From a7723f049eb01ad439bff2afb47200280035423c Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 4 Sep 2024 20:34:58 +0000 Subject: [PATCH] Respond to PR feedback --- crypto/pkcs7/pkcs7.c | 57 ++++++++++++++++++++++++++++++--------- crypto/pkcs7/pkcs7_x509.c | 12 +++++++++ 2 files changed, 56 insertions(+), 13 deletions(-) diff --git a/crypto/pkcs7/pkcs7.c b/crypto/pkcs7/pkcs7.c index edc42568ccc..00dfbf3ae6e 100644 --- a/crypto/pkcs7/pkcs7.c +++ b/crypto/pkcs7/pkcs7.c @@ -196,6 +196,10 @@ int pkcs7_add_signed_data(CBB *out, } int PKCS7_set_type(PKCS7 *p7, int type) { + if (p7 == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } ASN1_OBJECT *obj = OBJ_nid2obj(type); if (obj == NULL) { OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); @@ -222,6 +226,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) { return 0; } if (!ASN1_INTEGER_set(p7->d.digest->version, 0)) { + PKCS7_DIGEST_free(p7->d.digest); + p7->d.digest = NULL; return 0; } break; @@ -239,6 +245,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) { return 0; } if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) { + PKCS7_SIGN_ENVELOPE_free(p7->d.signed_and_enveloped); + p7->d.signed_and_enveloped = NULL; return 0; } p7->d.signed_and_enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); @@ -250,6 +258,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) { return 0; } if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0)) { + PKCS7_ENVELOPE_free(p7->d.enveloped); + p7->d.enveloped = NULL; return 0; } p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); @@ -261,6 +271,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) { return 0; } if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0)) { + PKCS7_ENCRYPT_free(p7->d.encrypted); + p7->d.encrypted = NULL; return 0; } p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); @@ -274,6 +286,15 @@ int PKCS7_set_type(PKCS7 *p7, int type) { int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) { + if (p7 == NULL || cipher == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (EVP_get_cipherbynid(EVP_CIPHER_nid(cipher)) == NULL) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + return 0; + } + PKCS7_ENC_CONTENT *ec; switch (OBJ_obj2nid(p7->type)) { case NID_pkcs7_signedAndEnveloped: @@ -287,18 +308,17 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) return 0; } - /* Check cipher OID exists and has data in it */ - if (EVP_get_cipherbynid(EVP_CIPHER_nid(cipher)) == NULL) { - OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); - return 0; - } - ec->cipher = cipher; return 1; } int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) { + if (p7 == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + switch (OBJ_obj2nid(p7->type)) { case NID_pkcs7_signed: PKCS7_free(p7->d.sign->contents); @@ -308,10 +328,6 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) PKCS7_free(p7->d.digest->contents); p7->d.digest->contents = p7_data; break; - case NID_pkcs7_data: - case NID_pkcs7_enveloped: - case NID_pkcs7_signedAndEnveloped: - case NID_pkcs7_encrypted: default: OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); return 0; @@ -339,6 +355,12 @@ int PKCS7_content_new(PKCS7 *p7, int type) int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) { STACK_OF(PKCS7_RECIP_INFO) *sk; + + if (p7 == NULL || ri == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + switch (OBJ_obj2nid(p7->type)) { case NID_pkcs7_signedAndEnveloped: sk = p7->d.signed_and_enveloped->recipientinfo; @@ -363,6 +385,11 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i) { STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; STACK_OF(X509_ALGOR) *md_sk; + if (p7 == NULL || p7i == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + switch (OBJ_obj2nid(p7->type)) { case NID_pkcs7_signed: signer_sk = p7->d.sign->signer_info; @@ -437,12 +464,16 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (p7 == NULL || p7->d.ptr == NULL) { OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER); return NULL; - } else if (PKCS7_type_is_signed(p7)) { + } + + switch (OBJ_obj2nid(p7->type)) { + case NID_pkcs7_signed: return p7->d.sign->signer_info; - } else if (PKCS7_type_is_signedAndEnveloped(p7)) { + case NID_pkcs7_signedAndEnveloped: return p7->d.signed_and_enveloped->signer_info; + default: + return NULL; } - return NULL; } int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, diff --git a/crypto/pkcs7/pkcs7_x509.c b/crypto/pkcs7/pkcs7_x509.c index 64ff6eedef6..dae2034b0a0 100644 --- a/crypto/pkcs7/pkcs7_x509.c +++ b/crypto/pkcs7/pkcs7_x509.c @@ -433,6 +433,12 @@ PKCS7 *PKCS7_sign(X509 *sign_cert, EVP_PKEY *pkey, STACK_OF(X509) *certs, int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) { STACK_OF(X509) **sk; + + if (p7 == NULL || x509 == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + switch (OBJ_obj2nid(p7->type)) { case NID_pkcs7_signed: sk = &(p7->d.sign->cert); @@ -465,6 +471,12 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) { STACK_OF(X509_CRL) **sk; + + if (p7 == NULL || crl == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + switch (OBJ_obj2nid(p7->type)) { case NID_pkcs7_signed: sk = &(p7->d.sign->crl);