Check PKCS7 structures in PKCS#12 files are of type data.

diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index 1909f285065dc7f402b296f1f25451b8416e9806..27015dd8c304bcbae7995981e84e24d0cde7d862 100644 (file)
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
 /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
 {
-       if(!PKCS7_type_is_data(p7)) return NULL;
+       if(!PKCS7_type_is_data(p7))
+               {
+               PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+               return NULL;
+               }
        return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
 }
 
@@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
 
 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
 {
+       if (!PKCS7_type_is_data(p12->authsafes))
+               {
+               PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+               return NULL;
+               }
        return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
 }

diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 4886b9b2899dc353c585f7cf041b7bb44a2c94ee..140d21155e77001bd7d023e49d4b65ebcbbbbddf 100644 (file)
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -72,6 +72,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
        unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
        int saltlen, iter;
 
+       if (!PKCS7_type_is_data(p12->authsafes))
+               {
+               PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+               return 0;
+               }
+
        salt = p12->mac->salt->data;
        saltlen = p12->mac->salt->length;
        if (!p12->mac->iter) iter = 1;

diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
index 8094a247b71d9b1180e9f03a6e79deb77e8f1c4c..a33b37b1c7991c3083ead04cbe5b3e22c8bdb7bd 100644 (file)
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -93,6 +93,8 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
 {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),       "PKCS12_PBE_keyivgen"},
 {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC),  "PKCS12_setup_mac"},
 {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),    "PKCS12_set_mac"},
+{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES),   "PKCS12_unpack_authsafes"},
+{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA),      "PKCS12_unpack_p7data"},
 {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE),        "PKCS8_add_keyusage"},
 {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),     "PKCS8_encrypt"},
 {ERR_FUNC(PKCS12_F_VERIFY_MAC),        "VERIFY_MAC"},
@@ -102,6 +104,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
 static ERR_STRING_DATA PKCS12_str_reasons[]=
        {
 {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
+{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
 {ERR_REASON(PKCS12_R_DECODE_ERROR)       ,"decode error"},
 {ERR_REASON(PKCS12_R_ENCODE_ERROR)       ,"encode error"},
 {ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      ,"encrypt error"},

diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
index dd338f266cc47376a54903d67a80c071e2048a8e..fb8af82d4f5f1bb3e632cd90cc41186882a72f42 100644 (file)
--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -287,12 +287,15 @@ void ERR_load_PKCS12_strings(void);
 #define PKCS12_F_PKCS12_PBE_KEYIVGEN                    120
 #define PKCS12_F_PKCS12_SETUP_MAC                       122
 #define PKCS12_F_PKCS12_SET_MAC                                 123
+#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                129
+#define PKCS12_F_PKCS12_UNPACK_P7DATA                   130
 #define PKCS12_F_PKCS8_ADD_KEYUSAGE                     124
 #define PKCS12_F_PKCS8_ENCRYPT                          125
 #define PKCS12_F_VERIFY_MAC                             126
 
 /* Reason codes. */
 #define PKCS12_R_CANT_PACK_STRUCTURE                    100
+#define PKCS12_R_CONTENT_TYPE_NOT_DATA                  121
 #define PKCS12_R_DECODE_ERROR                           101
 #define PKCS12_R_ENCODE_ERROR                           102
 #define PKCS12_R_ENCRYPT_ERROR                          103