Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
compat-openssl098.29129
bug-761324-backport-cms-from-0.9.8x-to-0.9.8j.p...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bug-761324-backport-cms-from-0.9.8x-to-0.9.8j.patch of Package compat-openssl098.29129
diff -Nupr openssl-0.9.8j/crypto/cms//cms_asn1.c openssl-0.9.8x/crypto/cms//cms_asn1.c --- openssl-0.9.8j/crypto/cms//cms_asn1.c 2012-05-11 10:06:18.000000000 +0800 +++ openssl-0.9.8x/crypto/cms//cms_asn1.c 2010-06-01 22:39:57.000000000 +0800 @@ -130,8 +130,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } ASN1_SEQUENCE_END(CMS_OriginatorInfo) ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { diff -Nupr openssl-0.9.8j/crypto/cms//cms_enc.c openssl-0.9.8x/crypto/cms//cms_enc.c --- openssl-0.9.8j/crypto/cms//cms_enc.c 2012-05-11 10:06:18.000000000 +0800 +++ openssl-0.9.8x/crypto/cms//cms_enc.c 2012-05-10 21:27:57.000000000 +0800 @@ -139,12 +139,12 @@ BIO *cms_EncryptedContent_init_bio(CMS_E CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; } - /* Generate random session key */ - if (!enc || !ec->key) + tkeylen = EVP_CIPHER_CTX_key_length(ctx); + /* Generate random session key */ + if (!enc || !ec->key) { - tkeylen = EVP_CIPHER_CTX_key_length(ctx); - tkey = OPENSSL_malloc(tkeylen); - if (!tkey) + tkey = OPENSSL_malloc(tkeylen); + if (!tkey) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE); @@ -154,27 +154,27 @@ BIO *cms_EncryptedContent_init_bio(CMS_E goto err; } - if (!ec->key) - { - ec->key = tkey; - ec->keylen = tkeylen; - tkey = NULL; - if (enc) - keep_key = 1; - else - ERR_clear_error(); - - } + if (!ec->key) + { + ec->key = tkey; + ec->keylen = tkeylen; + tkey = NULL; + if (enc) + keep_key = 1; + else + ERR_clear_error(); - if (ec->keylen != tkeylen) + } + + if (ec->keylen != tkeylen) { /* If necessary set key length */ if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) { /* Only reveal failure if debugging so we don't - * leak information which may be useful in MMA. - */ - if (ec->debug) + * leak information which may be useful in MMA. + */ + if (enc || ec->debug) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_INVALID_KEY_LENGTH); diff -Nupr openssl-0.9.8j/crypto/cms//cms_env.c openssl-0.9.8x/crypto/cms//cms_env.c --- openssl-0.9.8j/crypto/cms//cms_env.c 2012-05-11 10:06:18.000000000 +0800 +++ openssl-0.9.8x/crypto/cms//cms_env.c 2012-03-12 22:51:45.000000000 +0800 @@ -385,10 +385,10 @@ static int cms_RecipientInfo_ktri_decryp ret = 1; if (ec->key) - { + { OPENSSL_cleanse(ec->key, ec->keylen); OPENSSL_free(ec->key); - } + } ec->key = ek; ec->keylen = eklen; diff -Nupr openssl-0.9.8j/crypto/cms//cms_ess.c openssl-0.9.8x/crypto/cms//cms_ess.c --- openssl-0.9.8j/crypto/cms//cms_ess.c 2012-05-11 10:06:18.000000000 +0800 +++ openssl-0.9.8x/crypto/cms//cms_ess.c 2009-09-13 19:20:37.000000000 +0800 @@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo * /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(osi, &rr)) + if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); goto err; @@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CM /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(si, &rr)) + if (CMS_get1_ReceiptRequest(si, &rr) <= 0) { CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); goto err; diff -Nupr openssl-0.9.8j/crypto/cms//cms_io.c openssl-0.9.8x/crypto/cms//cms_io.c --- openssl-0.9.8j/crypto/cms//cms_io.c 2012-05-11 10:06:18.000000000 +0800 +++ openssl-0.9.8x/crypto/cms//cms_io.c 2012-03-07 03:08:30.000000000 +0800 @@ -112,7 +112,7 @@ static int cms_output_data(BIO *out, BIO cmsbio = tmpbio; } - return 1; + return r; } diff -Nupr openssl-0.9.8j/crypto/cms//cms_lib.c openssl-0.9.8x/crypto/cms//cms_lib.c --- openssl-0.9.8j/crypto/cms//cms_lib.c 2012-05-11 10:06:18.000000000 +0800 +++ openssl-0.9.8x/crypto/cms//cms_lib.c 2010-02-02 22:19:54.000000000 +0800 @@ -415,7 +415,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_ return 0; } BIO_get_md_ctx(chain, &mtmp); - if (EVP_MD_CTX_type(mtmp) == nid) + if (EVP_MD_CTX_type(mtmp) == nid + /* Workaround for broken implementations that use signature + * algorithm OID instead of digest. + */ + || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) { EVP_MD_CTX_copy_ex(mctx, mtmp); return 1; diff -Nupr openssl-0.9.8j/crypto/cms//cms_smime.c openssl-0.9.8x/crypto/cms//cms_smime.c --- openssl-0.9.8j/crypto/cms//cms_smime.c 2012-05-11 10:06:18.000000000 +0800 +++ openssl-0.9.8x/crypto/cms//cms_smime.c 2012-03-12 22:51:45.000000000 +0800 @@ -298,7 +298,7 @@ static int cms_signerinfo_verify_cert(CM CMS_R_STORE_INIT_ERROR); goto err; } - X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN); + X509_STORE_CTX_set_default(&ctx, "smime_sign"); if (crls) X509_STORE_CTX_set0_crls(&ctx, crls); @@ -642,9 +642,9 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf if (cert) { /* If not debugging clear any error and - * return success to avoid leaking of - * information useful to MMA - */ + * return success to avoid leaking of + * information useful to MMA + */ if (!debug) { ERR_clear_error(); @@ -658,7 +658,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf } /* If no cert and not debugging don't leave loop * after first successful decrypt. Always attempt - * to decrypt all recipients to avoid leaking timing + * to decrypt all recipients to avoid leaking timing * of a successful decrypt. */ else if (r > 0 && debug) @@ -737,7 +737,6 @@ int CMS_decrypt(CMS_ContentInfo *cms, EV return 1; if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) return 0; - cont = CMS_dataInit(cms, dcont); if (!cont) return 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor