summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12/p12_mutl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12/p12_mutl.c')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c35
1 files changed, 19 insertions, 16 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index bac558d6b9..0fb67f74b8 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -56,7 +56,7 @@
56 * 56 *
57 */ 57 */
58 58
59#ifndef NO_HMAC 59#ifndef OPENSSL_NO_HMAC
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/hmac.h> 62#include <openssl/hmac.h>
@@ -71,6 +71,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
71 HMAC_CTX hmac; 71 HMAC_CTX hmac;
72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; 72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
73 int saltlen, iter; 73 int saltlen, iter;
74
74 salt = p12->mac->salt->data; 75 salt = p12->mac->salt->data;
75 saltlen = p12->mac->salt->length; 76 saltlen = p12->mac->salt->length;
76 if (!p12->mac->iter) iter = 1; 77 if (!p12->mac->iter) iter = 1;
@@ -85,10 +86,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
85 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); 86 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
86 return 0; 87 return 0;
87 } 88 }
88 HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type); 89 HMAC_CTX_init(&hmac);
89 HMAC_Update (&hmac, p12->authsafes->d.data->data, 90 HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
91 HMAC_Update(&hmac, p12->authsafes->d.data->data,
90 p12->authsafes->d.data->length); 92 p12->authsafes->d.data->length);
91 HMAC_Final (&hmac, mac, maclen); 93 HMAC_Final(&hmac, mac, maclen);
94 HMAC_CTX_cleanup(&hmac);
92 return 1; 95 return 1;
93} 96}
94 97
@@ -106,17 +109,14 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
106 return 0; 109 return 0;
107 } 110 }
108 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) 111 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
109 || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) { 112 || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
110 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_VERIFY_ERROR);
111 return 0;
112 }
113 return 1; 113 return 1;
114} 114}
115 115
116/* Set a mac */ 116/* Set a mac */
117 117
118int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, 118int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
119 unsigned char *salt, int saltlen, int iter, EVP_MD *md_type) 119 unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
120{ 120{
121 unsigned char mac[EVP_MAX_MD_SIZE]; 121 unsigned char mac[EVP_MAX_MD_SIZE];
122 unsigned int maclen; 122 unsigned int maclen;
@@ -131,7 +131,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
131 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR); 131 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
132 return 0; 132 return 0;
133 } 133 }
134 if (!(ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { 134 if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
135 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); 135 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
136 return 0; 136 return 0;
137 } 137 }
@@ -140,23 +140,26 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
140 140
141/* Set up a mac structure */ 141/* Set up a mac structure */
142int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, 142int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
143 EVP_MD *md_type) 143 const EVP_MD *md_type)
144{ 144{
145 if (!(p12->mac = PKCS12_MAC_DATA_new ())) return PKCS12_ERROR; 145 if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
146 if (iter > 1) { 146 if (iter > 1) {
147 if(!(p12->mac->iter = ASN1_INTEGER_new())) { 147 if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
148 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); 148 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
149 return 0; 149 return 0;
150 } 150 }
151 ASN1_INTEGER_set (p12->mac->iter, iter); 151 ASN1_INTEGER_set(p12->mac->iter, iter);
152 } 152 }
153 if (!saltlen) saltlen = PKCS12_SALT_LEN; 153 if (!saltlen) saltlen = PKCS12_SALT_LEN;
154 p12->mac->salt->length = saltlen; 154 p12->mac->salt->length = saltlen;
155 if (!(p12->mac->salt->data = Malloc (saltlen))) { 155 if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
156 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); 156 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
157 return 0; 157 return 0;
158 } 158 }
159 if (!salt) RAND_bytes (p12->mac->salt->data, saltlen); 159 if (!salt) {
160 if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
161 return 0;
162 }
160 else memcpy (p12->mac->salt->data, salt, saltlen); 163 else memcpy (p12->mac->salt->data, salt, saltlen);
161 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); 164 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
162 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { 165 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 16:50:42 +0000