summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c216
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c238
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c124
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c159
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c185
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c98
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c189
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c254
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c173
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c212
-rw-r--r--src/lib/libcrypto/pkcs12/p12_utl.c118
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c139
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h340
13 files changed, 0 insertions, 2445 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
deleted file mode 100644
index d045cbba8d..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ /dev/null
@@ -1,216 +0,0 @@
1/* p12_add.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Pack an object into an OCTET STRING and turn into a safebag */
64
65PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
66 int nid2)
67{
68 PKCS12_BAGS *bag;
69 PKCS12_SAFEBAG *safebag;
70 if (!(bag = PKCS12_BAGS_new ())) {
71 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
72 return NULL;
73 }
74 bag->type = OBJ_nid2obj(nid1);
75 if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) {
76 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
77 return NULL;
78 }
79 if (!(safebag = PKCS12_SAFEBAG_new ())) {
80 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
81 return NULL;
82 }
83 safebag->value.bag = bag;
84 safebag->type = OBJ_nid2obj(nid2);
85 return safebag;
86}
87
88/* Turn PKCS8 object into a keybag */
89
90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
91{
92 PKCS12_SAFEBAG *bag;
93 if (!(bag = PKCS12_SAFEBAG_new())) {
94 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
95 return NULL;
96 }
97 bag->type = OBJ_nid2obj(NID_keyBag);
98 bag->value.keybag = p8;
99 return bag;
100}
101
102/* Turn PKCS8 object into a shrouded keybag */
103
104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
105 int passlen, unsigned char *salt, int saltlen, int iter,
106 PKCS8_PRIV_KEY_INFO *p8)
107{
108 PKCS12_SAFEBAG *bag;
109
110 /* Set up the safe bag */
111 if (!(bag = PKCS12_SAFEBAG_new ())) {
112 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
113 return NULL;
114 }
115
116 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
117 if (!(bag->value.shkeybag =
118 PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
119 p8))) {
120 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
121 return NULL;
122 }
123
124 return bag;
125}
126
127/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
128PKCS7 *PKCS12_pack_p7data (STACK *sk)
129{
130 PKCS7 *p7;
131 if (!(p7 = PKCS7_new())) {
132 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
133 return NULL;
134 }
135 p7->type = OBJ_nid2obj(NID_pkcs7_data);
136 if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
138 return NULL;
139 }
140
141 if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data,
142 &p7->d.data->length)) {
143 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
144 return NULL;
145 }
146 return p7;
147}
148
149/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
150
151PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
152 unsigned char *salt, int saltlen, int iter, STACK *bags)
153{
154 PKCS7 *p7;
155 X509_ALGOR *pbe;
156 if (!(p7 = PKCS7_new())) {
157 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
158 return NULL;
159 }
160 if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
161 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
162 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
163 return NULL;
164 }
165 if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
166 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
167 return NULL;
168 }
169 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
170 p7->d.encrypted->enc_data->algorithm = pbe;
171 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
172 if (!(p7->d.encrypted->enc_data->enc_data =
173 PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
174 (char *)bags, 1))) {
175 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
176 return NULL;
177 }
178
179 return p7;
180}
181
182X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
183 const char *pass, int passlen,
184 unsigned char *salt, int saltlen, int iter,
185 PKCS8_PRIV_KEY_INFO *p8inf)
186{
187 X509_SIG *p8;
188 X509_ALGOR *pbe;
189
190 if (!(p8 = X509_SIG_new())) {
191 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
192 goto err;
193 }
194
195 if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
196 else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
197 if(!pbe) {
198 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
199 goto err;
200 }
201 X509_ALGOR_free(p8->algor);
202 p8->algor = pbe;
203 M_ASN1_OCTET_STRING_free(p8->digest);
204 if (!(p8->digest =
205 PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
206 (char *)p8inf, 0))) {
207 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
208 goto err;
209 }
210
211 return p8;
212
213 err:
214 X509_SIG_free(p8);
215 return NULL;
216}
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
deleted file mode 100644
index f559351d18..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ /dev/null
@@ -1,238 +0,0 @@
1/* p12_attr.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Add a local keyid to a safebag */
64
65int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name,
66 int namelen)
67{
68 X509_ATTRIBUTE *attrib;
69 ASN1_BMPSTRING *oct;
70 ASN1_TYPE *keyid;
71 if (!(keyid = ASN1_TYPE_new ())) {
72 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
73 return 0;
74 }
75 keyid->type = V_ASN1_OCTET_STRING;
76 if (!(oct = M_ASN1_OCTET_STRING_new())) {
77 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
78 return 0;
79 }
80 if (!M_ASN1_OCTET_STRING_set(oct, name, namelen)) {
81 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
82 return 0;
83 }
84 keyid->value.octet_string = oct;
85 if (!(attrib = X509_ATTRIBUTE_new ())) {
86 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
87 return 0;
88 }
89 attrib->object = OBJ_nid2obj(NID_localKeyID);
90 if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
91 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
