X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fpkcs12%2Fp12_mutl.c;h=70bfef6e5d160c06ad79f57e2318f51cca99ad9a;hb=6fe9c925d20165acdbde281ec06d84027d8bd679;hp=4e0a7cbed86a7188a469c7d35d98a6e3f32e9584;hpb=7c472f706e370f9d0c4d7bde3c9f9edf90cfaece;p=oweals%2Fopenssl.git

diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 4e0a7cbed8..70bfef6e5d 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -1,5 +1,5 @@
 /* p12_mutl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
@@ -56,7 +56,7 @@
  *
  */
 
-#ifndef NO_HMAC
+#ifndef OPENSSL_NO_HMAC
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/hmac.h>
@@ -64,13 +64,20 @@
 #include <openssl/pkcs12.h>
 
 /* Generate a MAC */
-int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
-		    unsigned char *mac, unsigned int *maclen)
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+		   unsigned char *mac, unsigned int *maclen)
 {
 	const EVP_MD *md_type;
 	HMAC_CTX hmac;
-	unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
+	unsigned char key[EVP_MAX_MD_SIZE], *salt;
 	int saltlen, iter;
+
+	if (!PKCS7_type_is_data(p12->authsafes))
+		{
+		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+		return 0;
+		}
+
 	salt = p12->mac->salt->data;
 	saltlen = p12->mac->salt->length;
 	if (!p12->mac->iter) iter = 1;
@@ -81,42 +88,41 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
 		return 0;
 	}
 	if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-				 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
+				 EVP_MD_size(md_type), key, md_type)) {
 		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
 		return 0;
 	}
-	HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type);
-    	HMAC_Update (&hmac, p12->authsafes->d.data->data,
+	HMAC_CTX_init(&hmac);
+	HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
+    	HMAC_Update(&hmac, p12->authsafes->d.data->data,
 					 p12->authsafes->d.data->length);
-    	HMAC_Final (&hmac, mac, maclen);
+    	HMAC_Final(&hmac, mac, maclen);
+    	HMAC_CTX_cleanup(&hmac);
 	return 1;
 }
 
 /* Verify the mac */
-int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
 {
 	unsigned char mac[EVP_MAX_MD_SIZE];
 	unsigned int maclen;
 	if(p12->mac == NULL) {
-		PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
+		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
 		return 0;
 	}
 	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
-		PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
+		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
 		return 0;
 	}
 	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
-	|| memcmp (mac, p12->mac->dinfo->digest->data, maclen)) {
-		PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_VERIFY_ERROR);
-		return 0;
-	}
+	|| memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
 	return 1;
 }
 
 /* Set a mac */
 
-int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
-	     unsigned char *salt, int saltlen, int iter, EVP_MD *md_type)
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+	     unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
 {
 	unsigned char mac[EVP_MAX_MD_SIZE];
 	unsigned int maclen;
@@ -139,8 +145,8 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
 }
 
 /* Set up a mac structure */
-int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-	     EVP_MD *md_type)
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+	     const EVP_MD *md_type)
 {
 	if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
 	if (iter > 1) {
@@ -148,16 +154,19 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
 			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
-		ASN1_INTEGER_set(p12->mac->iter, iter);
+		if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
 	}
 	if (!saltlen) saltlen = PKCS12_SALT_LEN;
 	p12->mac->salt->length = saltlen;
-	if (!(p12->mac->salt->data = Malloc (saltlen))) {
+	if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
 		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
 	if (!salt) {
-		if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) <= 0)
+		if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
 			return 0;
 	}
 	else memcpy (p12->mac->salt->data, salt, saltlen);