4 files changed, 109 insertions, 32 deletions

diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
index 5ff5a88b5c..039141027a 100644
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -3,7 +3,7 @@
  * project 2001.
  */
 /* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -94,17 +94,18 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
 }
 
 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
-{
+        {
         ASN1_TYPE *cap;
         unsigned char *p;
         cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
-        if (!cap) return NULL;
+        if (!cap || (cap->type != V_ASN1_SEQUENCE))
+                return NULL;
         p = cap->value.sequence->data;
         return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
                                           cap->value.sequence->length,
                                           d2i_X509_ALGOR, X509_ALGOR_free,
                                           V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
+        }
 
 /* Basic smime-capabilities OID and optional integer arg */
 int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index b78e22819c..4ac29ae14d 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -239,7 +239,13 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                                 OPENSSL_free(tmp);
                                 goto err;
                                 }
-                        M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+                        if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+                                        ERR_R_MALLOC_FAILURE);
+                                OPENSSL_free(tmp);
+                                goto err;
+                                }
                         }
                 OPENSSL_free(tmp);
                 OPENSSL_cleanse(key, keylen);
@@ -520,12 +526,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         case NID_pkcs7_signedAndEnveloped:
                 /* XXXXXXXXXXXXXXXX */
                 si_sk=p7->d.signed_and_enveloped->signer_info;
-                os=M_ASN1_OCTET_STRING_new();
+                if (!(os=M_ASN1_OCTET_STRING_new()))
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
                 p7->d.signed_and_enveloped->enc_data->enc_data=os;
                 break;
         case NID_pkcs7_enveloped:
                 /* XXXXXXXXXXXXXXXX */
-                os=M_ASN1_OCTET_STRING_new();
+                if (!(os=M_ASN1_OCTET_STRING_new()))
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
                 p7->d.enveloped->enc_data->enc_data=os;
                 break;
         case NID_pkcs7_signed:
@@ -599,7 +613,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                 if (!PKCS7_get_signed_attribute(si,
                                                         NID_pkcs9_signingTime))
                                         {
-                                        sign_time=X509_gmtime_adj(NULL,0);
+                                        if (!(sign_time=X509_gmtime_adj(NULL,0)))
+                                                {
+                                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,
+                                                        ERR_R_MALLOC_FAILURE);
+                                                goto err;
+                                                }
                                         PKCS7_add_signed_attribute(si,
                                                 NID_pkcs9_signingTime,
                                                 V_ASN1_UTCTIME,sign_time);
@@ -608,8 +627,19 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                 /* Add digest */
                                 md_tmp=EVP_MD_CTX_md(&ctx_tmp);
                                 EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
-                                digest=M_ASN1_OCTET_STRING_new();
-                                M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
+                                if (!(digest=M_ASN1_OCTET_STRING_new()))
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                if (!M_ASN1_OCTET_STRING_set(digest,md_data,
+                                                                md_len))
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
                                 PKCS7_add_signed_attribute(si,
                                         NID_pkcs9_messageDigest,
                                         V_ASN1_OCTET_STRING,digest);
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index 985b07245c..ee1817c7af 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -164,7 +164,12 @@ int PKCS7_set_type(PKCS7 *p7, int type)
                 p7->type=obj;
                 if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
                         goto err;
-                ASN1_INTEGER_set(p7->d.sign->version,1);
+                if (!ASN1_INTEGER_set(p7->d.sign->version,1))
+                        {
+                        PKCS7_SIGNED_free(p7->d.sign);
+                        p7->d.sign=NULL;
+                        goto err;
+                        }
                 break;
         case NID_pkcs7_data:
                 p7->type=obj;
@@ -176,6 +181,8 @@ int PKCS7_set_type(PKCS7 *p7, int type)
                 if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
                         == NULL) goto err;
                 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
+                if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
+                        goto err;
                 p7->d.signed_and_enveloped->enc_data->content_type
                                                 = OBJ_nid2obj(NID_pkcs7_data);
                 break;
@@ -183,7 +190,8 @@ int PKCS7_set_type(PKCS7 *p7, int type)
                 p7->type=obj;
                 if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
                         == NULL) goto err;
-                ASN1_INTEGER_set(p7->d.enveloped->version,0);
+                if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
+                        goto err;
                 p7->d.enveloped->enc_data->content_type
                                                 = OBJ_nid2obj(NID_pkcs7_data);
                 break;
@@ -191,7 +199,8 @@ int PKCS7_set_type(PKCS7 *p7, int type)
                 p7->type=obj;
                 if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
                         == NULL) goto err;
-                ASN1_INTEGER_set(p7->d.encrypted->version,0);
+                if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
+                        goto err;
                 p7->d.encrypted->enc_data->content_type
                                                 = OBJ_nid2obj(NID_pkcs7_data);
                 break;
@@ -318,15 +327,18 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
         if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
         else is_dsa = 0;
         /* We now need to add another PKCS7_SIGNER_INFO entry */
-        ASN1_INTEGER_set(p7i->version,1);
-        X509_NAME_set(&p7i->issuer_and_serial->issuer,
-                X509_get_issuer_name(x509));
+        if (!ASN1_INTEGER_set(p7i->version,1))
+                goto err;
+        if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                        X509_get_issuer_name(x509)))
+                goto err;
 
