Browse Source

Typesafety Thought Police part 3.

master
Ben Laurie 22 years ago
parent
commit
5de603abc8
9 changed files with 64 additions and 53 deletions
  1. +10
    -9
      apps/pkcs12.c
  2. +2
    -0
      crypto/asn1/p7_lib.c
  3. +5
    -4
      crypto/pkcs12/p12_crt.c
  4. +2
    -0
      crypto/pkcs12/p12_decr.c
  5. +7
    -6
      crypto/pkcs12/p12_kiss.c
  6. +9
    -9
      crypto/pkcs12/p12_npas.c
  7. +3
    -25
      crypto/pkcs12/pkcs12.h
  8. +4
    -0
      crypto/pkcs7/pkcs7.h
  9. +22
    -0
      crypto/x509/x509.h

+ 10
- 9
apps/pkcs12.c View File

@ -362,7 +362,7 @@ int MAIN(int argc, char **argv)
if (export_cert) {
EVP_PKEY *key;
STACK_OF(PKCS12_SAFEBAG) *bags;
STACK *safes;
STACK_OF(PKCS7) *safes;
PKCS12_SAFEBAG *bag;
PKCS8_PRIV_KEY_INFO *p8;
PKCS7 *authsafe;
@ -468,8 +468,8 @@ int MAIN(int argc, char **argv)
goto end;
}
safes = sk_new (NULL);
sk_push (safes, (char *)authsafe);
safes = sk_PKCS7_new (NULL);
sk_PKCS7_push (safes, authsafe);
/* Make a shrouded key bag */
p8 = EVP_PKEY2PKCS8 (key);
@ -484,13 +484,13 @@ int MAIN(int argc, char **argv)
/* Turn it into unencrypted safe bag */
authsafe = PKCS12_pack_p7data (bags);
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sk_push (safes, (char *)authsafe);
sk_PKCS7_push (safes, authsafe);
p12 = PKCS12_init (NID_pkcs7_data);
M_PKCS12_pack_authsafes (p12, safes);
sk_pop_free(safes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free(safes, PKCS7_free);
PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
@ -573,13 +573,14 @@ int MAIN(int argc, char **argv)
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int passlen, int options, char *pempass)
{
STACK *asafes;
STACK_OF(PKCS7) *asafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid;
PKCS7 *p7;
if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
for (i = 0; i < sk_num (asafes); i++) {
p7 = (PKCS7 *) sk_value (asafes, i);
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
p7 = sk_PKCS7_value (asafes, i);
bagnid = OBJ_obj2nid (p7->type);
if (bagnid == NID_pkcs7_data) {
bags = M_PKCS12_unpack_p7data (p7);
@ -600,7 +601,7 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
}
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
}
sk_pop_free (asafes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free (asafes, PKCS7_free);
return 1;
}


+ 2
- 0
crypto/asn1/p7_lib.c View File

@ -293,3 +293,5 @@ void PKCS7_content_free(PKCS7 *a)
a->d.ptr=NULL;
}
IMPLEMENT_STACK_OF(PKCS7)
IMPLEMENT_ASN1_SET_OF(PKCS7)

+ 5
- 4
crypto/pkcs12/p12_crt.c View File

@ -66,7 +66,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
{
PKCS12 *p12;
STACK_OF(PKCS12_SAFEBAG) *bags;
STACK *safes;
STACK_OF(PKCS7) *safes;
PKCS12_SAFEBAG *bag;
PKCS8_PRIV_KEY_INFO *p8;
PKCS7 *authsafe;
@ -121,7 +121,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
if (!authsafe) return NULL;
if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) {
if(!(safes = sk_PKCS7_new (NULL))
|| !sk_PKCS7_push(safes, authsafe)) {
PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
return NULL;
}
@ -142,7 +143,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
/* Turn it into unencrypted safe bag */
if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if(!sk_push(safes, (char *)authsafe)) {
if(!sk_PKCS7_push(safes, authsafe)) {
PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
return NULL;
}
@ -151,7 +152,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;
sk_pop_free(safes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free(safes, PKCS7_free);
if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
return NULL;


+ 2
- 0
crypto/pkcs12/p12_decr.c View File

@ -183,3 +183,5 @@ ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(),
Free (in);
return oct;
}
IMPLEMENT_PKCS12_STACK_OF(PKCS7)

+ 7
- 6
crypto/pkcs12/p12_kiss.c View File

@ -147,15 +147,16 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
{
STACK *asafes;
STACK_OF(PKCS7) *asafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid;
PKCS7 *p7;
ASN1_OCTET_STRING *keyid = NULL;
char keymatch = 0;
if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
for (i = 0; i < sk_num (asafes); i++) {
p7 = (PKCS7 *) sk_value (asafes, i);
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
p7 = sk_PKCS7_value (asafes, i);
bagnid = OBJ_obj2nid (p7->type);
if (bagnid == NID_pkcs7_data) {
bags = M_PKCS12_unpack_p7data (p7);
@ -163,18 +164,18 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
} else continue;
if (!bags) {
sk_pop_free (asafes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free (asafes, PKCS7_free);
return 0;
}
if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
&keyid, &keymatch)) {
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free(asafes, PKCS7_free);
return 0;
}
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
}
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free(asafes, PKCS7_free);
if (keyid) M_ASN1_OCTET_STRING_free(keyid);
return 1;
}


