summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2016-07-23 19:31:36 +0000
committercvs2svn <admin@example.com>2016-07-23 19:31:36 +0000
commit86c49b31af735796dfde37aa29473a30d36367db (patch)
treee9a354a92a348338fe2b361e2eda703cae23cfab /src/lib/libcrypto/pkcs12
parent19d5fe348e8926bac4521c5807aa64c45b8f7a41 (diff)
downloadopenbsd-OPENBSD_6_0_BASE.tar.gz
openbsd-OPENBSD_6_0_BASE.tar.bz2
openbsd-OPENBSD_6_0_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_6_0_BASE'.OPENBSD_6_0_BASE
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c266
-rw-r--r--src/lib/libcrypto/pkcs12/p12_asn.c476
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c155
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c118
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c350
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c190
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c97
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c199
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c297
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c210
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c244
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8d.c68
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8e.c100
-rw-r--r--src/lib/libcrypto/pkcs12/p12_utl.c168
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c144
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h331
16 files changed, 0 insertions, 3413 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
deleted file mode 100644
index cb7f72b365..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ /dev/null
@@ -1,266 +0,0 @@
1/* $OpenBSD: p12_add.c,v 1.13 2015/09/30 18:41:06 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64/* Pack an object into an OCTET STRING and turn into a safebag */
65
66PKCS12_SAFEBAG *
67PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
68{
69 PKCS12_BAGS *bag;
70 PKCS12_SAFEBAG *safebag;
71
72 if (!(bag = PKCS12_BAGS_new())) {
73 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
74 ERR_R_MALLOC_FAILURE);
75 return NULL;
76 }
77 bag->type = OBJ_nid2obj(nid1);
78 if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
79 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
80 ERR_R_MALLOC_FAILURE);
81 PKCS12_BAGS_free(bag);
82 return NULL;
83 }
84 if (!(safebag = PKCS12_SAFEBAG_new())) {
85 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
86 ERR_R_MALLOC_FAILURE);
87 PKCS12_BAGS_free(bag);
88 return NULL;
89 }
90 safebag->value.bag = bag;
91 safebag->type = OBJ_nid2obj(nid2);
92 return safebag;
93}
94
95/* Turn PKCS8 object into a keybag */
96
97PKCS12_SAFEBAG *
98PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
99{
100 PKCS12_SAFEBAG *bag;
101
102 if (!(bag = PKCS12_SAFEBAG_new())) {
103 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
104 return NULL;
105 }
106 bag->type = OBJ_nid2obj(NID_keyBag);
107 bag->value.keybag = p8;
108 return bag;
109}
110
111/* Turn PKCS8 object into a shrouded keybag */
112
113PKCS12_SAFEBAG *
114PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
115 unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
116{
117 PKCS12_SAFEBAG *bag;
118 const EVP_CIPHER *pbe_ciph;
119
120 /* Set up the safe bag */
121 if (!(bag = PKCS12_SAFEBAG_new())) {
122 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
123 return NULL;
124 }
125
126 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
127
128 pbe_ciph = EVP_get_cipherbynid(pbe_nid);
129
130 if (pbe_ciph)
131 pbe_nid = -1;
132
133 if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
134 passlen, salt, saltlen, iter, p8))) {
135 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
136 PKCS12_SAFEBAG_free(bag);
137 return NULL;
138 }
139
140 return bag;
141}
142
143/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
144PKCS7 *
145PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
146{
147 PKCS7 *p7;
148
149 if (!(p7 = PKCS7_new())) {
150 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
151 return NULL;
152 }
153 p7->type = OBJ_nid2obj(NID_pkcs7_data);
154 if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
155 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
156 goto err;
157 }
158
159 if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
160 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA,
161 PKCS12_R_CANT_PACK_STRUCTURE);
162 goto err;
163 }
164 return p7;
165
166err:
167 PKCS7_free(p7);
168 return NULL;
169}
170
171/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
172STACK_OF(PKCS12_SAFEBAG) *
173PKCS12_unpack_p7data(PKCS7 *p7)
174{
175 if (!PKCS7_type_is_data(p7)) {
176 PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
177 PKCS12_R_CONTENT_TYPE_NOT_DATA);
178 return NULL;
179 }
180 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
181}
182
183/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
184
185PKCS7 *
186PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
187 unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags)
188{
189 PKCS7 *p7;
190 X509_ALGOR *pbe;
191 const EVP_CIPHER *pbe_ciph;
192
193 if (!(p7 = PKCS7_new())) {
194 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
195 return NULL;
196 }
197 if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
198 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
199 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
200 goto err;
201 }
202
203 pbe_ciph = EVP_get_cipherbynid(pbe_nid);
204
205 if (pbe_ciph)
206 pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
207 else
208 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
209
210 if (!pbe) {
211 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
212 goto err;
213 }
214 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
215 p7->d.encrypted->enc_data->algorithm = pbe;
216 ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
217 if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
218 pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) {
219 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
220 PKCS12_R_ENCRYPT_ERROR);
221 goto err;
222 }
223
224 return p7;
225
226err:
227 PKCS7_free(p7);
228 return NULL;
229}
230
231STACK_OF(PKCS12_SAFEBAG) *
232PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
233{
234 if (!PKCS7_type_is_encrypted(p7))
235 return NULL;
236 return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
237 ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
238 p7->d.encrypted->enc_data->enc_data, 1);
239}
240
241PKCS8_PRIV_KEY_INFO *
242PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, int passlen)
243{
244 return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
245}
246
247int
248PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
249{
250 if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
251 &p12->authsafes->d.data))
252 return 1;
253 return 0;
254}
255
256STACK_OF(PKCS7) *
257PKCS12_unpack_authsafes(PKCS12 *p12)
258{
259 if (!PKCS7_type_is_data(p12->authsafes)) {
260 PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
261 PKCS12_R_CONTENT_TYPE_NOT_DATA);
262 return NULL;
263 }
264 return ASN1_item_unpack(p12->authsafes->d.data,
265 ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
266}
diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c
deleted file mode 100644
index 3baf8f43d5..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_asn.c
+++ /dev/null
@@ -1,476 +0,0 @@
1/* $OpenBSD: p12_asn.c,v 1.9 2015/07/25 17:08:40 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/pkcs12.h>
63
64/* PKCS#12 ASN1 module */
65
66static const ASN1_TEMPLATE PKCS12_seq_tt[] = {
67 {
68 .flags = 0,
69 .tag = 0,
70 .offset = offsetof(PKCS12, version),
71 .field_name = "version",
72 .item = &ASN1_INTEGER_it,
73 },
74 {
75 .flags = 0,
76 .tag = 0,
77 .offset = offsetof(PKCS12, authsafes),
78 .field_name = "authsafes",
79 .item = &PKCS7_it,
80 },
81 {
82 .flags = ASN1_TFLG_OPTIONAL,
83 .tag = 0,
84 .offset = offsetof(PKCS12, mac),
85 .field_name = "mac",
86 .item = &PKCS12_MAC_DATA_it,
87 },
88};
89
90const ASN1_ITEM PKCS12_it = {
91 .itype = ASN1_ITYPE_SEQUENCE,
92 .utype = V_ASN1_SEQUENCE,
93 .templates = PKCS12_seq_tt,
94 .tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE),
95 .funcs = NULL,
96 .size = sizeof(PKCS12),
97 .sname = "PKCS12",
98};
99
100
101PKCS12 *
102d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len)
103{
104 return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
105 &PKCS12_it);
106}
107
108int
109i2d_PKCS12(PKCS12 *a, unsigned char **out)
110{
111 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it);
112}
113
114PKCS12 *
115PKCS12_new(void)
116{
117 return (PKCS12 *)ASN1_item_new(&PKCS12_it);
118}
119
120void
121PKCS12_free(PKCS12 *a)
122{
123 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it);
124}
125
126static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = {
127 {
128 .flags = 0,
129 .tag = 0,
130 .offset = offsetof(PKCS12_MAC_DATA, dinfo),
131 .field_name = "dinfo",
132 .item = &X509_SIG_it,
133 },
134 {
135 .flags = 0,
136 .tag = 0,
137 .offset = offsetof(PKCS12_MAC_DATA, salt),
138 .field_name = "salt",
139 .item = &ASN1_OCTET_STRING_it,
140 },
141 {
142 .flags = ASN1_TFLG_OPTIONAL,
143 .tag = 0,
144 .offset = offsetof(PKCS12_MAC_DATA, iter),
145 .field_name = "iter",
146 .item = &ASN1_INTEGER_it,
147 },
148};
149
150const ASN1_ITEM PKCS12_MAC_DATA_it = {
151 .itype = ASN1_ITYPE_SEQUENCE,
152 .utype = V_ASN1_SEQUENCE,
153 .templates = PKCS12_MAC_DATA_seq_tt,
154 .tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE),
155 .funcs = NULL,
156 .size = sizeof(PKCS12_MAC_DATA),
157 .sname = "PKCS12_MAC_DATA",
158};
159
160
161PKCS12_MAC_DATA *
162d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
163{
164 return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
165 &PKCS12_MAC_DATA_it);
166}
167
168int
169i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
170{
171 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
172}
173
174PKCS12_MAC_DATA *
175PKCS12_MAC_DATA_new(void)
176{
177 return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
178}
179
180void
181PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
182{
183 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
184}
185
186static const ASN1_TEMPLATE bag_default_tt = {
187 .flags = ASN1_TFLG_EXPLICIT,
188 .tag = 0,
189 .offset = offsetof(PKCS12_BAGS, value.other),
190 .field_name = "value.other",
191 .item = &ASN1_ANY_it,
192};
193
194static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
195 {
196 .value = NID_x509Certificate,
197 .tt = {
198 .flags = ASN1_TFLG_EXPLICIT,
199 .tag = 0,
200 .offset = offsetof(PKCS12_BAGS, value.x509cert),
201 .field_name = "value.x509cert",
202 .item = &ASN1_OCTET_STRING_it,
203 },
204
205 },
206 {
207 .value = NID_x509Crl,
208 .tt = {
209 .flags = ASN1_TFLG_EXPLICIT,
210 .tag = 0,
211 .offset = offsetof(PKCS12_BAGS, value.x509crl),
212 .field_name = "value.x509crl",
213 .item = &ASN1_OCTET_STRING_it,
214 },
215
216 },
217 {
218 .value = NID_sdsiCertificate,
219 .tt = {
220 .flags = ASN1_TFLG_EXPLICIT,
221 .tag = 0,
222 .offset = offsetof(PKCS12_BAGS, value.sdsicert),
223 .field_name = "value.sdsicert",
224 .item = &ASN1_IA5STRING_it,
225 },
226
227 },
228};
229
230static const ASN1_ADB PKCS12_BAGS_adb = {
231 .flags = 0,
232 .offset = offsetof(PKCS12_BAGS, type),
233 .app_items = 0,
234 .tbl = PKCS12_BAGS_adbtbl,
235 .tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
236 .default_tt = &bag_default_tt,
237 .null_tt = NULL,
238};
239
240static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = {
241 {
242 .flags = 0,
243 .tag = 0,
244 .offset = offsetof(PKCS12_BAGS, type),
245 .field_name = "type",
246 .item = &ASN1_OBJECT_it,
247 },
248 {
249 .flags = ASN1_TFLG_ADB_OID,
250 .tag = -1,
251 .offset = 0,
252 .field_name = "PKCS12_BAGS",
253 .item = (const ASN1_ITEM *)&PKCS12_BAGS_adb,
254 },
255};
256
257const ASN1_ITEM PKCS12_BAGS_it = {
258 .itype = ASN1_ITYPE_SEQUENCE,
259 .utype = V_ASN1_SEQUENCE,
260 .templates = PKCS12_BAGS_seq_tt,
261 .tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE),
262 .funcs = NULL,
263 .size = sizeof(PKCS12_BAGS),
264 .sname = "PKCS12_BAGS",
265};
266
267
268PKCS12_BAGS *
269d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
270{
271 return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
272 &PKCS12_BAGS_it);
273}
274
275int
276i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
277{
278 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
279}
280
281PKCS12_BAGS *
282PKCS12_BAGS_new(void)
283{
284 return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
285}
286
287void
288PKCS12_BAGS_free(PKCS12_BAGS *a)
289{
290 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
291}
292
293static const ASN1_TEMPLATE safebag_default_tt = {
294 .flags = ASN1_TFLG_EXPLICIT,
295 .tag = 0,
296 .offset = offsetof(PKCS12_SAFEBAG, value.other),
297 .field_name = "value.other",
298 .item = &ASN1_ANY_it,
299};
300
301static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
302 {
303 .value = NID_keyBag,
304 .tt = {
305 .flags = ASN1_TFLG_EXPLICIT,
306 .tag = 0,
307 .offset = offsetof(PKCS12_SAFEBAG, value.keybag),
308 .field_name = "value.keybag",
309 .item = &PKCS8_PRIV_KEY_INFO_it,
310 },
311
312 },
313 {
314 .value = NID_pkcs8ShroudedKeyBag,
315 .tt = {
316 .flags = ASN1_TFLG_EXPLICIT,
317 .tag = 0,
318 .offset = offsetof(PKCS12_SAFEBAG, value.shkeybag),
319 .field_name = "value.shkeybag",
320 .item = &X509_SIG_it,
321 },
322
323 },
324 {
325 .value = NID_safeContentsBag,
326 .tt = {
327 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SET_OF,
328 .tag = 0,
329 .offset = offsetof(PKCS12_SAFEBAG, value.safes),
330 .field_name = "value.safes",
331 .item = &PKCS12_SAFEBAG_it,
332 },
333 },
334 {
335 .value = NID_certBag,
336 .tt = {
337 .flags = ASN1_TFLG_EXPLICIT,
338 .tag = 0,
339 .offset = offsetof(PKCS12_SAFEBAG, value.bag),
340 .field_name = "value.bag",
341 .item = &PKCS12_BAGS_it,
342 },
343
344 },
345 {
346 .value = NID_crlBag,
347 .tt = {
348 .flags = ASN1_TFLG_EXPLICIT,
349 .tag = 0,
350 .offset = offsetof(PKCS12_SAFEBAG, value.bag),
351 .field_name = "value.bag",
352 .item = &PKCS12_BAGS_it,
353 },
354
355 },
356 {
357 .value = NID_secretBag,
358 .tt = {
359 .flags = ASN1_TFLG_EXPLICIT,
360 .tag = 0,
361 .offset = offsetof(PKCS12_SAFEBAG, value.bag),
362 .field_name = "value.bag",
363 .item = &PKCS12_BAGS_it,
364 },
365
366 },
367};
368
369static const ASN1_ADB PKCS12_SAFEBAG_adb = {
370 .flags = 0,
371 .offset = offsetof(PKCS12_SAFEBAG, type),
372 .app_items = 0,
373 .tbl = PKCS12_SAFEBAG_adbtbl,
374 .tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
375 .default_tt = &safebag_default_tt,
376 .null_tt = NULL,
377};
378
379static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = {
380 {
381 .flags = 0,
382 .tag = 0,
383 .offset = offsetof(PKCS12_SAFEBAG, type),
384 .field_name = "type",
385 .item = &ASN1_OBJECT_it,
386 },
387 {
388 .flags = ASN1_TFLG_ADB_OID,
389 .tag = -1,
390 .offset = 0,
391 .field_name = "PKCS12_SAFEBAG",
392 .item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb,
393 },
394 {
395 .flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
396 .tag = 0,
397 .offset = offsetof(PKCS12_SAFEBAG, attrib),
398 .field_name = "attrib",
399 .item = &X509_ATTRIBUTE_it,
400 },
401};
402
403const ASN1_ITEM PKCS12_SAFEBAG_it = {
404 .itype = ASN1_ITYPE_SEQUENCE,
405 .utype = V_ASN1_SEQUENCE,
406 .templates = PKCS12_SAFEBAG_seq_tt,
407 .tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE),
408 .funcs = NULL,
409 .size = sizeof(PKCS12_SAFEBAG),
410 .sname = "PKCS12_SAFEBAG",
411};
412
413
414PKCS12_SAFEBAG *
415d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
416{
417 return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
418 &PKCS12_SAFEBAG_it);
419}
420
421int
422i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out)
423{
424 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);
425}
426
427PKCS12_SAFEBAG *
428PKCS12_SAFEBAG_new(void)
429{
430 return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it);
431}
432
433void
434PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a)
435{
436 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it);
437}
438
439/* SEQUENCE OF SafeBag */
440static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = {
441 .flags = ASN1_TFLG_SEQUENCE_OF,
442 .tag = 0,
443 .offset = 0,
444 .field_name = "PKCS12_SAFEBAGS",
445 .item = &PKCS12_SAFEBAG_it,
446};
447
448const ASN1_ITEM PKCS12_SAFEBAGS_it = {
449 .itype = ASN1_ITYPE_PRIMITIVE,
450 .utype = -1,
