Various S/MIME fixes. Fix for memory leak, recipient list bug

and not excluding parameters with DSA keys.

2 files changed, 13 insertions, 8 deletions

diff --git a/apps/smime.c b/apps/smime.c
index f87b41969d..882838c66f 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -261,13 +261,13 @@ int MAIN(int argc, char **argv)
 
 	if(operation == SMIME_ENCRYPT) {
 		if (!cipher) cipher = EVP_rc2_40_cbc();
+		encerts = sk_X509_new_null();
 		while (*args) {
-			encerts = sk_X509_new_null();
 			if(!(cert = load_cert(*args))) {
 				BIO_printf(bio_err, "Can't read recipent certificate file %s\n", *args);
 				goto end;
 			}
-			sk_X509_push (encerts, cert);
+			sk_X509_push(encerts, cert);
 			cert = NULL;
 			args++;
 		}
@@ -356,13 +356,13 @@ int MAIN(int argc, char **argv)
 		}
 	} else if(operation == SMIME_VERIFY) {
 		STACK_OF(X509) *signers;
-		signers = PKCS7_iget_signers(p7, other, flags);
 		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
 			BIO_printf(bio_err, "Verification Successful\n");
 		} else {
 			BIO_printf(bio_err, "Verification Failure\n");
 			goto end;
 		}
+		signers = PKCS7_iget_signers(p7, other, flags);
 		if(!save_certs(signerfile, signers)) {
 			BIO_printf(bio_err, "Error writing signers to %s\n",
 								signerfile);
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index a13be9ae3a..889fb9b355 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -297,6 +297,9 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
 	     EVP_MD *dgst)
 	{
+	char is_dsa;
+	if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
+	else is_dsa = 0;
 	/* We now need to add another PKCS7_SIGNER_INFO entry */
 	ASN1_INTEGER_set(p7i->version,1);
 	X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -313,8 +316,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
 	p7i->pkey=pkey;
 
 	/* Set the algorithms */
-	if (pkey->type == EVP_PKEY_DSA)
-		p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
+	if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
 	else	
 		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
 
@@ -328,9 +330,12 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
 
 	if (p7i->digest_enc_alg->parameter != NULL)
 		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-	if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
-		goto err;
-	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+	if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
+	else {
+		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+			goto err;
+		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+	}
 
 	return(1);
 err: