File bug-761324-backport-cms-from-0.9.8x-to-0.9.8j.patch of Package compat-openssl098.29129
diff -Nupr openssl-0.9.8j/crypto/cms//cms_asn1.c openssl-0.9.8x/crypto/cms//cms_asn1.c
--- openssl-0.9.8j/crypto/cms//cms_asn1.c 2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_asn1.c 2010-06-01 22:39:57.000000000 +0800
@@ -130,8 +130,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
ASN1_SEQUENCE(CMS_OriginatorInfo) = {
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
diff -Nupr openssl-0.9.8j/crypto/cms//cms_enc.c openssl-0.9.8x/crypto/cms//cms_enc.c
--- openssl-0.9.8j/crypto/cms//cms_enc.c 2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_enc.c 2012-05-10 21:27:57.000000000 +0800
@@ -139,12 +139,12 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
- /* Generate random session key */
- if (!enc || !ec->key)
+ tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+ /* Generate random session key */
+ if (!enc || !ec->key)
{
- tkeylen = EVP_CIPHER_CTX_key_length(ctx);
- tkey = OPENSSL_malloc(tkeylen);
- if (!tkey)
+ tkey = OPENSSL_malloc(tkeylen);
+ if (!tkey)
{
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
ERR_R_MALLOC_FAILURE);
@@ -154,27 +154,27 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
goto err;
}
- if (!ec->key)
- {
- ec->key = tkey;
- ec->keylen = tkeylen;
- tkey = NULL;
- if (enc)
- keep_key = 1;
- else
- ERR_clear_error();
-
- }
+ if (!ec->key)
+ {
+ ec->key = tkey;
+ ec->keylen = tkeylen;
+ tkey = NULL;
+ if (enc)
+ keep_key = 1;
+ else
+ ERR_clear_error();
- if (ec->keylen != tkeylen)
+ }
+
+ if (ec->keylen != tkeylen)
{
/* If necessary set key length */
if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
{
/* Only reveal failure if debugging so we don't
- * leak information which may be useful in MMA.
- */
- if (ec->debug)
+ * leak information which may be useful in MMA.
+ */
+ if (enc || ec->debug)
{
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
CMS_R_INVALID_KEY_LENGTH);
diff -Nupr openssl-0.9.8j/crypto/cms//cms_env.c openssl-0.9.8x/crypto/cms//cms_env.c
--- openssl-0.9.8j/crypto/cms//cms_env.c 2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_env.c 2012-03-12 22:51:45.000000000 +0800
@@ -385,10 +385,10 @@ static int cms_RecipientInfo_ktri_decryp
ret = 1;
if (ec->key)
- {
+ {
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
- }
+ }
ec->key = ek;
ec->keylen = eklen;
diff -Nupr openssl-0.9.8j/crypto/cms//cms_ess.c openssl-0.9.8x/crypto/cms//cms_ess.c
--- openssl-0.9.8j/crypto/cms//cms_ess.c 2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_ess.c 2009-09-13 19:20:37.000000000 +0800
@@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *
/* Get original receipt request details */
- if (!CMS_get1_ReceiptRequest(osi, &rr))
+ if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
{
CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
goto err;
@@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CM
/* Get original receipt request details */
- if (!CMS_get1_ReceiptRequest(si, &rr))
+ if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
{
CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
goto err;
diff -Nupr openssl-0.9.8j/crypto/cms//cms_io.c openssl-0.9.8x/crypto/cms//cms_io.c
--- openssl-0.9.8j/crypto/cms//cms_io.c 2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_io.c 2012-03-07 03:08:30.000000000 +0800
@@ -112,7 +112,7 @@ static int cms_output_data(BIO *out, BIO
cmsbio = tmpbio;
}
- return 1;
+ return r;
}
diff -Nupr openssl-0.9.8j/crypto/cms//cms_lib.c openssl-0.9.8x/crypto/cms//cms_lib.c
--- openssl-0.9.8j/crypto/cms//cms_lib.c 2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_lib.c 2010-02-02 22:19:54.000000000 +0800
@@ -415,7 +415,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_
return 0;
}
BIO_get_md_ctx(chain, &mtmp);
- if (EVP_MD_CTX_type(mtmp) == nid)
+ if (EVP_MD_CTX_type(mtmp) == nid
+ /* Workaround for broken implementations that use signature
+ * algorithm OID instead of digest.
+ */
+ || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
{
EVP_MD_CTX_copy_ex(mctx, mtmp);
return 1;
diff -Nupr openssl-0.9.8j/crypto/cms//cms_smime.c openssl-0.9.8x/crypto/cms//cms_smime.c
--- openssl-0.9.8j/crypto/cms//cms_smime.c 2012-05-11 10:06:18.000000000 +0800
+++ openssl-0.9.8x/crypto/cms//cms_smime.c 2012-03-12 22:51:45.000000000 +0800
@@ -298,7 +298,7 @@ static int cms_signerinfo_verify_cert(CM
CMS_R_STORE_INIT_ERROR);
goto err;
}
- X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN);
+ X509_STORE_CTX_set_default(&ctx, "smime_sign");
if (crls)
X509_STORE_CTX_set0_crls(&ctx, crls);
@@ -642,9 +642,9 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf
if (cert)
{
/* If not debugging clear any error and
- * return success to avoid leaking of
- * information useful to MMA
- */
+ * return success to avoid leaking of
+ * information useful to MMA
+ */
if (!debug)
{
ERR_clear_error();
@@ -658,7 +658,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf
}
/* If no cert and not debugging don't leave loop
* after first successful decrypt. Always attempt
- * to decrypt all recipients to avoid leaking timing
+ * to decrypt all recipients to avoid leaking timing
* of a successful decrypt.
*/
else if (r > 0 && debug)
@@ -737,7 +737,6 @@ int CMS_decrypt(CMS_ContentInfo *cms, EV
return 1;
if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
return 0;
-
cont = CMS_dataInit(cms, dcont);
if (!cont)
return 0;
