From c6c3450643ea00fde94e7f7471c9f134ec7d63b4 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 17 Aug 1999 12:58:01 +0000
Subject: [PATCH] Fix PKCS7_ENC_CONTENT_new() to include a sensible default
 content type and add support for encrypted content type in
 PKCS7_set_content().

---
 CHANGES                 |  8 ++++++++
 crypto/asn1/p7_enc_c.c  |  3 ++-
 crypto/pkcs12/p12_add.c |  8 +++-----
 crypto/pkcs12/pk12err.c |  1 +
 crypto/pkcs12/pkcs12.h  |  1 +
 crypto/pkcs7/dec.c      |  2 +-
 crypto/pkcs7/pk7_lib.c  | 11 +++++++----
 7 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 6d77412f7a..93c314e64f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+     NID_pkcs7_encrypted by default: this was wrong since this should almost
+     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+     the encrypted data type: this is a more sensible place to put it and it
+     allows the PKCS#12 code to be tidied up that duplicated this
+     functionality.
+     [Steve Henson]
+
   *) Changed obj_dat.pl script so it takes its input and output files on
      the command line. This should avoid shell escape redirection problems
      under Win32.
diff --git a/crypto/asn1/p7_enc_c.c b/crypto/asn1/p7_enc_c.c
index a832737a38..d8dcb11246 100644
--- a/crypto/asn1/p7_enc_c.c
+++ b/crypto/asn1/p7_enc_c.c
@@ -101,7 +101,8 @@ PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void)
 
 	M_ASN1_New_Malloc(ret,PKCS7_ENC_CONTENT);
 	/* M_ASN1_New(ret->content_type,ASN1_OBJECT_new); */
-	ret->content_type=OBJ_nid2obj(NID_pkcs7_encrypted);
+	/* We will almost always want this: so make it the default */
+	ret->content_type=OBJ_nid2obj(NID_pkcs7_data);
 	M_ASN1_New(ret->algorithm,X509_ALGOR_new);
 	ret->enc_data=NULL;
 	return(ret);
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index ae3d9de3b4..50a7d0ba25 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -157,13 +157,11 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	p7->type = OBJ_nid2obj(NID_pkcs7_encrypted);
-	if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+	if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+				PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
 		return NULL;
 	}
-	ASN1_INTEGER_set (p7->d.encrypted->version, 0);
-	p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
 	if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
 		return NULL;
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
index 38d7be7675..5bbe2fa330 100644
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -99,6 +99,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[]=
 {PKCS12_R_DECODE_ERROR                   ,"decode error"},
 {PKCS12_R_ENCODE_ERROR                   ,"encode error"},
 {PKCS12_R_ENCRYPT_ERROR                  ,"encrypt error"},
+{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
 {PKCS12_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
 {PKCS12_R_INVALID_NULL_PKCS12_POINTER    ,"invalid null pkcs12 pointer"},
 {PKCS12_R_IV_GEN_ERROR                   ,"iv gen error"},
diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
index 4cfba5e6c6..f79cc230c7 100644
--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -313,6 +313,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
 #define PKCS12_R_DECODE_ERROR				 101
 #define PKCS12_R_ENCODE_ERROR				 102
 #define PKCS12_R_ENCRYPT_ERROR				 103
+#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE	 120
 #define PKCS12_R_INVALID_NULL_ARGUMENT			 104
 #define PKCS12_R_INVALID_NULL_PKCS12_POINTER		 105
 #define PKCS12_R_IV_GEN_ERROR				 106
diff --git a/crypto/pkcs7/dec.c b/crypto/pkcs7/dec.c
index 5150006f09..c552c8f296 100644
--- a/crypto/pkcs7/dec.c
+++ b/crypto/pkcs7/dec.c
@@ -149,7 +149,7 @@ char *argv[];
 	/* We need to process the data */
 	/* We cannot support detached encryption */
 	p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
-	
+
 	if (p7bio == NULL)
 		{
 		printf("problems decoding\n");
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 8b863d0558..22cbb174f8 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -165,9 +165,6 @@ int PKCS7_set_type(PKCS7 *p7, int type)
 		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
-/*		p7->d.signed_and_enveloped->enc_data->content_type=
-			OBJ_nid2obj(NID_pkcs7_encrypted);*/
-			
 		break;
 	case NID_pkcs7_enveloped:
 		p7->type=obj;
@@ -175,8 +172,14 @@ int PKCS7_set_type(PKCS7 *p7, int type)
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.enveloped->version,0);
 		break;
-	case NID_pkcs7_digest:
 	case NID_pkcs7_encrypted:
+		p7->type=obj;
+		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
+			== NULL) goto err;
+		ASN1_INTEGER_set(p7->d.encrypted->version,0);
+		break;
+
+	case NID_pkcs7_digest:
 	default:
 		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
 		goto err;