Check PKCS7 structures in PKCS#12 files are of type data.

author Dr. Stephen Henson <steve@openssl.org>

Thu, 30 Jun 2005 11:34:58 +0000 (11:34 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 30 Jun 2005 11:34:58 +0000 (11:34 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 30 Jun 2005 11:34:58 +0000 (11:34 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 30 Jun 2005 11:34:58 +0000 (11:34 +0000)
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c

index fead37a8c0b393c9b0accc19d84debc6091308ea..41bdc00551049e109eb96dd9c2faa1707ccfd0f3 100644 (file)
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
  /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
  STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
  {
  /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
  STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
  {
-       if(!PKCS7_type_is_data(p7)) return NULL;
+       if(!PKCS7_type_is_data(p7))
+               {
+               PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+               return NULL;
+               }
         return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
  }
  
         return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
  }
  
@@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
  
  STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
  {
  
  STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
  {
+       if (!PKCS7_type_is_data(p12->authsafes))
+               {
+               PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+               return NULL;
+               }
         return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
  }
         return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
  }
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c

index 5eac25f10eda9ad2c56aa4b9c976c44812d25977..7bff04889c35f41cd67ae7c7d353af3adee0e3a3 100644 (file)
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -72,6 +72,12 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
         int saltlen, iter;
  
         unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
         int saltlen, iter;
  
+       if (!PKCS7_type_is_data(p12->authsafes))
+               {
+               PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+               return 0;
+               }
+
         salt = p12->mac->salt->data;
         saltlen = p12->mac->salt->length;
         if (!p12->mac->iter) iter = 1;
         salt = p12->mac->salt->data;
         saltlen = p12->mac->salt->length;
         if (!p12->mac->iter) iter = 1;
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c

index f01801e6868172dc619b9d714046e87ea84f6242..5c92cb08e0c7df8bb5789237ec7b3cbf16984b04 100644 (file)
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -94,6 +94,8 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
  {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),       "PKCS12_PBE_keyivgen"},
  {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC),  "PKCS12_setup_mac"},
  {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),    "PKCS12_set_mac"},
  {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),       "PKCS12_PBE_keyivgen"},
  {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC),  "PKCS12_setup_mac"},
  {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),    "PKCS12_set_mac"},
+{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES),   "PKCS12_unpack_authsafes"},
+{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA),      "PKCS12_unpack_p7data"},
  {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
  {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE),        "PKCS8_add_keyusage"},
  {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),     "PKCS8_encrypt"},
  {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
  {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE),        "PKCS8_add_keyusage"},
  {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),     "PKCS8_encrypt"},
@@ -103,6 +105,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
  static ERR_STRING_DATA PKCS12_str_reasons[]=
         {
  {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
  static ERR_STRING_DATA PKCS12_str_reasons[]=
         {
  {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
+{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
  {ERR_REASON(PKCS12_R_DECODE_ERROR)       ,"decode error"},
  {ERR_REASON(PKCS12_R_ENCODE_ERROR)       ,"encode error"},
  {ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      ,"encrypt error"},
  {ERR_REASON(PKCS12_R_DECODE_ERROR)       ,"decode error"},
  {ERR_REASON(PKCS12_R_ENCODE_ERROR)       ,"encode error"},
  {ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      ,"encrypt error"},
diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h

index f66f62a4199e702edf7fa01127aa8f42962da070..a2d7e359a0fd38047a2041674a3738452440e794 100644 (file)
--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -297,12 +297,15 @@ void ERR_load_PKCS12_strings(void);
  #define PKCS12_F_PKCS12_PBE_KEYIVGEN                    120
  #define PKCS12_F_PKCS12_SETUP_MAC                       122
  #define PKCS12_F_PKCS12_SET_MAC                                 123
  #define PKCS12_F_PKCS12_PBE_KEYIVGEN                    120
  #define PKCS12_F_PKCS12_SETUP_MAC                       122
  #define PKCS12_F_PKCS12_SET_MAC                                 123
+#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                130
+#define PKCS12_F_PKCS12_UNPACK_P7DATA                   131
  #define PKCS12_F_PKCS12_VERIFY_MAC                      126
  #define PKCS12_F_PKCS8_ADD_KEYUSAGE                     124
  #define PKCS12_F_PKCS8_ENCRYPT                          125
  
  /* Reason codes. */
  #define PKCS12_R_CANT_PACK_STRUCTURE                    100
  #define PKCS12_F_PKCS12_VERIFY_MAC                      126
  #define PKCS12_F_PKCS8_ADD_KEYUSAGE                     124
  #define PKCS12_F_PKCS8_ENCRYPT                          125
  
  /* Reason codes. */
  #define PKCS12_R_CANT_PACK_STRUCTURE                    100
+#define PKCS12_R_CONTENT_TYPE_NOT_DATA                  121
  #define PKCS12_R_DECODE_ERROR                           101
  #define PKCS12_R_ENCODE_ERROR                           102
  #define PKCS12_R_ENCRYPT_ERROR                          103
  #define PKCS12_R_DECODE_ERROR                           101
  #define PKCS12_R_ENCODE_ERROR                           102
  #define PKCS12_R_ENCRYPT_ERROR                          103
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 30 Jun 2005 11:34:58 +0000 (11:34 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 30 Jun 2005 11:34:58 +0000 (11:34 +0000)
crypto/pkcs12/p12_add.c		patch \| blob \| history
crypto/pkcs12/p12_mutl.c		patch \| blob \| history
crypto/pkcs12/pk12err.c		patch \| blob \| history
crypto/pkcs12/pkcs12.h		patch \| blob \| history