diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-12-09 01:31:32 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-12-09 01:31:32 +0000 |
commit | e3775a33c1ee5aa845527c3fd9aac11426eac8c5 (patch) | |
tree | 21a6767d828c6ee33178714ea2f1e61ba3c149cd /crypto/pkcs7 | |
parent | a4af39ac4482355ffdd61fb61231a0c79b96997b (diff) |
Make the PKCS#7 S/MIME functions check for passed NULL pointers.
Fix the usage message of smime utility and sanitise the return
codes.
Add some documentation.
Diffstat (limited to 'crypto/pkcs7')
-rw-r--r-- | crypto/pkcs7/pk7_smime.c | 23 | ||||
-rw-r--r-- | crypto/pkcs7/pkcs7.h | 1 | ||||
-rw-r--r-- | crypto/pkcs7/pkcs7err.c | 1 |
3 files changed, 22 insertions, 3 deletions
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 3f6cad44f8..4b557f48a2 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -150,14 +150,19 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *p7bio; BIO *tmpout; + if(!p7) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + if(!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); return 0; } /* Check for no data and no content: no data to verify signature */ if(PKCS7_get_detached(p7) && !indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); return 0; } @@ -170,7 +175,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, sinfos = PKCS7_get_signer_info(p7); if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); return 0; } @@ -264,6 +269,11 @@ STACK_OF(X509) *PKCS7_iget_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) X509 *signer; int i; + if(!p7) { + PKCS7err(PKCS7_F_PKCS7_IGET_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + if(!PKCS7_type_is_signed(p7)) { PKCS7err(PKCS7_F_PKCS7_IGET_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); return NULL; @@ -376,10 +386,17 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) BIO *tmpmem; int ret, i; char buf[4096]; + + if(!p7) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + if(!PKCS7_type_is_enveloped(p7)) { PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); return 0; } + if(!X509_check_private_key(cert, pkey)) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index 7369e324d7..63a97e1540 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -455,6 +455,7 @@ int SMIME_text(BIO *in, BIO *out); #define PKCS7_R_ERROR_SETTING_CIPHER 121 #define PKCS7_R_INTERNAL_ERROR 102 #define PKCS7_R_INVALID_MIME_TYPE 131 +#define PKCS7_R_INVALID_NULL_POINTER 143 #define PKCS7_R_MIME_NO_CONTENT_TYPE 132 #define PKCS7_R_MIME_PARSE_ERROR 133 #define PKCS7_R_MIME_SIG_PARSE_ERROR 134 diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c index d0a1f599ab..d8491ff71b 100644 --- a/crypto/pkcs7/pkcs7err.c +++ b/crypto/pkcs7/pkcs7err.c @@ -105,6 +105,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]= {PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"}, {PKCS7_R_INTERNAL_ERROR ,"internal error"}, {PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"}, +{PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"}, {PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"}, {PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"}, {PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"}, |