summaryrefslogtreecommitdiff
path: root/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
diff options
context:
space:
mode:
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c')
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c31
1 files changed, 6 insertions, 25 deletions
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
index 71afa212..75491d12 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
@@ -257,8 +257,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
char *buf = NULL;
int bufsiz;
int i, j = 0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
+ BIO *p7bio = NULL;
+ BIO *tmpin = NULL, *tmpout = NULL;
if (!p7) {
PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
@@ -275,18 +275,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
return 0;
}
-#if 0
- /*
- * NB: this test commented out because some versions of Netscape
- * illegally include zero length content when signing data.
- */
-
- /* Check for data and content: two sets of data */
- if (!PKCS7_get_detached(p7) && indata) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
- return 0;
- }
-#endif
sinfos = PKCS7_get_signer_info(p7);
@@ -296,7 +284,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
}
signers = PKCS7_get0_signers(p7, certs, flags);
-
if (!signers)
return 0;
@@ -309,14 +296,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
p7->d.sign->cert)) {
PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
- sk_X509_free(signers);
- return 0;
+ goto err;
}
X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
} else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) {
PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
- sk_X509_free(signers);
- return 0;
+ goto err;
}
if (!(flags & PKCS7_NOCRL))
X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
@@ -329,8 +314,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
PKCS7_R_CERTIFICATE_VERIFY_ERROR);
ERR_add_error_data(2, "Verify error:",
X509_verify_cert_error_string(j));
- sk_X509_free(signers);
- return 0;
+ goto err;
}
/* Check for revocation status here */
}
@@ -349,7 +333,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
tmpin = BIO_new_mem_buf(ptr, len);
if (tmpin == NULL) {
PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
} else
tmpin = indata;
@@ -404,19 +388,16 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
ret = 1;
err:
-
if (tmpin == indata) {
if (indata)
BIO_pop(p7bio);
}
BIO_free_all(p7bio);
-
sk_X509_free(signers);
if (buf != NULL) {
OPENSSL_free(buf);
}
-
return ret;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-26 05:12:05 +0000