summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c218
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c238
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c124
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c164
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c187
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c98
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c204
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c285
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c170
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c217
-rw-r--r--src/lib/libcrypto/pkcs12/p12_utl.c122
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c139
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h345
13 files changed, 0 insertions, 2511 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
deleted file mode 100644
index b563656895..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ /dev/null
@@ -1,218 +0,0 @@
1/* p12_add.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Pack an object into an OCTET STRING and turn into a safebag */
64
65PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
66 int nid2)
67{
68 PKCS12_BAGS *bag;
69 PKCS12_SAFEBAG *safebag;
70 if (!(bag = PKCS12_BAGS_new ())) {
71 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
72 return NULL;
73 }
74 bag->type = OBJ_nid2obj(nid1);
75 if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) {
76 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
77 return NULL;
78 }
79 if (!(safebag = PKCS12_SAFEBAG_new ())) {
80 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
81 return NULL;
82 }
83 safebag->value.bag = bag;
84 safebag->type = OBJ_nid2obj(nid2);
85 return safebag;
86}
87
88/* Turn PKCS8 object into a keybag */
89
90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
91{
92 PKCS12_SAFEBAG *bag;
93 if (!(bag = PKCS12_SAFEBAG_new())) {
94 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
95 return NULL;
96 }
97 bag->type = OBJ_nid2obj(NID_keyBag);
98 bag->value.keybag = p8;
99 return bag;
100}
101
102/* Turn PKCS8 object into a shrouded keybag */
103
104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
105 int passlen, unsigned char *salt, int saltlen, int iter,
106 PKCS8_PRIV_KEY_INFO *p8)
107{
108 PKCS12_SAFEBAG *bag;
109
110 /* Set up the safe bag */
111 if (!(bag = PKCS12_SAFEBAG_new ())) {
112 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
113 return NULL;
114 }
115
116 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
117 if (!(bag->value.shkeybag =
118 PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
119 p8))) {
120 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
121 return NULL;
122 }
123
124 return bag;
125}
126
127/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
128PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)
129{
130 PKCS7 *p7;
131 if (!(p7 = PKCS7_new())) {
132 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
133 return NULL;
134 }
135 p7->type = OBJ_nid2obj(NID_pkcs7_data);
136 if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
138 return NULL;
139 }
140
141 if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG,
142 &p7->d.data->data,
143 &p7->d.data->length)) {
144 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
145 return NULL;
146 }
147 return p7;
148}
149
150/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
151
152PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
153 unsigned char *salt, int saltlen, int iter,
154 STACK_OF(PKCS12_SAFEBAG) *bags)
155{
156 PKCS7 *p7;
157 X509_ALGOR *pbe;
158 if (!(p7 = PKCS7_new())) {
159 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
160 return NULL;
161 }
162 if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
163 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
164 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
165 return NULL;
166 }
167 if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
168 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
169 return NULL;
170 }
171 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
172 p7->d.encrypted->enc_data->algorithm = pbe;
173 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
174 if (!(p7->d.encrypted->enc_data->enc_data =
175 PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
176 (char *)bags, 1))) {
177 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
178 return NULL;
179 }
180
181 return p7;
182}
183
184X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
185 const char *pass, int passlen,
186 unsigned char *salt, int saltlen, int iter,
187 PKCS8_PRIV_KEY_INFO *p8inf)
188{
189 X509_SIG *p8;
190 X509_ALGOR *pbe;
191
192 if (!(p8 = X509_SIG_new())) {
193 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
194 goto err;
195 }
196
197 if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
198 else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
199 if(!pbe) {
200 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
201 goto err;
202 }
203 X509_ALGOR_free(p8->algor);
204 p8->algor = pbe;
205 M_ASN1_OCTET_STRING_free(p8->digest);
206 if (!(p8->digest =
207 PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
208 (char *)p8inf, 0))) {
209 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
210 goto err;
211 }
212
213 return p8;
214
215 err:
216 X509_SIG_free(p8);
217 return NULL;
218}
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
deleted file mode 100644
index a16a97d03d..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ /dev/null
@@ -1,238 +0,0 @@
1/* p12_attr.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Add a local keyid to a safebag */
64
65int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name,
66 int namelen)
67{
68 X509_ATTRIBUTE *attrib;
69 ASN1_BMPSTRING *oct;
70 ASN1_TYPE *keyid;
71 if (!(keyid = ASN1_TYPE_new ())) {
72 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
73 return 0;
74 }
75 keyid->type = V_ASN1_OCTET_STRING;
76 if (!(oct = M_ASN1_OCTET_STRING_new())) {
77 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
78 return 0;
79 }
80 if (!M_ASN1_OCTET_STRING_set(oct, name, namelen)) {
81 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
82 return 0;
83 }
84 keyid->value.octet_string = oct;
85 if (!(attrib = X509_ATTRIBUTE_new ())) {
86 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
87 return 0;
88 }
89 attrib->object = OBJ_nid2obj(NID_localKeyID);
90 if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
91 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
92 return 0;
93 }
94 sk_ASN1_TYPE_push (attrib->value.set,keyid);
95 attrib->set = 1;
96 if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
97 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
98 return 0;
99 }
100 sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
101 return 1;
102}
103
104/* Add key usage to PKCS#8 structure */