451 .templates = &PKCS12_SAFEBAGS_item_tt,
452 .tcount = 0,
453 .funcs = NULL,
454 .size = 0,
455 .sname = "PKCS12_SAFEBAGS",
456};
457
458/* Authsafes: SEQUENCE OF PKCS7 */
459static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = {
460 .flags = ASN1_TFLG_SEQUENCE_OF,
461 .tag = 0,
462 .offset = 0,
463 .field_name = "PKCS12_AUTHSAFES",
464 .item = &PKCS7_it,
465};
466
467const ASN1_ITEM PKCS12_AUTHSAFES_it = {
468 .itype = ASN1_ITYPE_PRIMITIVE,
469 .utype = -1,
470 .templates = &PKCS12_AUTHSAFES_item_tt,
471 .tcount = 0,
472 .funcs = NULL,
473 .size = 0,
474 .sname = "PKCS12_AUTHSAFES",
475};
476
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
deleted file mode 100644
index 7552cf0a60..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ /dev/null
@@ -1,155 +0,0 @@
1/* $OpenBSD: p12_attr.c,v 1.10 2014/07/11 08:44:49 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/pkcs12.h>
62
63/* Add a local keyid to a safebag */
64
65int
66PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
67{
68 if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
69 V_ASN1_OCTET_STRING, name, namelen))
70 return 1;
71 else
72 return 0;
73}
74
75/* Add key usage to PKCS#8 structure */
76
77int
78PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
79{
80 unsigned char us_val;
81
82 us_val = (unsigned char) usage;
83 if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
84 V_ASN1_BIT_STRING, &us_val, 1))
85 return 1;
86 else
87 return 0;
88}
89
90/* Add a friendlyname to a safebag */
91
92int
93PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
94{
95 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
96 MBSTRING_ASC, (unsigned char *)name, namelen))
97 return 1;
98 else
99 return 0;
100}
101
102
103int
104PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
105 int namelen)
106{
107 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
108 MBSTRING_BMP, name, namelen))
109 return 1;
110 else
111 return 0;
112}
113
114int
115PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
116{
117 if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
118 MBSTRING_ASC, (unsigned char *)name, namelen))
119 return 1;
120 else
121 return 0;
122}
123
124ASN1_TYPE *
125PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
126{
127 X509_ATTRIBUTE *attrib;
128 int i;
129
130 if (!attrs)
131 return NULL;
132 for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
133 attrib = sk_X509_ATTRIBUTE_value (attrs, i);
134 if (OBJ_obj2nid (attrib->object) == attr_nid) {
135 if (sk_ASN1_TYPE_num (attrib->value.set))
136 return sk_ASN1_TYPE_value(attrib->value.set, 0);
137 else
138 return NULL;
139 }
140 }
141 return NULL;
142}
143
144char *
145PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
146{
147 ASN1_TYPE *atype;
148
149 if (!(atype = PKCS12_get_attr(bag, NID_friendlyName)))
150 return NULL;
151 if (atype->type != V_ASN1_BMPSTRING)
152 return NULL;
153 return OPENSSL_uni2asc(atype->value.bmpstring->data,
154 atype->value.bmpstring->length);
155}
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
deleted file mode 100644
index 0f215d2fe2..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ /dev/null
@@ -1,118 +0,0 @@
1/* $OpenBSD: p12_crpt.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65/* PKCS#12 PBE algorithms now in static table */
66
67void
68PKCS12_PBE_add(void)
69{
70}
71
72int
73PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
74 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
75{
76 PBEPARAM *pbe;
77 int saltlen, iter, ret;
78 unsigned char *salt;
79 const unsigned char *pbuf;
80 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
81
82 /* Extract useful info from parameter */
83 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
84 param->value.sequence == NULL) {
85 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
86 return 0;
87 }
88
89 pbuf = param->value.sequence->data;
90 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
91 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
92 return 0;
93 }
94
95 if (!pbe->iter)
96 iter = 1;
97 else
98 iter = ASN1_INTEGER_get (pbe->iter);
99 salt = pbe->salt->data;
100 saltlen = pbe->salt->length;
101 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
102 iter, EVP_CIPHER_key_length(cipher), key, md)) {
103 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
104 PBEPARAM_free(pbe);
105 return 0;
106 }
107 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
108 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
109 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
110 PBEPARAM_free(pbe);
111 return 0;
112 }
113 PBEPARAM_free(pbe);
114 ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
115 explicit_bzero(key, EVP_MAX_KEY_LENGTH);
116 explicit_bzero(iv, EVP_MAX_IV_LENGTH);
117 return ret;
118}
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
deleted file mode 100644
index bef4d54cd9..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ /dev/null
@@ -1,350 +0,0 @@
1/* $OpenBSD: p12_crt.c,v 1.16 2015/02/14 12:43:07 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
65 PKCS12_SAFEBAG *bag);
66
67static int
68copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
69{
70 int idx;
71 X509_ATTRIBUTE *attr;
72
73 idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
74 if (idx < 0)
75 return 1;
76 attr = EVP_PKEY_get_attr(pkey, idx);
77 if (!X509at_add1_attr(&bag->attrib, attr))
78 return 0;
79 return 1;
80}
81
82PKCS12 *
83PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
84 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
85 int keytype)
86{
87 PKCS12 *p12 = NULL;
88 STACK_OF(PKCS7) *safes = NULL;
89 STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
90 PKCS12_SAFEBAG *bag = NULL;
91 int i;
92 unsigned char keyid[EVP_MAX_MD_SIZE];
93 unsigned int keyidlen = 0;
94
95 /* Set defaults */
96 if (!nid_cert) {
97 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
98 }
99 if (!nid_key)
100 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
101 if (!iter)
102 iter = PKCS12_DEFAULT_ITER;
103 if (!mac_iter)
104 mac_iter = 1;
105
106 if (!pkey && !cert && !ca) {
107 PKCS12err(PKCS12_F_PKCS12_CREATE,
108 PKCS12_R_INVALID_NULL_ARGUMENT);
109 return NULL;
110 }
111
112 if (pkey && cert) {
113 if (!X509_check_private_key(cert, pkey))
114 return NULL;
115 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
116 }
117
118 if (cert) {
119 bag = PKCS12_add_cert(&bags, cert);
120 if (name && !PKCS12_add_friendlyname(bag, name, -1))
121 goto err;
122 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
123 goto err;
124 }
125
126 /* Add all other certificates */
127 for (i = 0; i < sk_X509_num(ca); i++) {
128 if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
129 goto err;
130 }
131
132 if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
133 goto err;
134
135 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
136 bags = NULL;
137
138 if (pkey) {
139 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
140
141 if (!bag)
142 goto err;
143
144 if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
145 goto err;
146 if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
147 goto err;
148
149 if (name && !PKCS12_add_friendlyname(bag, name, -1))
150 goto err;
151 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
152 goto err;
153 }
154
155 if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
156 goto err;
157
158 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
159 bags = NULL;
160
161 p12 = PKCS12_add_safes(safes, 0);
162
163 if (!p12)
164 goto err;
165
166 sk_PKCS7_pop_free(safes, PKCS7_free);
167
168 safes = NULL;
169
170 if ((mac_iter != -1) &&
171 !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
172 goto err;
173
174 return p12;
175
176err:
177 if (p12)
178 PKCS12_free(p12);
179 if (safes)
180 sk_PKCS7_pop_free(safes, PKCS7_free);
181 if (bags)
182 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
183 return NULL;
184}
185
186PKCS12_SAFEBAG *
187PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
188{
189 PKCS12_SAFEBAG *bag = NULL;
190 char *name;
191 int namelen = -1;
192 unsigned char *keyid;
193 int keyidlen = -1;
194
195 /* Add user certificate */
196 if (!(bag = PKCS12_x5092certbag(cert)))
197 goto err;
198
199 /* Use friendlyName and localKeyID in certificate.
200 * (if present)
201 */
202 name = (char *)X509_alias_get0(cert, &namelen);
203 if (name && !PKCS12_add_friendlyname(bag, name, namelen))
204 goto err;
205
206 keyid = X509_keyid_get0(cert, &keyidlen);
207
208 if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
209 goto err;
210
211 if (!pkcs12_add_bag(pbags, bag))
212 goto err;
213
214 return bag;
215
216err:
217 if (bag)
218 PKCS12_SAFEBAG_free(bag);
219
220 return NULL;
221}
222
223PKCS12_SAFEBAG *
224PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,
225 int iter, int nid_key, char *pass)
226{
227 PKCS12_SAFEBAG *bag = NULL;
228 PKCS8_PRIV_KEY_INFO *p8 = NULL;
229
230 /* Make a PKCS#8 structure */
231 if (!(p8 = EVP_PKEY2PKCS8(key)))
232 goto err;
233 if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
234 goto err;
235 if (nid_key != -1) {
236 bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0,
237 iter, p8);
238 PKCS8_PRIV_KEY_INFO_free(p8);
239 p8 = NULL;
240 } else {
241 bag = PKCS12_MAKE_KEYBAG(p8);
242 if (bag != NULL)
243 p8 = NULL;
244 }
245
246 if (!bag)
247 goto err;
248
249 if (!pkcs12_add_bag(pbags, bag))
250 goto err;
251
252 return bag;
253
254err:
255 if (bag)
256 PKCS12_SAFEBAG_free(bag);
257 if (p8)
258 PKCS8_PRIV_KEY_INFO_free(p8);
259
260 return NULL;
261}
262
263int
264PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
265 int nid_safe, int iter, char *pass)
266{
267 PKCS7 *p7 = NULL;
268 int free_safes = 0;
269
270 if (!*psafes) {
271 *psafes = sk_PKCS7_new_null();
272 if (!*psafes)
273 return 0;
274 free_safes = 1;
275 } else
276 free_safes = 0;
277
278 if (nid_safe == 0)
279 nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
280
281 if (nid_safe == -1)
282 p7 = PKCS12_pack_p7data(bags);
283 else
284 p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
285 iter, bags);
286 if (!p7)
287 goto err;
288
289 if (!sk_PKCS7_push(*psafes, p7))
290 goto err;
291
292 return 1;
293
294err:
295 if (free_safes) {
296 sk_PKCS7_free(*psafes);
297 *psafes = NULL;
298 }
299
300 if (p7)
301 PKCS7_free(p7);
302
303 return 0;
304}
305
306static int
307pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
308{
309 int free_bags;
310
311 if (!pbags)
312 return 1;
313 if (!*pbags) {
314 *pbags = sk_PKCS12_SAFEBAG_new_null();
315 if (!*pbags)
316 return 0;
317 free_bags = 1;
318 } else
319 free_bags = 0;
320
321 if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
322 if (free_bags) {
323 sk_PKCS12_SAFEBAG_free(*pbags);
324 *pbags = NULL;
325 }
326 return 0;
327 }
328
329 return 1;
330}
331
332PKCS12 *
333PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
334{
335 PKCS12 *p12;
336
337 if (nid_p7 <= 0)
338 nid_p7 = NID_pkcs7_data;
339 p12 = PKCS12_init(nid_p7);
340
341 if (!p12)
342 return NULL;
343
344 if (!PKCS12_pack_authsafes(p12, safes)) {
345 PKCS12_free(p12);
346 return NULL;
347 }
348
349 return p12;
350}
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
deleted file mode 100644
index ad4e0bc660..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ /dev/null
@@ -1,190 +0,0 @@
1/* $OpenBSD: p12_decr.c,v 1.17 2015/09/30 18:41:06 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65/* Encrypt/Decrypt a buffer based on password and algor, result in a
66 * malloc'ed buffer
67 */
68
69unsigned char *
70PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
71 unsigned char *in, int inlen, unsigned char **data, int *datalen, int en_de)
72{
73 unsigned char *out;
74 int outlen, i;
75 EVP_CIPHER_CTX ctx;
76
77 EVP_CIPHER_CTX_init(&ctx);
78 /* Decrypt data */
79 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
80 algor->parameter, &ctx, en_de)) {
81 out = NULL;
82 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
83 PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
84 goto err;
85 }
86
87 if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
88 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
89 goto err;
90 }
91
92 if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
93 free(out);
94 out = NULL;
95 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
96 goto err;
97 }
98
99 outlen = i;
100 if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
101 free(out);
102 out = NULL;
103 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
104 PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
105 goto err;
106 }
107 outlen += i;
108 if (datalen)
109 *datalen = outlen;
110 if (data)
111 *data = out;
112
113err:
114 EVP_CIPHER_CTX_cleanup(&ctx);
115 return out;
116
117}
118
119/* Decrypt an OCTET STRING and decode ASN1 structure
120 * if zbuf set zero buffer after use.
121 */
122
123void *
124PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
125 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
126{
127 unsigned char *out;
128 const unsigned char *p;
129 void *ret;
130 int outlen;
131
132 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
133 &out, &outlen, 0)) {
134 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
135 PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
136 return NULL;
137 }
138 p = out;
139 ret = ASN1_item_d2i(NULL, &p, outlen, it);
140 if (zbuf)
141 explicit_bzero(out, outlen);
142 if (!ret)
143 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
144 PKCS12_R_DECODE_ERROR);
145 free(out);
146 return ret;
147}
148
149/* Encode ASN1 structure and encrypt, return OCTET STRING
150 * if zbuf set zero encoding.
151 */
152
153ASN1_OCTET_STRING *
154PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
155 const char *pass, int passlen,
156 void *obj, int zbuf)
157{
158 ASN1_OCTET_STRING *oct;
159 unsigned char *in = NULL;
160 int inlen;
161
162 if (!(oct = ASN1_OCTET_STRING_new ())) {
163 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
164 ERR_R_MALLOC_FAILURE);
165 return NULL;
166 }
167 inlen = ASN1_item_i2d(obj, &in, it);
168 if (!in) {
169 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
170 PKCS12_R_ENCODE_ERROR);
171 goto err;
172 }
173 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
174 &oct->length, 1)) {
175 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
176 PKCS12_R_ENCRYPT_ERROR);
177 goto err;
178 }
179 if (zbuf)
180 explicit_bzero(in, inlen);
181 free(in);
182 return oct;
183
184err:
185 free(in);
186 ASN1_OCTET_STRING_free(oct);
187 return NULL;
188}
189
190IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
deleted file mode 100644
index cd01196b6f..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ /dev/null
@@ -1,97 +0,0 @@
1/* $OpenBSD: p12_init.c,v 1.10 2015/09/30 18:41:06 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64/* Initialise a PKCS12 structure to take data */
65
66PKCS12 *
67PKCS12_init(int mode)
68{
69 PKCS12 *pkcs12;
70
71 if (!(pkcs12 = PKCS12_new())) {
72 PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
73 return NULL;
74 }
75 ASN1_INTEGER_set(pkcs12->version, 3);
76 pkcs12->authsafes->type = OBJ_nid2obj(mode);
77 switch (mode) {
78 case NID_pkcs7_data:
79 if (!(pkcs12->authsafes->d.data =
80 ASN1_OCTET_STRING_new())) {
81 PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
82 goto err;
83 }
84 break;
85 default:
86 PKCS12err(PKCS12_F_PKCS12_INIT,
87 PKCS12_R_UNSUPPORTED_PKCS12_MODE);
88 goto err;
89 }
90
91 return pkcs12;
92
93err:
94 if (pkcs12 != NULL)
95 PKCS12_free(pkcs12);
96 return NULL;
97}
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
deleted file mode 100644
index 38f8a8194c..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ /dev/null
@@ -1,199 +0,0 @@
1/* $OpenBSD: p12_key.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/bn.h>
63#include <openssl/err.h>
64#include <openssl/pkcs12.h>
65
66/* PKCS12 compatible key/IV generation */
67#ifndef min
68#define min(a,b) ((a) < (b) ? (a) : (b))
69#endif
70
71int
72PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
73 int saltlen, int id, int iter, int n, unsigned char *out,
74 const EVP_MD *md_type)
75{
76 int ret;
77 unsigned char *unipass;
78 int uniplen;
79
80 if (!pass) {
81 unipass = NULL;
82 uniplen = 0;
83 } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
84 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
85 return 0;
86 }
87 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
88 id, iter, n, out, md_type);
89 if (ret <= 0)
90 return 0;
91 if (unipass) {
92 explicit_bzero(unipass, uniplen);
93 free(unipass);
94 }
95 return ret;
96}
97
98int
99PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
100 int saltlen, int id, int iter, int n, unsigned char *out,
101 const EVP_MD *md_type)
102{
103 unsigned char *B, *D, *I, *p, *Ai;
104 int Slen, Plen, Ilen, Ijlen;
105 int i, j, u, v;
106 int ret = 0;
107 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
108 EVP_MD_CTX ctx;
109
110 EVP_MD_CTX_init(&ctx);
111 v = EVP_MD_block_size(md_type);
112 u = EVP_MD_size(md_type);
113 if (u < 0)
114 return 0;
115 D = malloc(v);
116 Ai = malloc(u);
117 B = malloc(v + 1);
118 Slen = v * ((saltlen + v - 1) / v);
119 if (passlen)
120 Plen = v * ((passlen + v - 1)/v);
121 else
122 Plen = 0;
123 Ilen = Slen + Plen;
124 I = malloc(Ilen);
125 Ij = BN_new();
126 Bpl1 = BN_new();
127 if (!D || !Ai || !B || !I || !Ij || !Bpl1)
128 goto err;
129 for (i = 0; i < v; i++)
