summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c214
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c238
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c122
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c159
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c185
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c98
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c182
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c238
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c170
-rw-r--r--src/lib/libcrypto/pkcs12/p12_utl.c118
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c136
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h337
12 files changed, 0 insertions, 2197 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
deleted file mode 100644
index ae3d9de3b4..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ /dev/null
@@ -1,214 +0,0 @@
1/* p12_add.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Pack an object into an OCTET STRING and turn into a safebag */
64
65PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
66 int nid2)
67{
68 PKCS12_BAGS *bag;
69 PKCS12_SAFEBAG *safebag;
70 if (!(bag = PKCS12_BAGS_new ())) {
71 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
72 return NULL;
73 }
74 bag->type = OBJ_nid2obj(nid1);
75 if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) {
76 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
77 return NULL;
78 }
79 if (!(safebag = PKCS12_SAFEBAG_new ())) {
80 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
81 return NULL;
82 }
83 safebag->value.bag = bag;
84 safebag->type = OBJ_nid2obj(nid2);
85 return safebag;
86}
87
88/* Turn PKCS8 object into a keybag */
89
90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
91{
92 PKCS12_SAFEBAG *bag;
93 if (!(bag = PKCS12_SAFEBAG_new())) {
94 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
95 return NULL;
96 }
97 bag->type = OBJ_nid2obj(NID_keyBag);
98 bag->value.keybag = p8;
99 return bag;
100}
101
102/* Turn PKCS8 object into a shrouded keybag */
103
104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
105 int passlen, unsigned char *salt, int saltlen, int iter,
106 PKCS8_PRIV_KEY_INFO *p8)
107{
108 PKCS12_SAFEBAG *bag;
109
110 /* Set up the safe bag */
111 if (!(bag = PKCS12_SAFEBAG_new ())) {
112 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
113 return NULL;
114 }
115
116 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
117 if (!(bag->value.shkeybag =
118 PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
119 p8))) {
120 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
121 return NULL;
122 }
123
124 return bag;
125}
126
127/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
128PKCS7 *PKCS12_pack_p7data (STACK *sk)
129{
130 PKCS7 *p7;
131 if (!(p7 = PKCS7_new())) {
132 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
133 return NULL;
134 }
135 p7->type = OBJ_nid2obj(NID_pkcs7_data);
136 if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
138 return NULL;
139 }
140
141 if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data,
142 &p7->d.data->length)) {
143 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
144 return NULL;
145 }
146 return p7;
147}
148
149/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
150
151PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
152 unsigned char *salt, int saltlen, int iter, STACK *bags)
153{
154 PKCS7 *p7;
155 X509_ALGOR *pbe;
156 if (!(p7 = PKCS7_new())) {
157 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
158 return NULL;
159 }
160 p7->type = OBJ_nid2obj(NID_pkcs7_encrypted);
161 if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) {
162 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
163 return NULL;
164 }
165 ASN1_INTEGER_set (p7->d.encrypted->version, 0);
166 p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
167 if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
168 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
169 return NULL;
170 }
171 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
172 p7->d.encrypted->enc_data->algorithm = pbe;
173 ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
174 if (!(p7->d.encrypted->enc_data->enc_data =
175 PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
176 (char *)bags, 1))) {
177 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
178 return NULL;
179 }
180
181 return p7;
182}
183
184X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
185 const char *pass, int passlen,
186 unsigned char *salt, int saltlen, int iter,
187 PKCS8_PRIV_KEY_INFO *p8inf)
188{
189 X509_SIG *p8;
190 X509_ALGOR *pbe;
191
192 if (!(p8 = X509_SIG_new())) {
193 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
194 return NULL;
195 }
196
197 if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
198 else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
199 if(!pbe) {
200 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
201 return NULL;
202 }
203 X509_ALGOR_free(p8->algor);
204 p8->algor = pbe;
205 ASN1_OCTET_STRING_free(p8->digest);
206 if (!(p8->digest =
207 PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
208 (char *)p8inf, 0))) {
209 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
210 return NULL;
211 }
212
213 return p8;
214}
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
deleted file mode 100644
index 31c9782b77..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ /dev/null
@@ -1,238 +0,0 @@
1/* p12_attr.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Add a local keyid to a safebag */
64
65int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name,
66 int namelen)
67{
68 X509_ATTRIBUTE *attrib;
69 ASN1_BMPSTRING *oct;
70 ASN1_TYPE *keyid;
71 if (!(keyid = ASN1_TYPE_new ())) {
72 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
73 return 0;
74 }
75 keyid->type = V_ASN1_OCTET_STRING;
76 if (!(oct = ASN1_OCTET_STRING_new())) {
77 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
78 return 0;
79 }
80 if (!ASN1_OCTET_STRING_set(oct, name, namelen)) {
81 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
82 return 0;
83 }
84 keyid->value.octet_string = oct;
85 if (!(attrib = X509_ATTRIBUTE_new ())) {
86 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
87 return 0;
88 }
89 attrib->object = OBJ_nid2obj(NID_localKeyID);
90 if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