92 return 0;
93 }
94 sk_ASN1_TYPE_push (attrib->value.set,keyid);
95 attrib->set = 1;
96 if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
97 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
98 return 0;
99 }
100 sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
101 return 1;
102}
103
104/* Add key usage to PKCS#8 structure */
105
106int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage)
107{
108 X509_ATTRIBUTE *attrib;
109 ASN1_BIT_STRING *bstr;
110 ASN1_TYPE *keyid;
111 unsigned char us_val;
112 us_val = (unsigned char) usage;
113 if (!(keyid = ASN1_TYPE_new ())) {
114 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
115 return 0;
116 }
117 keyid->type = V_ASN1_BIT_STRING;
118 if (!(bstr = M_ASN1_BIT_STRING_new())) {
119 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
120 return 0;
121 }
122 if (!M_ASN1_BIT_STRING_set(bstr, &us_val, 1)) {
123 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
124 return 0;
125 }
126 keyid->value.bit_string = bstr;
127 if (!(attrib = X509_ATTRIBUTE_new ())) {
128 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
129 return 0;
130 }
131 attrib->object = OBJ_nid2obj(NID_key_usage);
132 if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
133 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
134 return 0;
135 }
136 sk_ASN1_TYPE_push (attrib->value.set,keyid);
137 attrib->set = 1;
138 if (!p8->attributes
139 && !(p8->attributes = sk_X509_ATTRIBUTE_new (NULL))) {
140 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
141 return 0;
142 }
143 sk_X509_ATTRIBUTE_push (p8->attributes, attrib);
144 return 1;
145}
146
147/* Add a friendlyname to a safebag */
148
149int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
150 int namelen)
151{
152 unsigned char *uniname;
153 int ret, unilen;
154 if (!asc2uni(name, &uniname, &unilen)) {
155 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
156 ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 ret = PKCS12_add_friendlyname_uni (bag, uniname, unilen);
160 Free(uniname);
161 return ret;
162}
163
164
165int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
166 const unsigned char *name, int namelen)
167{
168 X509_ATTRIBUTE *attrib;
169 ASN1_BMPSTRING *bmp;
170 ASN1_TYPE *fname;
171 /* Zap ending double null if included */
172 if(!name[namelen - 1] && !name[namelen - 2]) namelen -= 2;
173 if (!(fname = ASN1_TYPE_new ())) {
174 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
175 ERR_R_MALLOC_FAILURE);
176 return 0;
177 }
178 fname->type = V_ASN1_BMPSTRING;
179 if (!(bmp = M_ASN1_BMPSTRING_new())) {
180 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
181 ERR_R_MALLOC_FAILURE);
182 return 0;
183 }
184 if (!(bmp->data = Malloc (namelen))) {
185 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
186 ERR_R_MALLOC_FAILURE);
187 return 0;
188 }
189 memcpy (bmp->data, name, namelen);
190 bmp->length = namelen;
191 fname->value.bmpstring = bmp;
192 if (!(attrib = X509_ATTRIBUTE_new ())) {
193 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
194 ERR_R_MALLOC_FAILURE);
195 return 0;
196 }
197 attrib->object = OBJ_nid2obj(NID_friendlyName);
198 if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
199 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME,
200 ERR_R_MALLOC_FAILURE);
201 return 0;
202 }
203 sk_ASN1_TYPE_push (attrib->value.set,fname);
204 attrib->set = 1;
205 if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
206 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
207 ERR_R_MALLOC_FAILURE);
208 return 0;
209 }
210 sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
211 return PKCS12_OK;
212}
213
214ASN1_TYPE *PKCS12_get_attr_gen (STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
215{
216 X509_ATTRIBUTE *attrib;
217 int i;
218 if (!attrs) return NULL;
219 for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
220 attrib = sk_X509_ATTRIBUTE_value (attrs, i);
221 if (OBJ_obj2nid (attrib->object) == attr_nid) {
222 if (sk_ASN1_TYPE_num (attrib->value.set))
223 return sk_ASN1_TYPE_value(attrib->value.set, 0);
224 else return NULL;
225 }
226 }
227 return NULL;
228}
229
230char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
231{
232 ASN1_TYPE *atype;
233 if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
234 if (atype->type != V_ASN1_BMPSTRING) return NULL;
235 return uni2asc(atype->value.bmpstring->data,
236 atype->value.bmpstring->length);
237}
238
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
deleted file mode 100644
index 7b96584f07..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ /dev/null
@@ -1,124 +0,0 @@
1/* p12_crpt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* PKCS#12 specific PBE functions */
64
65void PKCS12_PBE_add(void)
66{
67#ifndef NO_RC4
68EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
69 PKCS12_PBE_keyivgen);
70EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
71 PKCS12_PBE_keyivgen);
72#endif
73#ifndef NO_DES
74EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
75 EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
76EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
77 EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
78#endif
79#ifndef NO_RC2
80EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
81 EVP_sha1(), PKCS12_PBE_keyivgen);
82EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
83 EVP_sha1(), PKCS12_PBE_keyivgen);
84#endif
85}
86
87int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
88 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
89{
90 PBEPARAM *pbe;
91 int saltlen, iter;
92 unsigned char *salt, *pbuf;
93 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
94
95 /* Extract useful info from parameter */
96 pbuf = param->value.sequence->data;
97 if (!param || (param->type != V_ASN1_SEQUENCE) ||
98 !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
99 EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
100 return 0;
101 }
102
103 if (!pbe->iter) iter = 1;
104 else iter = ASN1_INTEGER_get (pbe->iter);
105 salt = pbe->salt->data;
106 saltlen = pbe->salt->length;
107 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
108 iter, EVP_CIPHER_key_length(cipher), key, md)) {
109 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
110 PBEPARAM_free(pbe);
111 return 0;
112 }
113 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
114 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
115 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
