summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
authorbeck <>2017-01-29 17:49:23 +0000
committerbeck <>2017-01-29 17:49:23 +0000
commitd1f47bd292f36094480caa49ada36b99a69c59b0 (patch)
tree1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/pkcs12
parentf8c627888330b75c2eea8a3c27d0efe947a4f9da (diff)
downloadopenbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.gz
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.bz2
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.zip
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c40
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c12
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c5
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c27
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c9
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c6
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c14
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c35
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c9
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8e.c8
10 files changed, 69 insertions, 96 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 954ca03ebb..5642a141f5 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_add.c,v 1.14 2016/12/30 15:34:35 jsing Exp $ */ 1/* $OpenBSD: p12_add.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -70,20 +70,17 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
70 PKCS12_SAFEBAG *safebag; 70 PKCS12_SAFEBAG *safebag;
71 71
72 if (!(bag = PKCS12_BAGS_new())) { 72 if (!(bag = PKCS12_BAGS_new())) {
73 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 73 PKCS12error(ERR_R_MALLOC_FAILURE);
74 ERR_R_MALLOC_FAILURE);
75 return NULL; 74 return NULL;
76 } 75 }
77 bag->type = OBJ_nid2obj(nid1); 76 bag->type = OBJ_nid2obj(nid1);
78 if (!ASN1_item_pack(obj, it, &bag->value.octet)) { 77 if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
79 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 78 PKCS12error(ERR_R_MALLOC_FAILURE);
80 ERR_R_MALLOC_FAILURE);
81 PKCS12_BAGS_free(bag); 79 PKCS12_BAGS_free(bag);
82 return NULL; 80 return NULL;
83 } 81 }
84 if (!(safebag = PKCS12_SAFEBAG_new())) { 82 if (!(safebag = PKCS12_SAFEBAG_new())) {
85 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 83 PKCS12error(ERR_R_MALLOC_FAILURE);
86 ERR_R_MALLOC_FAILURE);
87 PKCS12_BAGS_free(bag); 84 PKCS12_BAGS_free(bag);
88 return NULL; 85 return NULL;
89 } 86 }
@@ -100,7 +97,7 @@ PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
100 PKCS12_SAFEBAG *bag; 97 PKCS12_SAFEBAG *bag;
101 98
102 if (!(bag = PKCS12_SAFEBAG_new())) { 99 if (!(bag = PKCS12_SAFEBAG_new())) {
103 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); 100 PKCS12error(ERR_R_MALLOC_FAILURE);
104 return NULL; 101 return NULL;
105 } 102 }
106 bag->type = OBJ_nid2obj(NID_keyBag); 103 bag->type = OBJ_nid2obj(NID_keyBag);
@@ -119,7 +116,7 @@ PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
119 116
120 /* Set up the safe bag */ 117 /* Set up the safe bag */
121 if (!(bag = PKCS12_SAFEBAG_new())) { 118 if (!(bag = PKCS12_SAFEBAG_new())) {
122 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); 119 PKCS12error(ERR_R_MALLOC_FAILURE);
123 return NULL; 120 return NULL;
124 } 121 }
125 122
@@ -132,7 +129,7 @@ PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
132 129
133 if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, 130 if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
134 passlen, salt, saltlen, iter, p8))) { 131 passlen, salt, saltlen, iter, p8))) {
135 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); 132 PKCS12error(ERR_R_MALLOC_FAILURE);
136 PKCS12_SAFEBAG_free(bag); 133 PKCS12_SAFEBAG_free(bag);
137 return NULL; 134 return NULL;
138 } 135 }
@@ -147,18 +144,17 @@ PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
147 PKCS7 *p7; 144 PKCS7 *p7;
148 145
149 if (!(p7 = PKCS7_new())) { 146 if (!(p7 = PKCS7_new())) {
150 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); 147 PKCS12error(ERR_R_MALLOC_FAILURE);
151 return NULL; 148 return NULL;
152 } 149 }
153 p7->type = OBJ_nid2obj(NID_pkcs7_data); 150 p7->type = OBJ_nid2obj(NID_pkcs7_data);
154 if (!(p7->d.data = ASN1_OCTET_STRING_new())) { 151 if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
155 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); 152 PKCS12error(ERR_R_MALLOC_FAILURE);
156 goto err; 153 goto err;
157 } 154 }
158 155
159 if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) { 156 if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) {
