summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12/p12_kiss.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12/p12_kiss.c')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c90
1 files changed, 53 insertions, 37 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index 08a60556e0..ee257ffbad 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -62,9 +62,17 @@
62 62
63/* Simplified PKCS#12 routines */ 63/* Simplified PKCS#12 routines */
64 64
65static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca); 65static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
66static int parse_bags( STACK *bags, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch); 66 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
67static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch); 67
68static int parse_bags( STACK *bags, const char *pass, int passlen,
69 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
70 ASN1_OCTET_STRING **keyid, char *keymatch);
71
72static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
73 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
74 ASN1_OCTET_STRING **keyid, char *keymatch);
75
68/* Parse and decrypt a PKCS#12 structure returning user key, user cert 76/* Parse and decrypt a PKCS#12 structure returning user key, user cert
69 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, 77 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
70 * or it should point to a valid STACK structure. pkey and cert can be 78 * or it should point to a valid STACK structure. pkey and cert can be
@@ -72,54 +80,59 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PK
72 */ 80 */
73 81
74int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 82int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
75 STACK **ca) 83 STACK_OF(X509) **ca)
76{ 84{
77 85
78/* Check for NULL PKCS12 structure */ 86 /* Check for NULL PKCS12 structure */
79
80if(!p12) {
81 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
82 return 0;
83}
84 87
85/* Allocate stack for ca certificates if needed */ 88 if(!p12)
86if ((ca != NULL) && (*ca == NULL)) { 89 {
87 if (!(*ca = sk_new(NULL))) { 90 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
88 PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
89 return 0; 91 return 0;
90 } 92 }
91} 93
94 /* Allocate stack for ca certificates if needed */
95 if ((ca != NULL) && (*ca == NULL))
96 {
97 if (!(*ca = sk_X509_new(NULL)))
98 {
99 PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
100 return 0;
101 }
102 }
92 103
93if(pkey) *pkey = NULL; 104 if(pkey) *pkey = NULL;
94if(cert) *cert = NULL; 105 if(cert) *cert = NULL;
95 106
96/* Check the mac */ 107 /* Check the mac */
97 108
98if (!PKCS12_verify_mac (p12, pass, -1)) { 109 if (!PKCS12_verify_mac (p12, pass, -1))
99 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); 110 {
100 goto err; 111 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
101} 112 goto err;
113 }
102 114
103if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) { 115 if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
104 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); 116 {
105 goto err; 117 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
106} 118 goto err;
119 }
107 120
108return 1; 121 return 1;
109 122
110err: 123 err:
111 124
112if (pkey && *pkey) EVP_PKEY_free (*pkey); 125 if (pkey && *pkey) EVP_PKEY_free (*pkey);
113if (cert && *cert) X509_free (*cert); 126 if (cert && *cert) X509_free (*cert);
114if (ca) sk_pop_free (*ca, X509_free); 127 if (ca) sk_X509_pop_free (*ca, X509_free);
115return 0; 128 return 0;
116 129
117} 130}
118 131
119/* Parse the outer PKCS#12 structure */ 132/* Parse the outer PKCS#12 structure */
120 133
121static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, 134static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
122 EVP_PKEY **pkey, X509 **cert, STACK **ca) 135 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
123{ 136{
124 STACK *asafes, *bags; 137 STACK *asafes, *bags;
125 int i, bagnid; 138 int i, bagnid;
@@ -154,7 +167,7 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
154 167
155 168
156static int parse_bags (STACK *bags, const char *pass, int passlen, 169static int parse_bags (STACK *bags, const char *pass, int passlen,
157 EVP_PKEY **pkey, X509 **cert, STACK **ca, 170 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
158 ASN1_OCTET_STRING **keyid, char *keymatch) 171 ASN1_OCTET_STRING **keyid, char *keymatch)
159{ 172{
160 int i; 173 int i;
@@ -171,7 +184,7 @@ static int parse_bags (STACK *bags, const char *pass, int passlen,
171#define MATCH_ALL 0x3 184#define MATCH_ALL 0x3
172 185
173static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, 186static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
174 EVP_PKEY **pkey, X509 **cert, STACK **ca, 187 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
175 ASN1_OCTET_STRING **keyid, 188 ASN1_OCTET_STRING **keyid,
176 char *keymatch) 189 char *keymatch)
177{ 190{
@@ -221,7 +234,10 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
221 if (lkey) { 234 if (lkey) {
222 *keymatch |= MATCH_CERT; 235 *keymatch |= MATCH_CERT;
223 if (cert) *cert = x509; 236 if (cert) *cert = x509;
224 } else if (ca) sk_push (*ca, (char *)x509); 237 } else {
238 if(ca) sk_X509_push (*ca, x509);
239 else X509_free(x509);
240 }
225 break; 241 break;
226 242
227 case NID_safeContentsBag: 243 case NID_safeContentsBag:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 18:02:38 +0000