From a6eb1ce6a989d01bb00e9749789b690744be506c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 10 Mar 2016 15:04:46 +0000 Subject: Make X509_SIG opaque. Reviewed-by: Rich Salz --- crypto/pkcs12/p12_mutl.c | 31 +++++++++++++++++++------------ crypto/pkcs12/p12_npas.c | 14 ++++++-------- crypto/pkcs12/p12_p8d.c | 7 +++++-- crypto/pkcs12/p12_p8e.c | 7 ++++--- 4 files changed, 34 insertions(+), 25 deletions(-) (limited to 'crypto/pkcs12') diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 230f3e6b30..0395358325 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -74,10 +74,7 @@ void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg, PKCS12 *p12) { if (p12->mac) { - if (pmac) - *pmac = p12->mac->dinfo->digest; - if (pmacalg) - *pmacalg = p12->mac->dinfo->algor; + X509_SIG_get0(pmacalg, pmac, p12->mac->dinfo); if (psalt) *psalt = p12->mac->salt; if (piter) @@ -126,6 +123,8 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, int saltlen, iter; int md_size = 0; int md_type_nid; + X509_ALGOR *macalg; + ASN1_OBJECT *macoid; if (!PKCS7_type_is_data(p12->authsafes)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); @@ -138,8 +137,9 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, iter = 1; else iter = ASN1_INTEGER_get(p12->mac->iter); - if ((md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm)) - == NULL) { + X509_SIG_get0(&macalg, NULL, p12->mac->dinfo); + X509_ALGOR_get0(&macoid, NULL, NULL, macalg); + if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } @@ -180,6 +180,8 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; + ASN1_OCTET_STRING *macoct; + if (p12->mac == NULL) { PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); return 0; @@ -188,8 +190,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } - if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) - || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); + if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) + || CRYPTO_memcmp(mac, ASN1_STRING_data(macoct), maclen)) return 0; return 1; } @@ -202,6 +205,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; + ASN1_OCTET_STRING *macoct; if (!md_type) md_type = EVP_sha1(); @@ -213,7 +217,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } - if (!(ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { + X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); + if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); return 0; } @@ -224,6 +229,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { + X509_ALGOR *macalg; + if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) return PKCS12_ERROR; if (iter > 1) { @@ -248,12 +255,12 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 0; } else memcpy(p12->mac->salt->data, salt, saltlen); - p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); - if ((p12->mac->dinfo->algor->parameter = ASN1_TYPE_new()) == NULL) { + X509_SIG_get0(&macalg, NULL, p12->mac->dinfo); + if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)), + V_ASN1_NULL, NULL)) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } - p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; return 1; } diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index f2fc12f752..e23d0352c7 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -109,7 +109,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; PKCS7 *p7, *p7new; - ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; + ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; @@ -165,12 +165,9 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; - if ((macnew = ASN1_OCTET_STRING_new()) == NULL) + X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); + if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) goto saferr; - if (!ASN1_OCTET_STRING_set(macnew, mac, maclen)) - goto saferr; - ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); - p12->mac->dinfo->digest = macnew; ASN1_OCTET_STRING_free(p12_data_tmp); return 1; @@ -178,7 +175,6 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) saferr: /* Restore old safe */ ASN1_OCTET_STRING_free(p12->authsafes->d.data); - ASN1_OCTET_STRING_free(macnew); p12->authsafes->d.data = p12_data_tmp; return 0; @@ -202,13 +198,15 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) PKCS8_PRIV_KEY_INFO *p8; X509_SIG *p8new; int p8_nid, p8_saltlen, p8_iter; + X509_ALGOR *shalg; if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag) return 1; if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL) return 0; - if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen)) + X509_SIG_get0(&shalg, NULL, bag->value.shkeybag); + if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen)) return 0; if ((p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, p8_iter, p8)) == NULL) diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c index 9bdfd3f77f..8980abe9b9 100644 --- a/crypto/pkcs12/p12_p8d.c +++ b/crypto/pkcs12/p12_p8d.c @@ -63,7 +63,10 @@ PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen) { - return PKCS12_item_decrypt_d2i(p8->algor, + X509_ALGOR *dalg; + ASN1_OCTET_STRING *doct; + X509_SIG_get0(&dalg, &doct, p8); + return PKCS12_item_decrypt_d2i(dalg, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, - passlen, p8->digest, 1); + passlen, doct, 1); } diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index a6255155ba..b79ca64272 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -59,6 +59,7 @@ #include #include "internal/cryptlib.h" #include +#include "internal/x509_int.h" X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, @@ -103,13 +104,13 @@ X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, return NULL; } - if ((p8 = X509_SIG_new()) == NULL) { + p8 = OPENSSL_zalloc(sizeof(*p8)); + + if (p8 == NULL) { PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE); ASN1_OCTET_STRING_free(enckey); return NULL; } - X509_ALGOR_free(p8->algor); - ASN1_OCTET_STRING_free(p8->digest); p8->algor = pbe; p8->digest = enckey; -- cgit v1.2.3