160 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, 157 PKCS12error(PKCS12_R_CANT_PACK_STRUCTURE);
161 PKCS12_R_CANT_PACK_STRUCTURE);
162 goto err; 158 goto err;
163 } 159 }
164 return p7; 160 return p7;
@@ -173,8 +169,7 @@ STACK_OF(PKCS12_SAFEBAG) *
173PKCS12_unpack_p7data(PKCS7 *p7) 169PKCS12_unpack_p7data(PKCS7 *p7)
174{ 170{
175 if (!PKCS7_type_is_data(p7)) { 171 if (!PKCS7_type_is_data(p7)) {
176 PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, 172 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
177 PKCS12_R_CONTENT_TYPE_NOT_DATA);
178 return NULL; 173 return NULL;
179 } 174 }
180 return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it); 175 return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it);
@@ -191,12 +186,11 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
191 const EVP_CIPHER *pbe_ciph; 186 const EVP_CIPHER *pbe_ciph;
192 187
193 if (!(p7 = PKCS7_new())) { 188 if (!(p7 = PKCS7_new())) {
194 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 189 PKCS12error(ERR_R_MALLOC_FAILURE);
195 return NULL; 190 return NULL;
196 } 191 }
197 if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { 192 if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
198 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, 193 PKCS12error(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
199 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
200 goto err; 194 goto err;
201 } 195 }
202 196
@@ -208,7 +202,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
208 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); 202 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
209 203
210 if (!pbe) { 204 if (!pbe) {
211 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 205 PKCS12error(ERR_R_MALLOC_FAILURE);
212 goto err; 206 goto err;
213 } 207 }
214 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); 208 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
@@ -216,8 +210,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
216 ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); 210 ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
217 if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt( 211 if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
218 pbe, &PKCS12_SAFEBAGS_it, pass, passlen, bags, 1))) { 212 pbe, &PKCS12_SAFEBAGS_it, pass, passlen, bags, 1))) {
219 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, 213 PKCS12error(PKCS12_R_ENCRYPT_ERROR);
220 PKCS12_R_ENCRYPT_ERROR);
221 goto err; 214 goto err;
222 } 215 }
223 216
@@ -257,8 +250,7 @@ STACK_OF(PKCS7) *
257PKCS12_unpack_authsafes(PKCS12 *p12) 250PKCS12_unpack_authsafes(PKCS12 *p12)
258{ 251{
259 if (!PKCS7_type_is_data(p12->authsafes)) { 252 if (!PKCS7_type_is_data(p12->authsafes)) {
260 PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, 253 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
261 PKCS12_R_CONTENT_TYPE_NOT_DATA);
262 return NULL; 254 return NULL;
263 } 255 }
264 return ASN1_item_unpack(p12->authsafes->d.data, 256 return ASN1_item_unpack(p12->authsafes->d.data,
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index f2d635fc62..d1f7d71fd3 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_crpt.c,v 1.13 2016/11/08 20:01:06 miod Exp $ */ 1/* $OpenBSD: p12_crpt.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -82,20 +82,20 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
82 /* Extract useful info from parameter */ 82 /* Extract useful info from parameter */
83 if (param == NULL || param->type != V_ASN1_SEQUENCE || 83 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
84 param->value.sequence == NULL) { 84 param->value.sequence == NULL) {
85 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); 85 PKCS12error(PKCS12_R_DECODE_ERROR);
86 return 0; 86 return 0;
87 } 87 }
88 88
89 pbuf = param->value.sequence->data; 89 pbuf = param->value.sequence->data;
90 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { 90 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
91 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); 91 PKCS12error(PKCS12_R_DECODE_ERROR);
92 return 0; 92 return 0;
93 } 93 }
94 94
95 if (!pbe->iter) 95 if (!pbe->iter)
96 iter = 1; 96 iter = 1;
97 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { 97 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
98 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); 98 PKCS12error(PKCS12_R_DECODE_ERROR);
99 PBEPARAM_free(pbe); 99 PBEPARAM_free(pbe);
100 return 0; 100 return 0;
101 } 101 }
@@ -103,13 +103,13 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
103 saltlen = pbe->salt->length; 103 saltlen = pbe->salt->length;
104 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID, 104 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
105 iter, EVP_CIPHER_key_length(cipher), key, md)) { 105 iter, EVP_CIPHER_key_length(cipher), key, md)) {
106 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR); 106 PKCS12error(PKCS12_R_KEY_GEN_ERROR);
107 PBEPARAM_free(pbe); 107 PBEPARAM_free(pbe);
108 return 0; 108 return 0;
109 } 109 }
110 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID, 110 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
111 iter, EVP_CIPHER_iv_length(cipher), iv, md)) { 111 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
112 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR); 112 PKCS12error(PKCS12_R_IV_GEN_ERROR);
113 PBEPARAM_free(pbe); 113 PBEPARAM_free(pbe);
114 return 0; 114 return 0;
115 } 115 }
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index bef4d54cd9..af2c6afc37 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_crt.c,v 1.16 2015/02/14 12:43:07 miod Exp $ */ 1/* $OpenBSD: p12_crt.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -104,8 +104,7 @@ PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
104 mac_iter = 1; 104 mac_iter = 1;
105 105
106 if (!pkey && !cert && !ca) { 106 if (!pkey && !cert && !ca) {
107 PKCS12err(PKCS12_F_PKCS12_CREATE, 107 PKCS12error(PKCS12_R_INVALID_NULL_ARGUMENT);
108 PKCS12_R_INVALID_NULL_ARGUMENT);
109 return NULL; 108 return NULL;
110 } 109 }
111 110
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index ad4e0bc660..ca08ee55d5 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_decr.c,v 1.17 2015/09/30 18:41:06 jsing Exp $ */ 1/* $OpenBSD: p12_decr.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -79,20 +79,19 @@ PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
79 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, 79 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
80 algor->parameter, &ctx, en_de)) { 80 algor->parameter, &ctx, en_de)) {
81 out = NULL; 81 out = NULL;
82 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, 82 PKCS12error(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
83 PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
84 goto err; 83 goto err;
85 } 84 }
86 85
87 if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { 86 if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
88 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); 87 PKCS12error(ERR_R_MALLOC_FAILURE);
89 goto err; 88 goto err;
90 } 89 }
91 90
92 if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) { 91 if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
93 free(out); 92 free(out);
94 out = NULL; 93 out = NULL;
95 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB); 94 PKCS12error(ERR_R_EVP_LIB);
96 goto err; 95 goto err;
97 } 96 }
98 97
@@ -100,8 +99,7 @@ PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
100 if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) { 99 if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
101 free(out); 100 free(out);
102 out = NULL; 101 out = NULL;
103 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, 102 PKCS12error(PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
104 PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
105 goto err; 103 goto err;
106 } 104 }
107 outlen += i; 105 outlen += i;
@@ -131,8 +129,7 @@ PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
131 129
132 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, 130 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
133 &out, &outlen, 0)) { 131 &out, &outlen, 0)) {
134 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 132 PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
135 PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
136 return NULL; 133 return NULL;
137 } 134 }
138 p = out; 135 p = out;
@@ -140,8 +137,7 @@ PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
140 if (zbuf) 137 if (zbuf)
141 explicit_bzero(out, outlen); 138 explicit_bzero(out, outlen);
142 if (!ret) 139 if (!ret)
143 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 140 PKCS12error(PKCS12_R_DECODE_ERROR);
144 PKCS12_R_DECODE_ERROR);
145 free(out); 141 free(out);
146 return ret; 142 return ret;
147} 143}
@@ -160,20 +156,17 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
160 int inlen; 156 int inlen;
161 157
162 if (!(oct = ASN1_OCTET_STRING_new ())) { 158 if (!(oct = ASN1_OCTET_STRING_new ())) {
163 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 159 PKCS12error(ERR_R_MALLOC_FAILURE);
164 ERR_R_MALLOC_FAILURE);
165 return NULL; 160 return NULL;
166 } 161 }
167 inlen = ASN1_item_i2d(obj, &in, it); 162 inlen = ASN1_item_i2d(obj, &in, it);
168 if (!in) { 163 if (!in) {
169 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 164 PKCS12error(PKCS12_R_ENCODE_ERROR);
170 PKCS12_R_ENCODE_ERROR);
171 goto err; 165 goto err;
172 } 166 }
173 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, 167 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
174 &oct->length, 1)) { 168 &oct->length, 1)) {
175 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 169 PKCS12error(PKCS12_R_ENCRYPT_ERROR);
176 PKCS12_R_ENCRYPT_ERROR);
177 goto err; 170 goto err;
178 } 171 }
179 if (zbuf) 172 if (zbuf)
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
index cd01196b6f..637c430bf4 100644
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ b/src/lib/libcrypto/pkcs12/p12_init.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_init.c,v 1.10 2015/09/30 18:41:06 jsing Exp $ */ 1/* $OpenBSD: p12_init.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -69,7 +69,7 @@ PKCS12_init(int mode)
69 PKCS12 *pkcs12; 69 PKCS12 *pkcs12;
70 70
71 if (!(pkcs12 = PKCS12_new())) { 71 if (!(pkcs12 = PKCS12_new())) {
72 PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); 72 PKCS12error(ERR_R_MALLOC_FAILURE);
73 return NULL; 73 return NULL;
74 } 74 }
75 ASN1_INTEGER_set(pkcs12->version, 3); 75 ASN1_INTEGER_set(pkcs12->version, 3);
@@ -78,13 +78,12 @@ PKCS12_init(int mode)
78 case NID_pkcs7_data: 78 case NID_pkcs7_data:
79 if (!(pkcs12->authsafes->d.data = 79 if (!(pkcs12->authsafes->d.data =
80 ASN1_OCTET_STRING_new())) { 80 ASN1_OCTET_STRING_new())) {
81 PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); 81 PKCS12error(ERR_R_MALLOC_FAILURE);
82 goto err; 82 goto err;
83 } 83 }
84 break; 84 break;
85 default: 85 default:
86 PKCS12err(PKCS12_F_PKCS12_INIT, 86 PKCS12error(PKCS12_R_UNSUPPORTED_PKCS12_MODE);
87 PKCS12_R_UNSUPPORTED_PKCS12_MODE);
88 goto err; 87 goto err;
89 } 88 }
90 89
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 891f764c23..fd710771a5 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_key.c,v 1.24 2016/11/05 13:02:34 miod Exp $ */ 1/* $OpenBSD: p12_key.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -81,7 +81,7 @@ PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
81 unipass = NULL; 81 unipass = NULL;
82 uniplen = 0; 82 uniplen = 0;
83 } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { 83 } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
84 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE); 84 PKCS12error(ERR_R_MALLOC_FAILURE);
85 return 0; 85 return 0;
86 } 86 }
87 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, 87 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
@@ -186,7 +186,7 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
186 } 186 }
187 187
188err: 188err:
189 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE); 189 PKCS12error(ERR_R_MALLOC_FAILURE);
190 190
191end: 191end:
192 free(Ai); 192 free(Ai);
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index eb2c3a76d5..102ca3563b 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_kiss.c,v 1.18 2016/12/30 15:08:22 jsing Exp $ */ 1/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -87,8 +87,7 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
87 /* Check for NULL PKCS12 structure */ 87 /* Check for NULL PKCS12 structure */
88 88
89 if (!p12) { 89 if (!p12) {
90 PKCS12err(PKCS12_F_PKCS12_PARSE, 90 PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
91 PKCS12_R_INVALID_NULL_PKCS12_POINTER);
92 return 0; 91 return 0;
93 } 92 }
94 93
@@ -111,24 +110,23 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
111 else if (PKCS12_verify_mac(p12, "", 0)) 110 else if (PKCS12_verify_mac(p12, "", 0))
112 pass = ""; 111 pass = "";
113 else { 112 else {
114 PKCS12err(PKCS12_F_PKCS12_PARSE, 113 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
115 PKCS12_R_MAC_VERIFY_FAILURE);
116 goto err; 114 goto err;
117 } 115 }
118 } else if (!PKCS12_verify_mac(p12, pass, -1)) { 116 } else if (!PKCS12_verify_mac(p12, pass, -1)) {
119 PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE); 117 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
120 goto err; 118 goto err;
121 } 119 }
122 120
123 /* Allocate stack for other certificates */ 121 /* Allocate stack for other certificates */
124 ocerts = sk_X509_new_null(); 122 ocerts = sk_X509_new_null();
125 if (!ocerts) { 123 if (!ocerts) {
126 PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE); 124 PKCS12error(ERR_R_MALLOC_FAILURE);
127 return 0; 125 return 0;
128 } 126 }
129 127
130 if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) { 128 if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) {
131 PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR); 129 PKCS12error(PKCS12_R_PARSE_ERROR);
132 goto err; 130 goto err;
133 } 131 }
134 132
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index 56a4964a34..f3132ec75f 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_mutl.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */ 1/* $OpenBSD: p12_mutl.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -80,8 +80,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
80 int md_size; 80 int md_size;
81 81
82 if (!PKCS7_type_is_data(p12->authsafes)) { 82 if (!PKCS7_type_is_data(p12->authsafes)) {
83 PKCS12err(PKCS12_F_PKCS12_GEN_MAC, 83 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
84 PKCS12_R_CONTENT_TYPE_NOT_DATA);
85 return 0; 84 return 0;
86 } 85 }
87 86
@@ -90,13 +89,12 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
90 if (!p12->mac->iter) 89 if (!p12->mac->iter)
91 iter = 1; 90 iter = 1;
92 else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) { 91 else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
93 PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR); 92 PKCS12error(PKCS12_R_DECODE_ERROR);
94 return 0; 93 return 0;
95 } 94 }
96 if (!(md_type = EVP_get_digestbyobj( 95 if (!(md_type = EVP_get_digestbyobj(
97 p12->mac->dinfo->algor->algorithm))) { 96 p12->mac->dinfo->algor->algorithm))) {
98 PKCS12err(PKCS12_F_PKCS12_GEN_MAC, 97 PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
99 PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
100 return 0; 98 return 0;
101 } 99 }
102 md_size = EVP_MD_size(md_type); 100 md_size = EVP_MD_size(md_type);
@@ -104,7 +102,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
104 return 0; 102 return 0;
105 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, 103 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
106 md_size, key, md_type)) { 104 md_size, key, md_type)) {
107 PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); 105 PKCS12error(PKCS12_R_KEY_GEN_ERROR);
108 return 0; 106 return 0;
109 } 107 }
110 HMAC_CTX_init(&hmac); 108 HMAC_CTX_init(&hmac);
@@ -127,12 +125,11 @@ PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
127 unsigned int maclen; 125 unsigned int maclen;
128 126
129 if (p12->mac == NULL) { 127 if (p12->mac == NULL) {
130 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); 128 PKCS12error(PKCS12_R_MAC_ABSENT);
131 return 0; 129 return 0;
132 } 130 }
133 if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { 131 if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
134 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, 132 PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
135 PKCS12_R_MAC_GENERATION_ERROR);
136 return 0; 133 return 0;
137 } 134 }
138 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) || 135 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ||
@@ -154,17 +151,15 @@ PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt,
154 md_type = EVP_sha1(); 151 md_type = EVP_sha1();
155 if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == 152 if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) ==
156 PKCS12_ERROR) { 153 PKCS12_ERROR) {
157 PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR); 154 PKCS12error(PKCS12_R_MAC_SETUP_ERROR);
158 return 0; 155 return 0;
159 } 156 }
160 if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { 157 if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
161 PKCS12err(PKCS12_F_PKCS12_SET_MAC, 158 PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
162 PKCS12_R_MAC_GENERATION_ERROR);
163 return 0; 159 return 0;
164 } 160 }
165 if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { 161 if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
166 PKCS12err(PKCS12_F_PKCS12_SET_MAC, 162 PKCS12error(PKCS12_R_MAC_STRING_SET_ERROR);
167 PKCS12_R_MAC_STRING_SET_ERROR);
168 return 0; 163 return 0;
169 } 164 }
170 return 1; 165 return 1;
@@ -179,20 +174,18 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
179 return PKCS12_ERROR; 174 return PKCS12_ERROR;
180 if (iter > 1) { 175 if (iter > 1) {
181 if (!(p12->mac->iter = ASN1_INTEGER_new())) { 176 if (!(p12->mac->iter = ASN1_INTEGER_new())) {
182 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, 177 PKCS12error(ERR_R_MALLOC_FAILURE);
183 ERR_R_MALLOC_FAILURE);
184 return 0; 178 return 0;
185 } 179 }
186 if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { 180 if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
187 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, 181 PKCS12error(ERR_R_MALLOC_FAILURE);
188 ERR_R_MALLOC_FAILURE);
189 return 0; 182 return 0;
190 } 183 }
191 } 184 }
192 if (!saltlen) 185 if (!saltlen)
193 saltlen = PKCS12_SALT_LEN; 186 saltlen = PKCS12_SALT_LEN;
194 if (!(p12->mac->salt->data = malloc(saltlen))) { 187 if (!(p12->mac->salt->data = malloc(saltlen))) {
195 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); 188 PKCS12error(ERR_R_MALLOC_FAILURE);
196 return 0; 189 return 0;
197 } 190 }
198 p12->mac->salt->length = saltlen; 191 p12->mac->salt->length = saltlen;
@@ -202,7 +195,7 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
202 memcpy (p12->mac->salt->data, salt, saltlen); 195 memcpy (p12->mac->salt->data, salt, saltlen);
203 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); 196 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
204 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { 197 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
205 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); 198 PKCS12error(ERR_R_MALLOC_FAILURE);
206 return 0; 199 return 0;
207 } 200 }
208 p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; 201 p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index 7803721a26..63b3df17ad 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_npas.c,v 1.11 2016/12/30 15:08:22 jsing Exp $ */ 1/* $OpenBSD: p12_npas.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -81,20 +81,19 @@ PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
81 /* Check for NULL PKCS12 structure */ 81 /* Check for NULL PKCS12 structure */
82 82
83 if (!p12) { 83 if (!p12) {
84 PKCS12err(PKCS12_F_PKCS12_NEWPASS, 84 PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
85 PKCS12_R_INVALID_NULL_PKCS12_POINTER);
86 return 0; 85 return 0;
87 } 86 }
88 87
89 /* Check the mac */ 88 /* Check the mac */
90 89
91 if (!PKCS12_verify_mac(p12, oldpass, -1)) { 90 if (!PKCS12_verify_mac(p12, oldpass, -1)) {
92 PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE); 91 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
93 return 0; 92 return 0;
94 } 93 }
95 94
96 if (!newpass_p12(p12, oldpass, newpass)) { 95 if (!newpass_p12(p12, oldpass, newpass)) {
97 PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR); 96 PKCS12error(PKCS12_R_PARSE_ERROR);
98 return 0; 97 return 0;
99 } 98 }
100 99
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
index e39d5975d5..5e3fc6486a 100644
--- a/src/lib/libcrypto/pkcs12/p12_p8e.c
+++ b/src/lib/libcrypto/pkcs12/p12_p8e.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_p8e.c,v 1.7 2016/12/30 15:34:35 jsing Exp $ */ 1/* $OpenBSD: p12_p8e.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001. 3 * project 2001.
4 */ 4 */
@@ -70,7 +70,7 @@ PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
70 X509_ALGOR *pbe; 70 X509_ALGOR *pbe;
71 71
72 if (!(p8 = X509_SIG_new())) { 72 if (!(p8 = X509_SIG_new())) {
73 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); 73 PKCS12error(ERR_R_MALLOC_FAILURE);
74 goto err; 74 goto err;
75 } 75 }
76 76
@@ -79,7 +79,7 @@ PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
79 else 79 else
80 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); 80 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
81 if (!pbe) { 81 if (!pbe) {
82 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); 82 PKCS12error(ERR_R_ASN1_LIB);
83 goto err; 83 goto err;
84 } 84 }
85 X509_ALGOR_free(p8->algor); 85 X509_ALGOR_free(p8->algor);
@@ -88,7 +88,7 @@ PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
88 p8->digest = PKCS12_item_i2d_encrypt(pbe, 88 p8->digest = PKCS12_item_i2d_encrypt(pbe,
89 &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8inf, 1); 89 &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8inf, 1);
90 if (!p8->digest) { 90 if (!p8->digest) {
91 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); 91 PKCS12error(PKCS12_R_ENCRYPT_ERROR);
92 goto err; 92 goto err;
93 } 93 }
94 94
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-03 10:22:18 +0000