105
106int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage)
107{
108 X509_ATTRIBUTE *attrib;
109 ASN1_BIT_STRING *bstr;
110 ASN1_TYPE *keyid;
111 unsigned char us_val;
112 us_val = (unsigned char) usage;
113 if (!(keyid = ASN1_TYPE_new ())) {
114 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
115 return 0;
116 }
117 keyid->type = V_ASN1_BIT_STRING;
118 if (!(bstr = M_ASN1_BIT_STRING_new())) {
119 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
120 return 0;
121 }
122 if (!M_ASN1_BIT_STRING_set(bstr, &us_val, 1)) {
123 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
124 return 0;
125 }
126 keyid->value.bit_string = bstr;
127 if (!(attrib = X509_ATTRIBUTE_new ())) {
128 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
129 return 0;
130 }
131 attrib->object = OBJ_nid2obj(NID_key_usage);
132 if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
133 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
134 return 0;
135 }
136 sk_ASN1_TYPE_push (attrib->value.set,keyid);
137 attrib->set = 1;
138 if (!p8->attributes
139 && !(p8->attributes = sk_X509_ATTRIBUTE_new_null ())) {
140 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
141 return 0;
142 }
143 sk_X509_ATTRIBUTE_push (p8->attributes, attrib);
144 return 1;
145}
146
147/* Add a friendlyname to a safebag */
148
149int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
150 int namelen)
151{
152 unsigned char *uniname;
153 int ret, unilen;
154 if (!asc2uni(name, namelen, &uniname, &unilen)) {
155 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
156 ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 ret = PKCS12_add_friendlyname_uni (bag, uniname, unilen);
160 OPENSSL_free(uniname);
161 return ret;
162}
163
164
165int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
166 const unsigned char *name, int namelen)
167{
168 X509_ATTRIBUTE *attrib;
169 ASN1_BMPSTRING *bmp;
170 ASN1_TYPE *fname;
171 /* Zap ending double null if included */
172 if(!name[namelen - 1] && !name[namelen - 2]) namelen -= 2;
173 if (!(fname = ASN1_TYPE_new ())) {
174 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
175 ERR_R_MALLOC_FAILURE);
176 return 0;
177 }
178 fname->type = V_ASN1_BMPSTRING;
179 if (!(bmp = M_ASN1_BMPSTRING_new())) {
180 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
181 ERR_R_MALLOC_FAILURE);
182 return 0;
183 }
184 if (!(bmp->data = OPENSSL_malloc (namelen))) {
185 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
186 ERR_R_MALLOC_FAILURE);
187 return 0;
188 }
189 memcpy (bmp->data, name, namelen);
190 bmp->length = namelen;
191 fname->value.bmpstring = bmp;
192 if (!(attrib = X509_ATTRIBUTE_new ())) {
193 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
194 ERR_R_MALLOC_FAILURE);
195 return 0;
196 }
197 attrib->object = OBJ_nid2obj(NID_friendlyName);
198 if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
199 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME,
200 ERR_R_MALLOC_FAILURE);
201 return 0;
202 }
203 sk_ASN1_TYPE_push (attrib->value.set,fname);
204 attrib->set = 1;
205 if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
206 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
207 ERR_R_MALLOC_FAILURE);
208 return 0;
209 }
210 sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
211 return PKCS12_OK;
212}
213
214ASN1_TYPE *PKCS12_get_attr_gen (STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
215{
216 X509_ATTRIBUTE *attrib;
217 int i;
218 if (!attrs) return NULL;
219 for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
220 attrib = sk_X509_ATTRIBUTE_value (attrs, i);
221 if (OBJ_obj2nid (attrib->object) == attr_nid) {
222 if (sk_ASN1_TYPE_num (attrib->value.set))
223 return sk_ASN1_TYPE_value(attrib->value.set, 0);
224 else return NULL;
225 }
226 }
227 return NULL;
228}
229
230char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
231{
232 ASN1_TYPE *atype;
233 if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
234 if (atype->type != V_ASN1_BMPSTRING) return NULL;
235 return uni2asc(atype->value.bmpstring->data,
236 atype->value.bmpstring->length);
237}
238
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
deleted file mode 100644
index 7b96584f07..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ /dev/null
@@ -1,124 +0,0 @@
1/* p12_crpt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* PKCS#12 specific PBE functions */
64
65void PKCS12_PBE_add(void)
66{
67#ifndef NO_RC4
68EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
69 PKCS12_PBE_keyivgen);
70EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
71 PKCS12_PBE_keyivgen);
72#endif
73#ifndef NO_DES
74EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
75 EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
76EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
77 EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
78#endif
79#ifndef NO_RC2
80EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
81 EVP_sha1(), PKCS12_PBE_keyivgen);
82EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
83 EVP_sha1(), PKCS12_PBE_keyivgen);
84#endif
85}
86
87int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
88 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
89{
90 PBEPARAM *pbe;
91 int saltlen, iter;
92 unsigned char *salt, *pbuf;
93 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
94
95 /* Extract useful info from parameter */
96 pbuf = param->value.sequence->data;
97 if (!param || (param->type != V_ASN1_SEQUENCE) ||
98 !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
99 EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
100 return 0;
101 }
102
103 if (!pbe->iter) iter = 1;
104 else iter = ASN1_INTEGER_get (pbe->iter);
105 salt = pbe->salt->data;
106 saltlen = pbe->salt->length;
107 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
108 iter, EVP_CIPHER_key_length(cipher), key, md)) {
109 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
110 PBEPARAM_free(pbe);
111 return 0;
112 }
113 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
114 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
115 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
116 PBEPARAM_free(pbe);
117 return 0;
118 }
119 PBEPARAM_free(pbe);
120 EVP_CipherInit(ctx, cipher, key, iv, en_de);
121 memset(key, 0, EVP_MAX_KEY_LENGTH);
122 memset(iv, 0, EVP_MAX_IV_LENGTH);
123 return 1;
124}
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
deleted file mode 100644
index a8f7b48882..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ /dev/null
@@ -1,164 +0,0 @@
1/* p12_crt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
64 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
65 int keytype)
66{
67 PKCS12 *p12;
68 STACK_OF(PKCS12_SAFEBAG) *bags;
69 STACK_OF(PKCS7) *safes;
70 PKCS12_SAFEBAG *bag;
71 PKCS8_PRIV_KEY_INFO *p8;
72 PKCS7 *authsafe;
73 X509 *tcert;
74 int i;