91 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
92 return 0;
93 }
94 sk_ASN1_TYPE_push (attrib->value.set,keyid);
95 attrib->set = 1;
96 if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
97 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
98 return 0;
99 }
100 sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
101 return 1;
102}
103
104/* Add key usage to PKCS#8 structure */
105
106int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage)
107{
108 X509_ATTRIBUTE *attrib;
109 ASN1_BIT_STRING *bstr;
110 ASN1_TYPE *keyid;
111 unsigned char us_val;
112 us_val = (unsigned char) usage;
113 if (!(keyid = ASN1_TYPE_new ())) {
114 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
115 return 0;
116 }
117 keyid->type = V_ASN1_BIT_STRING;
118 if (!(bstr = ASN1_BIT_STRING_new())) {
119 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
120 return 0;
121 }
122 if (!ASN1_BIT_STRING_set(bstr, &us_val, 1)) {
123 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
124 return 0;
125 }
126 keyid->value.bit_string = bstr;
127 if (!(attrib = X509_ATTRIBUTE_new ())) {
128 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
129 return 0;
130 }
131 attrib->object = OBJ_nid2obj(NID_key_usage);
132 if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
133 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
134 return 0;
135 }
136 sk_ASN1_TYPE_push (attrib->value.set,keyid);
137 attrib->set = 1;
138 if (!p8->attributes
139 && !(p8->attributes = sk_X509_ATTRIBUTE_new (NULL))) {
140 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
141 return 0;
142 }
143 sk_X509_ATTRIBUTE_push (p8->attributes, attrib);
144 return 1;
145}
146
147/* Add a friendlyname to a safebag */
148
149int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
150 int namelen)
151{
152 unsigned char *uniname;
153 int ret, unilen;
154 if (!asc2uni(name, &uniname, &unilen)) {
155 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
156 ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 ret = PKCS12_add_friendlyname_uni (bag, uniname, unilen);
160 Free(uniname);
161 return ret;
162}
163
164
165int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
166 const unsigned char *name, int namelen)
167{
168 X509_ATTRIBUTE *attrib;
169 ASN1_BMPSTRING *bmp;
170 ASN1_TYPE *fname;
171 /* Zap ending double null if included */
172 if(!name[namelen - 1] && !name[namelen - 2]) namelen -= 2;
173 if (!(fname = ASN1_TYPE_new ())) {
174 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
175 ERR_R_MALLOC_FAILURE);
176 return 0;
177 }
178 fname->type = V_ASN1_BMPSTRING;
179 if (!(bmp = ASN1_BMPSTRING_new())) {
180 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
181 ERR_R_MALLOC_FAILURE);
182 return 0;
183 }
184 if (!(bmp->data = Malloc (namelen))) {
185 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
186 ERR_R_MALLOC_FAILURE);
187 return 0;
188 }
189 memcpy (bmp->data, name, namelen);
190 bmp->length = namelen;
191 fname->value.bmpstring = bmp;
192 if (!(attrib = X509_ATTRIBUTE_new ())) {
193 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
194 ERR_R_MALLOC_FAILURE);
195 return 0;
196 }
197 attrib->object = OBJ_nid2obj(NID_friendlyName);
198 if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
199 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME,
200 ERR_R_MALLOC_FAILURE);
201 return 0;
202 }
203 sk_ASN1_TYPE_push (attrib->value.set,fname);
204 attrib->set = 1;
205 if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
206 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
207 ERR_R_MALLOC_FAILURE);
208 return 0;
209 }
210 sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
211 return PKCS12_OK;
212}
213
214ASN1_TYPE *PKCS12_get_attr_gen (STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
215{
216 X509_ATTRIBUTE *attrib;
217 int i;
218 if (!attrs) return NULL;
219 for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
220 attrib = sk_X509_ATTRIBUTE_value (attrs, i);
221 if (OBJ_obj2nid (attrib->object) == attr_nid) {
222 if (sk_ASN1_TYPE_num (attrib->value.set))
223 return sk_ASN1_TYPE_value(attrib->value.set, 0);
224 else return NULL;
225 }
226 }
227 return NULL;
228}
229
230char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
231{
232 ASN1_TYPE *atype;
233 if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
234 if (atype->type != V_ASN1_BMPSTRING) return NULL;
235 return uni2asc(atype->value.bmpstring->data,
236 atype->value.bmpstring->length);
237}
238
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
deleted file mode 100644
index 6de6f8128f..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ /dev/null
@@ -1,122 +0,0 @@
1/* p12_crpt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* PKCS#12 specific PBE functions */
64
65void PKCS12_PBE_add(void)
66{
67#ifndef NO_RC4
68EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
69 PKCS12_PBE_keyivgen);
70EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
71 PKCS12_PBE_keyivgen);
72#endif
73EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
74 EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
75EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
76 EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
77#ifndef NO_RC2
78EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
79 EVP_sha1(), PKCS12_PBE_keyivgen);
80EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
81 EVP_sha1(), PKCS12_PBE_keyivgen);
82#endif
83}
84
85int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
86 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
87{
88 PBEPARAM *pbe;
89 int saltlen, iter;
90 unsigned char *salt, *pbuf;
91 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
92
93 /* Extract useful info from parameter */
94 pbuf = param->value.sequence->data;
95 if (!param || (param->type != V_ASN1_SEQUENCE) ||
96 !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
97 EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
98 return 0;
99 }
100
101 if (!pbe->iter) iter = 1;
102 else iter = ASN1_INTEGER_get (pbe->iter);
103 salt = pbe->salt->data;
104 saltlen = pbe->salt->length;
105 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
106 iter, EVP_CIPHER_key_length(cipher), key, md)) {
107 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
108 PBEPARAM_free(pbe);
109 return 0;
110 }
111 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
112 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
113 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
114 PBEPARAM_free(pbe);
115 return 0;
116 }
117 PBEPARAM_free(pbe);
118 EVP_CipherInit(ctx, cipher, key, iv, en_de);
119 memset(key, 0, EVP_MAX_KEY_LENGTH);
120 memset(iv, 0, EVP_MAX_IV_LENGTH);
121 return 1;
122}
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
deleted file mode 100644
index 56d88b0759..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ /dev/null
@@ -1,159 +0,0 @@
1/* p12_crt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
64 STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter,
65 int keytype)
66{
67 PKCS12 *p12;
68 STACK *bags, *safes;
69 PKCS12_SAFEBAG *bag;
70 PKCS8_PRIV_KEY_INFO *p8;
71 PKCS7 *authsafe;
72 X509 *tcert;
73 int i;
74 unsigned char keyid[EVP_MAX_MD_SIZE];
75 unsigned int keyidlen;
76
77 /* Set defaults */
78 if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
79 if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
80 if(!iter) iter = PKCS12_DEFAULT_ITER;
81 if(!mac_iter) mac_iter = 1;
82
83 if(!pkey || !cert) {
84 PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
85 return NULL;
86 }
87
88 if(!(bags = sk_new (NULL))) {
89 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
90 return NULL;
91 }
92
93 /* Add user certificate */
94 if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL;
95 if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
96 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
97 if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
98
99 if(!sk_push(bags, (char *)bag)) {
100 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
101 return NULL;
102 }
103
104 /* Add all other certificates */
105 if(ca) {
106 for(i = 0; i < sk_num(ca); i++) {
107 tcert = (X509 *)sk_value(ca, i);
108 if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
109 if(!sk_push(bags, (char *)bag)) {
110 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
111 return NULL;
112 }
113 }
114 }
115
116 /* Turn certbags into encrypted authsafe */
117 authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
118 iter, bags);
119 sk_pop_free(bags, PKCS12_SAFEBAG_free);
120
121 if (!authsafe) return NULL;
122
123 if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) {
124 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
125 return NULL;
126 }
127
128 /* Make a shrouded key bag */
129 if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
130 if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
131 bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
132 if(!bag) return NULL;
133 PKCS8_PRIV_KEY_INFO_free(p8);
134 if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
135 if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
136 if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) {
137 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
138 return NULL;
139 }
140 /* Turn it into unencrypted safe bag */
141 if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
142 sk_pop_free(bags, PKCS12_SAFEBAG_free);
143 if(!sk_push(safes, (char *)authsafe)) {
144 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
145 return NULL;
146 }
147
148 if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
149
150 if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;
151
152 sk_pop_free(safes, PKCS7_free);
153
154 if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
155 return NULL;
156
157 return p12;
158
159}
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
deleted file mode 100644
index d3d288e187..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ /dev/null
@@ -1,185 +0,0 @@
1/* p12_decr.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Define this to dump decrypted output to files called DERnnn */
64/*#define DEBUG_DECRYPT*/
65
66
67/* Encrypt/Decrypt a buffer based on password and algor, result in a
68 * Malloc'ed buffer
69 */
70
71unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
72 int passlen, unsigned char *in, int inlen, unsigned char **data,
73 int *datalen, int en_de)
74{
75 unsigned char *out;
76 int outlen, i;
77 EVP_CIPHER_CTX ctx;
78
79 /* Decrypt data */
80 if (!EVP_PBE_CipherInit (algor->algorithm, pass, passlen,
81 algor->parameter, &ctx, en_de)) {
82 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
83 return NULL;
84 }
85
86 if(!(out = Malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
87 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
88 return NULL;
89 }
90
91 EVP_CipherUpdate (&ctx, out, &i, in, inlen);
92 outlen = i;
93 if(!EVP_CipherFinal (&ctx, out + i, &i)) {
94 Free (out);
95 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
96 return NULL;
97 }
98 outlen += i;
99 if (datalen) *datalen = outlen;
100 if (data) *data = out;
101 return out;
102
103}
104
105/* Decrypt an OCTET STRING and decode ASN1 structure
106 * if seq & 1 'obj' is a stack of structures to be encoded
107 * if seq & 2 zero buffer after use
108 * as a sequence.
109 */
110
111char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
112 void (*free_func)(), const char *pass, int passlen,
113 ASN1_OCTET_STRING *oct, int seq)
114{
115 unsigned char *out, *p;
116 char *ret;
117 int outlen;
118
119 if (!PKCS12_pbe_crypt (algor, pass, passlen, oct->data, oct->length,
120 &out, &outlen, 0)) {
121 PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
122 return NULL;
123 }
124 p = out;
125#ifdef DEBUG_DECRYPT
126 {
127 FILE *op;
128
129 char fname[30];
130 static int fnm = 1;
131 sprintf(fname, "DER%d", fnm++);
132 op = fopen(fname, "wb");
133 fwrite (p, 1, outlen, op);
134 fclose(op);
135 }
136#endif
137 if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
138 free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
139 else ret = d2i(NULL, &p, outlen);
140 if (seq & 2) memset(out, 0, outlen);
141 if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
142 Free (out);
143 return ret;
144}
145
146/* Encode ASN1 structure and encrypt, return OCTET STRING
147 * if 'seq' is non-zero 'obj' is a stack of structures to be encoded
148 * as a sequence
149 */
150
151ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(),
152 const char *pass, int passlen,
153 char *obj, int seq)
154{
155 ASN1_OCTET_STRING *oct;
156 unsigned char *in, *p;
157 int inlen;
158 if (!(oct = ASN1_OCTET_STRING_new ())) {
