summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12/p12_add.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c112
1 files changed, 63 insertions, 49 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 57cca926d8..6aa872631e 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_add.c,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: p12_add.c,v 1.10 2014/07/08 09:24:53 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -62,22 +62,26 @@
62 62
63/* Pack an object into an OCTET STRING and turn into a safebag */ 63/* Pack an object into an OCTET STRING and turn into a safebag */
64 64
65PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, 65PKCS12_SAFEBAG *
66 int nid2) 66PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
67{ 67{
68 PKCS12_BAGS *bag; 68 PKCS12_BAGS *bag;
69 PKCS12_SAFEBAG *safebag; 69 PKCS12_SAFEBAG *safebag;
70
70 if (!(bag = PKCS12_BAGS_new())) { 71 if (!(bag = PKCS12_BAGS_new())) {
71 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 72 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
73 ERR_R_MALLOC_FAILURE);
72 return NULL; 74 return NULL;
73 } 75 }
74 bag->type = OBJ_nid2obj(nid1); 76 bag->type = OBJ_nid2obj(nid1);
75 if (!ASN1_item_pack(obj, it, &bag->value.octet)) { 77 if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
76 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 78 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
79 ERR_R_MALLOC_FAILURE);
77 return NULL; 80 return NULL;
78 } 81 }
79 if (!(safebag = PKCS12_SAFEBAG_new())) { 82 if (!(safebag = PKCS12_SAFEBAG_new())) {
80 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 83 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,
84 ERR_R_MALLOC_FAILURE);
81 return NULL; 85 return NULL;
82 } 86 }
83 safebag->value.bag = bag; 87 safebag->value.bag = bag;
@@ -87,11 +91,13 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid
87 91
88/* Turn PKCS8 object into a keybag */ 92/* Turn PKCS8 object into a keybag */
89 93
90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) 94PKCS12_SAFEBAG *
95PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
91{ 96{
92 PKCS12_SAFEBAG *bag; 97 PKCS12_SAFEBAG *bag;
98
93 if (!(bag = PKCS12_SAFEBAG_new())) { 99 if (!(bag = PKCS12_SAFEBAG_new())) {
94 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE); 100 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
95 return NULL; 101 return NULL;
96 } 102 }
97 bag->type = OBJ_nid2obj(NID_keyBag); 103 bag->type = OBJ_nid2obj(NID_keyBag);
@@ -101,9 +107,9 @@ PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
101 107
102/* Turn PKCS8 object into a shrouded keybag */ 108/* Turn PKCS8 object into a shrouded keybag */
103 109
104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, 110PKCS12_SAFEBAG *
105 int passlen, unsigned char *salt, int saltlen, int iter, 111PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
106 PKCS8_PRIV_KEY_INFO *p8) 112 unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
107{ 113{
108 PKCS12_SAFEBAG *bag; 114 PKCS12_SAFEBAG *bag;
109 const EVP_CIPHER *pbe_ciph; 115 const EVP_CIPHER *pbe_ciph;
@@ -121,9 +127,8 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
121 if (pbe_ciph) 127 if (pbe_ciph)
122 pbe_nid = -1; 128 pbe_nid = -1;
123 129
124 if (!(bag->value.shkeybag = 130 if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
125 PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, 131 passlen, salt, saltlen, iter, p8))) {
126 p8))) {
127 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); 132 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
128 return NULL; 133 return NULL;
129 } 134 }
@@ -132,9 +137,11 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
132} 137}
133 138
134/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ 139/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
135PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) 140PKCS7 *
141PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
136{ 142{
137 PKCS7 *p7; 143 PKCS7 *p7;
144
138 if (!(p7 = PKCS7_new())) { 145 if (!(p7 = PKCS7_new())) {
139 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); 146 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
140 return NULL; 147 return NULL;
@@ -144,41 +151,44 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
144 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); 151 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
145 return NULL; 152 return NULL;
146 } 153 }
147 154
148 if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { 155 if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
149 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); 156 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA,
157 PKCS12_R_CANT_PACK_STRUCTURE);
150 return NULL; 158 return NULL;
151 } 159 }
152 return p7; 160 return p7;
153} 161}
154 162
155/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ 163/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
156STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) 164STACK_OF(PKCS12_SAFEBAG) *
165PKCS12_unpack_p7data(PKCS7 *p7)
157{ 166{
158 if(!PKCS7_type_is_data(p7)) 167 if (!PKCS7_type_is_data(p7)) {
159 { 168 PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
160 PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA); 169 PKCS12_R_CONTENT_TYPE_NOT_DATA);
161 return NULL; 170 return NULL;
162 } 171 }
163 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); 172 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
164} 173}
165 174
166/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ 175/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
167 176
168PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, 177PKCS7 *
169 unsigned char *salt, int saltlen, int iter, 178PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
170 STACK_OF(PKCS12_SAFEBAG) *bags) 179 unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags)
171{ 180{
172 PKCS7 *p7; 181 PKCS7 *p7;
173 X509_ALGOR *pbe; 182 X509_ALGOR *pbe;
174 const EVP_CIPHER *pbe_ciph; 183 const EVP_CIPHER *pbe_ciph;
184
175 if (!(p7 = PKCS7_new())) { 185 if (!(p7 = PKCS7_new())) {
176 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 186 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
177 return NULL; 187 return NULL;
178 } 188 }
179 if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { 189 if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
180 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, 190 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
181 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); 191 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
182 return NULL; 192 return NULL;
183 } 193 }
184 194
@@ -196,45 +206,49 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
196 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); 206 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
197 p7->d.encrypted->enc_data->algorithm = pbe; 207 p7->d.encrypted->enc_data->algorithm = pbe;
198 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); 208 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
199 if (!(p7->d.encrypted->enc_data->enc_data = 209 if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
200 PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, 210 pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) {
201 bags, 1))) { 211 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
202 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); 212 PKCS12_R_ENCRYPT_ERROR);
203 return NULL; 213 return NULL;
204 } 214 }
205 215
206 return p7; 216 return p7;
207} 217}
208 218
209STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) 219STACK_OF(PKCS12_SAFEBAG) *
220PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
210{ 221{
211 if(!PKCS7_type_is_encrypted(p7)) return NULL; 222 if (!PKCS7_type_is_encrypted(p7))
223 return NULL;
212 return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, 224 return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
213 ASN1_ITEM_rptr(PKCS12_SAFEBAGS), 225 ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
214 pass, passlen, 226 p7->d.encrypted->enc_data->enc_data, 1);
215 p7->d.encrypted->enc_data->enc_data, 1);
216} 227}
217 228
218PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, 229PKCS8_PRIV_KEY_INFO *
219 int passlen) 230PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, int passlen)
220{ 231{
221 return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); 232 return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
222} 233}
223 234
224int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 235int
236PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
225{ 237{
226 if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), 238 if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
227 &p12->authsafes->d.data)) 239 &p12->authsafes->d.data))
228 return 1; 240 return 1;
229 return 0; 241 return 0;
230} 242}
231 243
232STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) 244STACK_OF(PKCS7) *
245PKCS12_unpack_authsafes(PKCS12 *p12)
233{ 246{
234 if (!PKCS7_type_is_data(p12->authsafes)) 247 if (!PKCS7_type_is_data(p12->authsafes)) {
235 { 248 PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
236 PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA); 249 PKCS12_R_CONTENT_TYPE_NOT_DATA);
237 return NULL; 250 return NULL;
238 } 251 }
239 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); 252 return ASN1_item_unpack(p12->authsafes->d.data,
253 ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
240} 254}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 21:37:25 +0000