diff options
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r-- | src/lib/libcrypto/pkcs12/p12_add.c | 11 | ||||
-rw-r--r-- | src/lib/libcrypto/pkcs12/p12_crt.c | 10 | ||||
-rw-r--r-- | src/lib/libcrypto/pkcs12/p12_mutl.c | 6 | ||||
-rw-r--r-- | src/lib/libcrypto/pkcs12/pk12err.c | 107 | ||||
-rw-r--r-- | src/lib/libcrypto/pkcs12/pkcs12.h | 3 |
5 files changed, 85 insertions, 52 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c index 1909f28506..27015dd8c3 100644 --- a/src/lib/libcrypto/pkcs12/p12_add.c +++ b/src/lib/libcrypto/pkcs12/p12_add.c | |||
@@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) | |||
148 | /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ | 148 | /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ |
149 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) | 149 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) |
150 | { | 150 | { |
151 | if(!PKCS7_type_is_data(p7)) return NULL; | 151 | if(!PKCS7_type_is_data(p7)) |
152 | { | ||
153 | PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA); | ||
154 | return NULL; | ||
155 | } | ||
152 | return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); | 156 | return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); |
153 | } | 157 | } |
154 | 158 | ||
@@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) | |||
211 | 215 | ||
212 | STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) | 216 | STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) |
213 | { | 217 | { |
218 | if (!PKCS7_type_is_data(p12->authsafes)) | ||
219 | { | ||
220 | PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA); | ||
221 | return NULL; | ||
222 | } | ||
214 | return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); | 223 | return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); |
215 | } | 224 | } |
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c index 4c36c643ce..40340a7bef 100644 --- a/src/lib/libcrypto/pkcs12/p12_crt.c +++ b/src/lib/libcrypto/pkcs12/p12_crt.c | |||
@@ -76,7 +76,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | |||
76 | unsigned int keyidlen; | 76 | unsigned int keyidlen; |
77 | 77 | ||
78 | /* Set defaults */ | 78 | /* Set defaults */ |
79 | if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; | 79 | if(!nid_cert) |
80 | { | ||
81 | #ifdef OPENSSL_FIPS | ||
82 | if (FIPS_mode()) | ||
83 | nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | ||
84 | else | ||
85 | #endif | ||
86 | nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; | ||
87 | } | ||
80 | if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | 88 | if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
81 | if(!iter) iter = PKCS12_DEFAULT_ITER; | 89 | if(!iter) iter = PKCS12_DEFAULT_ITER; |
82 | if(!mac_iter) mac_iter = 1; | 90 | if(!mac_iter) mac_iter = 1; |
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index 4886b9b289..140d21155e 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c | |||
@@ -72,6 +72,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, | |||
72 | unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; | 72 | unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; |
73 | int saltlen, iter; | 73 | int saltlen, iter; |
74 | 74 | ||
75 | if (!PKCS7_type_is_data(p12->authsafes)) | ||
76 | { | ||
77 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA); | ||
78 | return 0; | ||
79 | } | ||
80 | |||
75 | salt = p12->mac->salt->data; | 81 | salt = p12->mac->salt->data; |
76 | saltlen = p12->mac->salt->length; | 82 | saltlen = p12->mac->salt->length; |
77 | if (!p12->mac->iter) iter = 1; | 83 | if (!p12->mac->iter) iter = 1; |
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c index 10ab80502c..a33b37b1c7 100644 --- a/src/lib/libcrypto/pkcs12/pk12err.c +++ b/src/lib/libcrypto/pkcs12/pk12err.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* crypto/pkcs12/pk12err.c */ | 1 | /* crypto/pkcs12/pk12err.c */ |
2 | /* ==================================================================== | 2 | /* ==================================================================== |
3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
@@ -64,60 +64,67 @@ | |||
64 | 64 | ||
65 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
66 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
67 | |||
68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0) | ||
69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) | ||
70 | |||
67 | static ERR_STRING_DATA PKCS12_str_functs[]= | 71 | static ERR_STRING_DATA PKCS12_str_functs[]= |
68 | { | 72 | { |
69 | {ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"}, | 73 | {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, |
70 | {ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"}, | 74 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, |
71 | {ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"}, | 75 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"}, |
72 | {ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"}, | 76 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"}, |
73 | {ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"}, | 77 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, |
74 | {ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"}, | 78 | {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, |
75 | {ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"}, | 79 | {ERR_FUNC(PKCS12_F_PKCS12_DECRYPT_D2I), "PKCS12_DECRYPT_D2I"}, |
76 | {ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"}, | 80 | {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, |
77 | {ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"}, | 81 | {ERR_FUNC(PKCS12_F_PKCS12_I2D_ENCRYPT), "PKCS12_I2D_ENCRYPT"}, |
78 | {ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"}, | 82 | {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, |
79 | {ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"}, | 83 | {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, |
80 | {ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, | 84 | {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, |
81 | {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, | 85 | {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, |
82 | {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, | 86 | {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, |
83 | {ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"}, | 87 | {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, |
