Loading apps/pkcs12.c +3 −1 Original line number Diff line number Diff line Loading @@ -668,10 +668,12 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, case NID_pkcs8ShroudedKeyBag: if (options & INFO) { X509_SIG *tp8; X509_ALGOR *tp8alg; BIO_printf(bio_err, "Shrouded Keybag: "); tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag); alg_print(tp8->algor); X509_SIG_get0(&tp8alg, NULL, tp8); alg_print(tp8alg); } if (options & NOKEYS) return 1; Loading crypto/asn1/x_sig.c +10 −0 Original line number Diff line number Diff line Loading @@ -59,6 +59,7 @@ #include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/x509.h> #include "internal/x509_int.h" ASN1_SEQUENCE(X509_SIG) = { ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), Loading @@ -66,3 +67,12 @@ ASN1_SEQUENCE(X509_SIG) = { } ASN1_SEQUENCE_END(X509_SIG) IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest, X509_SIG *sig) { if (palg) *palg = sig->algor; if (pdigest) *pdigest = sig->digest; } crypto/include/internal/x509_int.h +5 −0 Original line number Diff line number Diff line Loading @@ -225,3 +225,8 @@ struct pkcs8_priv_key_info_st { ASN1_OCTET_STRING *pkey; STACK_OF(X509_ATTRIBUTE) *attributes; }; struct X509_sig_st { X509_ALGOR *algor; ASN1_OCTET_STRING *digest; }; crypto/pkcs12/p12_mutl.c +19 −12 Original line number Diff line number Diff line Loading @@ -74,10 +74,7 @@ void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg, PKCS12 *p12) { if (p12->mac) { if (pmac) *pmac = p12->mac->dinfo->digest; if (pmacalg) *pmacalg = p12->mac->dinfo->algor; X509_SIG_get0(pmacalg, pmac, p12->mac->dinfo); if (psalt) *psalt = p12->mac->salt; if (piter) Loading Loading @@ -126,6 +123,8 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, int saltlen, iter; int md_size = 0; int md_type_nid; X509_ALGOR *macalg; ASN1_OBJECT *macoid; if (!PKCS7_type_is_data(p12->authsafes)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); Loading @@ -138,8 +137,9 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, iter = 1; else iter = ASN1_INTEGER_get(p12->mac->iter); if ((md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm)) == NULL) { X509_SIG_get0(&macalg, NULL, p12->mac->dinfo); X509_ALGOR_get0(&macoid, NULL, NULL, macalg); if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } Loading Loading @@ -180,6 +180,8 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; ASN1_OCTET_STRING *macoct; if (p12->mac == NULL) { PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); return 0; Loading @@ -188,8 +190,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) || CRYPTO_memcmp(mac, ASN1_STRING_data(macoct), maclen)) return 0; return 1; } Loading @@ -202,6 +205,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; ASN1_OCTET_STRING *macoct; if (!md_type) md_type = EVP_sha1(); Loading @@ -213,7 +217,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } if (!(ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); return 0; } Loading @@ -224,6 +229,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { X509_ALGOR *macalg; if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) return PKCS12_ERROR; if (iter > 1) { Loading @@ -248,12 +255,12 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 0; } else memcpy(p12->mac->salt->data, salt, saltlen); p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); if ((p12->mac->dinfo->algor->parameter = ASN1_TYPE_new()) == NULL) { X509_SIG_get0(&macalg, NULL, p12->mac->dinfo); if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)), V_ASN1_NULL, NULL)) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; return 1; } crypto/pkcs12/p12_npas.c +6 −8 Original line number Diff line number Diff line Loading @@ -109,7 +109,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; PKCS7 *p7, *p7new; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; Loading Loading @@ -165,12 +165,9 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; if ((macnew = ASN1_OCTET_STRING_new()) == NULL) X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) goto saferr; if (!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr; ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); p12->mac->dinfo->digest = macnew; ASN1_OCTET_STRING_free(p12_data_tmp); return 1; Loading @@ -178,7 +175,6 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) saferr: /* Restore old safe */ ASN1_OCTET_STRING_free(p12->authsafes->d.data); ASN1_OCTET_STRING_free(macnew); p12->authsafes->d.data = p12_data_tmp; return 0; Loading @@ -202,13 +198,15 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) PKCS8_PRIV_KEY_INFO *p8; X509_SIG *p8new; int p8_nid, p8_saltlen, p8_iter; X509_ALGOR *shalg; if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag) return 1; if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL) return 0; if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen)) X509_SIG_get0(&shalg, NULL, bag->value.shkeybag); if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen)) return 0; if ((p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, p8_iter, p8)) == NULL) Loading Loading
