC)	328	else is_dsa = 0;
372	is_dsa = 1;
373	else
374	is_dsa = 0;
375	/* We now need to add another PKCS7_SIGNER_INFO entry */	329	/* We now need to add another PKCS7_SIGNER_INFO entry */
376	if (!ASN1_INTEGER_set(p7i->version,1))	330	if (!ASN1_INTEGER_set(p7i->version,1))
377	goto err;	331	goto err;
@@ -401,38 +355,16 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO p7i, X509 x509, EVP_PKEY *pkey,
401	goto err;	355	goto err;
402	p7i->digest_alg->parameter->type=V_ASN1_NULL;	356	p7i->digest_alg->parameter->type=V_ASN1_NULL;
403		357
		358	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
		359
404	if (p7i->digest_enc_alg->parameter != NULL)	360	if (p7i->digest_enc_alg->parameter != NULL)
405	ASN1_TYPE_free(p7i->digest_enc_alg->parameter);	361	ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
406	nid = EVP_PKEY_type(pkey->type);	362	if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
407	if (nid == EVP_PKEY_RSA)	363	else {
408	{
409	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
410	if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
411	goto err;
412	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
413	}
414	else if (nid == EVP_PKEY_DSA)
415	{
416	#if 1
417	/* use 'dsaEncryption' OID for compatibility with other software
418	* (PKCS #7 v1.5 does specify how to handle DSA) ... */
419	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
420	#else
421	/* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
422	* would make more sense. */
423	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
424	#endif
425	p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
426	}
427	else if (nid == EVP_PKEY_EC)
428	{
429	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
430	if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))	364	if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
431	goto err;	365	goto err;
432	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;	366	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
433	}	367	}
434	else
435	return(0);
436		368
437	return(1);	369	return(1);
438	err:	370	err:
@@ -449,28 +381,9 @@ PKCS7_SIGNER_INFO PKCS7_add_signature(PKCS7 p7, X509 x509, EVP_PKEY pkey,
449	if (!PKCS7_add_signer(p7,si)) goto err;	381	if (!PKCS7_add_signer(p7,si)) goto err;
450	return(si);	382	return(si);
451	err:	383	err:
452	PKCS7_SIGNER_INFO_free(si);
453	return(NULL);	384	return(NULL);
454	}	385	}
455		386
456	int PKCS7_set_digest(PKCS7 p7, const EVP_MD md)
457	{
458	if (PKCS7_type_is_digest(p7))
459	{
460	if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))
461	{
462	PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);
463	return 0;
464	}
465	p7->d.digest->md->parameter->type = V_ASN1_NULL;
466	p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
467	return 1;
468	}
469
470	PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
471	return 1;
472	}
473
474	STACK_OF(PKCS7_SIGNER_INFO) PKCS7_get_signer_info(PKCS7 p7)	387	STACK_OF(PKCS7_SIGNER_INFO) PKCS7_get_signer_info(PKCS7 p7)
475	{	388	{
476	if (PKCS7_type_is_signed(p7))	389	if (PKCS7_type_is_signed(p7))
@@ -494,7 +407,6 @@ PKCS7_RECIP_INFO PKCS7_add_recipient(PKCS7 p7, X509 *x509)
494	if (!PKCS7_add_recipient_info(p7,ri)) goto err;	407	if (!PKCS7_add_recipient_info(p7,ri)) goto err;
495	return(ri);	408	return(ri);
496	err:	409	err:
497	PKCS7_RECIP_INFO_free(ri);
498	return(NULL);	410	return(NULL);
499	}	411	}
500		412
@@ -517,8 +429,7 @@ int PKCS7_add_recipient_info(PKCS7 p7, PKCS7_RECIP_INFO ri)
517	return(0);	429	return(0);
518	}	430	}
519		431
520	if (!sk_PKCS7_RECIP_INFO_push(sk,ri))	432	sk_PKCS7_RECIP_INFO_push(sk,ri);
521	return 0;
522	return(1);	433	return(1);
523	}	434	}
524		435