116 PBEPARAM_free(pbe);
117 return 0;
118 }
119 PBEPARAM_free(pbe);
120 EVP_CipherInit(ctx, cipher, key, iv, en_de);
121 memset(key, 0, EVP_MAX_KEY_LENGTH);
122 memset(iv, 0, EVP_MAX_IV_LENGTH);
123 return 1;
124}
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
deleted file mode 100644
index ee8aed54c7..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ /dev/null
@@ -1,159 +0,0 @@
1/* p12_crt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
64 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
65 int keytype)
66{
67 PKCS12 *p12;
68 STACK *bags, *safes;
69 PKCS12_SAFEBAG *bag;
70 PKCS8_PRIV_KEY_INFO *p8;
71 PKCS7 *authsafe;
72 X509 *tcert;
73 int i;
74 unsigned char keyid[EVP_MAX_MD_SIZE];
75 unsigned int keyidlen;
76
77 /* Set defaults */
78 if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
79 if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
80 if(!iter) iter = PKCS12_DEFAULT_ITER;
81 if(!mac_iter) mac_iter = 1;
82
83 if(!pkey || !cert) {
84 PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
85 return NULL;
86 }
87
88 if(!(bags = sk_new (NULL))) {
89 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
90 return NULL;
91 }
92
93 /* Add user certificate */
94 if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL;
95 if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
96 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
97 if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
98
99 if(!sk_push(bags, (char *)bag)) {
100 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
101 return NULL;
102 }
103
104 /* Add all other certificates */
105 if(ca) {
106 for(i = 0; i < sk_X509_num(ca); i++) {
107 tcert = sk_X509_value(ca, i);
108 if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
109 if(!sk_push(bags, (char *)bag)) {
110 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
111 return NULL;
112 }
113 }
114 }
115
116 /* Turn certbags into encrypted authsafe */
117 authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
118 iter, bags);
119 sk_pop_free(bags, PKCS12_SAFEBAG_free);
120
121 if (!authsafe) return NULL;
122
123 if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) {
124 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
125 return NULL;
126 }
127
128 /* Make a shrouded key bag */
129 if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
130 if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
131 bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
132 if(!bag) return NULL;
133 PKCS8_PRIV_KEY_INFO_free(p8);
134 if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
135 if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
136 if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) {
137 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
138 return NULL;
139 }
140 /* Turn it into unencrypted safe bag */
141 if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
142 sk_pop_free(bags, PKCS12_SAFEBAG_free);
143 if(!sk_push(safes, (char *)authsafe)) {
144 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
145 return NULL;
146 }
147
148 if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
149
150 if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;
151
152 sk_pop_free(safes, PKCS7_free);
153
154 if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
155 return NULL;
156
157 return p12;
158
159}
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
deleted file mode 100644
index 4be44eac50..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ /dev/null
@@ -1,185 +0,0 @@
1/* p12_decr.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Define this to dump decrypted output to files called DERnnn */
64/*#define DEBUG_DECRYPT*/
65
66
67/* Encrypt/Decrypt a buffer based on password and algor, result in a
68 * Malloc'ed buffer
69 */
70
71unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
72 int passlen, unsigned char *in, int inlen, unsigned char **data,
73 int *datalen, int en_de)
74{
75 unsigned char *out;
76 int outlen, i;
77 EVP_CIPHER_CTX ctx;
78
79 /* Decrypt data */
80 if (!EVP_PBE_CipherInit (algor->algorithm, pass, passlen,
81 algor->parameter, &ctx, en_de)) {
82 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
83 return NULL;
84 }
85
86 if(!(out = Malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
87 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
88 return NULL;
89 }
90
91 EVP_CipherUpdate (&ctx, out, &i, in, inlen);
92 outlen = i;
93 if(!EVP_CipherFinal (&ctx, out + i, &i)) {
94 Free (out);
95 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
96 return NULL;
97 }
98 outlen += i;
99 if (datalen) *datalen = outlen;
100 if (data) *data = out;
101 return out;
102
103}
104
105/* Decrypt an OCTET STRING and decode ASN1 structure
106 * if seq & 1 'obj' is a stack of structures to be encoded
107 * if seq & 2 zero buffer after use
108 * as a sequence.
109 */
110
111char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
112 void (*free_func)(), const char *pass, int passlen,
113 ASN1_OCTET_STRING *oct, int seq)
114{
115 unsigned char *out, *p;
116 char *ret;
117 int outlen;
118
119 if (!PKCS12_pbe_crypt (algor, pass, passlen, oct->data, oct->length,
120 &out, &outlen, 0)) {
121 PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
122 return NULL;
123 }
124 p = out;
125#ifdef DEBUG_DECRYPT
126 {
127 FILE *op;
128
129 char fname[30];
130 static int fnm = 1;
131 sprintf(fname, "DER%d", fnm++);
132 op = fopen(fname, "wb");
133 fwrite (p, 1, outlen, op);
134 fclose(op);
135 }
136#endif
137 if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
138 free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
139 else ret = d2i(NULL, &p, outlen);
140 if (seq & 2) memset(out, 0, outlen);
141 if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
142 Free (out);
143 return ret;
144}
145
146/* Encode ASN1 structure and encrypt, return OCTET STRING
147 * if 'seq' is non-zero 'obj' is a stack of structures to be encoded
148 * as a sequence
149 */
150
151ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(),
152 const char *pass, int passlen,
153 char *obj, int seq)
154{
155 ASN1_OCTET_STRING *oct;
156 unsigned char *in, *p;
157 int inlen;
158 if (!(oct = M_ASN1_OCTET_STRING_new ())) {
159 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
160 return NULL;
161 }
162 if (seq) inlen = i2d_ASN1_SET((STACK *)obj, NULL, i2d, V_ASN1_SEQUENCE,
163 V_ASN1_UNIVERSAL, IS_SEQUENCE);
164 else inlen = i2d (obj, NULL);