75 unsigned char keyid[EVP_MAX_MD_SIZE];
76 unsigned int keyidlen;
77
78 /* Set defaults */
79 if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
80 if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
81 if(!iter) iter = PKCS12_DEFAULT_ITER;
82 if(!mac_iter) mac_iter = 1;
83
84 if(!pkey || !cert) {
85 PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
86 return NULL;
87 }
88
89 if(!X509_check_private_key(cert, pkey)) return NULL;
90
91 if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
92 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
93 return NULL;
94 }
95
96 /* Add user certificate */
97 if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL;
98 if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
99 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
100 if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
101
102 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
103 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
104 return NULL;
105 }
106
107 /* Add all other certificates */
108 if(ca) {
109 for(i = 0; i < sk_X509_num(ca); i++) {
110 tcert = sk_X509_value(ca, i);
111 if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
112 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
113 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116 }
117 }
118
119 /* Turn certbags into encrypted authsafe */
120 authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
121 iter, bags);
122 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
123
124 if (!authsafe) return NULL;
125
126 if(!(safes = sk_PKCS7_new_null ())
127 || !sk_PKCS7_push(safes, authsafe)) {
128 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
129 return NULL;
130 }
131
132 /* Make a shrouded key bag */
133 if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
134 if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
135 bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
136 if(!bag) return NULL;
137 PKCS8_PRIV_KEY_INFO_free(p8);
138 if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
139 if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
140 if(!(bags = sk_PKCS12_SAFEBAG_new_null())
141 || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
142 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
143 return NULL;
144 }
145 /* Turn it into unencrypted safe bag */
146 if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
147 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
148 if(!sk_PKCS7_push(safes, authsafe)) {
149 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
150 return NULL;
151 }
152
153 if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
154
155 if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;
156
157 sk_PKCS7_pop_free(safes, PKCS7_free);
158
159 if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
160 return NULL;
161
162 return p12;
163
164}
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
deleted file mode 100644
index 8cd7e2f414..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ /dev/null
@@ -1,187 +0,0 @@
1/* p12_decr.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Define this to dump decrypted output to files called DERnnn */
64/*#define DEBUG_DECRYPT*/
65
66
67/* Encrypt/Decrypt a buffer based on password and algor, result in a
68 * OPENSSL_malloc'ed buffer
69 */
70
71unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
72 int passlen, unsigned char *in, int inlen, unsigned char **data,
73 int *datalen, int en_de)
74{
75 unsigned char *out;
76 int outlen, i;
77 EVP_CIPHER_CTX ctx;
78
79 /* Decrypt data */
80 if (!EVP_PBE_CipherInit (algor->algorithm, pass, passlen,
81 algor->parameter, &ctx, en_de)) {
82 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
83 return NULL;
84 }
85
86 if(!(out = OPENSSL_malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
87 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
88 return NULL;
89 }
90
91 EVP_CipherUpdate (&ctx, out, &i, in, inlen);
92 outlen = i;
93 if(!EVP_CipherFinal (&ctx, out + i, &i)) {
94 OPENSSL_free (out);
95 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
96 return NULL;
97 }
98 outlen += i;
99 if (datalen) *datalen = outlen;
100 if (data) *data = out;
101 return out;
102
103}
104
105/* Decrypt an OCTET STRING and decode ASN1 structure
106 * if seq & 1 'obj' is a stack of structures to be encoded
107 * if seq & 2 zero buffer after use
108 * as a sequence.
109 */
110
111char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
112 void (*free_func)(void *), const char *pass, int passlen,
113 ASN1_OCTET_STRING *oct, int seq)
114{
115 unsigned char *out, *p;
116 char *ret;
117 int outlen;
118
119 if (!PKCS12_pbe_crypt (algor, pass, passlen, oct->data, oct->length,
120 &out, &outlen, 0)) {
121 PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
122 return NULL;
123 }
124 p = out;
125#ifdef DEBUG_DECRYPT
126 {
127 FILE *op;
128
129 char fname[30];
130 static int fnm = 1;
131 sprintf(fname, "DER%d", fnm++);
132 op = fopen(fname, "wb");
133 fwrite (p, 1, outlen, op);
134 fclose(op);
135 }
136#endif
137 if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
138 free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
139 else ret = d2i(NULL, &p, outlen);
140 if (seq & 2) memset(out, 0, outlen);
141 if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
142 OPENSSL_free (out);
143 return ret;
144}
145
146/* Encode ASN1 structure and encrypt, return OCTET STRING
147 * if 'seq' is non-zero 'obj' is a stack of structures to be encoded
148 * as a sequence
149 */
150
151ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(),
152 const char *pass, int passlen,
153 char *obj, int seq)
154{
155 ASN1_OCTET_STRING *oct;
156 unsigned char *in, *p;
157 int inlen;
158 if (!(oct = M_ASN1_OCTET_STRING_new ())) {
159 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
160 return NULL;
161 }
162 if (seq) inlen = i2d_ASN1_SET((STACK *)obj, NULL, i2d, V_ASN1_SEQUENCE,
163 V_ASN1_UNIVERSAL, IS_SEQUENCE);
164 else inlen = i2d (obj, NULL);
165 if (!inlen) {
166 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
167 return NULL;
168 }
169 if (!(in = OPENSSL_malloc (inlen))) {
170 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
171 return NULL;
172 }
173 p = in;
174 if (seq) i2d_ASN1_SET((STACK *)obj, &p, i2d, V_ASN1_SEQUENCE,
175 V_ASN1_UNIVERSAL, IS_SEQUENCE);
176 else i2d (obj, &p);
177 if (!PKCS12_pbe_crypt (algor, pass, passlen, in, inlen, &oct->data,
178 &oct->length, 1)) {
179 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
180 OPENSSL_free(in);
181 return NULL;
182 }
183 OPENSSL_free (in);
184 return oct;
185}
186
187IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
deleted file mode 100644
index d5d4884c82..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ /dev/null
@@ -1,98 +0,0 @@
1/* p12_init.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Initialise a PKCS12 structure to take data */
