From 9152f07eaff7ae9775505cec2e8bf33b0407a21c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 30 Jun 2005 11:34:27 +0000 Subject: [PATCH] Check PKCS7 structures in PKCS#12 files are of type data. --- crypto/pkcs12/p12_add.c | 11 ++++++++++- crypto/pkcs12/p12_mutl.c | 6 ++++++ crypto/pkcs12/pk12err.c | 3 +++ crypto/pkcs12/pkcs12.h | 3 +++ 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index fead37a8c0..41bdc00551 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) { - if(!PKCS7_type_is_data(p7)) return NULL; + if(!PKCS7_type_is_data(p7)) + { + PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); } @@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) { + if (!PKCS7_type_is_data(p12->authsafes)) + { + PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); } diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 5eac25f10e..7bff04889c 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -72,6 +72,12 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; int saltlen, iter; + if (!PKCS7_type_is_data(p12->authsafes)) + { + PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA); + return 0; + } + salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; if (!p12->mac->iter) iter = 1; diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c index f01801e686..5c92cb08e0 100644 --- a/crypto/pkcs12/pk12err.c +++ b/crypto/pkcs12/pk12err.c @@ -94,6 +94,8 @@ static ERR_STRING_DATA PKCS12_str_functs[]= {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, +{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, +{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, @@ -103,6 +105,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]= static ERR_STRING_DATA PKCS12_str_reasons[]= { {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"}, +{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"}, {ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"}, diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h index f66f62a419..a2d7e359a0 100644 --- a/crypto/pkcs12/pkcs12.h +++ b/crypto/pkcs12/pkcs12.h @@ -297,12 +297,15 @@ void ERR_load_PKCS12_strings(void); #define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 #define PKCS12_F_PKCS12_SETUP_MAC 122 #define PKCS12_F_PKCS12_SET_MAC 123 +#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +#define PKCS12_F_PKCS12_UNPACK_P7DATA 131 #define PKCS12_F_PKCS12_VERIFY_MAC 126 #define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 #define PKCS12_F_PKCS8_ENCRYPT 125 /* Reason codes. */ #define PKCS12_R_CANT_PACK_STRUCTURE 100 +#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 #define PKCS12_R_DECODE_ERROR 101 #define PKCS12_R_ENCODE_ERROR 102 #define PKCS12_R_ENCRYPT_ERROR 103