165 if (!inlen) {
166 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
167 return NULL;
168 }
169 if (!(in = Malloc (inlen))) {
170 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
171 return NULL;
172 }
173 p = in;
174 if (seq) i2d_ASN1_SET((STACK *)obj, &p, i2d, V_ASN1_SEQUENCE,
175 V_ASN1_UNIVERSAL, IS_SEQUENCE);
176 else i2d (obj, &p);
177 if (!PKCS12_pbe_crypt (algor, pass, passlen, in, inlen, &oct->data,
178 &oct->length, 1)) {
179 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
180 Free(in);
181 return NULL;
182 }
183 Free (in);
184 return oct;
185}
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
deleted file mode 100644
index d5d4884c82..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ /dev/null
@@ -1,98 +0,0 @@
1/* p12_init.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Initialise a PKCS12 structure to take data */
64
65PKCS12 *PKCS12_init (int mode)
66{
67 PKCS12 *pkcs12;
68 if (!(pkcs12 = PKCS12_new())) {
69 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
70 return NULL;
71 }
72 if (!(pkcs12->version = M_ASN1_INTEGER_new ())) {
73 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
74 return NULL;
75 }
76 ASN1_INTEGER_set(pkcs12->version, 3);
77 if (!(pkcs12->authsafes = PKCS7_new())) {
78 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
79 return NULL;
80 }
81 pkcs12->authsafes->type = OBJ_nid2obj(mode);
82 switch (mode) {
83 case NID_pkcs7_data:
84 if (!(pkcs12->authsafes->d.data =
85 M_ASN1_OCTET_STRING_new())) {
86 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 break;
90 default:
91 PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE);
92 PKCS12_free(pkcs12);
93 return NULL;
94 break;
95 }
96
97 return pkcs12;
98}
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
deleted file mode 100644
index b364671ed2..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ /dev/null
@@ -1,189 +0,0 @@
1/* p12_key.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63
64/* Uncomment out this line to get debugging info about key generation */
65/*#define DEBUG_KEYGEN*/
66#ifdef DEBUG_KEYGEN
67#include <openssl/bio.h>
68extern BIO *bio_err;
69void h__dump (unsigned char *p, int len);
70#endif
71
72/* PKCS12 compatible key/IV generation */
73#ifndef min
74#define min(a,b) ((a) < (b) ? (a) : (b))
75#endif
76
77int PKCS12_key_gen_asc (const char *pass, int passlen, unsigned char *salt,
78 int saltlen, int id, int iter, int n, unsigned char *out,
79 const EVP_MD *md_type)
80{
81 int ret;
82 unsigned char *unipass;
83 int uniplen;
84 if (!asc2uni (pass, &unipass, &uniplen)) {
85 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
86 return 0;
87 }
88 ret = PKCS12_key_gen_uni (unipass, uniplen, salt, saltlen,
89 id, iter, n, out, md_type);
90 memset(unipass, 0, uniplen); /* Clear password from memory */
91 Free(unipass);
92 return ret;
93}
94
95int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
96 int saltlen, int id, int iter, int n, unsigned char *out,
97 const EVP_MD *md_type)
98{
99 unsigned char *B, *D, *I, *p, *Ai;
100 int Slen, Plen, Ilen;
101 int i, j, u, v;
102 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
103 EVP_MD_CTX ctx;
104#ifdef DEBUG_KEYGEN
105 unsigned char *tmpout = out;
106 int tmpn = n;
107#endif
108
109 if (!pass) {
110 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
111 return 0;
112 }
113
114#ifdef DEBUG_KEYGEN
115 fprintf(stderr, "KEYGEN DEBUG\n");
116 fprintf(stderr, "ID %d, ITER %d\n", id, iter);
117 fprintf(stderr, "Password (length %d):\n", passlen);
118 h__dump(pass, passlen);
119 fprintf(stderr, "Salt (length %d):\n", saltlen);
120 h__dump(salt, saltlen);
121#endif
122 v = EVP_MD_block_size (md_type);
123 u = EVP_MD_size (md_type);
124 D = Malloc (v);
125 Ai = Malloc (u);
126 B = Malloc (v + 1);
127 Slen = v * ((saltlen+v-1)/v);
128 Plen = v * ((passlen+v-1)/v);
129 Ilen = Slen + Plen;
130 I = Malloc (Ilen);
131 Ij = BN_new();
132 Bpl1 = BN_new();
133 if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
134 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
135 return 0;
136 }
137 for (i = 0; i < v; i++) D[i] = id;
138 p = I;
139 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
140 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
141 for (;;) {
142 EVP_DigestInit (&ctx, md_type);
143 EVP_DigestUpdate (&ctx, D, v);
144 EVP_DigestUpdate (&ctx, I, Ilen);
145 EVP_DigestFinal (&ctx, Ai, NULL);
146 for (j = 1; j < iter; j++) {
147 EVP_DigestInit (&ctx, md_type);
148 EVP_DigestUpdate (&ctx, Ai, u);
149 EVP_DigestFinal (&ctx, Ai, NULL);
150 }
151 memcpy (out, Ai, min (n, u));
152 if (u >= n) {
153 Free (Ai);
154 Free (B);
155 Free (D);
156 Free (I);
157 BN_free (Ij);
158 BN_free (Bpl1);
159#ifdef DEBUG_KEYGEN
160 fprintf(stderr, "Output KEY (length %d)\n", tmpn);
161 h__dump(tmpout, tmpn);
162#endif
163 return 1;
164 }
165 n -= u;
166 out += u;
167 for (j = 0; j < v; j++) B[j] = Ai[j % u];
168 /* Work out B + 1 first then can use B as tmp space */
169 BN_bin2bn (B, v, Bpl1);
170 BN_add_word (Bpl1, 1);
171 for (j = 0; j < Ilen ; j+=v) {
172 BN_bin2bn (I + j, v, Ij);
173 BN_add (Ij, Ij, Bpl1);
174 BN_bn2bin (Ij, B);
175 /* If more than 2^(v*8) - 1 cut off MSB */
176 if (BN_num_bytes (Ij) > v) {
177 BN_bn2bin (Ij, B);
178 memcpy (I + j, B + 1, v);
179 } else BN_bn2bin (Ij, I + j);
180 }
181 }
182}
183#ifdef DEBUG_KEYGEN
184void h__dump (unsigned char *p, int len)
185{
186 for (; len --; p++) fprintf(stderr, "%02X", *p);
187 fprintf(stderr, "\n");
188}
189#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
deleted file mode 100644
index ee257ffbad..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ /dev/null
@@ -1,254 +0,0 @@
1/* p12_kiss.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Simplified PKCS#12 routines */
64
65static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
66 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
67
68static int parse_bags( STACK *bags, const char *pass, int passlen,
69 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
70 ASN1_OCTET_STRING **keyid, char *keymatch);
71
72static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
73 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
74 ASN1_OCTET_STRING **keyid, char *keymatch);
75
76/* Parse and decrypt a PKCS#12 structure returning user key, user cert
77 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
78 * or it should point to a valid STACK structure. pkey and cert can be
79 * passed unitialised.