apps/pkcs12.c +3 −1 Original line number Diff line number Diff line Loading @@ -668,10 +668,12 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, case NID_pkcs8ShroudedKeyBag: if (options & INFO) { X509_SIG *tp8; X509_ALGOR *tp8alg; BIO_printf(bio_err, "Shrouded Keybag: "); tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag); alg_print(tp8->algor); X509_SIG_get0(&tp8alg, NULL, tp8); alg_print(tp8alg); } if (options & NOKEYS) return 1; Loading
crypto/asn1/x_sig.c +10 −0 Original line number Diff line number Diff line Loading @@ -59,6 +59,7 @@ #include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/x509.h> #include "internal/x509_int.h" ASN1_SEQUENCE(X509_SIG) = { ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), Loading @@ -66,3 +67,12 @@ ASN1_SEQUENCE(X509_SIG) = { } ASN1_SEQUENCE_END(X509_SIG) IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest, X509_SIG *sig) { if (palg) *palg = sig->algor; if (pdigest) *pdigest = sig->digest; }
crypto/include/internal/x509_int.h +5 −0 Original line number Diff line number Diff line Loading @@ -225,3 +225,8 @@ struct pkcs8_priv_key_info_st { ASN1_OCTET_STRING *pkey; STACK_OF(X509_ATTRIBUTE) *attributes; }; struct X509_sig_st { X509_ALGOR *algor; ASN1_OCTET_STRING *digest; };
crypto/pkcs12/p12_mutl.c +19 −12 Original line number Diff line number Diff line Loading @@ -74,10 +74,7 @@ void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg, PKCS12 *p12) { if (p12->mac) { if (pmac) *pmac = p12->mac->dinfo->digest; if (pmacalg) *pmacalg = p12->mac->dinfo->algor; X509_SIG_get0(pmacalg, pmac, p12->mac->dinfo); if (psalt) *psalt = p12->mac->salt; if (piter) Loading Loading @@ -126,6 +123,8 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, int saltlen, iter; int md_size = 0; int md_type_nid; X509_ALGOR *macalg; ASN1_OBJECT *macoid; if (!PKCS7_type_is_data(p12->authsafes)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); Loading @@ -138,8 +137,9 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, iter = 1; else iter = ASN1_INTEGER_get(p12->mac->iter); if ((md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm)) == NULL) { X509_SIG_get0(&macalg, NULL, p12->mac->dinfo); X509_ALGOR_get0(&macoid, NULL, NULL, macalg); if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } Loading Loading @@ -180,6 +180,8 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; ASN1_OCTET_STRING *macoct; if (p12->mac == NULL) { PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); return 0; Loading @@ -188,8 +190,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) || CRYPTO_memcmp(mac, ASN1_STRING_data(macoct), maclen)) return 0; return 1; } Loading @@ -202,6 +205,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; ASN1_OCTET_STRING *macoct; if (!md_type) md_type = EVP_sha1(); Loading @@ -213,7 +217,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } if (!(ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); return 0; } Loading @@ -224,6 +229,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { X509_ALGOR *macalg; if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) return PKCS12_ERROR; if (iter > 1) { Loading @@ -248,12 +255,12 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 0; } else memcpy(p12->mac->salt->data, salt, saltlen); p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); if ((p12->mac->dinfo->algor->parameter = ASN1_TYPE_new()) == NULL) { X509_SIG_get0(&macalg, NULL, p12->mac->dinfo); if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)), V_ASN1_NULL, NULL)) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; return 1; }
crypto/pkcs12/p12_npas.c +6 −8 Original line number Diff line number Diff line Loading @@ -109,7 +109,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; PKCS7 *p7, *p7new; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; Loading Loading @@ -165,12 +165,9 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; if ((macnew = ASN1_OCTET_STRING_new()) == NULL) X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) goto saferr; if (!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr; ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); p12->mac->dinfo->digest = macnew; ASN1_OCTET_STRING_free(p12_data_tmp); return 1; Loading @@ -178,7 +175,6 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) saferr: /* Restore old safe */ ASN1_OCTET_STRING_free(p12->authsafes->d.data); ASN1_OCTET_STRING_free(macnew); p12->authsafes->d.data = p12_data_tmp; return 0; Loading @@ -202,13 +198,15 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) PKCS8_PRIV_KEY_INFO *p8; X509_SIG *p8new; int p8_nid, p8_saltlen, p8_iter; X509_ALGOR *shalg; if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag) return 1; if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL) return 0; if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen)) X509_SIG_get0(&shalg, NULL, bag->value.shkeybag); if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen)) return 0; if ((p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, p8_iter, p8)) == NULL) Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>