summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c26
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c10
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12_local.h5
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c4
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_mime.c7
5 files changed, 37 insertions, 15 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 93c7c7221e..8ce1fede74 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_add.c,v 1.22 2023/02/16 08:38:17 tb Exp $ */ 1/* $OpenBSD: p12_add.c,v 1.23 2024/01/25 13:44:08 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -124,11 +124,15 @@ LCRYPTO_ALIAS(PKCS12_pack_p7data);
124STACK_OF(PKCS12_SAFEBAG) * 124STACK_OF(PKCS12_SAFEBAG) *
125PKCS12_unpack_p7data(PKCS7 *p7) 125PKCS12_unpack_p7data(PKCS7 *p7)
126{ 126{
127 ASN1_OCTET_STRING *aos;
128
127 if (!PKCS7_type_is_data(p7)) { 129 if (!PKCS7_type_is_data(p7)) {
128 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); 130 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
129 return NULL; 131 return NULL;
130 } 132 }
131 return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it); 133 if ((aos = PKCS7_get_octet_string(p7)) == NULL)
134 return NULL;
135 return ASN1_item_unpack(aos, &PKCS12_SAFEBAGS_it);
132} 136}
133LCRYPTO_ALIAS(PKCS12_unpack_p7data); 137LCRYPTO_ALIAS(PKCS12_unpack_p7data);
134 138
@@ -182,11 +186,16 @@ LCRYPTO_ALIAS(PKCS12_pack_p7encdata);
182STACK_OF(PKCS12_SAFEBAG) * 186STACK_OF(PKCS12_SAFEBAG) *
183PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) 187PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
184{ 188{
189 PKCS7_ENC_CONTENT *content;
190
185 if (!PKCS7_type_is_encrypted(p7)) 191 if (!PKCS7_type_is_encrypted(p7))
186 return NULL; 192 return NULL;
187 return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, 193 if (p7->d.encrypted == NULL)
188 &PKCS12_SAFEBAGS_it, pass, passlen, 194 return NULL;
189 p7->d.encrypted->enc_data->enc_data, 1); 195 if ((content = p7->d.encrypted->enc_data) == NULL)
196 return NULL;
197 return PKCS12_item_decrypt_d2i(content->algorithm, &PKCS12_SAFEBAGS_it,
198 pass, passlen, content->enc_data, 1);
190} 199}
191LCRYPTO_ALIAS(PKCS12_unpack_p7encdata); 200LCRYPTO_ALIAS(PKCS12_unpack_p7encdata);
192 201
@@ -210,11 +219,14 @@ LCRYPTO_ALIAS(PKCS12_pack_authsafes);
210STACK_OF(PKCS7) * 219STACK_OF(PKCS7) *
211PKCS12_unpack_authsafes(const PKCS12 *p12) 220PKCS12_unpack_authsafes(const PKCS12 *p12)
212{ 221{
222 ASN1_OCTET_STRING *aos;
223
213 if (!PKCS7_type_is_data(p12->authsafes)) { 224 if (!PKCS7_type_is_data(p12->authsafes)) {
214 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); 225 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
215 return NULL; 226 return NULL;
216 } 227 }
217 return ASN1_item_unpack(p12->authsafes->d.data, 228 if ((aos = PKCS7_get_octet_string(p12->authsafes)) == NULL)
218 &PKCS12_AUTHSAFES_it); 229 return NULL;
230 return ASN1_item_unpack(aos, &PKCS12_AUTHSAFES_it);
219} 231}
220LCRYPTO_ALIAS(PKCS12_unpack_authsafes); 232LCRYPTO_ALIAS(PKCS12_unpack_authsafes);
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index f0e6df9eb6..c71ed735ea 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_mutl.c,v 1.35 2023/02/16 08:38:17 tb Exp $ */ 1/* $OpenBSD: p12_mutl.c,v 1.36 2024/01/25 13:44:08 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -115,6 +115,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
115{ 115{
116 const EVP_MD *md_type; 116 const EVP_MD *md_type;
117 HMAC_CTX *hmac = NULL; 117 HMAC_CTX *hmac = NULL;
118 ASN1_OCTET_STRING *aos;
118 unsigned char key[EVP_MAX_MD_SIZE], *salt; 119 unsigned char key[EVP_MAX_MD_SIZE], *salt;
119 int saltlen, iter; 120 int saltlen, iter;
120 int md_size; 121 int md_size;
@@ -124,6 +125,10 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
124 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); 125 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
125 goto err; 126 goto err;
126 } 127 }
128 if ((aos = PKCS7_get_octet_string(p12->authsafes)) == NULL) {
129 PKCS12error(PKCS12_R_DECODE_ERROR);
130 goto err;
131 }
127 132
128 salt = p12->mac->salt->data; 133 salt = p12->mac->salt->data;
129 saltlen = p12->mac->salt->length; 134 saltlen = p12->mac->salt->length;
@@ -155,8 +160,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
155 goto err; 160 goto err;
156 if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL)) 161 if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL))
157 goto err; 162 goto err;
158 if (!HMAC_Update(hmac, p12->authsafes->d.data->data, 163 if (!HMAC_Update(hmac, aos->data, aos->length))
159 p12->authsafes->d.data->length))
160 goto err; 164 goto err;
161 if (!HMAC_Final(hmac, mac, maclen)) 165 if (!HMAC_Final(hmac, mac, maclen))
162 goto err; 166 goto err;
diff --git a/src/lib/libcrypto/pkcs12/pkcs12_local.h b/src/lib/libcrypto/pkcs12/pkcs12_local.h
index 1d6f0558ed..8d82d2f462 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12_local.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12_local.h,v 1.3 2022/11/26 17:23:18 tb Exp $ */ 1/* $OpenBSD: pkcs12_local.h,v 1.4 2024/01/25 13:44:08 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -96,6 +96,9 @@ struct pkcs12_bag_st {
96 } value; 96 } value;
97}; 97};
98 98
99/* XXX - should go into pkcs7_local.h. */
100ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7);
101
99__END_HIDDEN_DECLS 102__END_HIDDEN_DECLS
100 103
101#endif /* !HEADER_PKCS12_LOCAL_H */ 104#endif /* !HEADER_PKCS12_LOCAL_H */
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 759d9dd5a5..ce0e99eec1 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_doit.c,v 1.54 2023/11/15 00:55:43 tb Exp $ */ 1/* $OpenBSD: pk7_doit.c,v 1.55 2024/01/25 13:44:08 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -92,7 +92,7 @@ PKCS7_type_is_other(PKCS7* p7)
92 92
93} 93}
94 94
95static ASN1_OCTET_STRING * 95ASN1_OCTET_STRING *
96PKCS7_get_octet_string(PKCS7 *p7) 96PKCS7_get_octet_string(PKCS7 *p7)
97{ 97{
98 if (PKCS7_type_is_data(p7)) 98 if (PKCS7_type_is_data(p7))
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
index f00e18c7ef..381335589f 100644
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_mime.c,v 1.19 2023/05/02 09:56:12 tb Exp $ */ 1/* $OpenBSD: pk7_mime.c,v 1.20 2024/01/25 13:44:08 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -89,8 +89,11 @@ SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
89 STACK_OF(X509_ALGOR) *mdalgs = NULL; 89 STACK_OF(X509_ALGOR) *mdalgs = NULL;
90 int ctype_nid; 90 int ctype_nid;
91 91
92 if ((ctype_nid = OBJ_obj2nid(p7->type)) == NID_pkcs7_signed) 92 if ((ctype_nid = OBJ_obj2nid(p7->type)) == NID_pkcs7_signed) {
93 if (p7->d.sign == NULL)
94 return 0;
93 mdalgs = p7->d.sign->md_algs; 95 mdalgs = p7->d.sign->md_algs;
96 }
94 97
95 flags ^= SMIME_OLDMIME; 98 flags ^= SMIME_OLDMIME;
96 99
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-02 20:16:00 +0000