Various fixes...

initialize ex_pathlen to -1 so it isn't checked if pathlen
is not present.

set ucert to NULL in apps/pkcs12.c otherwise it gets freed
twice.

remove extraneous '\r' in MIME encoder.

Allow a NULL to be passed to X509_gmtime_adj()


Make PKCS#7 code use definite length encoding rather then
the indefinite stuff it used previously.

4 files changed, 95 insertions, 1 deletions

diff --git a/crypto/asn1/p7_lib.c b/crypto/asn1/p7_lib.c
index 90ead17..76cb675 100644
--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -62,6 +62,8 @@
 #include <openssl/pkcs7.h>
 #include <openssl/objects.h>
 
+#ifdef PKCS7_INDEFINITE_ENCODING
+
 int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
@@ -144,6 +146,96 @@ int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
 	M_ASN1_I2D_finish();
 	}
 
+#else
+
+int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
+	{
+	int explen = 0;
+	M_ASN1_I2D_vars(a);
+
+	if (a->asn1 != NULL)
+		{
+		if (pp == NULL)
+			return((int)a->length);
+		memcpy(*pp,a->asn1,(int)a->length);
+		*pp+=a->length;
+		return((int)a->length);
+		}
+
+	M_ASN1_I2D_len(a->type,i2d_ASN1_OBJECT);
+	if (a->d.ptr != NULL)
+		{
+		/* Save current length */
+		r = ret;
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_len(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_len(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_len(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_len(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_len(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_len(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		/* Work out explicit tag content size */
+		explen = ret - r;
+		/* Work out explicit tag size: Note: ASN1_object_size
+		 * includes the content length.
+		 */
+		ret =  r + ASN1_object_size(1, explen, 0);
+		}
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->type,i2d_ASN1_OBJECT);
+
+	if (a->d.ptr != NULL)
+		{
+		ASN1_put_object(&p, 1, explen, 0, V_ASN1_CONTEXT_SPECIFIC);
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_put(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_put(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_put(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_put(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_put(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_put(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		}
+	M_ASN1_I2D_finish();
+	}
+
+#endif
+
 PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7 *,PKCS7_new);
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index ea71a29..36f0e47 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -117,6 +117,7 @@ X509 *X509_new(void)
 	ret->references=1;
 	ret->valid=0;
 	ret->ex_flags = 0;
+	ret->ex_pathlen = -1;
 	ret->name=NULL;
 	ret->aux=NULL;
 	M_ASN1_New(ret->cert_info,X509_CINF_new);
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
index 9741aa5..a7b6929 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -170,7 +170,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 		BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
 		BIO_printf(bio, "This is an S/MIME signed message\n\n");
 		/* Now write out the first part */
-		BIO_printf(bio, "------%s\r\n", bound);
+		BIO_printf(bio, "------%s\n", bound);
 		if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
 		while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) 
 						BIO_write(bio, linebuf, i);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 0d5273d..ccc0313 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -582,6 +582,7 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 
 	time(&t);
 	t+=adj;
+	if(!s) return ASN1_TIME_set(s, t);
 	if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
 	return ASN1_GENERALIZEDTIME_set(s, t);
 	}