130 D[i] = id;
131 p = I;
132 for (i = 0; i < Slen; i++)
133 *p++ = salt[i % saltlen];
134 for (i = 0; i < Plen; i++)
135 *p++ = pass[i % passlen];
136 for (;;) {
137 if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ||
138 !EVP_DigestUpdate(&ctx, D, v) ||
139 !EVP_DigestUpdate(&ctx, I, Ilen) ||
140 !EVP_DigestFinal_ex(&ctx, Ai, NULL))
141 goto err;
142 for (j = 1; j < iter; j++) {
143 if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ||
144 !EVP_DigestUpdate(&ctx, Ai, u) ||
145 !EVP_DigestFinal_ex(&ctx, Ai, NULL))
146 goto err;
147 }
148 memcpy (out, Ai, min (n, u));
149 if (u >= n) {
150 ret = 1;
151 goto end;
152 }
153 n -= u;
154 out += u;
155 for (j = 0; j < v; j++)
156 B[j] = Ai[j % u];
157 /* Work out B + 1 first then can use B as tmp space */
158 if (!BN_bin2bn (B, v, Bpl1))
159 goto err;
160 if (!BN_add_word (Bpl1, 1))
161 goto err;
162 for (j = 0; j < Ilen; j += v) {
163 if (!BN_bin2bn(I + j, v, Ij))
164 goto err;
165 if (!BN_add(Ij, Ij, Bpl1))
166 goto err;
167 if (!BN_bn2bin(Ij, B))
168 goto err;
169 Ijlen = BN_num_bytes (Ij);
170 /* If more than 2^(v*8) - 1 cut off MSB */
171 if (Ijlen > v) {
172 if (!BN_bn2bin (Ij, B))
173 goto err;
174 memcpy (I + j, B + 1, v);
175#ifndef PKCS12_BROKEN_KEYGEN
176 /* If less than v bytes pad with zeroes */
177 } else if (Ijlen < v) {
178 memset(I + j, 0, v - Ijlen);
179 if (!BN_bn2bin(Ij, I + j + v - Ijlen))
180 goto err;
181#endif
182 } else if (!BN_bn2bin (Ij, I + j))
183 goto err;
184 }
185 }
186
187err:
188 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
189
190end:
191 free(Ai);
192 free(B);
193 free(D);
194 free(I);
195 BN_free(Ij);
196 BN_free(Bpl1);
197 EVP_MD_CTX_cleanup(&ctx);
198 return ret;
199}
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
deleted file mode 100644
index df992a68fc..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ /dev/null
@@ -1,297 +0,0 @@
1/* $OpenBSD: p12_kiss.c,v 1.17 2016/03/11 07:08:44 mmcc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64/* Simplified PKCS#12 routines */
65
66static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
67 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
68
69static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
70 int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
71
72static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
73 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
74
75/* Parse and decrypt a PKCS#12 structure returning user key, user cert
76 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
77 * or it should point to a valid STACK structure. pkey and cert can be
78 * passed unitialised.
79 */
80
81int
82PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
83 STACK_OF(X509) **ca)
84{
85 STACK_OF(X509) *ocerts = NULL;
86 X509 *x = NULL;
87 /* Check for NULL PKCS12 structure */
88
89 if (!p12) {
90 PKCS12err(PKCS12_F_PKCS12_PARSE,
91 PKCS12_R_INVALID_NULL_PKCS12_POINTER);
92 return 0;
93 }
94
95 if (pkey)
96 *pkey = NULL;
97 if (cert)
98 *cert = NULL;
99
100 /* Check the mac */
101
102 /* If password is zero length or NULL then try verifying both cases
103 * to determine which password is correct. The reason for this is that
104 * under PKCS#12 password based encryption no password and a zero length
105 * password are two different things...
106 */
107
108 if (!pass || !*pass) {
109 if (PKCS12_verify_mac(p12, NULL, 0))
110 pass = NULL;
111 else if (PKCS12_verify_mac(p12, "", 0))
112 pass = "";
113 else {
114 PKCS12err(PKCS12_F_PKCS12_PARSE,
115 PKCS12_R_MAC_VERIFY_FAILURE);
116 goto err;
117 }
118 } else if (!PKCS12_verify_mac(p12, pass, -1)) {
119 PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
120 goto err;
121 }
122
123 /* Allocate stack for other certificates */
124 ocerts = sk_X509_new_null();
125 if (!ocerts) {
126 PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
127 return 0;
128 }
129
130 if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) {
131 PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
132 goto err;
133 }
134
135 while ((x = sk_X509_pop(ocerts))) {
136 if (pkey && *pkey && cert && !*cert) {
137 if (X509_check_private_key(x, *pkey)) {
138 *cert = x;
139 x = NULL;
140 }
141 }
142
143 if (ca && x) {
144 if (!*ca)
145 *ca = sk_X509_new_null();
146 if (!*ca)
147 goto err;
148 if (!sk_X509_push(*ca, x))
149 goto err;
150 x = NULL;
151 }
152 X509_free(x);
153 }
154
155 if (ocerts)
156 sk_X509_pop_free(ocerts, X509_free);
157
158 return 1;
159
160err:
161 if (pkey && *pkey)
162 EVP_PKEY_free(*pkey);
163 if (cert)
164 X509_free(*cert);
165 X509_free(x);
166 if (ocerts)
167 sk_X509_pop_free(ocerts, X509_free);
168 return 0;
169}
170
171/* Parse the outer PKCS#12 structure */
172
173static int
174parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey,
175 STACK_OF(X509) *ocerts)
176{
177 STACK_OF(PKCS7) *asafes;
178 STACK_OF(PKCS12_SAFEBAG) *bags;
179 int i, bagnid;
180 PKCS7 *p7;
181
182 if (!(asafes = PKCS12_unpack_authsafes (p12)))
183 return 0;
184 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
185 p7 = sk_PKCS7_value (asafes, i);
186 bagnid = OBJ_obj2nid (p7->type);
187 if (bagnid == NID_pkcs7_data) {
188 bags = PKCS12_unpack_p7data(p7);
189 } else if (bagnid == NID_pkcs7_encrypted) {
190 bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
191 } else
192 continue;
193 if (!bags) {
194 sk_PKCS7_pop_free(asafes, PKCS7_free);
195 return 0;
196 }
197 if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
198 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
199 sk_PKCS7_pop_free(asafes, PKCS7_free);
200 return 0;
201 }
202 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
203 }
204 sk_PKCS7_pop_free(asafes, PKCS7_free);
205 return 1;
206}
207
208static int
209parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen,
210 EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
211{
212 int i;
213
214 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
215 if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), pass, passlen,
216 pkey, ocerts))
217 return 0;
218 }
219 return 1;
220}
221
222static int
223parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey,
224 STACK_OF(X509) *ocerts)
225{
226 PKCS8_PRIV_KEY_INFO *p8;
227 X509 *x509;
228 ASN1_TYPE *attrib;
229 ASN1_BMPSTRING *fname = NULL;
230 ASN1_OCTET_STRING *lkid = NULL;
231
232 if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
233 fname = attrib->value.bmpstring;
234
235 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
236 lkid = attrib->value.octet_string;
237
238 switch (M_PKCS12_bag_type(bag)) {
239 case NID_keyBag:
240 if (!pkey || *pkey)
241 return 1;
242 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
243 return 0;
244 break;
245
246 case NID_pkcs8ShroudedKeyBag:
247 if (!pkey || *pkey)
248 return 1;
249 if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
250 return 0;
251 *pkey = EVP_PKCS82PKEY(p8);
252 PKCS8_PRIV_KEY_INFO_free(p8);
253 if (!(*pkey))
254 return 0;
255 break;
256
257 case NID_certBag:
258 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
259 return 1;
260 if (!(x509 = PKCS12_certbag2x509(bag)))
261 return 0;
262 if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
263 X509_free(x509);
264 return 0;
265 }
266 if (fname) {
267 int len, r;
268 unsigned char *data;
269 len = ASN1_STRING_to_UTF8(&data, fname);
270 if (len >= 0) {
271 r = X509_alias_set1(x509, data, len);
272 free(data);
273 if (!r) {
274 X509_free(x509);
275 return 0;
276 }
277 }
278 }
279
280 if (!sk_X509_push(ocerts, x509)) {
281 X509_free(x509);
282 return 0;
283 }
284
285 break;
286
287 case NID_safeContentsBag:
288 return parse_bags(bag->value.safes, pass, passlen,
289 pkey, ocerts);
290 break;
291
292 default:
293 return 1;
294 break;
295 }
296 return 1;
297}
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
deleted file mode 100644
index bf88c78270..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ /dev/null
@@ -1,210 +0,0 @@
1/* $OpenBSD: p12_mutl.c,v 1.21 2015/09/30 17:30:15 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/opensslconf.h>
64
65#ifndef OPENSSL_NO_HMAC
66
67#include <openssl/err.h>
68#include <openssl/hmac.h>
69#include <openssl/pkcs12.h>
70
71/* Generate a MAC */
72int
73PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
74 unsigned char *mac, unsigned int *maclen)
75{
76 const EVP_MD *md_type;
77 HMAC_CTX hmac;
78 unsigned char key[EVP_MAX_MD_SIZE], *salt;
79 int saltlen, iter;
80 int md_size;
81
82 if (!PKCS7_type_is_data(p12->authsafes)) {
83 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,
84 PKCS12_R_CONTENT_TYPE_NOT_DATA);
85 return 0;
86 }
87
88 salt = p12->mac->salt->data;
89 saltlen = p12->mac->salt->length;
90 if (!p12->mac->iter)
91 iter = 1;
92 else
93 iter = ASN1_INTEGER_get(p12->mac->iter);
94 if (!(md_type = EVP_get_digestbyobj(
95 p12->mac->dinfo->algor->algorithm))) {
96 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,
97 PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
98 return 0;
99 }
100 md_size = EVP_MD_size(md_type);
101 if (md_size < 0)
102 return 0;
103 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
104 md_size, key, md_type)) {