64
65PKCS12 *PKCS12_init (int mode)
66{
67 PKCS12 *pkcs12;
68 if (!(pkcs12 = PKCS12_new())) {
69 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
70 return NULL;
71 }
72 if (!(pkcs12->version = M_ASN1_INTEGER_new ())) {
73 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
74 return NULL;
75 }
76 ASN1_INTEGER_set(pkcs12->version, 3);
77 if (!(pkcs12->authsafes = PKCS7_new())) {
78 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
79 return NULL;
80 }
81 pkcs12->authsafes->type = OBJ_nid2obj(mode);
82 switch (mode) {
83 case NID_pkcs7_data:
84 if (!(pkcs12->authsafes->d.data =
85 M_ASN1_OCTET_STRING_new())) {
86 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 break;
90 default:
91 PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE);
92 PKCS12_free(pkcs12);
93 return NULL;
94 break;
95 }
96
97 return pkcs12;
98}
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
deleted file mode 100644
index a4fd5b98ec..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ /dev/null
@@ -1,204 +0,0 @@
1/* p12_key.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63
64/* Uncomment out this line to get debugging info about key generation */
65/*#define DEBUG_KEYGEN*/
66#ifdef DEBUG_KEYGEN
67#include <openssl/bio.h>
68extern BIO *bio_err;
69void h__dump (unsigned char *p, int len);
70#endif
71
72/* PKCS12 compatible key/IV generation */
73#ifndef min
74#define min(a,b) ((a) < (b) ? (a) : (b))
75#endif
76
77int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
78 int saltlen, int id, int iter, int n, unsigned char *out,
79 const EVP_MD *md_type)
80{
81 int ret;
82 unsigned char *unipass;
83 int uniplen;
84 if(!pass) {
85 unipass = NULL;
86 uniplen = 0;
87 } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
88 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
89 return 0;
90 }
91 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
92 id, iter, n, out, md_type);
93 if(unipass) {
94 memset(unipass, 0, uniplen); /* Clear password from memory */
95 OPENSSL_free(unipass);
96 }
97 return ret;
98}
99
100int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
101 int saltlen, int id, int iter, int n, unsigned char *out,
102 const EVP_MD *md_type)
103{
104 unsigned char *B, *D, *I, *p, *Ai;
105 int Slen, Plen, Ilen, Ijlen;
106 int i, j, u, v;
107 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
108 EVP_MD_CTX ctx;
109#ifdef DEBUG_KEYGEN
110 unsigned char *tmpout = out;
111 int tmpn = n;
112#endif
113
114#if 0
115 if (!pass) {
116 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
117 return 0;
118 }
119#endif
120
121#ifdef DEBUG_KEYGEN
122 fprintf(stderr, "KEYGEN DEBUG\n");
123 fprintf(stderr, "ID %d, ITER %d\n", id, iter);
124 fprintf(stderr, "Password (length %d):\n", passlen);
125 h__dump(pass, passlen);
126 fprintf(stderr, "Salt (length %d):\n", saltlen);
127 h__dump(salt, saltlen);
128#endif
129 v = EVP_MD_block_size (md_type);
130 u = EVP_MD_size (md_type);
131 D = OPENSSL_malloc (v);
132 Ai = OPENSSL_malloc (u);
133 B = OPENSSL_malloc (v + 1);
134 Slen = v * ((saltlen+v-1)/v);
135 if(passlen) Plen = v * ((passlen+v-1)/v);
136 else Plen = 0;
137 Ilen = Slen + Plen;
138 I = OPENSSL_malloc (Ilen);
139 Ij = BN_new();
140 Bpl1 = BN_new();
141 if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
142 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
143 return 0;
144 }
145 for (i = 0; i < v; i++) D[i] = id;
146 p = I;
147 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
148 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
149 for (;;) {
150 EVP_DigestInit (&ctx, md_type);
151 EVP_DigestUpdate (&ctx, D, v);
152 EVP_DigestUpdate (&ctx, I, Ilen);
153 EVP_DigestFinal (&ctx, Ai, NULL);
154 for (j = 1; j < iter; j++) {
155 EVP_DigestInit (&ctx, md_type);
156 EVP_DigestUpdate (&ctx, Ai, u);
157 EVP_DigestFinal (&ctx, Ai, NULL);
158 }
159 memcpy (out, Ai, min (n, u));
160 if (u >= n) {
161 OPENSSL_free (Ai);
162 OPENSSL_free (B);
163 OPENSSL_free (D);
164 OPENSSL_free (I);
165 BN_free (Ij);
166 BN_free (Bpl1);
167#ifdef DEBUG_KEYGEN
168 fprintf(stderr, "Output KEY (length %d)\n", tmpn);
169 h__dump(tmpout, tmpn);
170#endif
171 return 1;
172 }
173 n -= u;
174 out += u;
175 for (j = 0; j < v; j++) B[j] = Ai[j % u];
176 /* Work out B + 1 first then can use B as tmp space */
177 BN_bin2bn (B, v, Bpl1);
178 BN_add_word (Bpl1, 1);
179 for (j = 0; j < Ilen ; j+=v) {
180 BN_bin2bn (I + j, v, Ij);
181 BN_add (Ij, Ij, Bpl1);
182 BN_bn2bin (Ij, B);
183 Ijlen = BN_num_bytes (Ij);
184 /* If more than 2^(v*8) - 1 cut off MSB */
185 if (Ijlen > v) {
186 BN_bn2bin (Ij, B);
187 memcpy (I + j, B + 1, v);
188#ifndef PKCS12_BROKEN_KEYGEN
189 /* If less than v bytes pad with zeroes */
190 } else if (Ijlen < v) {
191 memset(I + j, 0, v - Ijlen);
192 BN_bn2bin(Ij, I + j + v - Ijlen);
193#endif
194 } else BN_bn2bin (Ij, I + j);
195 }
196 }
197}
198#ifdef DEBUG_KEYGEN
199void h__dump (unsigned char *p, int len)
200{
201 for (; len --; p++) fprintf(stderr, "%02X", *p);
202 fprintf(stderr, "\n");
203}
204#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
deleted file mode 100644
index 5d67f19b45..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ /dev/null
@@ -1,285 +0,0 @@
1/* p12_kiss.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Simplified PKCS#12 routines */
64
65static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
66 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
67
68static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
69 int passlen, EVP_PKEY **pkey, X509 **cert,
70 STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
71 char *keymatch);
72
73static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
74 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
75 ASN1_OCTET_STRING **keyid, char *keymatch);
76
77/* Parse and decrypt a PKCS#12 structure returning user key, user cert
78 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
79 * or it should point to a valid STACK structure. pkey and cert can be
80 * passed unitialised.
81 */
82
83int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
84 STACK_OF(X509) **ca)
85{
86
87 /* Check for NULL PKCS12 structure */
88
89 if(!p12) {
90 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
91 return 0;
92 }
93
94 /* Allocate stack for ca certificates if needed */
95 if ((ca != NULL) && (*ca == NULL)) {
96 if (!(*ca = sk_X509_new_null())) {
97 PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
98 return 0;
99 }
100 }
101
102 if(pkey) *pkey = NULL;
103 if(cert) *cert = NULL;
104
105 /* Check the mac */
106
107 /* If password is zero length or NULL then try verifying both cases
108 * to determine which password is correct. The reason for this is that
109 * under PKCS#12 password based encryption no password and a zero length
110 * password are two different things...
