===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/cms.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -c -r1.14 -r1.15
*** src/usr.bin/openssl/cms.c	2019/11/18 11:34:41	1.14
--- src/usr.bin/openssl/cms.c	2019/11/18 12:43:27	1.15
***************
*** 1,4 ****
! /* $OpenBSD: cms.c,v 1.14 2019/11/18 11:34:41 inoguchi Exp $ */
  /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   * project.
   */
--- 1,4 ----
! /* $OpenBSD: cms.c,v 1.15 2019/11/18 12:43:27 inoguchi Exp $ */
  /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   * project.
   */
***************
*** 99,110 ****
  
  int verify_err = 0;
  
! typedef struct cms_key_param_st cms_key_param;
! 
! struct cms_key_param_st {
  	int idx;
  	STACK_OF(OPENSSL_STRING) *param;
! 	cms_key_param *next;
  };
  
  int
--- 99,108 ----
  
  int verify_err = 0;
  
! struct cms_key_param {
  	int idx;
  	STACK_OF(OPENSSL_STRING) *param;
! 	struct cms_key_param *next;
  };
  
  int
***************
*** 142,148 ****
  	unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
  	size_t secret_keylen = 0, secret_keyidlen = 0;
  
! 	cms_key_param *key_first = NULL, *key_param = NULL;
  
  	ASN1_OBJECT *econtent_type = NULL;
  
--- 140,146 ----
  	unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
  	size_t secret_keylen = 0, secret_keyidlen = 0;
  
! 	struct cms_key_param *key_first = NULL, *key_param = NULL;
  
  	ASN1_OBJECT *econtent_type = NULL;
  
***************
*** 278,291 ****
  			args++;
  			if (!rr_from)
  				rr_from = sk_OPENSSL_STRING_new_null();
! 			sk_OPENSSL_STRING_push(rr_from, *args);
  		} else if (!strcmp(*args, "-receipt_request_to")) {
  			if (!args[1])
  				goto argerr;
  			args++;
  			if (!rr_to)
  				rr_to = sk_OPENSSL_STRING_new_null();
! 			sk_OPENSSL_STRING_push(rr_to, *args);
  		} else if (!strcmp(*args, "-print")) {
  			noout = 1;
  			print = 1;
--- 276,291 ----
  			args++;
  			if (!rr_from)
  				rr_from = sk_OPENSSL_STRING_new_null();
! 			if (!sk_OPENSSL_STRING_push(rr_from, *args))
! 				goto end;
  		} else if (!strcmp(*args, "-receipt_request_to")) {
  			if (!args[1])
  				goto argerr;
  			args++;
  			if (!rr_to)
  				rr_to = sk_OPENSSL_STRING_new_null();
! 			if (!sk_OPENSSL_STRING_push(rr_to, *args))
! 				goto end;
  		} else if (!strcmp(*args, "-print")) {
  			noout = 1;
  			print = 1;
***************
*** 351,362 ****
  				if (!sksigners)
  					sksigners =
  					    sk_OPENSSL_STRING_new_null();
! 				sk_OPENSSL_STRING_push(sksigners, signerfile);
  				if (!keyfile)
  					keyfile = signerfile;
  				if (!skkeys)
  					skkeys = sk_OPENSSL_STRING_new_null();
! 				sk_OPENSSL_STRING_push(skkeys, keyfile);
  				keyfile = NULL;
  			}
  			signerfile = *++args;
--- 351,364 ----
  				if (!sksigners)
  					sksigners =
  					    sk_OPENSSL_STRING_new_null();
! 				if (!sk_OPENSSL_STRING_push(sksigners, signerfile))
! 					goto end;
  				if (!keyfile)
  					keyfile = signerfile;
  				if (!skkeys)
  					skkeys = sk_OPENSSL_STRING_new_null();
! 				if (!sk_OPENSSL_STRING_push(skkeys, keyfile))
! 					goto end;
  				keyfile = NULL;
  			}
  			signerfile = *++args;
***************
*** 371,377 ****
  				    NULL, "recipient certificate file");
  				if (cert == NULL)
  					goto end;
! 				sk_X509_push(encerts, cert);
  				cert = NULL;
  			} else {
  				recipfile = *++args;
--- 373,380 ----
  				    NULL, "recipient certificate file");
  				if (cert == NULL)
  					goto end;
! 				if (!sk_X509_push(encerts, cert))
! 					goto end;
  				cert = NULL;
  			} else {
  				recipfile = *++args;
***************
*** 402,412 ****
  				if (!sksigners)
  					sksigners =
  					    sk_OPENSSL_STRING_new_null();
! 				sk_OPENSSL_STRING_push(sksigners, signerfile);
  				signerfile = NULL;
  				if (!skkeys)
  					skkeys = sk_OPENSSL_STRING_new_null();
! 				sk_OPENSSL_STRING_push(skkeys, keyfile);
  			}
  			keyfile = *++args;
  		} else if (!strcmp(*args, "-keyform")) {
--- 405,417 ----
  				if (!sksigners)
  					sksigners =
  					    sk_OPENSSL_STRING_new_null();
! 				if (!sk_OPENSSL_STRING_push(sksigners, signerfile))
! 					goto end;
  				signerfile = NULL;
  				if (!skkeys)
  					skkeys = sk_OPENSSL_STRING_new_null();
! 				if (!sk_OPENSSL_STRING_push(skkeys, keyfile))
! 					goto end;
  			}
  			keyfile = *++args;
  		} else if (!strcmp(*args, "-keyform")) {
***************
*** 431,438 ****
  				goto argerr;
  			}
  			if (key_param == NULL || key_param->idx != keyidx) {
! 				cms_key_param *nparam;
! 				if ((nparam = malloc(sizeof(cms_key_param))) == NULL)
  					goto end;
  				nparam->idx = keyidx;
  				if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
--- 436,443 ----
  				goto argerr;
  			}
  			if (key_param == NULL || key_param->idx != keyidx) {
! 				struct cms_key_param *nparam;
! 				if ((nparam = malloc(sizeof(struct cms_key_param))) == NULL)
  					goto end;
  				nparam->idx = keyidx;
  				if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
***************
*** 444,450 ****
  					key_param->next = nparam;
  				key_param = nparam;
  			}
! 			sk_OPENSSL_STRING_push(key_param->param, *++args);
  		} else if (!strcmp(*args, "-rctform")) {
  			if (!args[1])
  				goto argerr;
--- 449,456 ----
  					key_param->next = nparam;
  				key_param = nparam;
  			}
! 			if (!sk_OPENSSL_STRING_push(key_param->param, *++args))
! 				goto end;
  		} else if (!strcmp(*args, "-rctform")) {
  			if (!args[1])
  				goto argerr;
***************
*** 509,520 ****
  		if (signerfile) {
  			if (!sksigners)
  				sksigners = sk_OPENSSL_STRING_new_null();
! 			sk_OPENSSL_STRING_push(sksigners, signerfile);
  			if (!skkeys)
  				skkeys = sk_OPENSSL_STRING_new_null();
  			if (!keyfile)
  				keyfile = signerfile;
! 			sk_OPENSSL_STRING_push(skkeys, keyfile);
  		}
  		if (!sksigners) {
  			BIO_printf(bio_err,
--- 515,528 ----
  		if (signerfile) {
  			if (!sksigners)
  				sksigners = sk_OPENSSL_STRING_new_null();
! 			if (!sk_OPENSSL_STRING_push(sksigners, signerfile))
! 				goto end;
  			if (!skkeys)
  				skkeys = sk_OPENSSL_STRING_new_null();
  			if (!keyfile)
  				keyfile = signerfile;
! 			if (!sk_OPENSSL_STRING_push(skkeys, keyfile))
! 				goto end;
  		}
  		if (!sksigners) {
  			BIO_printf(bio_err,
***************
*** 580,586 ****
  		BIO_printf(bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
  		BIO_printf(bio_err, "-inkey file    input private key (if not signer or recipient)\n");
  		BIO_printf(bio_err, "-keyform arg   input private key format (PEM)\n");
! 		BIO_printf (bio_err, "-keyopt nm:v  set public key parameters\n");
  		BIO_printf(bio_err, "-out file      output file\n");
  		BIO_printf(bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
  		BIO_printf(bio_err, "-content file  supply or override content for detached signature\n");
--- 588,594 ----
  		BIO_printf(bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
  		BIO_printf(bio_err, "-inkey file    input private key (if not signer or recipient)\n");
  		BIO_printf(bio_err, "-keyform arg   input private key format (PEM)\n");
! 		BIO_printf(bio_err, "-keyopt nm:v   set public key parameters\n");
  		BIO_printf(bio_err, "-out file      output file\n");
  		BIO_printf(bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
  		BIO_printf(bio_err, "-content file  supply or override content for detached signature\n");
***************
*** 641,647 ****
  			if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
  			    NULL, "recipient certificate file")))
  				goto end;
! 			sk_X509_push(encerts, cert);
  			cert = NULL;
  			args++;
  		}
--- 649,656 ----
  			if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
  			    NULL, "recipient certificate file")))
  				goto end;
! 			if (!sk_X509_push(encerts, cert))
! 				goto end;
  			cert = NULL;
  			args++;
  		}
***************
*** 786,792 ****
  			goto end;
  		for (i = 0; i < sk_X509_num(encerts); i++) {
  			CMS_RecipientInfo *ri;
! 			cms_key_param *kparam;
  			int tflags = flags;
  			X509 *x = sk_X509_value(encerts, i);
  			for (kparam = key_first; kparam; kparam = kparam->next) {
--- 795,801 ----
  			goto end;
  		for (i = 0; i < sk_X509_num(encerts); i++) {
  			CMS_RecipientInfo *ri;
! 			struct cms_key_param *kparam;
  			int tflags = flags;
  			X509 *x = sk_X509_value(encerts, i);
  			for (kparam = key_first; kparam; kparam = kparam->next) {
***************
*** 877,883 ****
  			flags |= CMS_REUSE_DIGEST;
  		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
  			CMS_SignerInfo *si;
! 			cms_key_param *kparam;
  			int tflags = flags;
  			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
  			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
--- 886,892 ----
  			flags |= CMS_REUSE_DIGEST;
  		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
  			CMS_SignerInfo *si;
! 			struct cms_key_param *kparam;
  			int tflags = flags;
  			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
  			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
***************
*** 1048,1054 ****
  	sk_OPENSSL_STRING_free(rr_to);
  	sk_OPENSSL_STRING_free(rr_from);
  	for (key_param = key_first; key_param;) {
! 		cms_key_param *tparam;
  		sk_OPENSSL_STRING_free(key_param->param);
  		tparam = key_param->next;
  		free(key_param);
--- 1057,1063 ----
  	sk_OPENSSL_STRING_free(rr_to);
  	sk_OPENSSL_STRING_free(rr_from);
  	for (key_param = key_first; key_param;) {
! 		struct cms_key_param *tparam;
  		sk_OPENSSL_STRING_free(key_param->param);
  		tparam = key_param->next;
  		free(key_param);
***************
*** 1240,1245 ****
--- 1249,1255 ----
  {
  	char *keyopt;
  	int i;
+ 
  	if (sk_OPENSSL_STRING_num(param) <= 0)
  		return 1;
  	for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) {