105 PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
106 return 0;
107 }
108 HMAC_CTX_init(&hmac);
109 if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) ||
110 !HMAC_Update(&hmac, p12->authsafes->d.data->data,
111 p12->authsafes->d.data->length) ||
112 !HMAC_Final(&hmac, mac, maclen)) {
113 HMAC_CTX_cleanup(&hmac);
114 return 0;
115 }
116 HMAC_CTX_cleanup(&hmac);
117 return 1;
118}
119
120/* Verify the mac */
121int
122PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
123{
124 unsigned char mac[EVP_MAX_MD_SIZE];
125 unsigned int maclen;
126
127 if (p12->mac == NULL) {
128 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
129 return 0;
130 }
131 if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
132 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,
133 PKCS12_R_MAC_GENERATION_ERROR);
134 return 0;
135 }
136 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ||
137 memcmp(mac, p12->mac->dinfo->digest->data, maclen))
138 return 0;
139 return 1;
140}
141
142/* Set a mac */
143
144int
145PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt,
146 int saltlen, int iter, const EVP_MD *md_type)
147{
148 unsigned char mac[EVP_MAX_MD_SIZE];
149 unsigned int maclen;
150
151 if (!md_type)
152 md_type = EVP_sha1();
153 if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) ==
154 PKCS12_ERROR) {
155 PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
156 return 0;
157 }
158 if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
159 PKCS12err(PKCS12_F_PKCS12_SET_MAC,
160 PKCS12_R_MAC_GENERATION_ERROR);
161 return 0;
162 }
163 if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
164 PKCS12err(PKCS12_F_PKCS12_SET_MAC,
165 PKCS12_R_MAC_STRING_SET_ERROR);
166 return 0;
167 }
168 return 1;
169}
170
171/* Set up a mac structure */
172int
173PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
174 const EVP_MD *md_type)
175{
176 if (!(p12->mac = PKCS12_MAC_DATA_new()))
177 return PKCS12_ERROR;
178 if (iter > 1) {
179 if (!(p12->mac->iter = ASN1_INTEGER_new())) {
180 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC,
181 ERR_R_MALLOC_FAILURE);
182 return 0;
183 }
184 if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
185 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC,
186 ERR_R_MALLOC_FAILURE);
187 return 0;
188 }
189 }
190 if (!saltlen)
191 saltlen = PKCS12_SALT_LEN;
192 if (!(p12->mac->salt->data = malloc(saltlen))) {
193 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
194 return 0;
195 }
196 p12->mac->salt->length = saltlen;
197 if (!salt)
198 arc4random_buf(p12->mac->salt->data, saltlen);
199 else
200 memcpy (p12->mac->salt->data, salt, saltlen);
201 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
202 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
203 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
204 return 0;
205 }
206 p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
207
208 return 1;
209}
210#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
deleted file mode 100644
index b9dea51b85..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ /dev/null
@@ -1,244 +0,0 @@
1/* $OpenBSD: p12_npas.c,v 1.10 2015/02/14 14:18:58 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include <openssl/pkcs12.h>
65
66/* PKCS#12 password change routine */
67
68static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
69static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
70 char *newpass);
71static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
72static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
73
74/*
75 * Change the password on a PKCS#12 structure.
76 */
77
78int
79PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
80{
81 /* Check for NULL PKCS12 structure */
82
83 if (!p12) {
84 PKCS12err(PKCS12_F_PKCS12_NEWPASS,
85 PKCS12_R_INVALID_NULL_PKCS12_POINTER);
86 return 0;
87 }
88
89 /* Check the mac */
90
91 if (!PKCS12_verify_mac(p12, oldpass, -1)) {
92 PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
93 return 0;
94 }
95
96 if (!newpass_p12(p12, oldpass, newpass)) {
97 PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
98 return 0;
99 }
100
101 return 1;
102}
103
104/* Parse the outer PKCS#12 structure */
105
106static int
107newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
108{
109 STACK_OF(PKCS7) *asafes, *newsafes;
110 STACK_OF(PKCS12_SAFEBAG) *bags;
111 int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
112 PKCS7 *p7, *p7new;
113 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
114 unsigned char mac[EVP_MAX_MD_SIZE];
115 unsigned int maclen;
116
117 if (!(asafes = PKCS12_unpack_authsafes(p12)))
118 return 0;
119 if (!(newsafes = sk_PKCS7_new_null()))
120 return 0;
121 for (i = 0; i < sk_PKCS7_num(asafes); i++) {
122 p7 = sk_PKCS7_value(asafes, i);
123 bagnid = OBJ_obj2nid(p7->type);
124 if (bagnid == NID_pkcs7_data) {
125 bags = PKCS12_unpack_p7data(p7);
126 } else if (bagnid == NID_pkcs7_encrypted) {
127 bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
128 if (!alg_get(p7->d.encrypted->enc_data->algorithm,
129 &pbe_nid, &pbe_iter, &pbe_saltlen)) {
130 sk_PKCS12_SAFEBAG_pop_free(bags,
131 PKCS12_SAFEBAG_free);
132 bags = NULL;
133 }
134 } else
135 continue;
136 if (bags == NULL)
137 goto err;
138 if (!newpass_bags(bags, oldpass, newpass)) {
139 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
140 goto err;
141 }
142 /* Repack bag in same form with new password */
143 if (bagnid == NID_pkcs7_data)
144 p7new = PKCS12_pack_p7data(bags);
145 else
146 p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1,
147 NULL, pbe_saltlen, pbe_iter, bags);
148 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
149 if (p7new == NULL)
150 goto err;
151 if (sk_PKCS7_push(newsafes, p7new) == 0)
152 goto err;
153 }
154 sk_PKCS7_pop_free(asafes, PKCS7_free);
155
156 /* Repack safe: save old safe in case of error */
157
158 p12_data_tmp = p12->authsafes->d.data;
159 if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) {
160 p12->authsafes->d.data = p12_data_tmp;
161 goto err;
162 }
163 if (!PKCS12_pack_authsafes(p12, newsafes))
164 goto saferr;
165
166 if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
167 goto saferr;
168 if (!(macnew = ASN1_OCTET_STRING_new()))
169 goto saferr;
170 if (!ASN1_OCTET_STRING_set(macnew, mac, maclen))
171 goto saferr;
172 ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
173 p12->mac->dinfo->digest = macnew;
174 ASN1_OCTET_STRING_free(p12_data_tmp);
175
176 return 1;
177
178saferr:
179 /* Restore old safe */
180 ASN1_OCTET_STRING_free(p12->authsafes->d.data);
181 ASN1_OCTET_STRING_free(macnew);
182 p12->authsafes->d.data = p12_data_tmp;
183 return 0;
184
185err:
186 sk_PKCS7_pop_free(asafes, PKCS7_free);
187 sk_PKCS7_pop_free(newsafes, PKCS7_free);
188 return 0;
189}
190
191
192static int
193newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, char *newpass)
194{
195 int i;
196
197 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
198 if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
199 oldpass, newpass))
200 return 0;
201 }
202 return 1;
203}
204
205/* Change password of safebag: only needs handle shrouded keybags */
206
207static int
208newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
209{
210 PKCS8_PRIV_KEY_INFO *p8;
211 X509_SIG *p8new;
212 int p8_nid, p8_saltlen, p8_iter;
213
214 if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
215 return 1;
216
217 if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
218 return 0;
219 if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
220 &p8_saltlen))
221 return 0;
222 if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
223 p8_iter, p8))) return 0;
224 X509_SIG_free(bag->value.shkeybag);
225 bag->value.shkeybag = p8new;
226 return 1;
227}
228
229static int
230alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
231{
232 PBEPARAM *pbe;
233 const unsigned char *p;
234
235 p = alg->parameter->value.sequence->data;
236 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
237 if (!pbe)
238 return 0;
239 *pnid = OBJ_obj2nid(alg->algorithm);
240 *piter = ASN1_INTEGER_get(pbe->iter);
241 *psaltlen = pbe->salt->length;
242 PBEPARAM_free(pbe);
243 return 1;
244}
diff --git a/src/lib/libcrypto/pkcs12/p12_p8d.c b/src/lib/libcrypto/pkcs12/p12_p8d.c
deleted file mode 100644
index 5d3339e2f2..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8d.c
+++ /dev/null
@@ -1,68 +0,0 @@
1/* $OpenBSD: p12_p8d.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/pkcs12.h>
62
63PKCS8_PRIV_KEY_INFO *
64PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
65{
66 return PKCS12_item_decrypt_d2i(p8->algor,
67 ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, passlen, p8->digest, 1);
68}
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
deleted file mode 100644
index db3db87214..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8e.c
+++ /dev/null
@@ -1,100 +0,0 @@
1/* $OpenBSD: p12_p8e.c,v 1.6 2015/09/30 18:41:06 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64X509_SIG *
65PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
66 int passlen, unsigned char *salt, int saltlen, int iter,
67 PKCS8_PRIV_KEY_INFO *p8inf)
68{
69 X509_SIG *p8 = NULL;
