1 files changed, 23 insertions, 19 deletions
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c
index e3101340c5..b8cc7e2baf 100644
--- a/src/lib/libcrypto/ts/ts_rsp_sign.c
+++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_sign.c,v 1.35 2024/03/26 00:39:22 beck Exp $ */
+/* $OpenBSD: ts_rsp_sign.c,v 1.37 2025/07/31 02:02:35 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
@@ -60,11 +60,11 @@
 #include <string.h>
-#include <openssl/err.h>
 #include <openssl/objects.h>
 #include <openssl/pkcs7.h>
 #include <openssl/ts.h>
+#include "err_local.h"
 #include "evp_local.h"
 #include "ts_local.h"
 #include "x509_local.h"
@@ -955,28 +955,32 @@ static int
 ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
 {
        ASN1_STRING *seq = NULL;
-        unsigned char *p, *pp = NULL;
+        unsigned char *data = NULL;
-        int len;
+        int len = 0;
+        int ret = 0;
-        len = i2d_ESS_SIGNING_CERT(sc, NULL);
+        if ((len = i2d_ESS_SIGNING_CERT(sc, &data)) <= 0) {
-        if (!(pp = malloc(len))) {
+                len = 0;
-                TSerror(ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        p = pp;
-        i2d_ESS_SIGNING_CERT(sc, &p);
+        if ((seq = ASN1_STRING_new()) == NULL)
-        if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) {
-                TSerror(ERR_R_MALLOC_FAILURE);
                goto err;
-        }
-        free(pp);
-        pp = NULL;
-        return PKCS7_add_signed_attribute(si,
-            NID_id_smime_aa_signingCertificate, V_ASN1_SEQUENCE, seq);
-err:
+        ASN1_STRING_set0(seq, data, len);
+        data = NULL;
+        len = 0;
+        if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
+            V_ASN1_SEQUENCE, seq))
+                goto err;
+        seq = NULL;
+        ret = 1;
+ err:
        ASN1_STRING_free(seq);
-        free(pp);
+        freezero(data, len);
-        return 0;
+        return ret;
 }

diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c index e3101340c5..b8cc7e2baf 100644 --- a/src/lib/libcrypto/ts/ts_rsp_sign.c +++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ts_rsp_sign.c,v 1.35 2024/03/26 00:39:22 beck Exp $ */	1	/* $OpenBSD: ts_rsp_sign.c,v 1.37 2025/07/31 02:02:35 tb Exp $ */
2	/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL	2	/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3	* project 2002.	3	* project 2002.
4	*/	4	*/
@@ -60,11 +60,11 @@
60		60
61	#include <string.h>	61	#include <string.h>
62		62
63	#include <openssl/err.h>
64	#include <openssl/objects.h>	63	#include <openssl/objects.h>
65	#include <openssl/pkcs7.h>	64	#include <openssl/pkcs7.h>
66	#include <openssl/ts.h>	65	#include <openssl/ts.h>
67		66
		67	#include "err_local.h"
68	#include "evp_local.h"	68	#include "evp_local.h"
69	#include "ts_local.h"	69	#include "ts_local.h"
70	#include "x509_local.h"	70	#include "x509_local.h"
@@ -955,28 +955,32 @@ static int
955	ESS_add_signing_cert(PKCS7_SIGNER_INFO si, ESS_SIGNING_CERT sc)	955	ESS_add_signing_cert(PKCS7_SIGNER_INFO si, ESS_SIGNING_CERT sc)
956	{	956	{
957	ASN1_STRING *seq = NULL;	957	ASN1_STRING *seq = NULL;
958	unsigned char p, pp = NULL;	958	unsigned char *data = NULL;
959	int len;	959	int len = 0;
		960	int ret = 0;
960		961
961	len = i2d_ESS_SIGNING_CERT(sc, NULL);	962	if ((len = i2d_ESS_SIGNING_CERT(sc, &data)) <= 0) {
962	if (!(pp = malloc(len))) {	963	len = 0;
963	TSerror(ERR_R_MALLOC_FAILURE);
964	goto err;	964	goto err;
965	}	965	}
966	p = pp;	966
967	i2d_ESS_SIGNING_CERT(sc, &p);	967	if ((seq = ASN1_STRING_new()) == NULL)
968	if (!(seq = ASN1_STRING_new()) \|\| !ASN1_STRING_set(seq, pp, len)) {
969	TSerror(ERR_R_MALLOC_FAILURE);
970	goto err;	968	goto err;
971	}
972	free(pp);
973	pp = NULL;
974	return PKCS7_add_signed_attribute(si,
975	NID_id_smime_aa_signingCertificate, V_ASN1_SEQUENCE, seq);
976		969
977	err:	970	ASN1_STRING_set0(seq, data, len);
		971	data = NULL;
		972	len = 0;
		973
		974	if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
		975	V_ASN1_SEQUENCE, seq))
		976	goto err;
		977	seq = NULL;
		978
		979	ret = 1;
		980
		981	err:
978	ASN1_STRING_free(seq);	982	ASN1_STRING_free(seq);
979	free(pp);	983	freezero(data, len);
980		984
981	return 0;	985	return ret;
982	}	986	}