159 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
160 return NULL;
161 }
162 if (seq) inlen = i2d_ASN1_SET((STACK *)obj, NULL, i2d, V_ASN1_SEQUENCE,
163 V_ASN1_UNIVERSAL, IS_SEQUENCE);
164 else inlen = i2d (obj, NULL);
165 if (!inlen) {
166 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
167 return NULL;
168 }
169 if (!(in = Malloc (inlen))) {
170 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
171 return NULL;
172 }
173 p = in;
174 if (seq) i2d_ASN1_SET((STACK *)obj, &p, i2d, V_ASN1_SEQUENCE,
175 V_ASN1_UNIVERSAL, IS_SEQUENCE);
176 else i2d (obj, &p);
177 if (!PKCS12_pbe_crypt (algor, pass, passlen, in, inlen, &oct->data,
178 &oct->length, 1)) {
179 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
180 Free(in);
181 return NULL;
182 }
183 Free (in);
184 return oct;
185}
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
deleted file mode 100644
index dc6ab41db8..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ /dev/null
@@ -1,98 +0,0 @@
1/* p12_init.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Initialise a PKCS12 structure to take data */
64
65PKCS12 *PKCS12_init (int mode)
66{
67 PKCS12 *pkcs12;
68 if (!(pkcs12 = PKCS12_new())) {
69 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
70 return NULL;
71 }
72 if (!(pkcs12->version = ASN1_INTEGER_new ())) {
73 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
74 return NULL;
75 }
76 ASN1_INTEGER_set (pkcs12->version, 3);
77 if (!(pkcs12->authsafes = PKCS7_new())) {
78 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
79 return NULL;
80 }
81 pkcs12->authsafes->type = OBJ_nid2obj(mode);
82 switch (mode) {
83 case NID_pkcs7_data:
84 if (!(pkcs12->authsafes->d.data =
85 ASN1_OCTET_STRING_new())) {
86 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 break;
90 default:
91 PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE);
92 PKCS12_free(pkcs12);
93 return NULL;
94 break;
95 }
96
97 return pkcs12;
98}
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
deleted file mode 100644
index 25d8cdae57..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ /dev/null
@@ -1,182 +0,0 @@
1/* p12_key.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63
64/* Uncomment out this line to get debugging info about key generation */
65/*#define DEBUG_KEYGEN*/
66#ifdef DEBUG_KEYGEN
67#include <bio.h>
68extern BIO *bio_err;
69void h__dump (unsigned char *p, int len);
70#endif
71
72/* PKCS12 compatible key/IV generation */
73#ifndef min
74#define min(a,b) ((a) < (b) ? (a) : (b))
75#endif
76
77int PKCS12_key_gen_asc (const char *pass, int passlen, unsigned char *salt,
78 int saltlen, int id, int iter, int n, unsigned char *out,
79 const EVP_MD *md_type)
80{
81 int ret;
82 unsigned char *unipass;
83 int uniplen;
84 if (!asc2uni (pass, &unipass, &uniplen)) {
85 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
86 return 0;
87 }
88 ret = PKCS12_key_gen_uni (unipass, uniplen, salt, saltlen,
89 id, iter, n, out, md_type);
90 memset(unipass, 0, uniplen); /* Clear password from memory */
91 Free(unipass);
92 return ret;
93}
94
95int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
96 int saltlen, int id, int iter, int n, unsigned char *out,
97 const EVP_MD *md_type)
98{
99 unsigned char *B, *D, *I, *p, *Ai;
100 int Slen, Plen, Ilen;
101 int i, j, u, v;
102 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
103 EVP_MD_CTX ctx;
104#ifdef DEBUG_KEYGEN
105 unsigned char *tmpout = out;
106 int tmpn = n;
107 BIO_printf (bio_err, "KEYGEN DEBUG\n");
108 BIO_printf (bio_err, "ID %d, ITER %d\n", id, iter);
109 BIO_printf (bio_err, "Password (length %d):\n", passlen);
110 h__dump (pass, passlen);
111 BIO_printf (bio_err, "Salt (length %d):\n", saltlen);
112 h__dump (salt, saltlen);
113 BIO_printf (bio_err, "ID %d, ITER %d\n\n", id, iter);
114#endif
115 v = EVP_MD_block_size (md_type);
116 u = EVP_MD_size (md_type);
117 D = Malloc (v);
118 Ai = Malloc (u);
119 B = Malloc (v + 1);
120 Slen = v * ((saltlen+v-1)/v);
121 Plen = v * ((passlen+v-1)/v);
122 Ilen = Slen + Plen;
123 I = Malloc (Ilen);
124 Ij = BN_new();
125 Bpl1 = BN_new();
126 if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
127 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
128 return 0;
129 }
130 for (i = 0; i < v; i++) D[i] = id;
131 p = I;
132 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
133 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
134 for (;;) {
135 EVP_DigestInit (&ctx, md_type);
136 EVP_DigestUpdate (&ctx, D, v);
137 EVP_DigestUpdate (&ctx, I, Ilen);
138 EVP_DigestFinal (&ctx, Ai, NULL);
139 for (j = 1; j < iter; j++) {
140 EVP_DigestInit (&ctx, md_type);
141 EVP_DigestUpdate (&ctx, Ai, u);
142 EVP_DigestFinal (&ctx, Ai, NULL);
143 }
144 memcpy (out, Ai, min (n, u));
145 if (u >= n) {
146 Free (Ai);
147 Free (B);
148 Free (D);
149 Free (I);
150 BN_free (Ij);
151 BN_free (Bpl1);
152#ifdef DEBUG_KEYGEN
153 BIO_printf (bio_err, "Output KEY (length %d)\n", tmpn);
154 h__dump (tmpout, tmpn);
155#endif
156 return 1;
157 }
158 n -= u;
159 out += u;
160 for (j = 0; j < v; j++) B[j] = Ai[j % u];
161 /* Work out B + 1 first then can use B as tmp space */
162 BN_bin2bn (B, v, Bpl1);
163 BN_add_word (Bpl1, 1);
164 for (j = 0; j < Ilen ; j+=v) {
165 BN_bin2bn (I + j, v, Ij);
166 BN_add (Ij, Ij, Bpl1);
167 BN_bn2bin (Ij, B);
168 /* If more than 2^(v*8) - 1 cut off MSB */
169 if (BN_num_bytes (Ij) > v) {
170 BN_bn2bin (Ij, B);
171 memcpy (I + j, B + 1, v);
172 } else BN_bn2bin (Ij, I + j);
173 }
174 }
175}
176#ifdef DEBUG_KEYGEN
177void h__dump (unsigned char *p, int len)
178{
179 for (; len --; p++) BIO_printf (bio_err, "%02X", *p);
180 BIO_printf (bio_err, "\n");
181}
182#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
deleted file mode 100644
index 767e1303da..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ /dev/null
@@ -1,238 +0,0 @@
1/* p12_kiss.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Simplified PKCS#12 routines */
64
65static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca);
66static int parse_bags( STACK *bags, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch);
67static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch);
68/* Parse and decrypt a PKCS#12 structure returning user key, user cert
69 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
70 * or it should point to a valid STACK structure. pkey and cert can be
71 * passed unitialised.
