File bug-761324-backport-cms-from-0.9.8x-to-0.9.8j.patch of Package compat-openssl098.703

diff -Nupr openssl-0.9.8j/crypto/cms//cms_asn1.c openssl-0.9.8x/crypto/cms//cms_asn1.c
--- openssl-0.9.8j/crypto/cms//cms_asn1.c	2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_asn1.c	2010-06-01 22:39:57.000000000 +0800
@@ -130,8 +130,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
 } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
 
 ASN1_SEQUENCE(CMS_OriginatorInfo) = {
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
 } ASN1_SEQUENCE_END(CMS_OriginatorInfo)
 
 ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
diff -Nupr openssl-0.9.8j/crypto/cms//cms_enc.c openssl-0.9.8x/crypto/cms//cms_enc.c
--- openssl-0.9.8j/crypto/cms//cms_enc.c	2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_enc.c	2012-05-10 21:27:57.000000000 +0800
@@ -139,12 +139,12 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
 				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
 		goto err;
 		}
-		/* Generate random session key */
-		if (!enc || !ec->key)
+	tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+	/* Generate random session key */
+	if (!enc || !ec->key)
 		{
-			tkeylen = EVP_CIPHER_CTX_key_length(ctx);
-			tkey = OPENSSL_malloc(tkeylen);
-			if (!tkey)
+		tkey = OPENSSL_malloc(tkeylen);
+		if (!tkey)
 			{
 			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
 							ERR_R_MALLOC_FAILURE);
@@ -154,27 +154,27 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
 			goto err;
 		}
 
-		if (!ec->key)
-			{
-				ec->key = tkey;
-				ec->keylen = tkeylen;
-				tkey = NULL;
-				if (enc)
-					keep_key = 1;
-				else
-					ERR_clear_error();
-				
-			}
+	if (!ec->key)
+		{
+		ec->key = tkey;
+		ec->keylen = tkeylen;
+		tkey = NULL;
+		if (enc)
+			keep_key = 1;
+		else
+			ERR_clear_error();
 		
-		if (ec->keylen != tkeylen)
+		}
+
+	if (ec->keylen != tkeylen)
 		{
 		/* If necessary set key length */
 		if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
 			{
 			/* Only reveal failure if debugging so we don't
-   			 * leak information which may be useful in MMA.
-   			 */
-			if (ec->debug)
+			 * leak information which may be useful in MMA.
+			 */
+			if (enc || ec->debug)
 				{
 				CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
 						CMS_R_INVALID_KEY_LENGTH);
diff -Nupr openssl-0.9.8j/crypto/cms//cms_env.c openssl-0.9.8x/crypto/cms//cms_env.c
--- openssl-0.9.8j/crypto/cms//cms_env.c	2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_env.c	2012-03-12 22:51:45.000000000 +0800
@@ -385,10 +385,10 @@ static int cms_RecipientInfo_ktri_decryp
 	ret = 1;
 
 	if (ec->key)
-	{
+		{
 		OPENSSL_cleanse(ec->key, ec->keylen);
 		OPENSSL_free(ec->key);
-	}
+		}
 
 	ec->key = ek;
 	ec->keylen = eklen;
diff -Nupr openssl-0.9.8j/crypto/cms//cms_ess.c openssl-0.9.8x/crypto/cms//cms_ess.c
--- openssl-0.9.8j/crypto/cms//cms_ess.c	2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_ess.c	2009-09-13 19:20:37.000000000 +0800
@@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *
 
 	/* Get original receipt request details */
 
-	if (!CMS_get1_ReceiptRequest(osi, &rr))
+	if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
 		{
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
 		goto err;
@@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CM
 
 	/* Get original receipt request details */
 
-	if (!CMS_get1_ReceiptRequest(si, &rr))
+	if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
 		{
 		CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
 		goto err;
diff -Nupr openssl-0.9.8j/crypto/cms//cms_io.c openssl-0.9.8x/crypto/cms//cms_io.c
--- openssl-0.9.8j/crypto/cms//cms_io.c	2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_io.c	2012-03-07 03:08:30.000000000 +0800
@@ -112,7 +112,7 @@ static int cms_output_data(BIO *out, BIO
 		cmsbio = tmpbio;
 		}
 
-	return 1;
+	return r;
 
 	}
 
diff -Nupr openssl-0.9.8j/crypto/cms//cms_lib.c openssl-0.9.8x/crypto/cms//cms_lib.c
--- openssl-0.9.8j/crypto/cms//cms_lib.c	2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_lib.c	2010-02-02 22:19:54.000000000 +0800
@@ -415,7 +415,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_
 			return 0;
 			}
 		BIO_get_md_ctx(chain, &mtmp);
-		if (EVP_MD_CTX_type(mtmp) == nid)
+		if (EVP_MD_CTX_type(mtmp) == nid
+		/* Workaround for broken implementations that use signature
+		 * algorithm  OID instead of digest.
+		 */
+			|| EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
 			{
 			EVP_MD_CTX_copy_ex(mctx, mtmp);
 			return 1;
diff -Nupr openssl-0.9.8j/crypto/cms//cms_smime.c openssl-0.9.8x/crypto/cms//cms_smime.c
--- openssl-0.9.8j/crypto/cms//cms_smime.c	2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_smime.c	2012-03-12 22:51:45.000000000 +0800
@@ -298,7 +298,7 @@ static int cms_signerinfo_verify_cert(CM
 						CMS_R_STORE_INIT_ERROR);
 		goto err;
 		}
-	X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN);
+	X509_STORE_CTX_set_default(&ctx, "smime_sign");
 	if (crls)
 		X509_STORE_CTX_set0_crls(&ctx, crls);
 
@@ -642,9 +642,9 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf
 			if (cert)
 				{
 				/* If not debugging clear any error and
-   				 * return success to avoid leaking of
-   				 * information useful to MMA
-  				 */
+				 * return success to avoid leaking of
+				 * information useful to MMA
+				 */
 				if (!debug)
 					{
 					ERR_clear_error();
@@ -658,7 +658,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf
 				}
 			/* If no cert and not debugging don't leave loop
 			 * after first successful decrypt. Always attempt
-	 		 * to decrypt all recipients to avoid leaking timing
+			 * to decrypt all recipients to avoid leaking timing
 			 * of a successful decrypt.
 			 */
 			else if (r > 0 && debug)
@@ -737,7 +737,6 @@ int CMS_decrypt(CMS_ContentInfo *cms, EV
 		return 1;
 	if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
 		return 0;
-
 	cont = CMS_dataInit(cms, dcont);
 	if (!cont)
 		return 0;