70 X509_ALGOR *pbe;
71
72 if (!(p8 = X509_SIG_new())) {
73 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
74 goto err;
75 }
76
77 if (pbe_nid == -1)
78 pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
79 else
80 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
81 if (!pbe) {
82 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
83 goto err;
84 }
85 X509_ALGOR_free(p8->algor);
86 p8->algor = pbe;
87 ASN1_OCTET_STRING_free(p8->digest);
88 p8->digest = PKCS12_item_i2d_encrypt(pbe,
89 ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, passlen, p8inf, 1);
90 if (!p8->digest) {
91 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
92 goto err;
93 }
94
95 return p8;
96
97err:
98 X509_SIG_free(p8);
99 return NULL;
100}
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
deleted file mode 100644
index b60d4d020c..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ /dev/null
@@ -1,168 +0,0 @@
1/* $OpenBSD: p12_utl.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/pkcs12.h>
63
64/* Cheap and nasty Unicode stuff */
65
66unsigned char *
67OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
68{
69 int ulen, i;
70 unsigned char *unitmp;
71
72 if (asclen == -1)
73 asclen = strlen(asc);
74 ulen = asclen * 2 + 2;
75 if (!(unitmp = malloc(ulen)))
76 return NULL;
77 for (i = 0; i < ulen - 2; i += 2) {
78 unitmp[i] = 0;
79 unitmp[i + 1] = asc[i >> 1];
80 }
81 /* Make result double null terminated */
82 unitmp[ulen - 2] = 0;
83 unitmp[ulen - 1] = 0;
84 if (unilen)
85 *unilen = ulen;
86 if (uni)
87 *uni = unitmp;
88 return unitmp;
89}
90
91char *
92OPENSSL_uni2asc(unsigned char *uni, int unilen)
93{
94 int asclen, i;
95 char *asctmp;
96
97 asclen = unilen / 2;
98 /* If no terminating zero allow for one */
99 if (!unilen || uni[unilen - 1])
100 asclen++;
101 uni++;
102 if (!(asctmp = malloc(asclen)))
103 return NULL;
104 for (i = 0; i < unilen; i += 2)
105 asctmp[i >> 1] = uni[i];
106 asctmp[asclen - 1] = 0;
107 return asctmp;
108}
109
110int
111i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
112{
113 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
114}
115
116int
117i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
118{
119 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
120}
121
122PKCS12 *
123d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
124{
125 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
126}
127
128PKCS12 *
129d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
130{
131 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
132}
133
134PKCS12_SAFEBAG *
135PKCS12_x5092certbag(X509 *x509)
136{
137 return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
138 NID_x509Certificate, NID_certBag);
139}
140
141PKCS12_SAFEBAG *
142PKCS12_x509crl2certbag(X509_CRL *crl)
143{
144 return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
145 NID_x509Crl, NID_crlBag);
146}
147
148X509 *
149PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
150{
151 if (M_PKCS12_bag_type(bag) != NID_certBag)
152 return NULL;
153 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
154 return NULL;
155 return ASN1_item_unpack(bag->value.bag->value.octet,
156 ASN1_ITEM_rptr(X509));
157}
158
159X509_CRL *
160PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
161{
162 if (M_PKCS12_bag_type(bag) != NID_crlBag)
163 return NULL;
164 if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl)
165 return NULL;
166 return ASN1_item_unpack(bag->value.bag->value.octet,
167 ASN1_ITEM_rptr(X509_CRL));
168}
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
deleted file mode 100644
index 0464a8303c..0000000000
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ /dev/null
@@ -1,144 +0,0 @@
1/* $OpenBSD: pk12err.c,v 1.10 2014/07/10 22:45:57 jsing Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62
63#include <openssl/opensslconf.h>
64
65#include <openssl/err.h>
66#include <openssl/pkcs12.h>
67
68/* BEGIN ERROR CODES */
69#ifndef OPENSSL_NO_ERR
70
71#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
73
74static ERR_STRING_DATA PKCS12_str_functs[]= {
75 {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"},
76 {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
77 {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
78 {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"},
79 {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"},
80 {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
81 {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
82 {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
83 {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
84 {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"},
85 {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"},
86 {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
87 {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
88 {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
89 {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
90 {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
91 {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
92 {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
93 {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
94 {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
95 {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
96 {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
97 {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
98 {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
99 {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
100 {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
101 {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
102 {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
103 {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
104 {0, NULL}
105};
106
107static ERR_STRING_DATA PKCS12_str_reasons[]= {
108 {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"},
109 {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"},
110 {ERR_REASON(PKCS12_R_DECODE_ERROR) , "decode error"},
111 {ERR_REASON(PKCS12_R_ENCODE_ERROR) , "encode error"},
112 {ERR_REASON(PKCS12_R_ENCRYPT_ERROR) , "encrypt error"},
113 {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), "error setting encrypted data type"},
114 {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
115 {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER), "invalid null pkcs12 pointer"},
116 {ERR_REASON(PKCS12_R_IV_GEN_ERROR) , "iv gen error"},
117 {ERR_REASON(PKCS12_R_KEY_GEN_ERROR) , "key gen error"},
118 {ERR_REASON(PKCS12_R_MAC_ABSENT) , "mac absent"},
119 {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
120 {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) , "mac setup error"},
121 {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
122 {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) , "mac verify error"},
123 {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) , "mac verify failure"},
124 {ERR_REASON(PKCS12_R_PARSE_ERROR) , "parse error"},
125 {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), "pkcs12 algor cipherinit error"},
126 {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR), "pkcs12 cipherfinal error"},
127 {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"},
128 {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), "unknown digest algorithm"},
129 {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"},
130 {0, NULL}
131};
132
133#endif
134
135void
136ERR_load_PKCS12_strings(void)
137{
138#ifndef OPENSSL_NO_ERR
139 if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
140 ERR_load_strings(0, PKCS12_str_functs);
141 ERR_load_strings(0, PKCS12_str_reasons);
142 }
143#endif
144}
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
deleted file mode 100644
index ead29fd717..0000000000
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,331 +0,0 @@
1/* $OpenBSD: pkcs12.h,v 1.13 2014/07/08 09:27:21 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_PKCS12_H
60#define HEADER_PKCS12_H
61
62#include <openssl/bio.h>
63#include <openssl/x509.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69#define PKCS12_KEY_ID 1
70#define PKCS12_IV_ID 2
71#define PKCS12_MAC_ID 3
72
73/* Default iteration count */
74#ifndef PKCS12_DEFAULT_ITER
75#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER
76#endif
77
78#define PKCS12_MAC_KEY_LENGTH 20
79
80#define PKCS12_SALT_LEN 8
81
82/* Uncomment out next line for unicode password and names, otherwise ASCII */
83
84/*#define PBE_UNICODE*/
85
86#ifdef PBE_UNICODE
87#define PKCS12_key_gen PKCS12_key_gen_uni
88#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
89#else
90#define PKCS12_key_gen PKCS12_key_gen_asc
91#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
92#endif
93
94/* MS key usage constants */
95
96#define KEY_EX 0x10
97#define KEY_SIG 0x80
98
99typedef struct {
100 X509_SIG *dinfo;
101 ASN1_OCTET_STRING *salt;
102 ASN1_INTEGER *iter; /* defaults to 1 */
103} PKCS12_MAC_DATA;
104
105typedef struct {
106 ASN1_INTEGER *version;
107 PKCS12_MAC_DATA *mac;
108 PKCS7 *authsafes;
109} PKCS12;
110
111typedef struct {
112 ASN1_OBJECT *type;
113 union {
