Various fixes...

initialize ex_pathlen to -1 so it isn't checked if pathlen is not present. set ucert to NULL in apps/pkcs12.c otherwise it gets freed twice. remove extraneous '\r' in MIME encoder. Allow a NULL to be passed to X509_gmtime_adj() Make PKCS#7 code use definite length encoding rather then the indefinite stuff it used previously.

Various fixes...
initialize ex_pathlen to -1 so it isn't checked if pathlen is not present. set ucert to NULL in apps/pkcs12.c otherwise it gets freed twice. remove extraneous '\r' in MIME encoder. Allow a NULL to be passed to X509_gmtime_adj() Make PKCS#7 code use definite length encoding rather then the indefinite stuff it used previously.
eaa28181 · Dr. Stephen Henson · 622ec449 · eaa28181 · eaa28181 · eaa28181
6 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

+  *) Modification to PKCS#7 encoding routines to output definite
+     length encoding. Since currently the whole structures are in
+     memory there's not real point in using indefinite length 
+     constructed encoding. However if OpenSSL is compiled with
+     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+     [Steve Henson]
+
  *) Added BIO_vprintf() and BIO_vsnprintf().
     [Richard Levitte]


--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -502,6 +502,8 @@ int MAIN(int argc, char **argv)
 	}
 	sk_X509_pop_free(certs, X509_free);
 	certs = NULL;
+	/* ucert is part of certs so it is already freed */
+	ucert = NULL;

 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();

--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -62,6 +62,8 @@
 #include <openssl/pkcs7.h>
 #include <openssl/objects.h>

+#ifdef PKCS7_INDEFINITE_ENCODING
+
 int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
@@ -144,6 +146,96 @@ int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
 	M_ASN1_I2D_finish();
 	}

+#else
+
+int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
+	{
+	int explen = 0;
+	M_ASN1_I2D_vars(a);
+
+	if (a->asn1 != NULL)
+		{
+		if (pp == NULL)
+			return((int)a->length);
+		memcpy(*pp,a->asn1,(int)a->length);
+		*pp+=a->length;
+		return((int)a->length);
+		}
+
+	M_ASN1_I2D_len(a->type,i2d_ASN1_OBJECT);
+	if (a->d.ptr != NULL)
+		{
+		/* Save current length */
+		r = ret;
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_len(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_len(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_len(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_len(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_len(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_len(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		/* Work out explicit tag content size */
+		explen = ret - r;
+		/* Work out explicit tag size: Note: ASN1_object_size
+		 * includes the content length.
+		 */
+		ret =  r + ASN1_object_size(1, explen, 0);
+		}
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->type,i2d_ASN1_OBJECT);
+
+	if (a->d.ptr != NULL)
+		{
+		ASN1_put_object(&p, 1, explen, 0, V_ASN1_CONTEXT_SPECIFIC);
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_put(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_put(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_put(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_put(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_put(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_put(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		}
+	M_ASN1_I2D_finish();
+	}
+
+#endif
+
 PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7 *,PKCS7_new);

--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -117,6 +117,7 @@ X509 *X509_new(void)
 	ret->references=1;
 	ret->valid=0;
 	ret->ex_flags = 0;
+	ret->ex_pathlen = -1;
 	ret->name=NULL;
 	ret->aux=NULL;
 	M_ASN1_New(ret->cert_info,X509_CINF_new);

--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -170,7 +170,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 		BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
 		BIO_printf(bio, "This is an S/MIME signed message\n\n");
 		/* Now write out the first part */
-		BIO_printf(bio, "------%s\r\n", bound);
+		BIO_printf(bio, "------%s\n", bound);
 		if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
 		while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) 
 						BIO_write(bio, linebuf, i);

--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -582,6 +582,7 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)

 	time(&t);
 	t+=adj;
+	if(!s) return ASN1_TIME_set(s, t);
 	if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
 	return ASN1_GENERALIZEDTIME_set(s, t);
 	}