72 */
73
74int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
75 STACK **ca)
76{
77
78/* Check for NULL PKCS12 structure */
79
80if(!p12) {
81 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
82 return 0;
83}
84
85/* Allocate stack for ca certificates if needed */
86if ((ca != NULL) && (*ca == NULL)) {
87 if (!(*ca = sk_new(NULL))) {
88 PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
89 return 0;
90 }
91}
92
93if(pkey) *pkey = NULL;
94if(cert) *cert = NULL;
95
96/* Check the mac */
97
98if (!PKCS12_verify_mac (p12, pass, -1)) {
99 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
100 goto err;
101}
102
103if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) {
104 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
105 goto err;
106}
107
108return 1;
109
110err:
111
112if (pkey && *pkey) EVP_PKEY_free (*pkey);
113if (cert && *cert) X509_free (*cert);
114if (ca) sk_pop_free (*ca, X509_free);
115return 0;
116
117}
118
119/* Parse the outer PKCS#12 structure */
120
121static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
122 EVP_PKEY **pkey, X509 **cert, STACK **ca)
123{
124 STACK *asafes, *bags;
125 int i, bagnid;
126 PKCS7 *p7;
127 ASN1_OCTET_STRING *keyid = NULL;
128 char keymatch = 0;
129 if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
130 for (i = 0; i < sk_num (asafes); i++) {
131 p7 = (PKCS7 *) sk_value (asafes, i);
132 bagnid = OBJ_obj2nid (p7->type);
133 if (bagnid == NID_pkcs7_data) {
134 bags = M_PKCS12_unpack_p7data (p7);
135 } else if (bagnid == NID_pkcs7_encrypted) {
136 bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
137 } else continue;
138 if (!bags) {
139 sk_pop_free (asafes, PKCS7_free);
140 return 0;
141 }
142 if (!parse_bags (bags, pass, passlen, pkey, cert, ca,
143 &keyid, &keymatch)) {
144 sk_pop_free (bags, PKCS12_SAFEBAG_free);
145 sk_pop_free (asafes, PKCS7_free);
146 return 0;
147 }
148 sk_pop_free (bags, PKCS12_SAFEBAG_free);
149 }
150 sk_pop_free (asafes, PKCS7_free);
151 if (keyid) ASN1_OCTET_STRING_free (keyid);
152 return 1;
153}
154
155
156static int parse_bags (STACK *bags, const char *pass, int passlen,
157 EVP_PKEY **pkey, X509 **cert, STACK **ca,
158 ASN1_OCTET_STRING **keyid, char *keymatch)
159{
160 int i;
161 for (i = 0; i < sk_num (bags); i++) {
162 if (!parse_bag ((PKCS12_SAFEBAG *)sk_value (bags, i),
163 pass, passlen, pkey, cert, ca, keyid,
164 keymatch)) return 0;
165 }
166 return 1;
167}
168
169#define MATCH_KEY 0x1
170#define MATCH_CERT 0x2
171#define MATCH_ALL 0x3
172
173static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen,
174 EVP_PKEY **pkey, X509 **cert, STACK **ca,
175 ASN1_OCTET_STRING **keyid,
176 char *keymatch)
177{
178 PKCS8_PRIV_KEY_INFO *p8;
179 X509 *x509;
180 ASN1_OCTET_STRING *lkey = NULL;
181 ASN1_TYPE *attrib;
182
183
184 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
185 lkey = attrib->value.octet_string;
186
187 /* Check for any local key id matching (if needed) */
188 if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
189 if (*keyid) {
190 if (ASN1_OCTET_STRING_cmp (*keyid, lkey)) lkey = NULL;
191 } else {
192 if (!(*keyid = ASN1_OCTET_STRING_dup (lkey))) {
193 PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
194 return 0;
195 }
196 }
197 }
198
199 switch (M_PKCS12_bag_type(bag))
200 {
201 case NID_keyBag:
202 if (!lkey || !pkey) return 1;
203 if (!(*pkey = EVP_PKCS82PKEY (bag->value.keybag))) return 0;
204 *keymatch |= MATCH_KEY;
205 break;
206
207 case NID_pkcs8ShroudedKeyBag:
208 if (!lkey || !pkey) return 1;
209 if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
210 return 0;
211 *pkey = EVP_PKCS82PKEY (p8);
212 PKCS8_PRIV_KEY_INFO_free (p8);
213 if (!(*pkey)) return 0;
214 *keymatch |= MATCH_KEY;
215 break;
216
217 case NID_certBag:
218 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
219 return 1;
220 if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
221 if (lkey) {
222 *keymatch |= MATCH_CERT;
223 if (cert) *cert = x509;
224 } else if (ca) sk_push (*ca, (char *)x509);
225 break;
226
227 case NID_safeContentsBag:
228 return parse_bags(bag->value.safes, pass, passlen,
229 pkey, cert, ca, keyid, keymatch);
230 break;
231
232 default:
233 return 1;
234 break;
235 }
236 return 1;
237}
238
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
deleted file mode 100644
index bac558d6b9..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ /dev/null
@@ -1,170 +0,0 @@
1/* p12_mutl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef NO_HMAC
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/hmac.h>
63#include <openssl/rand.h>
64#include <openssl/pkcs12.h>
65
66/* Generate a MAC */
67int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
68 unsigned char *mac, unsigned int *maclen)
69{
70 const EVP_MD *md_type;
71 HMAC_CTX hmac;
72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
73 int saltlen, iter;
74 salt = p12->mac->salt->data;
75 saltlen = p12->mac->salt->length;