111 */
112
113 if(!pass || !*pass) {
114 if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
115 else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
116 else {
117 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
118 goto err;
119 }
120 } else if (!PKCS12_verify_mac(p12, pass, -1)) {
121 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
122 goto err;
123 }
124
125 if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
126 {
127 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
128 goto err;
129 }
130
131 return 1;
132
133 err:
134
135 if (pkey && *pkey) EVP_PKEY_free(*pkey);
136 if (cert && *cert) X509_free(*cert);
137 if (ca) sk_X509_pop_free(*ca, X509_free);
138 return 0;
139
140}
141
142/* Parse the outer PKCS#12 structure */
143
144static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
145 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
146{
147 STACK_OF(PKCS7) *asafes;
148 STACK_OF(PKCS12_SAFEBAG) *bags;
149 int i, bagnid;
150 PKCS7 *p7;
151 ASN1_OCTET_STRING *keyid = NULL;
152
153 char keymatch = 0;
154 if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
155 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
156 p7 = sk_PKCS7_value (asafes, i);
157 bagnid = OBJ_obj2nid (p7->type);
158 if (bagnid == NID_pkcs7_data) {
159 bags = M_PKCS12_unpack_p7data(p7);
160 } else if (bagnid == NID_pkcs7_encrypted) {
161 bags = M_PKCS12_unpack_p7encdata(p7, pass, passlen);
162 } else continue;
163 if (!bags) {
164 sk_PKCS7_pop_free(asafes, PKCS7_free);
165 return 0;
166 }
167 if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
168 &keyid, &keymatch)) {
169 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
170 sk_PKCS7_pop_free(asafes, PKCS7_free);
171 return 0;
172 }
173 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
174 }
175 sk_PKCS7_pop_free(asafes, PKCS7_free);
176 if (keyid) M_ASN1_OCTET_STRING_free(keyid);
177 return 1;
178}
179
180
181static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
182 int passlen, EVP_PKEY **pkey, X509 **cert,
183 STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
184 char *keymatch)
185{
186 int i;
187 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
188 if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
189 pass, passlen, pkey, cert, ca, keyid,
190 keymatch)) return 0;
191 }
192 return 1;
193}
194
195#define MATCH_KEY 0x1
196#define MATCH_CERT 0x2
197#define MATCH_ALL 0x3
198
199static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
200 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
201 ASN1_OCTET_STRING **keyid,
202 char *keymatch)
203{
204 PKCS8_PRIV_KEY_INFO *p8;
205 X509 *x509;
206 ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
207 ASN1_TYPE *attrib;
208 ASN1_BMPSTRING *fname = NULL;
209
210 if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
211 fname = attrib->value.bmpstring;
212
213 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
214 lkey = attrib->value.octet_string;
215 ckid = lkey;
216 }
217
218 /* Check for any local key id matching (if needed) */
219 if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
220 if (*keyid) {
221 if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
222 } else {
223 if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
224 PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
225 return 0;
226 }
227 }
228 }
229
230 switch (M_PKCS12_bag_type(bag))
231 {
232 case NID_keyBag:
233 if (!lkey || !pkey) return 1;
234 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
235 *keymatch |= MATCH_KEY;
236 break;
237
238 case NID_pkcs8ShroudedKeyBag:
239 if (!lkey || !pkey) return 1;
240 if (!(p8 = M_PKCS12_decrypt_skey(bag, pass, passlen)))
241 return 0;
242 *pkey = EVP_PKCS82PKEY(p8);
243 PKCS8_PRIV_KEY_INFO_free(p8);
244 if (!(*pkey)) return 0;
245 *keymatch |= MATCH_KEY;
246 break;
247
248 case NID_certBag:
249 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
250 return 1;
251 if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
252 if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
253 if(fname) {
254 int len;
255 unsigned char *data;
256 len = ASN1_STRING_to_UTF8(&data, fname);
257 if(len > 0) {
258 X509_alias_set1(x509, data, len);
259 OPENSSL_free(data);
260 }
261 }
262
263
264 if (lkey) {
265 *keymatch |= MATCH_CERT;
266 if (cert) *cert = x509;
267 else X509_free(x509);
268 } else {
269 if(ca) sk_X509_push (*ca, x509);
270 else X509_free(x509);
271 }
272 break;
273
274 case NID_safeContentsBag:
275 return parse_bags(bag->value.safes, pass, passlen,
276 pkey, cert, ca, keyid, keymatch);
277 break;
278
279 default:
280 return 1;
281 break;
282 }
283 return 1;
284}
285
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
deleted file mode 100644
index 13d866da51..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ /dev/null
@@ -1,170 +0,0 @@
1/* p12_mutl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef NO_HMAC
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/hmac.h>
63#include <openssl/rand.h>
64#include <openssl/pkcs12.h>
65
66/* Generate a MAC */
67int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
68 unsigned char *mac, unsigned int *maclen)
69{
70 const EVP_MD *md_type;
71 HMAC_CTX hmac;
72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
73 int saltlen, iter;
74 salt = p12->mac->salt->data;
75 saltlen = p12->mac->salt->length;
76 if (!p12->mac->iter) iter = 1;
77 else iter = ASN1_INTEGER_get (p12->mac->iter);
78 if(!(md_type =
79 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
80 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
81 return 0;
82 }
83 if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
84 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
85 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
86 return 0;
87 }
88 HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type);
89 HMAC_Update (&hmac, p12->authsafes->d.data->data,
90 p12->authsafes->d.data->length);
91 HMAC_Final (&hmac, mac, maclen);
92 return 1;
93}
94
95/* Verify the mac */
96int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
97{
98 unsigned char mac[EVP_MAX_MD_SIZE];
99 unsigned int maclen;
100 if(p12->mac == NULL) {
101 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
102 return 0;
103 }
104 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
105 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
106 return 0;
107 }
108 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
109 || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
110 return 1;
111}
112
113/* Set a mac */
114
115int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
116 unsigned char *salt, int saltlen, int iter, EVP_MD *md_type)
117{
118 unsigned char mac[EVP_MAX_MD_SIZE];
119 unsigned int maclen;
120
121 if (!md_type) md_type = EVP_sha1();
122 if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
123 PKCS12_ERROR) {
124 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
125 return 0;
126 }
127 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
128 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
129 return 0;
130 }
131 if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
132 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
133 return 0;
134 }
135 return 1;
136}
137
138/* Set up a mac structure */
139int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
140 EVP_MD *md_type)
141{
142 if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
143 if (iter > 1) {
144 if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
145 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
146 return 0;
147 }
148 ASN1_INTEGER_set(p12->mac->iter, iter);
149 }
150 if (!saltlen) saltlen = PKCS12_SALT_LEN;
151 p12->mac->salt->length = saltlen;
152 if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
153 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
154 return 0;
155 }
156 if (!salt) {
157 if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
158 return 0;
159 }
160 else memcpy (p12->mac->salt->data, salt, saltlen);
161 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
162 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
163 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
164 return 0;
165 }
166 p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
167
168 return 1;
169}
170#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
deleted file mode 100644
index 84e31a7f21..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ /dev/null
@@ -1,217 +0,0 @@
1/* p12_npas.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include <openssl/pkcs12.h>
65
66/* PKCS#12 password change routine */
67
68static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
69static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
70 char *newpass);
71static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
72static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
73
74/*
75 * Change the password on a PKCS#12 structure.
76 */
77
78int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
79{
80
81/* Check for NULL PKCS12 structure */
82
83if(!p12) {
84 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
85 return 0;
86}
87
88/* Check the mac */
89
90if (!PKCS12_verify_mac(p12, oldpass, -1)) {
91 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
92 return 0;
93}
94
95if (!newpass_p12(p12, oldpass, newpass)) {
96 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
97 return 0;
98}
99
100return 1;
101
102}
103
104/* Parse the outer PKCS#12 structure */
105
106static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
107{
108 STACK_OF(PKCS7) *asafes, *newsafes;
109 STACK_OF(PKCS12_SAFEBAG) *bags;
110 int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
111 PKCS7 *p7, *p7new;
112 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
113 unsigned char mac[EVP_MAX_MD_SIZE];
114 unsigned int maclen;
115
116 if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
117 if(!(newsafes = sk_PKCS7_new_null())) return 0;
118 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
119 p7 = sk_PKCS7_value(asafes, i);
120 bagnid = OBJ_obj2nid(p7->type);
121 if (bagnid == NID_pkcs7_data) {
122 bags = M_PKCS12_unpack_p7data(p7);
123 } else if (bagnid == NID_pkcs7_encrypted) {
124 bags = M_PKCS12_unpack_p7encdata(p7, oldpass, -1);
125 alg_get(p7->d.encrypted->enc_data->algorithm,
126 &pbe_nid, &pbe_iter, &pbe_saltlen);
127 } else continue;
128 if (!bags) {
129 sk_PKCS7_pop_free(asafes, PKCS7_free);
130 return 0;
131 }
132 if (!newpass_bags(bags, oldpass, newpass)) {
133 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
134 sk_PKCS7_pop_free(asafes, PKCS7_free);
135 return 0;
136 }
137 /* Repack bag in same form with new password */
138 if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
139 else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
140 pbe_saltlen, pbe_iter, bags);
141 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
142 if(!p7new) {
143 sk_PKCS7_pop_free(asafes, PKCS7_free);
144 return 0;
145 }
146 sk_PKCS7_push(newsafes, p7new);
147 }
148 sk_PKCS7_pop_free(asafes, PKCS7_free);
149
150 /* Repack safe: save old safe in case of error */
151
152 p12_data_tmp = p12->authsafes->d.data;
153 if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
154 if(!M_PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
155
156 if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
157 if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
158 if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
159 ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
160 p12->mac->dinfo->digest = macnew;
161 ASN1_OCTET_STRING_free(p12_data_tmp);
162
163 return 1;
164
165 saferr:
166 /* Restore old safe */
167 ASN1_OCTET_STRING_free(p12->authsafes->d.data);
168 ASN1_OCTET_STRING_free(macnew);
169 p12->authsafes->d.data = p12_data_tmp;
170 return 0;
171
172}
173
174
175static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
176 char *newpass)
177{
178 int i;
179 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
180 if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
181 oldpass, newpass))
182 return 0;
183 }
184 return 1;
185}
186
187/* Change password of safebag: only needs handle shrouded keybags */
188
189static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
190{
191 PKCS8_PRIV_KEY_INFO *p8;
192 X509_SIG *p8new;
193 int p8_nid, p8_saltlen, p8_iter;
194
195 if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
196
197 if (!(p8 = M_PKCS12_decrypt_skey(bag, oldpass, -1))) return 0;
198 alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
199 if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
200 p8_iter, p8))) return 0;
201 X509_SIG_free(bag->value.shkeybag);
202 bag->value.shkeybag = p8new;
203 return 1;
204}
205
206static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
207{
208 PBEPARAM *pbe;
209 unsigned char *p;
210 p = alg->parameter->value.sequence->data;
211 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
212 *pnid = OBJ_obj2nid(alg->algorithm);
213 *piter = ASN1_INTEGER_get(pbe->iter);
214 *psaltlen = pbe->salt->length;
215 PBEPARAM_free(pbe);
216 return 0;
217}
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
deleted file mode 100644
index 2f1d1e534f..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ /dev/null
@@ -1,122 +0,0 @@
1/* p12_utl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Cheap and nasty Unicode stuff */
64
65unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
66{
67 int ulen, i;
68 unsigned char *unitmp;
69 if (asclen == -1) asclen = strlen(asc);
70 ulen = asclen*2 + 2;
71 if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
72 for (i = 0; i < ulen - 2; i+=2) {
73 unitmp[i] = 0;
74 unitmp[i + 1] = asc[i>>1];
75 }
76 /* Make result double null terminated */
77 unitmp[ulen - 2] = 0;
78 unitmp[ulen - 1] = 0;
79 if (unilen) *unilen = ulen;
80 if (uni) *uni = unitmp;
81 return unitmp;
82}
83
84char *uni2asc(unsigned char *uni, int unilen)
85{
86 int asclen, i;
87 char *asctmp;
88 asclen = unilen / 2;
89 /* If no terminating zero allow for one */
90 if (!unilen || uni[unilen - 1]) asclen++;
91 uni++;
92 if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
93 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
94 asctmp[asclen - 1] = 0;
95 return asctmp;
96}
97
98int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
99{
100 return ASN1_i2d_bio((int(*)())i2d_PKCS12, bp, (unsigned char *)p12);
101}
102
103#ifndef NO_FP_API
104int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
105{
106 return ASN1_i2d_fp((int(*)())i2d_PKCS12, fp, (unsigned char *)p12);
107}
108#endif
109
110PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
111{
112 return (PKCS12 *)ASN1_d2i_bio((char *(*)())PKCS12_new,
113 (char *(*)())d2i_PKCS12, bp, (unsigned char **)p12);
114}
115#ifndef NO_FP_API
116PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
117{
118 return (PKCS12 *)ASN1_d2i_fp((char *(*)())PKCS12_new,
119 (char *(*)())d2i_PKCS12, fp, (unsigned char **)(p12));
120}
121#endif
122
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
deleted file mode 100644
index 12db54f49e..0000000000
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ /dev/null
@@ -1,139 +0,0 @@
1/* crypto/pkcs12/pk12err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65/* BEGIN ERROR CODES */
66#ifndef NO_ERR
67static ERR_STRING_DATA PKCS12_str_functs[]=
68 {
69{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"},
70{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"},
71{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"},
72{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"},
73{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"},
74{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"},
75{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"},
76{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"},
