X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fpkcs12%2Fp12_mutl.c;h=70bfef6e5d160c06ad79f57e2318f51cca99ad9a;hb=6fe9c925d20165acdbde281ec06d84027d8bd679;hp=b788e440583305af2611faad0917979f9007010e;hpb=8d8c7266d4de9887fb0190a0770df9dc254a16a3;p=oweals%2Fopenssl.git diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index b788e44058..70bfef6e5d 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -1,5 +1,5 @@ /* p12_mutl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -56,26 +56,28 @@ * */ +#ifndef OPENSSL_NO_HMAC #include -#include -#include -#include -#include -#include -#include "pkcs12.h" +#include "cryptlib.h" +#include +#include +#include /* Generate a MAC */ -int PKCS12_gen_mac (p12, pass, passlen, mac, maclen) -PKCS12 *p12; -unsigned char *pass; -int passlen; -unsigned char *mac; -unsigned int *maclen; +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen) { - EVP_MD *md_type; + const EVP_MD *md_type; HMAC_CTX hmac; - unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; + unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; + + if (!PKCS7_type_is_data(p12->authsafes)) + { + PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA); + return 0; + } + salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; if (!p12->mac->iter) iter = 1; @@ -86,97 +88,89 @@ unsigned int *maclen; return 0; } if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, - PKCS12_MAC_KEY_LENGTH, key, md_type)) { + EVP_MD_size(md_type), key, md_type)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); return 0; } - HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type); - HMAC_Update (&hmac, p12->authsafes->d.data->data, + HMAC_CTX_init(&hmac); + HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); + HMAC_Update(&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); - HMAC_Final (&hmac, mac, maclen); + HMAC_Final(&hmac, mac, maclen); + HMAC_CTX_cleanup(&hmac); return 1; } /* Verify the mac */ -int PKCS12_verify_mac (p12, pass, passlen) -PKCS12 *p12; -unsigned char *pass; -int passlen; +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; if(p12->mac == NULL) { - PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT); + PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT); return 0; } if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { - PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); + PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); return 0; } if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) - || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) { - PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_VERIFY_ERROR); - return 0; - } + || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0; return 1; } /* Set a mac */ -int PKCS12_set_mac (p12, pass, passlen, salt, saltlen, iter, md_type) -PKCS12 *p12; -unsigned char *pass; -int passlen; -unsigned char *salt; -int saltlen; -int iter; -EVP_MD *md_type; +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) { unsigned char mac[EVP_MAX_MD_SIZE]; - int maclen; + unsigned int maclen; + if (!md_type) md_type = EVP_sha1(); if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) { - PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR); + PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR); return 0; } if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { - PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); + PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR); return 0; } - if (!(ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { - PKCS12err(PKCS12_F_PKCS12_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); + if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { + PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); return 0; } return 1; } /* Set up a mac structure */ -int PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) -PKCS12 *p12; -int iter; -unsigned char *salt; -int saltlen; -EVP_MD *md_type; +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, + const EVP_MD *md_type) { - if (!(p12->mac = PKCS12_MAC_DATA_new ())) return PKCS12_ERROR; + if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; if (iter > 1) { - if(!(p12->mac->iter = ASN1_INTEGER_new())) { + if(!(p12->mac->iter = M_ASN1_INTEGER_new())) { + PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } - ASN1_INTEGER_set (p12->mac->iter, iter); } if (!saltlen) saltlen = PKCS12_SALT_LEN; p12->mac->salt->length = saltlen; - if (!(p12->mac->salt->data = Malloc (saltlen))) { + if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } - if (!salt) RAND_bytes (p12->mac->salt->data, saltlen); + if (!salt) { + if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0) + return 0; + } else memcpy (p12->mac->salt->data, salt, saltlen); - M_ASN1_OBJECT_set(p12->mac->dinfo->algor->algorithm, - EVP_MD_type(md_type)); + p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; @@ -185,3 +179,4 @@ EVP_MD *md_type; return 1; } +#endif