         /* because ASN1_INTEGER_set is used to set a 'long' we will do
          * things the ugly way. */
         M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-        p7i->issuer_and_serial->serial=
-                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+        if (!(p7i->issuer_and_serial->serial=
+                        M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+                goto err;
 
         /* lets keep the pkey around for a while */
         CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
@@ -423,16 +435,20 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
 
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
         {
-        ASN1_INTEGER_set(p7i->version,0);
-        X509_NAME_set(&p7i->issuer_and_serial->issuer,
-                X509_get_issuer_name(x509));
+        if (!ASN1_INTEGER_set(p7i->version,0))
+                return 0;
+        if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                X509_get_issuer_name(x509)))
+                return 0;
 
         M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-        p7i->issuer_and_serial->serial=
-                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+        if (!(p7i->issuer_and_serial->serial=
+                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+                return 0;
 
         X509_ALGOR_free(p7i->key_enc_algor);
-        p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor);
+        if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
+                return 0;
 
         CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
         p7i->cert=x509;
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index 6e5735de11..a852b49235 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -155,7 +155,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
         char buf[4096];
         int i, j=0, k, ret = 0;
         BIO *p7bio;
-        BIO *tmpout;
+        BIO *tmpin, *tmpout;
 
         if(!p7) {
                 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
@@ -228,7 +228,30 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                 /* Check for revocation status here */
         }
 
-        p7bio=PKCS7_dataInit(p7,indata);
+        /* Performance optimization: if the content is a memory BIO then
+         * store its contents in a temporary read only memory BIO. This
+         * avoids potentially large numbers of slow copies of data which will
+         * occur when reading from a read write memory BIO when signatures
+         * are calculated.
+         */
+
+        if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
+                {
+                char *ptr;
+                long len;
+                len = BIO_get_mem_data(indata, &ptr);
+                tmpin = BIO_new_mem_buf(ptr, len);
+                if (tmpin == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+        else
+                tmpin = indata;
+                
+
+        p7bio=PKCS7_dataInit(p7,tmpin);
 
         if(flags & PKCS7_TEXT) {
                 if(!(tmpout = BIO_new(BIO_s_mem()))) {
@@ -270,9 +293,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
         ret = 1;
 
         err:
+        
+        if (tmpin == indata)
+                {
+                if(indata) BIO_pop(p7bio);
+                BIO_free_all(p7bio);
+                }
+        else
+                BIO_free_all(tmpin);
 
-        if(indata) BIO_pop(p7bio);
-        BIO_free_all(p7bio);
         sk_X509_free(signers);
 
         return ret;
@@ -296,10 +325,6 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
                 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
                 return NULL;
         }
-        if(!(signers = sk_X509_new_null())) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
 
         /* Collect all the signers together */
 
@@ -310,6 +335,11 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
                 return 0;
         }
 
+        if(!(signers = sk_X509_new_null())) {
+                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
         for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
         {
             si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);