77{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"},
78{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"},
79{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"},
80{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
82{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
83{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
85{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
86{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
87{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"},
88{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"},
89{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"},
90{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"},
91{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"},
92{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"},
93{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"},
94{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"},
95{0,NULL}
96 };
97
98static ERR_STRING_DATA PKCS12_str_reasons[]=
99 {
100{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"},
101{PKCS12_R_DECODE_ERROR ,"decode error"},
102{PKCS12_R_ENCODE_ERROR ,"encode error"},
103{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"},
104{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
105{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
106{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"},
107{PKCS12_R_IV_GEN_ERROR ,"iv gen error"},
108{PKCS12_R_KEY_GEN_ERROR ,"key gen error"},
109{PKCS12_R_MAC_ABSENT ,"mac absent"},
110{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"},
111{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"},
112{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"},
113{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"},
114{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"},
115{PKCS12_R_PARSE_ERROR ,"parse error"},
116{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"},
117{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"},
118{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"},
119{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"},
120{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"},
121{0,NULL}
122 };
123
124#endif
125
126void ERR_load_PKCS12_strings(void)
127 {
128 static int init=1;
129
130 if (init)
131 {
132 init=0;
133#ifndef NO_ERR
134 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
135 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
136#endif
137
138 }
139 }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
deleted file mode 100644
index e529154f26..0000000000
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,345 +0,0 @@
1/* pkcs12.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_PKCS12_H
60#define HEADER_PKCS12_H
61
62#include <openssl/bio.h>
63#include <openssl/x509.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69#define PKCS12_KEY_ID 1
70#define PKCS12_IV_ID 2
71#define PKCS12_MAC_ID 3
72
73/* Default iteration count */
74#ifndef PKCS12_DEFAULT_ITER
75#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER
76#endif
77
78#define PKCS12_MAC_KEY_LENGTH 20
79
80#define PKCS12_SALT_LEN 8
81
82/* Uncomment out next line for unicode password and names, otherwise ASCII */
83
84/*#define PBE_UNICODE*/
85
86#ifdef PBE_UNICODE
87#define PKCS12_key_gen PKCS12_key_gen_uni
88#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
89#else
90#define PKCS12_key_gen PKCS12_key_gen_asc
91#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
92#endif
93
94/* MS key usage constants */
95
96#define KEY_EX 0x10
97#define KEY_SIG 0x80
98
99typedef struct {
100X509_SIG *dinfo;
101ASN1_OCTET_STRING *salt;
102ASN1_INTEGER *iter; /* defaults to 1 */
103} PKCS12_MAC_DATA;
104
105typedef struct {
106ASN1_INTEGER *version;
107PKCS12_MAC_DATA *mac;
108PKCS7 *authsafes;
109} PKCS12;
110
111PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
112
113typedef struct {
114ASN1_OBJECT *type;
115union {
116 struct pkcs12_bag_st *bag; /* secret, crl and certbag */
117 struct pkcs8_priv_key_info_st *keybag; /* keybag */
118 X509_SIG *shkeybag; /* shrouded key bag */
119 STACK_OF(PKCS12_SAFEBAG) *safes;
120 ASN1_TYPE *other;
121}value;
122STACK_OF(X509_ATTRIBUTE) *attrib;
123ASN1_TYPE *rest;
124} PKCS12_SAFEBAG;
125
126DECLARE_STACK_OF(PKCS12_SAFEBAG)
127DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
128DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
129
130typedef struct pkcs12_bag_st {
131ASN1_OBJECT *type;
132union {
133 ASN1_OCTET_STRING *x509cert;
134 ASN1_OCTET_STRING *x509crl;
135 ASN1_OCTET_STRING *octet;
136 ASN1_IA5STRING *sdsicert;
137 ASN1_TYPE *other; /* Secret or other bag */
138}value;
139} PKCS12_BAGS;
140
141#define PKCS12_ERROR 0
142#define PKCS12_OK 1
143
144#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type)
145#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
146#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
147
148#define M_PKCS12_x5092certbag(x509) \
149PKCS12_pack_safebag((char *)(x509), i2d_X509, NID_x509Certificate, NID_certBag)
150
151#define M_PKCS12_x509crl2certbag(crl) \
152PKCS12_pack_safebag((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
153
154#define M_PKCS12_certbag2x509(bg) \
155(X509 *) ASN1_unpack_string((bg)->value.bag->value.octet, \
156(char *(*)())d2i_X509)
157
158#define M_PKCS12_certbag2x509crl(bg) \
159(X509CRL *) ASN1_unpack_string((bg)->value.bag->value.octet, \
160(char *(*)())d2i_X509CRL)
161
162/*#define M_PKCS12_pkcs82rsa(p8) \
163(RSA *) ASN1_unpack_string((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
164
165#define M_PKCS12_unpack_p7data(p7) \
166ASN1_seq_unpack_PKCS12_SAFEBAG((p7)->d.data->data, p7->d.data->length, \
167 d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
168
169#define M_PKCS12_pack_authsafes(p12, safes) \
170ASN1_seq_pack_PKCS7((safes), i2d_PKCS7,\
171 &(p12)->authsafes->d.data->data, &(p12)->authsafes->d.data->length)
172
173#define M_PKCS12_unpack_authsafes(p12) \
174ASN1_seq_unpack_PKCS7((p12)->authsafes->d.data->data, \
175 (p12)->authsafes->d.data->length, d2i_PKCS7, PKCS7_free)
176
177#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
178PKCS12_decrypt_d2i_PKCS12_SAFEBAG((p7)->d.encrypted->enc_data->algorithm,\
179 d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
180 (pass), (passlen), \
181 (p7)->d.encrypted->enc_data->enc_data, 3)
182
183#define M_PKCS12_decrypt_skey(bag, pass, passlen) \
184(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i((bag)->value.shkeybag->algor, \
185(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (void (*)(void *))PKCS8_PRIV_KEY_INFO_free, \
186 (pass), (passlen), \
187 (bag)->value.shkeybag->digest, 2)
188
189#define M_PKCS8_decrypt(p8, pass, passlen) \
190(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i((p8)->algor, \
191(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (void (*)(void *))PKCS8_PRIV_KEY_INFO_free,\