+ 9
- 9
crypto/pkcs12/p12_npas.c View File

@ -105,7 +105,7 @@ return 1;
static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
{
STACK *asafes, *newsafes;
STACK_OF(PKCS7) *asafes, *newsafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
PKCS7 *p7, *p7new;
@ -114,9 +114,9 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
unsigned int maclen;
if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
if(!(newsafes = sk_new(NULL))) return 0;
for (i = 0; i < sk_num (asafes); i++) {
p7 = (PKCS7 *) sk_value(asafes, i);
if(!(newsafes = sk_PKCS7_new(NULL))) return 0;
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
p7 = sk_PKCS7_value(asafes, i);
bagnid = OBJ_obj2nid(p7->type);
if (bagnid == NID_pkcs7_data) {
bags = M_PKCS12_unpack_p7data(p7);
@ -126,12 +126,12 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
&pbe_nid, &pbe_iter, &pbe_saltlen);
} else continue;
if (!bags) {
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free(asafes, PKCS7_free);
return 0;
}
if (!newpass_bags(bags, oldpass, newpass)) {
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free(asafes, PKCS7_free);
return 0;
}
/* Repack bag in same form with new password */
@ -140,12 +140,12 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
pbe_saltlen, pbe_iter, bags);
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if(!p7new) {
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free(asafes, PKCS7_free);
return 0;
}
sk_push(newsafes, (char *)p7new);
sk_PKCS7_push(newsafes, p7new);
}
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
sk_PKCS7_pop_free(asafes, PKCS7_free);
/* Repack safe: save old safe in case of error */


+ 3
- 25
crypto/pkcs12/pkcs12.h View File

@ -66,27 +66,6 @@
extern "C" {
#endif
#define DECLARE_PKCS12_STACK_OF(type) \
STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
type *(*d2i)(type **, \
unsigned char **, \
long), \
void (*free_func)(type *), \
const char *pass, int passlen, \
ASN1_STRING *oct, int seq);
#define IMPLEMENT_PKCS12_STACK_OF(type) \
STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
type *(*d2i)(type **, \
unsigned char **, \
long), \
void (*free_func)(type *), \
const char *pass, int passlen, \
ASN1_STRING *oct, int seq) \
{ return (STACK_OF(type) *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i, \
(void(*)(void *))free_func, \
pass,passlen,oct,seq); }
#define PKCS12_KEY_ID 1
#define PKCS12_IV_ID 2
#define PKCS12_MAC_ID 3
@ -188,13 +167,12 @@ ASN1_seq_unpack_PKCS12_SAFEBAG ((p7)->d.data->data, p7->d.data->length, \
d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
#define M_PKCS12_pack_authsafes(p12, safes) \
ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\
ASN1_seq_pack_PKCS7((safes), i2d_PKCS7,\
&(p12)->authsafes->d.data->data, &(p12)->authsafes->d.data->length)
#define M_PKCS12_unpack_authsafes(p12) \
ASN1_seq_unpack((p12)->authsafes->d.data->data, \
(p12)->authsafes->d.data->length, (char *(*)())d2i_PKCS7, \
PKCS7_free)
ASN1_seq_unpack_PKCS7((p12)->authsafes->d.data->data, \
(p12)->authsafes->d.data->length, d2i_PKCS7, PKCS7_free)
#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
PKCS12_decrypt_d2i_PKCS12_SAFEBAG ((p7)->d.encrypted->enc_data->algorithm,\


+ 4
- 0
crypto/pkcs7/pkcs7.h View File

@ -213,6 +213,10 @@ typedef struct pkcs7_st
} d;
} PKCS7;
DECLARE_STACK_OF(PKCS7)
DECLARE_ASN1_SET_OF(PKCS7)
DECLARE_PKCS12_STACK_OF(PKCS7)
#define PKCS7_OP_SET_DETACHED_SIGNATURE 1
#define PKCS7_OP_GET_DETACHED_SIGNATURE 2


+ 22
- 0
crypto/x509/x509.h View File

@ -92,6 +92,28 @@ extern "C" {
#undef X509_NAME
#endif
/* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
#define DECLARE_PKCS12_STACK_OF(type) \
STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
type *(*d2i)(type **, \
unsigned char **, \
long), \
void (*free_func)(type *), \
const char *pass, int passlen, \
ASN1_STRING *oct, int seq);
#define IMPLEMENT_PKCS12_STACK_OF(type) \
STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
type *(*d2i)(type **, \
unsigned char **, \
long), \
void (*free_func)(type *), \
const char *pass, int passlen, \
ASN1_STRING *oct, int seq) \
{ return (STACK_OF(type) *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i, \
(void(*)(void *))free_func, \
pass,passlen,oct,seq); }
#define X509_FILETYPE_PEM 1
#define X509_FILETYPE_ASN1 2
#define X509_FILETYPE_DEFAULT 3


Loading…
Cancel
Save