Commit 1c2f1fe5 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Check PKCS7 structures in PKCS#12 files are of type data.

parent 14365bd8

crypto/pkcs12/p12_add.c

+10 −1
Original line number Diff line number Diff line
@@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) 
/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */

STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)

{

	if(!PKCS7_type_is_data(p7)) return NULL;

	if(!PKCS7_type_is_data(p7))

		{

		PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);

		return NULL;

		}

	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));

}
@@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 


STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)

{

	if (!PKCS7_type_is_data(p12->authsafes))

		{

		PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);

		return NULL;

		}

	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));

}

crypto/pkcs12/p12_mutl.c

+6 −0
Original line number Diff line number Diff line
@@ -72,6 +72,12 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 
	unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;

	int saltlen, iter;



	if (!PKCS7_type_is_data(p12->authsafes))

		{

		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);

		return 0;

		}



	salt = p12->mac->salt->data;

	saltlen = p12->mac->salt->length;

	if (!p12->mac->iter) iter = 1;

crypto/pkcs12/pk12err.c

+3 −0
Original line number Diff line number Diff line
@@ -94,6 +94,8 @@ static ERR_STRING_DATA PKCS12_str_functs[]= 
{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),	"PKCS12_PBE_keyivgen"},

{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC),	"PKCS12_setup_mac"},

{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),	"PKCS12_set_mac"},

{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES),	"PKCS12_unpack_authsafes"},

{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA),	"PKCS12_unpack_p7data"},

{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC),	"PKCS12_verify_mac"},

{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE),	"PKCS8_add_keyusage"},

{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),	"PKCS8_encrypt"},
@@ -103,6 +105,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]= 
static ERR_STRING_DATA PKCS12_str_reasons[]=

	{

{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},

{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},

{ERR_REASON(PKCS12_R_DECODE_ERROR)       ,"decode error"},

{ERR_REASON(PKCS12_R_ENCODE_ERROR)       ,"encode error"},

{ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      ,"encrypt error"},

crypto/pkcs12/pkcs12.h

+3 −0
Original line number Diff line number Diff line
@@ -297,12 +297,15 @@ void ERR_load_PKCS12_strings(void); 
#define PKCS12_F_PKCS12_PBE_KEYIVGEN			 120

#define PKCS12_F_PKCS12_SETUP_MAC			 122

#define PKCS12_F_PKCS12_SET_MAC				 123

#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES		 130

#define PKCS12_F_PKCS12_UNPACK_P7DATA			 131

#define PKCS12_F_PKCS12_VERIFY_MAC			 126

#define PKCS12_F_PKCS8_ADD_KEYUSAGE			 124

#define PKCS12_F_PKCS8_ENCRYPT				 125



/* Reason codes. */

#define PKCS12_R_CANT_PACK_STRUCTURE			 100

#define PKCS12_R_CONTENT_TYPE_NOT_DATA			 121

#define PKCS12_R_DECODE_ERROR				 101

#define PKCS12_R_ENCODE_ERROR				 102

#define PKCS12_R_ENCRYPT_ERROR				 103