76 if (!p12->mac->iter) iter = 1;
77 else iter = ASN1_INTEGER_get (p12->mac->iter);
78 if(!(md_type =
79 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
80 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
81 return 0;
82 }
83 if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
84 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
85 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
86 return 0;
87 }
88 HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type);
89 HMAC_Update (&hmac, p12->authsafes->d.data->data,
90 p12->authsafes->d.data->length);
91 HMAC_Final (&hmac, mac, maclen);
92 return 1;
93}
94
95/* Verify the mac */
96int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
97{
98 unsigned char mac[EVP_MAX_MD_SIZE];
99 unsigned int maclen;
100 if(p12->mac == NULL) {
101 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
102 return 0;
103 }
104 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
105 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
106 return 0;
107 }
108 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
109 || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) {
110 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_VERIFY_ERROR);
111 return 0;
112 }
113 return 1;
114}
115
116/* Set a mac */
117
118int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
119 unsigned char *salt, int saltlen, int iter, EVP_MD *md_type)
120{
121 unsigned char mac[EVP_MAX_MD_SIZE];
122 unsigned int maclen;
123
124 if (!md_type) md_type = EVP_sha1();
125 if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
126 PKCS12_ERROR) {
127 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
128 return 0;
129 }
130 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
131 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
132 return 0;
133 }
134 if (!(ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
135 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
136 return 0;
137 }
138 return 1;
139}
140
141/* Set up a mac structure */
142int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
143 EVP_MD *md_type)
144{
145 if (!(p12->mac = PKCS12_MAC_DATA_new ())) return PKCS12_ERROR;
146 if (iter > 1) {
147 if(!(p12->mac->iter = ASN1_INTEGER_new())) {
148 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
149 return 0;
150 }
151 ASN1_INTEGER_set (p12->mac->iter, iter);
152 }
153 if (!saltlen) saltlen = PKCS12_SALT_LEN;
154 p12->mac->salt->length = saltlen;
155 if (!(p12->mac->salt->data = Malloc (saltlen))) {
156 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 if (!salt) RAND_bytes (p12->mac->salt->data, saltlen);
160 else memcpy (p12->mac->salt->data, salt, saltlen);
161 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
162 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
163 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
164 return 0;
165 }
166 p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
167
168 return 1;
169}
170#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
deleted file mode 100644
index 2adcbc95e1..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ /dev/null
@@ -1,118 +0,0 @@
1/* p12_utl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Cheap and nasty Unicode stuff */
64
65unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen)
66{
67 int ulen, i;
68 unsigned char *unitmp;
69 ulen = strlen(asc)*2 + 2;
70 if (!(unitmp = Malloc (ulen))) return NULL;
71 for (i = 0; i < ulen; i+=2) {
72 unitmp[i] = 0;
73 unitmp[i + 1] = asc[i>>1];
74 }
75 if (unilen) *unilen = ulen;
76 if (uni) *uni = unitmp;
77 return unitmp;
78}
79
80char *uni2asc (unsigned char *uni, int unilen)
81{
82 int asclen, i;
83 char *asctmp;
84 asclen = unilen / 2;
85 /* If no terminating zero allow for one */
86 if (uni[unilen - 1]) asclen++;
87 uni++;
88 if (!(asctmp = Malloc (asclen))) return NULL;
89 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
90 asctmp[asclen - 1] = 0;
91 return asctmp;
92}
93
94int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
95{
96 return ASN1_i2d_bio((int(*)())i2d_PKCS12, bp, (unsigned char *)p12);
97}
98
99#ifndef NO_FP_API
100int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
101{
102 return ASN1_i2d_fp((int(*)())i2d_PKCS12, fp, (unsigned char *)p12);
103}
104#endif
105
106PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
107{
108 return (PKCS12 *)ASN1_d2i_bio((char *(*)())PKCS12_new,
109 (char *(*)())d2i_PKCS12, bp, (unsigned char **)p12);
110}
111#ifndef NO_FP_API
112PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
113{
114 return (PKCS12 *)ASN1_d2i_fp((char *(*)())PKCS12_new,
115 (char *(*)())d2i_PKCS12, fp, (unsigned char **)(p12));
116}
117#endif
118
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
deleted file mode 100644
index 38d7be7675..0000000000
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ /dev/null
@@ -1,136 +0,0 @@
1/* crypto/pkcs12/pk12err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file.