84 | {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, | 88 | {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, |
85 | {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, | 89 | {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, |
86 | {ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, | 90 | {ERR_FUNC(PKCS12_F_PKCS12_PACK_SAFEBAG), "PKCS12_PACK_SAFEBAG"}, |
87 | {ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"}, | 91 | {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, |
88 | {ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"}, | 92 | {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, |
89 | {ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"}, | 93 | {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, |
90 | {ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"}, | 94 | {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, |
91 | {ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"}, | 95 | {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, |
92 | {ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"}, | 96 | {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, |
93 | {ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"}, | 97 | {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, |
94 | {ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"}, | 98 | {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, |
99 | {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, | ||
100 | {ERR_FUNC(PKCS12_F_VERIFY_MAC), "VERIFY_MAC"}, | ||
95 | {0,NULL} | 101 | {0,NULL} |
96 | }; | 102 | }; |
97 | 103 | ||
98 | static ERR_STRING_DATA PKCS12_str_reasons[]= | 104 | static ERR_STRING_DATA PKCS12_str_reasons[]= |
99 | { | 105 | { |
100 | {PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"}, | 106 | {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"}, |
101 | {PKCS12_R_DECODE_ERROR ,"decode error"}, | 107 | {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"}, |
102 | {PKCS12_R_ENCODE_ERROR ,"encode error"}, | 108 | {ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"}, |
103 | {PKCS12_R_ENCRYPT_ERROR ,"encrypt error"}, | 109 | {ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"}, |
104 | {PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"}, | 110 | {ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"}, |
105 | {PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, | 111 | {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"}, |
106 | {PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"}, | 112 | {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, |
107 | {PKCS12_R_IV_GEN_ERROR ,"iv gen error"}, | 113 | {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"}, |
108 | {PKCS12_R_KEY_GEN_ERROR ,"key gen error"}, | 114 | {ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"}, |
109 | {PKCS12_R_MAC_ABSENT ,"mac absent"}, | 115 | {ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"}, |
110 | {PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"}, | 116 | {ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"}, |
111 | {PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"}, | 117 | {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"}, |
112 | {PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"}, | 118 | {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"}, |
113 | {PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"}, | 119 | {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"}, |
114 | {PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"}, | 120 | {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"}, |
115 | {PKCS12_R_PARSE_ERROR ,"parse error"}, | 121 | {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"}, |
116 | {PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"}, | 122 | {ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"}, |
117 | {PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"}, | 123 | {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"}, |
118 | {PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"}, | 124 | {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"}, |
119 | {PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"}, | 125 | {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"}, |
120 | {PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"}, | 126 | {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"}, |
127 | {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"}, | ||
121 | {0,NULL} | 128 | {0,NULL} |
122 | }; | 129 | }; |
123 | 130 | ||
@@ -131,8 +138,8 @@ void ERR_load_PKCS12_strings(void) | |||
131 | { | 138 | { |
132 | init=0; | 139 | init=0; |
133 | #ifndef OPENSSL_NO_ERR | 140 | #ifndef OPENSSL_NO_ERR |
134 | ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs); | 141 | ERR_load_strings(0,PKCS12_str_functs); |
135 | ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons); | 142 | ERR_load_strings(0,PKCS12_str_reasons); |
136 | #endif | 143 | #endif |
137 | 144 | ||
138 | } | 145 | } |
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h index dd338f266c..fb8af82d4f 100644 --- a/src/lib/libcrypto/pkcs12/pkcs12.h +++ b/src/lib/libcrypto/pkcs12/pkcs12.h | |||
@@ -287,12 +287,15 @@ void ERR_load_PKCS12_strings(void); | |||
287 | #define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 | 287 | #define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 |
288 | #define PKCS12_F_PKCS12_SETUP_MAC 122 | 288 | #define PKCS12_F_PKCS12_SETUP_MAC 122 |
289 | #define PKCS12_F_PKCS12_SET_MAC 123 | 289 | #define PKCS12_F_PKCS12_SET_MAC 123 |
290 | #define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 129 | ||
291 | #define PKCS12_F_PKCS12_UNPACK_P7DATA 130 | ||
290 | #define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 | 292 | #define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 |
291 | #define PKCS12_F_PKCS8_ENCRYPT 125 | 293 | #define PKCS12_F_PKCS8_ENCRYPT 125 |
292 | #define PKCS12_F_VERIFY_MAC 126 | 294 | #define PKCS12_F_VERIFY_MAC 126 |
293 | 295 | ||
294 | /* Reason codes. */ | 296 | /* Reason codes. */ |
295 | #define PKCS12_R_CANT_PACK_STRUCTURE 100 | 297 | #define PKCS12_R_CANT_PACK_STRUCTURE 100 |
298 | #define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 | ||
296 | #define PKCS12_R_DECODE_ERROR 101 | 299 | #define PKCS12_R_DECODE_ERROR 101 |
297 | #define PKCS12_R_ENCODE_ERROR 102 | 300 | #define PKCS12_R_ENCODE_ERROR 102 |
298 | #define PKCS12_R_ENCRYPT_ERROR 103 | 301 | #define PKCS12_R_ENCRYPT_ERROR 103 |