192 (pass), (passlen), (p8)->digest, 2)
193
194#define PKCS12_get_attr(bag, attr_nid) \
195 PKCS12_get_attr_gen(bag->attrib, attr_nid)
196
197#define PKCS8_get_attr(p8, attr_nid) \
198 PKCS12_get_attr_gen(p8->attributes, attr_nid)
199
200#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
201
202
203PKCS12_SAFEBAG *PKCS12_pack_safebag(char *obj, int (*i2d)(), int nid1, int nid2);
204PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
205X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
206 const char *pass, int passlen,
207 unsigned char *salt, int saltlen, int iter,
208 PKCS8_PRIV_KEY_INFO *p8);
209PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
210 int passlen, unsigned char *salt,
211 int saltlen, int iter,
212 PKCS8_PRIV_KEY_INFO *p8);
213PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
214PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
215 unsigned char *salt, int saltlen, int iter,
216 STACK_OF(PKCS12_SAFEBAG) *bags);
217int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
218int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
219 int namelen);
220int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
221 int namelen);
222int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
223ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
224char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
225unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
226 int passlen, unsigned char *in, int inlen,
227 unsigned char **data, int *datalen, int en_de);
228char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(),
229 void (*free_func)(void *), const char *pass, int passlen,
230 ASN1_STRING *oct, int seq);
231ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(),
232 const char *pass, int passlen, char *obj,
233 int seq);
234PKCS12 *PKCS12_init(int mode);
235int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
236 int saltlen, int id, int iter, int n,
237 unsigned char *out, const EVP_MD *md_type);
238int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
239int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
240 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type,
241 int en_de);
242int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
243 unsigned char *mac, unsigned int *maclen);
244int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
245int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
246 unsigned char *salt, int saltlen, int iter,
247 EVP_MD *md_type);
248int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
249 int saltlen, EVP_MD *md_type);
250unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
251char *uni2asc(unsigned char *uni, int unilen);
252int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
253PKCS12_BAGS *PKCS12_BAGS_new(void);
254PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, unsigned char **pp, long length);
255void PKCS12_BAGS_free(PKCS12_BAGS *a);
256int i2d_PKCS12(PKCS12 *a, unsigned char **pp);
257PKCS12 *d2i_PKCS12(PKCS12 **a, unsigned char **pp, long length);
258PKCS12 *PKCS12_new(void);
259void PKCS12_free(PKCS12 *a);
260int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **pp);
261PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);
262PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, unsigned char **pp,
263 long length);
264void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
265int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp);
266PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);
267PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
268 long length);
269void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
270void ERR_load_PKCS12_strings(void);
271void PKCS12_PBE_add(void);
272int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
273 STACK_OF(X509) **ca);
274PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
275 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
276 int mac_iter, int keytype);
277int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
278int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
279PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
280PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
281int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
282
283/* BEGIN ERROR CODES */
284/* The following lines are auto generated by the script mkerr.pl. Any changes
285 * made after this point may be overwritten when the script is next run.
286 */
287
288/* Error codes for the PKCS12 functions. */
289
290/* Function codes. */
291#define PKCS12_F_PARSE_BAGS 103
292#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
293#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
294#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
295#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
296#define PKCS12_F_PKCS12_CREATE 105
297#define PKCS12_F_PKCS12_DECRYPT_D2I 106
298#define PKCS12_F_PKCS12_GEN_MAC 107
299#define PKCS12_F_PKCS12_I2D_ENCRYPT 108
300#define PKCS12_F_PKCS12_INIT 109
301#define PKCS12_F_PKCS12_KEY_GEN_ASC 110
302#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
303#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
304#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
305#define PKCS12_F_PKCS12_NEWPASS 128
306#define PKCS12_F_PKCS12_PACK_P7DATA 114
307#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
308#define PKCS12_F_PKCS12_PACK_SAFEBAG 117
309#define PKCS12_F_PKCS12_PARSE 118
310#define PKCS12_F_PKCS12_PBE_CRYPT 119
311#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
312#define PKCS12_F_PKCS12_SETUP_MAC 122
313#define PKCS12_F_PKCS12_SET_MAC 123
314#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
315#define PKCS12_F_PKCS8_ENCRYPT 125
316#define PKCS12_F_VERIFY_MAC 126
317
318/* Reason codes. */
319#define PKCS12_R_CANT_PACK_STRUCTURE 100
320#define PKCS12_R_DECODE_ERROR 101
321#define PKCS12_R_ENCODE_ERROR 102
322#define PKCS12_R_ENCRYPT_ERROR 103
323#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
324#define PKCS12_R_INVALID_NULL_ARGUMENT 104
325#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
326#define PKCS12_R_IV_GEN_ERROR 106
327#define PKCS12_R_KEY_GEN_ERROR 107
328#define PKCS12_R_MAC_ABSENT 108
329#define PKCS12_R_MAC_GENERATION_ERROR 109
330#define PKCS12_R_MAC_SETUP_ERROR 110
331#define PKCS12_R_MAC_STRING_SET_ERROR 111
332#define PKCS12_R_MAC_VERIFY_ERROR 112
333#define PKCS12_R_MAC_VERIFY_FAILURE 113
334#define PKCS12_R_PARSE_ERROR 114
335#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
336#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
337#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
338#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
339#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
340
341#ifdef __cplusplus
342}
343#endif
344#endif
345
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 21:48:20 +0000