58 */
59
60#include <stdio.h>
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64/* BEGIN ERROR CODES */
65#ifndef NO_ERR
66static ERR_STRING_DATA PKCS12_str_functs[]=
67 {
68{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"},
69{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"},
70{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"},
71{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"},
72{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"},
73{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"},
74{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"},
75{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"},
76{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"},
77{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"},
78{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"},
79{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
80{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
82{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
83{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
85{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"},
86{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"},
87{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"},
88{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"},
89{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"},
90{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"},
91{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"},
92{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"},
93{0,NULL}
94 };
95
96static ERR_STRING_DATA PKCS12_str_reasons[]=
97 {
98{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"},
99{PKCS12_R_DECODE_ERROR ,"decode error"},
100{PKCS12_R_ENCODE_ERROR ,"encode error"},
101{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"},
102{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
103{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"},
104{PKCS12_R_IV_GEN_ERROR ,"iv gen error"},
105{PKCS12_R_KEY_GEN_ERROR ,"key gen error"},
106{PKCS12_R_MAC_ABSENT ,"mac absent"},
107{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"},
108{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"},
109{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"},
110{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"},
111{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"},
112{PKCS12_R_PARSE_ERROR ,"parse error"},
113{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"},
114{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"},
115{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"},
116{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"},
117{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"},
118{0,NULL}
119 };
120
121#endif
122
123void ERR_load_PKCS12_strings(void)
124 {
125 static int init=1;
126
127 if (init)
128 {
129 init=0;
130#ifndef NO_ERR
131 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
132 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
133#endif
134
135 }
136 }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
deleted file mode 100644
index 4cfba5e6c6..0000000000
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,337 +0,0 @@
1/* pkcs12.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_PKCS12_H
60#define HEADER_PKCS12_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#include <openssl/bio.h>
67#include <openssl/x509.h>
68
69#define PKCS12_KEY_ID 1
70#define PKCS12_IV_ID 2
71#define PKCS12_MAC_ID 3
72
73/* Default iteration count */
74#ifndef PKCS12_DEFAULT_ITER
75#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER
76#endif
77
78#define PKCS12_MAC_KEY_LENGTH 20
79
80#define PKCS12_SALT_LEN 8
81
82/* Uncomment out next line for unicode password and names, otherwise ASCII */
83
84/*#define PBE_UNICODE*/
85
86#ifdef PBE_UNICODE
87#define PKCS12_key_gen PKCS12_key_gen_uni
88#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
89#else
90#define PKCS12_key_gen PKCS12_key_gen_asc
91#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
92#endif
93
94/* MS key usage constants */
95
96#define KEY_EX 0x10
97#define KEY_SIG 0x80
98
99typedef struct {
100X509_SIG *dinfo;
101ASN1_OCTET_STRING *salt;
102ASN1_INTEGER *iter; /* defaults to 1 */
103} PKCS12_MAC_DATA;
104
105typedef struct {
106ASN1_INTEGER *version;
107PKCS12_MAC_DATA *mac;
108PKCS7 *authsafes;
109} PKCS12;
110
111typedef struct {
112ASN1_OBJECT *type;
113union {
114 struct pkcs12_bag_st *bag; /* secret, crl and certbag */
115 struct pkcs8_priv_key_info_st *keybag; /* keybag */
116 X509_SIG *shkeybag; /* shrouded key bag */
117 STACK /* PKCS12_SAFEBAG */ *safes;
118 ASN1_TYPE *other;
119}value;
120STACK_OF(X509_ATTRIBUTE) *attrib;
121ASN1_TYPE *rest;
122} PKCS12_SAFEBAG;
123
124typedef struct pkcs12_bag_st {
125ASN1_OBJECT *type;
126union {
127 ASN1_OCTET_STRING *x509cert;
128 ASN1_OCTET_STRING *x509crl;
129 ASN1_OCTET_STRING *octet;
130 ASN1_IA5STRING *sdsicert;
131 ASN1_TYPE *other; /* Secret or other bag */
132}value;
133} PKCS12_BAGS;
134
135#define PKCS12_ERROR 0
136#define PKCS12_OK 1
137
138#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type)
139#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
140#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
141
142#define M_PKCS12_x5092certbag(x509) \
143PKCS12_pack_safebag ((char *)(x509), i2d_X509, NID_x509Certificate, NID_certBag)
144
145#define M_PKCS12_x509crl2certbag(crl) \
146PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
147
148#define M_PKCS12_certbag2x509(bg) \
149(X509 *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
150(char *(*)())d2i_X509)
151
152#define M_PKCS12_certbag2x509crl(bg) \
153(X509CRL *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
154(char *(*)())d2i_X509CRL)
155
156/*#define M_PKCS12_pkcs82rsa(p8) \
157(RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
158
159#define M_PKCS12_unpack_p7data(p7) \
160ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \
161 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
162
163#define M_PKCS12_pack_authsafes(p12, safes) \
164ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\
165 &(p12)->authsafes->d.data->data, &(p12)->authsafes->d.data->length)
166
167#define M_PKCS12_unpack_authsafes(p12) \
168ASN1_seq_unpack((p12)->authsafes->d.data->data, \
169 (p12)->authsafes->d.data->length, (char *(*)())d2i_PKCS7, \
170 PKCS7_free)
171
172#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
173(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\
174 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
175 (pass), (passlen), \
176 (p7)->d.encrypted->enc_data->enc_data, 3)
177
178#define M_PKCS12_decrypt_skey(bag, pass, passlen) \
179(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \
180(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free, \
181 (pass), (passlen), \
