summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7/pk7_smime.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c46
1 files changed, 38 insertions, 8 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index 6e5735de11..a852b49235 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -155,7 +155,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
155 char buf[4096]; 155 char buf[4096];
156 int i, j=0, k, ret = 0; 156 int i, j=0, k, ret = 0;
157 BIO *p7bio; 157 BIO *p7bio;
158 BIO *tmpout; 158 BIO *tmpin, *tmpout;
159 159
160 if(!p7) { 160 if(!p7) {
161 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); 161 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
@@ -228,7 +228,30 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
228 /* Check for revocation status here */ 228 /* Check for revocation status here */
229 } 229 }
230 230
231 p7bio=PKCS7_dataInit(p7,indata); 231 /* Performance optimization: if the content is a memory BIO then
232 * store its contents in a temporary read only memory BIO. This
233 * avoids potentially large numbers of slow copies of data which will
234 * occur when reading from a read write memory BIO when signatures
235 * are calculated.
236 */
237
238 if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
239 {
240 char *ptr;
241 long len;
242 len = BIO_get_mem_data(indata, &ptr);
243 tmpin = BIO_new_mem_buf(ptr, len);
244 if (tmpin == NULL)
245 {
246 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
247 return 0;
248 }
249 }
250 else
251 tmpin = indata;
252
253
254 p7bio=PKCS7_dataInit(p7,tmpin);
232 255
233 if(flags & PKCS7_TEXT) { 256 if(flags & PKCS7_TEXT) {
234 if(!(tmpout = BIO_new(BIO_s_mem()))) { 257 if(!(tmpout = BIO_new(BIO_s_mem()))) {
@@ -270,9 +293,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
270 ret = 1; 293 ret = 1;
271 294
272 err: 295 err:
296
297 if (tmpin == indata)
298 {
299 if(indata) BIO_pop(p7bio);
300 BIO_free_all(p7bio);
301 }
302 else
303 BIO_free_all(tmpin);
273 304
274 if(indata) BIO_pop(p7bio);
275 BIO_free_all(p7bio);
276 sk_X509_free(signers); 305 sk_X509_free(signers);
277 306
278 return ret; 307 return ret;
@@ -296,10 +325,6 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
296 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); 325 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
297 return NULL; 326 return NULL;
298 } 327 }
299 if(!(signers = sk_X509_new_null())) {
300 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
301 return NULL;
302 }
303 328
304 /* Collect all the signers together */ 329 /* Collect all the signers together */
305 330
@@ -310,6 +335,11 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
310 return 0; 335 return 0;
311 } 336 }
312 337
338 if(!(signers = sk_X509_new_null())) {
339 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
340 return NULL;
341 }
342
313 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) 343 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
314 { 344 {
315 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); 345 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 20:22:21 +0000