Check PKCS7 structures in PKCS#12 files are of type data.
[openssl.git] / crypto / pkcs12 / p12_add.c
index 2d275c4..41bdc00 100644 (file)
@@ -68,16 +68,16 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid
        PKCS12_BAGS *bag;
        PKCS12_SAFEBAG *safebag;
        if (!(bag = PKCS12_BAGS_new())) {
-               PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+               PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        bag->type = OBJ_nid2obj(nid1);
        if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
-               PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+               PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        if (!(safebag = PKCS12_SAFEBAG_new())) {
-               PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+               PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        safebag->value.bag = bag;
@@ -138,7 +138,7 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
                return NULL;
        }
        
-       if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) {
+       if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
                return NULL;
        }
@@ -148,8 +148,12 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
 /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
 {
-       if(!PKCS7_type_is_data(p7)) return NULL;
-       return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it);
+       if(!PKCS7_type_is_data(p7))
+               {
+               PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+               return NULL;
+               }
+       return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
 }
 
 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
@@ -177,7 +181,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
        p7->d.encrypted->enc_data->algorithm = pbe;
        M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
        if (!(p7->d.encrypted->enc_data->enc_data =
-       PKCS12_item_i2d_encrypt(pbe, &PKCS12_SAFEBAGS_it, pass, passlen,
+       PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
                                 bags, 1))) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
                return NULL;
@@ -190,53 +194,11 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, i
 {
        if(!PKCS7_type_is_encrypted(p7)) return NULL;
        return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
-                                  &PKCS12_SAFEBAGS_it,
+                                  ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
                                   pass, passlen,
                                   p7->d.encrypted->enc_data->enc_data, 1);
 }
 
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
-                        const char *pass, int passlen,
-                        unsigned char *salt, int saltlen, int iter,
-                                               PKCS8_PRIV_KEY_INFO *p8inf)
-{
-       X509_SIG *p8;
-       X509_ALGOR *pbe;
-
-       if (!(p8 = X509_SIG_new())) {
-               PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
-               goto err;
-       }
-
-       if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
-       else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
-       if(!pbe) {
-               PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
-               goto err;
-       }
-       X509_ALGOR_free(p8->algor);
-       p8->algor = pbe;
-       M_ASN1_OCTET_STRING_free(p8->digest);
-       p8->digest = PKCS12_item_i2d_encrypt(pbe, &PKCS8_PRIV_KEY_INFO_it,
-                                       pass, passlen, p8inf, 1);
-       if(!p8->digest) {
-               PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
-               goto err;
-       }
-
-       return p8;
-
-       err:
-       X509_SIG_free(p8);
-       return NULL;
-}
-
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
-{
-       return PKCS12_item_decrypt_d2i(p8->algor, &PKCS8_PRIV_KEY_INFO_it, pass,
-                                       passlen, p8->digest, 1);
-}
-
 PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
                                                                int passlen)
 {
@@ -245,7 +207,7 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
 
 int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 
 {
-       if(ASN1_item_pack(safes, &PKCS12_AUTHSAFES_it,
+       if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
                &p12->authsafes->d.data)) 
                        return 1;
        return 0;
@@ -253,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
 
 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
 {
-       return ASN1_item_unpack(p12->authsafes->d.data, &PKCS12_AUTHSAFES_it);
+       if (!PKCS7_type_is_data(p12->authsafes))
+               {
+               PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+               return NULL;
+               }
+       return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
 }