182 (bag)->value.shkeybag->digest, 2)
183
184#define M_PKCS8_decrypt(p8, pass, passlen) \
185(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((p8)->algor, \
186(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free,\
187 (pass), (passlen), (p8)->digest, 2)
188
189#define PKCS12_get_attr(bag, attr_nid) \
190 PKCS12_get_attr_gen(bag->attrib, attr_nid)
191
192#define PKCS8_get_attr(p8, attr_nid) \
193 PKCS12_get_attr_gen(p8->attributes, attr_nid)
194
195#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
196
197
198PKCS12_SAFEBAG *PKCS12_pack_safebag(char *obj, int (*i2d)(), int nid1, int nid2);
199PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
200X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
201 const char *pass, int passlen,
202 unsigned char *salt, int saltlen, int iter,
203 PKCS8_PRIV_KEY_INFO *p8);
204PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
205 int passlen, unsigned char *salt,
206 int saltlen, int iter,
207 PKCS8_PRIV_KEY_INFO *p8);
208PKCS7 *PKCS12_pack_p7data(STACK *sk);
209PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
210 unsigned char *salt, int saltlen, int iter,
211 STACK *bags);
212int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
213int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
214 int namelen);
215int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
216 int namelen);
217int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
218ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
219char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
220unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
221 int passlen, unsigned char *in, int inlen,
222 unsigned char **data, int *datalen, int en_de);
223char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(),
224 void (*free_func)(), const char *pass, int passlen,
225 ASN1_STRING *oct, int seq);
226ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(),
227 const char *pass, int passlen, char *obj,
228 int seq);
229PKCS12 *PKCS12_init(int mode);
230int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
231 int saltlen, int id, int iter, int n,
232 unsigned char *out, const EVP_MD *md_type);
233int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
234int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
235 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type,
236 int en_de);
237int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
238 unsigned char *mac, unsigned int *maclen);
239int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
240int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
241 unsigned char *salt, int saltlen, int iter,
242 EVP_MD *md_type);
243int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
244 int saltlen, EVP_MD *md_type);
245unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen);
246char *uni2asc(unsigned char *uni, int unilen);
247int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
248PKCS12_BAGS *PKCS12_BAGS_new(void);
249PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, unsigned char **pp, long length);
250void PKCS12_BAGS_free(PKCS12_BAGS *a);
251int i2d_PKCS12(PKCS12 *a, unsigned char **pp);
252PKCS12 *d2i_PKCS12(PKCS12 **a, unsigned char **pp, long length);
253PKCS12 *PKCS12_new(void);
254void PKCS12_free(PKCS12 *a);
255int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **pp);
256PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);
257PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, unsigned char **pp,
258 long length);
259void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
260int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp);
261PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);
262PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
263 long length);
264void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
265void ERR_load_PKCS12_strings(void);
266void PKCS12_PBE_add(void);
267int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
268 STACK **ca);
269PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
270 STACK *ca, int nid_key, int nid_cert, int iter,
271 int mac_iter, int keytype);
272int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
273int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
274PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
275PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
276
277/* BEGIN ERROR CODES */
278/* The following lines are auto generated by the script mkerr.pl. Any changes
279 * made after this point may be overwritten when the script is next run.
280 */
281
282/* Error codes for the PKCS12 functions. */
283
284/* Function codes. */
285#define PKCS12_F_PARSE_BAGS 103
286#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
287#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
288#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
289#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
290#define PKCS12_F_PKCS12_CREATE 105
291#define PKCS12_F_PKCS12_DECRYPT_D2I 106
292#define PKCS12_F_PKCS12_GEN_MAC 107
293#define PKCS12_F_PKCS12_I2D_ENCRYPT 108
294#define PKCS12_F_PKCS12_INIT 109
295#define PKCS12_F_PKCS12_KEY_GEN_ASC 110
296#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
297#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
298#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
299#define PKCS12_F_PKCS12_PACK_P7DATA 114
300#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
301#define PKCS12_F_PKCS12_PACK_SAFEBAG 117
302#define PKCS12_F_PKCS12_PARSE 118
303#define PKCS12_F_PKCS12_PBE_CRYPT 119
304#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
305#define PKCS12_F_PKCS12_SETUP_MAC 122
306#define PKCS12_F_PKCS12_SET_MAC 123
307#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
308#define PKCS12_F_PKCS8_ENCRYPT 125
309#define PKCS12_F_VERIFY_MAC 126
310
311/* Reason codes. */
312#define PKCS12_R_CANT_PACK_STRUCTURE 100
313#define PKCS12_R_DECODE_ERROR 101
314#define PKCS12_R_ENCODE_ERROR 102
315#define PKCS12_R_ENCRYPT_ERROR 103
316#define PKCS12_R_INVALID_NULL_ARGUMENT 104
317#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
318#define PKCS12_R_IV_GEN_ERROR 106
319#define PKCS12_R_KEY_GEN_ERROR 107
320#define PKCS12_R_MAC_ABSENT 108
321#define PKCS12_R_MAC_GENERATION_ERROR 109
322#define PKCS12_R_MAC_SETUP_ERROR 110
323#define PKCS12_R_MAC_STRING_SET_ERROR 111
324#define PKCS12_R_MAC_VERIFY_ERROR 112
325#define PKCS12_R_MAC_VERIFY_FAILURE 113
326#define PKCS12_R_PARSE_ERROR 114
327#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
328#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
329#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
330#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
331#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
332
333#ifdef __cplusplus
334}
335#endif
336#endif
337
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 21:49:05 +0000