114 struct pkcs12_bag_st *bag; /* secret, crl and certbag */
115 struct pkcs8_priv_key_info_st *keybag; /* keybag */
116 X509_SIG *shkeybag; /* shrouded key bag */
117 STACK_OF(PKCS12_SAFEBAG) *safes;
118 ASN1_TYPE *other;
119 } value;
120 STACK_OF(X509_ATTRIBUTE) *attrib;
121} PKCS12_SAFEBAG;
122
123DECLARE_STACK_OF(PKCS12_SAFEBAG)
124DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
125DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
126
127typedef struct pkcs12_bag_st {
128 ASN1_OBJECT *type;
129 union {
130 ASN1_OCTET_STRING *x509cert;
131 ASN1_OCTET_STRING *x509crl;
132 ASN1_OCTET_STRING *octet;
133 ASN1_IA5STRING *sdsicert;
134 ASN1_TYPE *other; /* Secret or other bag */
135 } value;
136} PKCS12_BAGS;
137
138#define PKCS12_ERROR 0
139#define PKCS12_OK 1
140
141/* Compatibility macros */
142
143#define M_PKCS12_x5092certbag PKCS12_x5092certbag
144#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
145
146#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
147#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
148
149#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
150#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
151#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
152#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
153
154#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
155#define M_PKCS8_decrypt PKCS8_decrypt
156
157#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
158#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
159#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
160
161#define PKCS12_get_attr(bag, attr_nid) \
162 PKCS12_get_attr_gen(bag->attrib, attr_nid)
163
164#define PKCS8_get_attr(p8, attr_nid) \
165 PKCS12_get_attr_gen(p8->attributes, attr_nid)
166
167#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
168
169
170PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
171PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
172X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
173X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
174
175PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
176 int nid1, int nid2);
177PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
178PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
179PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
180 int passlen);
181X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
182 const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,
183 PKCS8_PRIV_KEY_INFO *p8);
184PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
185 int passlen, unsigned char *salt, int saltlen, int iter,
186 PKCS8_PRIV_KEY_INFO *p8);
187PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
188STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
189PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
190 unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags);
191STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
192 int passlen);
193
194int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
195STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
196
197int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
198 int namelen);
199int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
200 int namelen);
201int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
202 int namelen);
203int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
204 int namelen);
205int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
206ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
207char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
208unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
209 int passlen, unsigned char *in, int inlen, unsigned char **data,
210 int *datalen, int en_de);
211void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
212 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
213ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
214 const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf);
215PKCS12 *PKCS12_init(int mode);
216int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
217 int saltlen, int id, int iter, int n, unsigned char *out,
218 const EVP_MD *md_type);
219int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
220 int saltlen, int id, int iter, int n, unsigned char *out,
221 const EVP_MD *md_type);
222int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
223 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
224 int en_de);
225int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
226 unsigned char *mac, unsigned int *maclen);
227int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
228int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
229 unsigned char *salt, int saltlen, int iter,
230 const EVP_MD *md_type);
231int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
232 int saltlen, const EVP_MD *md_type);
233unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
234 unsigned char **uni, int *unilen);
235char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
236
237DECLARE_ASN1_FUNCTIONS(PKCS12)
238DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
239DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
240DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
241
242DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
243DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
244
245void PKCS12_PBE_add(void);
246int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
247 STACK_OF(X509) **ca);
248PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
249 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
250 int mac_iter, int keytype);
251
252PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
253PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
254 int key_usage, int iter, int key_nid, char *pass);
255int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
256 int safe_nid, int iter, char *pass);
257PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
258
259int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
260int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
261PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
262PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
263int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
264
265/* BEGIN ERROR CODES */
266/* The following lines are auto generated by the script mkerr.pl. Any changes
267 * made after this point may be overwritten when the script is next run.
268 */
269void ERR_load_PKCS12_strings(void);
270
271/* Error codes for the PKCS12 functions. */
272
273/* Function codes. */
274#define PKCS12_F_PARSE_BAG 129
275#define PKCS12_F_PARSE_BAGS 103
276#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
277#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
278#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
279#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
280#define PKCS12_F_PKCS12_CREATE 105
281#define PKCS12_F_PKCS12_GEN_MAC 107
282#define PKCS12_F_PKCS12_INIT 109
283#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106
284#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108
285#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117
286#define PKCS12_F_PKCS12_KEY_GEN_ASC 110
287#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
288#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
289#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
290#define PKCS12_F_PKCS12_NEWPASS 128
291#define PKCS12_F_PKCS12_PACK_P7DATA 114
292#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
293#define PKCS12_F_PKCS12_PARSE 118
294#define PKCS12_F_PKCS12_PBE_CRYPT 119
295#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
296#define PKCS12_F_PKCS12_SETUP_MAC 122
297#define PKCS12_F_PKCS12_SET_MAC 123
298#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
299#define PKCS12_F_PKCS12_UNPACK_P7DATA 131
300#define PKCS12_F_PKCS12_VERIFY_MAC 126
301#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
302#define PKCS12_F_PKCS8_ENCRYPT 125
303
304/* Reason codes. */
305#define PKCS12_R_CANT_PACK_STRUCTURE 100
306#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
307#define PKCS12_R_DECODE_ERROR 101
308#define PKCS12_R_ENCODE_ERROR 102
309#define PKCS12_R_ENCRYPT_ERROR 103
310#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
311#define PKCS12_R_INVALID_NULL_ARGUMENT 104
312#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
313#define PKCS12_R_IV_GEN_ERROR 106
314#define PKCS12_R_KEY_GEN_ERROR 107
315#define PKCS12_R_MAC_ABSENT 108
316#define PKCS12_R_MAC_GENERATION_ERROR 109
317#define PKCS12_R_MAC_SETUP_ERROR 110
318#define PKCS12_R_MAC_STRING_SET_ERROR 111
319#define PKCS12_R_MAC_VERIFY_ERROR 112
320#define PKCS12_R_MAC_VERIFY_FAILURE 113
321#define PKCS12_R_PARSE_ERROR 114
322#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
323#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
324#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
325#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
326#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
327
328#ifdef __cplusplus
329}
330#endif
331#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-09 22:20:54 +0000