80 */
81
82int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
83 STACK_OF(X509) **ca)
84{
85
86 /* Check for NULL PKCS12 structure */
87
88 if(!p12)
89 {
90 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
91 return 0;
92 }
93
94 /* Allocate stack for ca certificates if needed */
95 if ((ca != NULL) && (*ca == NULL))
96 {
97 if (!(*ca = sk_X509_new(NULL)))
98 {
99 PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
100 return 0;
101 }
102 }
103
104 if(pkey) *pkey = NULL;
105 if(cert) *cert = NULL;
106
107 /* Check the mac */
108
109 if (!PKCS12_verify_mac (p12, pass, -1))
110 {
111 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
112 goto err;
113 }
114
115 if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
116 {
117 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
118 goto err;
119 }
120
121 return 1;
122
123 err:
124
125 if (pkey && *pkey) EVP_PKEY_free (*pkey);
126 if (cert && *cert) X509_free (*cert);
127 if (ca) sk_X509_pop_free (*ca, X509_free);
128 return 0;
129
130}
131
132/* Parse the outer PKCS#12 structure */
133
134static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
135 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
136{
137 STACK *asafes, *bags;
138 int i, bagnid;
139 PKCS7 *p7;
140 ASN1_OCTET_STRING *keyid = NULL;
141 char keymatch = 0;
142 if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
143 for (i = 0; i < sk_num (asafes); i++) {
144 p7 = (PKCS7 *) sk_value (asafes, i);
145 bagnid = OBJ_obj2nid (p7->type);
146 if (bagnid == NID_pkcs7_data) {
147 bags = M_PKCS12_unpack_p7data (p7);
148 } else if (bagnid == NID_pkcs7_encrypted) {
149 bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
150 } else continue;
151 if (!bags) {
152 sk_pop_free (asafes, PKCS7_free);
153 return 0;
154 }
155 if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
156 &keyid, &keymatch)) {
157 sk_pop_free(bags, PKCS12_SAFEBAG_free);
158 sk_pop_free(asafes, PKCS7_free);
159 return 0;
160 }
161 sk_pop_free(bags, PKCS12_SAFEBAG_free);
162 }
163 sk_pop_free(asafes, PKCS7_free);
164 if (keyid) M_ASN1_OCTET_STRING_free(keyid);
165 return 1;
166}
167
168
169static int parse_bags (STACK *bags, const char *pass, int passlen,
170 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
171 ASN1_OCTET_STRING **keyid, char *keymatch)
172{
173 int i;
174 for (i = 0; i < sk_num(bags); i++) {
175 if (!parse_bag((PKCS12_SAFEBAG *)sk_value (bags, i),
176 pass, passlen, pkey, cert, ca, keyid,
177 keymatch)) return 0;
178 }
179 return 1;
180}
181
182#define MATCH_KEY 0x1
183#define MATCH_CERT 0x2
184#define MATCH_ALL 0x3
185
186static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
187 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
188 ASN1_OCTET_STRING **keyid,
189 char *keymatch)
190{
191 PKCS8_PRIV_KEY_INFO *p8;
192 X509 *x509;
193 ASN1_OCTET_STRING *lkey = NULL;
194 ASN1_TYPE *attrib;
195
196
197 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
198 lkey = attrib->value.octet_string;
199
200 /* Check for any local key id matching (if needed) */
201 if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
202 if (*keyid) {
203 if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
204 } else {
205 if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
206 PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
207 return 0;
208 }
209 }
210 }
211
212 switch (M_PKCS12_bag_type(bag))
213 {
214 case NID_keyBag:
215 if (!lkey || !pkey) return 1;
216 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
217 *keymatch |= MATCH_KEY;
218 break;
219
220 case NID_pkcs8ShroudedKeyBag:
221 if (!lkey || !pkey) return 1;
222 if (!(p8 = M_PKCS12_decrypt_skey(bag, pass, passlen)))
223 return 0;
224 *pkey = EVP_PKCS82PKEY(p8);
225 PKCS8_PRIV_KEY_INFO_free(p8);
226 if (!(*pkey)) return 0;
227 *keymatch |= MATCH_KEY;
228 break;
229
230 case NID_certBag:
231 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
232 return 1;
233 if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
234 if (lkey) {
235 *keymatch |= MATCH_CERT;
236 if (cert) *cert = x509;
237 } else {
238 if(ca) sk_X509_push (*ca, x509);
239 else X509_free(x509);
240 }
241 break;
242
243 case NID_safeContentsBag:
244 return parse_bags(bag->value.safes, pass, passlen,
245 pkey, cert, ca, keyid, keymatch);
246 break;
247
248 default:
249 return 1;
250 break;
251 }
252 return 1;
253}
254
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
deleted file mode 100644
index 369257ed4c..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ /dev/null
@@ -1,173 +0,0 @@
1/* p12_mutl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef NO_HMAC
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/hmac.h>
63#include <openssl/rand.h>
64#include <openssl/pkcs12.h>
65
66/* Generate a MAC */
67int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
68 unsigned char *mac, unsigned int *maclen)
69{
70 const EVP_MD *md_type;
71 HMAC_CTX hmac;
72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
73 int saltlen, iter;
74 salt = p12->mac->salt->data;
75 saltlen = p12->mac->salt->length;
76 if (!p12->mac->iter) iter = 1;
77 else iter = ASN1_INTEGER_get (p12->mac->iter);
78 if(!(md_type =
79 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
80 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
81 return 0;
82 }
83 if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
84 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
85 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
86 return 0;
87 }
88 HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type);
89 HMAC_Update (&hmac, p12->authsafes->d.data->data,
90 p12->authsafes->d.data->length);
91 HMAC_Final (&hmac, mac, maclen);
92 return 1;
93}
94
95/* Verify the mac */
96int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
97{
98 unsigned char mac[EVP_MAX_MD_SIZE];
99 unsigned int maclen;
100 if(p12->mac == NULL) {
101 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
102 return 0;
103 }
104 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
105 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
106 return 0;
107 }
108 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
109 || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) {
110 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_VERIFY_ERROR);
111 return 0;
112 }
113 return 1;
114}
115
116/* Set a mac */
117
118int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
119 unsigned char *salt, int saltlen, int iter, EVP_MD *md_type)
120{
121 unsigned char mac[EVP_MAX_MD_SIZE];
122 unsigned int maclen;
123
124 if (!md_type) md_type = EVP_sha1();
125 if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
126 PKCS12_ERROR) {
127 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
128 return 0;
129 }
130 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
131 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
132 return 0;
133 }
134 if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
135 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
136 return 0;
137 }
138 return 1;
139}
140
141/* Set up a mac structure */
142int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
143 EVP_MD *md_type)
144{
145 if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
146 if (iter > 1) {
147 if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
148 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
149 return 0;
150 }
151 ASN1_INTEGER_set(p12->mac->iter, iter);
152 }
153 if (!saltlen) saltlen = PKCS12_SALT_LEN;
154 p12->mac->salt->length = saltlen;
155 if (!(p12->mac->salt->data = Malloc (saltlen))) {
156 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 if (!salt) {
160 if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
161 return 0;
162 }
163 else memcpy (p12->mac->salt->data, salt, saltlen);
164 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
165 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
166 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
167 return 0;
168 }
169 p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
170
171 return 1;
172}
173#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
deleted file mode 100644
index ee71707e2c..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ /dev/null
@@ -1,212 +0,0 @@
1/* p12_npas.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include <openssl/pkcs12.h>
65
66/* PKCS#12 password change routine */
67
68static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
69static int newpass_bags(STACK *bags, char *oldpass, char *newpass);
70static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
71static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
72
73/*
74 * Change the password on a PKCS#12 structure.
75 */
76
77int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
78{
79
80/* Check for NULL PKCS12 structure */
81
82if(!p12) {
83 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
84 return 0;
85}
86
87/* Check the mac */
88
89if (!PKCS12_verify_mac(p12, oldpass, -1)) {
90 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
91 return 0;
92}
93
94if (!newpass_p12(p12, oldpass, newpass)) {
95 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
96 return 0;
97}
98
99return 1;
100
101}
102
103/* Parse the outer PKCS#12 structure */
104
105static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
106{
107 STACK *asafes, *newsafes, *bags;
108 int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
109 PKCS7 *p7, *p7new;
110 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
111 unsigned char mac[EVP_MAX_MD_SIZE];
112 unsigned int maclen;
113 if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
114 if(!(newsafes = sk_new(NULL))) return 0;
115 for (i = 0; i < sk_num (asafes); i++) {
116 p7 = (PKCS7 *) sk_value(asafes, i);
117 bagnid = OBJ_obj2nid(p7->type);
118 if (bagnid == NID_pkcs7_data) {
119 bags = M_PKCS12_unpack_p7data(p7);
120 } else if (bagnid == NID_pkcs7_encrypted) {
121 bags = M_PKCS12_unpack_p7encdata(p7, oldpass, -1);
122 alg_get(p7->d.encrypted->enc_data->algorithm,
123 &pbe_nid, &pbe_iter, &pbe_saltlen);
124 } else continue;
125 if (!bags) {
126 sk_pop_free(asafes, PKCS7_free);
127 return 0;
128 }
129 if (!newpass_bags(bags, oldpass, newpass)) {
130 sk_pop_free(bags, PKCS12_SAFEBAG_free);
131 sk_pop_free(asafes, PKCS7_free);
132 return 0;
133 }
134 /* Repack bag in same form with new password */
135 if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
136 else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
137 pbe_saltlen, pbe_iter, bags);
138 sk_pop_free(bags, PKCS12_SAFEBAG_free);
139 if(!p7new) {
140 sk_pop_free(asafes, PKCS7_free);
141 return 0;
142 }
143 sk_push(newsafes, (char *)p7new);
144 }
145 sk_pop_free(asafes, PKCS7_free);
146
147 /* Repack safe: save old safe in case of error */
148
149 p12_data_tmp = p12->authsafes->d.data;
150 if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
151 if(!M_PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
152
153 if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
154 if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
155 if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
156 ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
157 p12->mac->dinfo->digest = macnew;
158 ASN1_OCTET_STRING_free(p12_data_tmp);
159
160 return 1;
161
162 saferr:
163 /* Restore old safe */
164 ASN1_OCTET_STRING_free(p12->authsafes->d.data);
165 ASN1_OCTET_STRING_free(macnew);
166 p12->authsafes->d.data = p12_data_tmp;
167 return 0;
168
169}
170
171
172static int newpass_bags(STACK *bags, char *oldpass, char *newpass)
173{
174 int i;
175 for (i = 0; i < sk_num(bags); i++) {
176 if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i),
177 oldpass, newpass)) return 0;
178 }
179 return 1;
180}
181
182/* Change password of safebag: only needs handle shrouded keybags */
183
184static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
185{
186 PKCS8_PRIV_KEY_INFO *p8;
187 X509_SIG *p8new;
188 int p8_nid, p8_saltlen, p8_iter;
189
190 if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
191
192 if (!(p8 = M_PKCS12_decrypt_skey(bag, oldpass, -1))) return 0;
193 alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
194 if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
195 p8_iter, p8))) return 0;
196 X509_SIG_free(bag->value.shkeybag);
197 bag->value.shkeybag = p8new;
198 return 1;
199}
200
201static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
202{
203 PBEPARAM *pbe;
204 unsigned char *p;
205 p = alg->parameter->value.sequence->data;
206 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
207 *pnid = OBJ_obj2nid(alg->algorithm);
208 *piter = ASN1_INTEGER_get(pbe->iter);
209 *psaltlen = pbe->salt->length;
210 PBEPARAM_free(pbe);
211 return 0;
212}
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
deleted file mode 100644
index 2adcbc95e1..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ /dev/null
@@ -1,118 +0,0 @@
1/* p12_utl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Cheap and nasty Unicode stuff */
64
65unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen)
66{
67 int ulen, i;
68 unsigned char *unitmp;
69 ulen = strlen(asc)*2 + 2;
70 if (!(unitmp = Malloc (ulen))) return NULL;
71 for (i = 0; i < ulen; i+=2) {
72 unitmp[i] = 0;
73 unitmp[i + 1] = asc[i>>1];
74 }
75 if (unilen) *unilen = ulen;
76 if (uni) *uni = unitmp;
77 return unitmp;
78}
79
80char *uni2asc (unsigned char *uni, int unilen)
81{
82 int asclen, i;
83 char *asctmp;
84 asclen = unilen / 2;
85 /* If no terminating zero allow for one */
86 if (uni[unilen - 1]) asclen++;
87 uni++;
88 if (!(asctmp = Malloc (asclen))) return NULL;
89 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
90 asctmp[asclen - 1] = 0;
91 return asctmp;
92}
93
94int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
95{
96 return ASN1_i2d_bio((int(*)())i2d_PKCS12, bp, (unsigned char *)p12);
97}
98
99#ifndef NO_FP_API
100int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
101{
102 return ASN1_i2d_fp((int(*)())i2d_PKCS12, fp, (unsigned char *)p12);
103}
104#endif
105
106PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
107{
108 return (PKCS12 *)ASN1_d2i_bio((char *(*)())PKCS12_new,
109 (char *(*)())d2i_PKCS12, bp, (unsigned char **)p12);
110}
111#ifndef NO_FP_API
112PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
113{
114 return (PKCS12 *)ASN1_d2i_fp((char *(*)())PKCS12_new,
115 (char *(*)())d2i_PKCS12, fp, (unsigned char **)(p12));
116}
117#endif
118
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
deleted file mode 100644
index 12db54f49e..0000000000
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ /dev/null
@@ -1,139 +0,0 @@
1/* crypto/pkcs12/pk12err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65/* BEGIN ERROR CODES */
66#ifndef NO_ERR
67static ERR_STRING_DATA PKCS12_str_functs[]=
68 {
69{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"},
70{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"},
71{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"},
72{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"},
73{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"},
74{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"},
75{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"},
76{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"},
77{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"},
78{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"},
79{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"},
80{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
82{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
83{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
85{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
86{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
87{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"},
88{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"},
89{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"},
90{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"},
91{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"},
92{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"},
93{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"},
94{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"},
95{0,NULL}
96 };
97
98static ERR_STRING_DATA PKCS12_str_reasons[]=
99 {
100{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"},
101{PKCS12_R_DECODE_ERROR ,"decode error"},
102{PKCS12_R_ENCODE_ERROR ,"encode error"},
103{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"},
104{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
105{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
106{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"},
107{PKCS12_R_IV_GEN_ERROR ,"iv gen error"},
108{PKCS12_R_KEY_GEN_ERROR ,"key gen error"},
109{PKCS12_R_MAC_ABSENT ,"mac absent"},
110{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"},
111{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"},
112{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"},
113{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"},
114{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"},
115{PKCS12_R_PARSE_ERROR ,"parse error"},
116{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"},
117{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"},
118{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"},
119{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"},
120{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"},
121{0,NULL}
122 };
123
124#endif
125
126void ERR_load_PKCS12_strings(void)
127 {
128 static int init=1;
129
130 if (init)
131 {
132 init=0;
133#ifndef NO_ERR
134 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
135 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
136#endif
137
138 }
139 }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
deleted file mode 100644
index dad356c00f..0000000000
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,340 +0,0 @@
1/* pkcs12.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_PKCS12_H
60#define HEADER_PKCS12_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#include <openssl/bio.h>
67#include <openssl/x509.h>
68
69#define PKCS12_KEY_ID 1
70#define PKCS12_IV_ID 2
71#define PKCS12_MAC_ID 3
72
73/* Default iteration count */
74#ifndef PKCS12_DEFAULT_ITER
75#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER
76#endif
77
78#define PKCS12_MAC_KEY_LENGTH 20
79
80#define PKCS12_SALT_LEN 8
81
82/* Uncomment out next line for unicode password and names, otherwise ASCII */
83
84/*#define PBE_UNICODE*/
85
86#ifdef PBE_UNICODE
87#define PKCS12_key_gen PKCS12_key_gen_uni
88#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
89#else
90#define PKCS12_key_gen PKCS12_key_gen_asc
91#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
92#endif
93
94/* MS key usage constants */
95
96#define KEY_EX 0x10
97#define KEY_SIG 0x80
98
99typedef struct {
100X509_SIG *dinfo;
101ASN1_OCTET_STRING *salt;
102ASN1_INTEGER *iter; /* defaults to 1 */
103} PKCS12_MAC_DATA;
104
105typedef struct {
106ASN1_INTEGER *version;
107PKCS12_MAC_DATA *mac;
108PKCS7 *authsafes;
109} PKCS12;
110
111typedef struct {
112ASN1_OBJECT *type;
113union {
114 struct pkcs12_bag_st *bag; /* secret, crl and certbag */
115 struct pkcs8_priv_key_info_st *keybag; /* keybag */
116 X509_SIG *shkeybag; /* shrouded key bag */
117 STACK /* PKCS12_SAFEBAG */ *safes;
118 ASN1_TYPE *other;
119}value;
120STACK_OF(X509_ATTRIBUTE) *attrib;
121ASN1_TYPE *rest;
122} PKCS12_SAFEBAG;
123
124typedef struct pkcs12_bag_st {
125ASN1_OBJECT *type;
126union {
127 ASN1_OCTET_STRING *x509cert;
128 ASN1_OCTET_STRING *x509crl;
129 ASN1_OCTET_STRING *octet;
130 ASN1_IA5STRING *sdsicert;
131 ASN1_TYPE *other; /* Secret or other bag */
132}value;
133} PKCS12_BAGS;
134
135#define PKCS12_ERROR 0
136#define PKCS12_OK 1
137
138#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type)
139#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
140#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
141
142#define M_PKCS12_x5092certbag(x509) \
143PKCS12_pack_safebag ((char *)(x509), i2d_X509, NID_x509Certificate, NID_certBag)
144
145#define M_PKCS12_x509crl2certbag(crl) \
146PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
147
148#define M_PKCS12_certbag2x509(bg) \
149(X509 *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
150(char *(*)())d2i_X509)
151
152#define M_PKCS12_certbag2x509crl(bg) \
153(X509CRL *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
154(char *(*)())d2i_X509CRL)
155
156/*#define M_PKCS12_pkcs82rsa(p8) \
157(RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
158
159#define M_PKCS12_unpack_p7data(p7) \
160ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \
161 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
162
163#define M_PKCS12_pack_authsafes(p12, safes) \
164ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\
165 &(p12)->authsafes->d.data->data, &(p12)->authsafes->d.data->length)
166
167#define M_PKCS12_unpack_authsafes(p12) \
168ASN1_seq_unpack((p12)->authsafes->d.data->data, \
169 (p12)->authsafes->d.data->length, (char *(*)())d2i_PKCS7, \
170 PKCS7_free)
171
172#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
173(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\
174 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
175 (pass), (passlen), \
176 (p7)->d.encrypted->enc_data->enc_data, 3)
177
178#define M_PKCS12_decrypt_skey(bag, pass, passlen) \
179(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \
180(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free, \
181 (pass), (passlen), \
182 (bag)->value.shkeybag->digest, 2)
183
184#define M_PKCS8_decrypt(p8, pass, passlen) \
185(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((p8)->algor, \
186(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free,\
187 (pass), (passlen), (p8)->digest, 2)
188
189#define PKCS12_get_attr(bag, attr_nid) \
190 PKCS12_get_attr_gen(bag->attrib, attr_nid)
191
192#define PKCS8_get_attr(p8, attr_nid) \
193 PKCS12_get_attr_gen(p8->attributes, attr_nid)
194
195#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
196
197
198PKCS12_SAFEBAG *PKCS12_pack_safebag(char *obj, int (*i2d)(), int nid1, int nid2);
199PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
200X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
201 const char *pass, int passlen,
202 unsigned char *salt, int saltlen, int iter,
203 PKCS8_PRIV_KEY_INFO *p8);
204PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
205 int passlen, unsigned char *salt,
206 int saltlen, int iter,
207 PKCS8_PRIV_KEY_INFO *p8);
208PKCS7 *PKCS12_pack_p7data(STACK *sk);
209PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
210 unsigned char *salt, int saltlen, int iter,
211 STACK *bags);
212int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
213int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
214 int namelen);
215int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
216 int namelen);
217int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
218ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
219char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
220unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
221 int passlen, unsigned char *in, int inlen,
222 unsigned char **data, int *datalen, int en_de);
223char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(),
224 void (*free_func)(), const char *pass, int passlen,
225 ASN1_STRING *oct, int seq);
226ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(),
227 const char *pass, int passlen, char *obj,
228 int seq);
229PKCS12 *PKCS12_init(int mode);
230int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
231 int saltlen, int id, int iter, int n,
232 unsigned char *out, const EVP_MD *md_type);
233int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
234int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
235 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type,
236 int en_de);
237int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
238 unsigned char *mac, unsigned int *maclen);
239int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
240int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
241 unsigned char *salt, int saltlen, int iter,
242 EVP_MD *md_type);
243int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
244 int saltlen, EVP_MD *md_type);
245unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen);
246char *uni2asc(unsigned char *uni, int unilen);
247int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
248PKCS12_BAGS *PKCS12_BAGS_new(void);
249PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, unsigned char **pp, long length);
250void PKCS12_BAGS_free(PKCS12_BAGS *a);
251int i2d_PKCS12(PKCS12 *a, unsigned char **pp);
252PKCS12 *d2i_PKCS12(PKCS12 **a, unsigned char **pp, long length);
253PKCS12 *PKCS12_new(void);
254void PKCS12_free(PKCS12 *a);
255int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **pp);
256PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);
257PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, unsigned char **pp,
258 long length);
259void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
260int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp);
261PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);
262PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
263 long length);
264void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
265void ERR_load_PKCS12_strings(void);
266void PKCS12_PBE_add(void);
267int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
268 STACK_OF(X509) **ca);
269PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
270 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
271 int mac_iter, int keytype);
272int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
273int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
274PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
275PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
276int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
277
278/* BEGIN ERROR CODES */
279/* The following lines are auto generated by the script mkerr.pl. Any changes
280 * made after this point may be overwritten when the script is next run.
281 */
282
283/* Error codes for the PKCS12 functions. */
284
285/* Function codes. */
286#define PKCS12_F_PARSE_BAGS 103
287#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
288#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
289#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
290#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
291#define PKCS12_F_PKCS12_CREATE 105
292#define PKCS12_F_PKCS12_DECRYPT_D2I 106
293#define PKCS12_F_PKCS12_GEN_MAC 107
294#define PKCS12_F_PKCS12_I2D_ENCRYPT 108
295#define PKCS12_F_PKCS12_INIT 109
296#define PKCS12_F_PKCS12_KEY_GEN_ASC 110
297#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
298#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
299#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
300#define PKCS12_F_PKCS12_NEWPASS 128
301#define PKCS12_F_PKCS12_PACK_P7DATA 114
302#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
303#define PKCS12_F_PKCS12_PACK_SAFEBAG 117
304#define PKCS12_F_PKCS12_PARSE 118
305#define PKCS12_F_PKCS12_PBE_CRYPT 119
306#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
307#define PKCS12_F_PKCS12_SETUP_MAC 122
308#define PKCS12_F_PKCS12_SET_MAC 123
309#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
310#define PKCS12_F_PKCS8_ENCRYPT 125
311#define PKCS12_F_VERIFY_MAC 126
312
313/* Reason codes. */
314#define PKCS12_R_CANT_PACK_STRUCTURE 100
315#define PKCS12_R_DECODE_ERROR 101
316#define PKCS12_R_ENCODE_ERROR 102
317#define PKCS12_R_ENCRYPT_ERROR 103
318#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
319#define PKCS12_R_INVALID_NULL_ARGUMENT 104
320#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
321#define PKCS12_R_IV_GEN_ERROR 106
322#define PKCS12_R_KEY_GEN_ERROR 107
323#define PKCS12_R_MAC_ABSENT 108
324#define PKCS12_R_MAC_GENERATION_ERROR 109
325#define PKCS12_R_MAC_SETUP_ERROR 110
326#define PKCS12_R_MAC_STRING_SET_ERROR 111
327#define PKCS12_R_MAC_VERIFY_ERROR 112
328#define PKCS12_R_MAC_VERIFY_FAILURE 113
329#define PKCS12_R_PARSE_ERROR 114
330#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
331#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
332#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
333#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
334#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
335
336#ifdef __cplusplus
337}
338#endif
339#endif
340
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-05 09:24:09 +0000