On Tue, 2015-12-08 at 12:56 +0000, Salz, Rich via RT wrote: > I think that instead of the #ifdef being removed, the if() test > should be removed. This was my mistake.
Like this, then... https://github.com/openssl/openssl/pull/694 for HEAD https://github.com/openssl/openssl/pull/695 for 1.0.2 If you say that removing the #ifdef instead of removing the whole code block that it contained was a mistake, then I shall take you at your word and refrain from harping on *too* much about how naughty it was to have a functional change hidden away in a commit which simply entitled itself "Memory leak fixes", without even any acknowledgement of the change in the body of the commit comment :) -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
From 5e95ba001efb38963a06e1447fde21f06355468d Mon Sep 17 00:00:00 2001 From: David Woodhouse <david.woodho...@intel.com> Date: Wed, 17 Feb 2016 11:34:14 +0000 Subject: [PATCH] RT4175: Fix regression using PKCS7_verify() with Authenticode Authenticode uses an extended PKCS#7 format, where the embedded data are not directly the data to be verified; instead an Authenticode-specific data structure (SpcIndirectDataContent) is embedded, which describes the various files covered by the Authenticode signature. In this case, we need to allow PKCS7_verify() to be called with external data even though PKCS7_get_detached() is not true. This always used to work; there was a "sanity" check for external data being passed to PKCS7_verify() with a non-detached PKCS#7 signature, but it was always #ifdef'd out. It was broken in HEAD by commit 55500ea7c ("GH354: Memory leak fixes") and in 1.0.2 by cherry-picking that same commit to become c8491de39. --- crypto/pkcs7/pk7_smime.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index ed5268f..87279a3 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -279,12 +279,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, return 0; } - /* Check for data and content: two sets of data */ - if (!PKCS7_get_detached(p7) && indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); - return 0; - } - sinfos = PKCS7_get_signer_info(p7); if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { -- 2.5.0
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev