summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c215
-rw-r--r--src/lib/libcrypto/pkcs12/p12_asn.c125
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c145
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c124
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c164
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c176
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c90
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c206
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c285
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c173
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c217
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8d.c68
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8e.c97
-rw-r--r--src/lib/libcrypto/pkcs12/p12_utl.c146
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c139
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h320
16 files changed, 0 insertions, 2690 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
deleted file mode 100644
index 1909f28506..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ /dev/null
@@ -1,215 +0,0 @@
1/* p12_add.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Pack an object into an OCTET STRING and turn into a safebag */
64
65PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
66 int nid2)
67{
68 PKCS12_BAGS *bag;
69 PKCS12_SAFEBAG *safebag;
70 if (!(bag = PKCS12_BAGS_new())) {
71 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
72 return NULL;
73 }
74 bag->type = OBJ_nid2obj(nid1);
75 if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
76 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
77 return NULL;
78 }
79 if (!(safebag = PKCS12_SAFEBAG_new())) {
80 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
81 return NULL;
82 }
83 safebag->value.bag = bag;
84 safebag->type = OBJ_nid2obj(nid2);
85 return safebag;
86}
87
88/* Turn PKCS8 object into a keybag */
89
90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
91{
92 PKCS12_SAFEBAG *bag;
93 if (!(bag = PKCS12_SAFEBAG_new())) {
94 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
95 return NULL;
96 }
97 bag->type = OBJ_nid2obj(NID_keyBag);
98 bag->value.keybag = p8;
99 return bag;
100}
101
102/* Turn PKCS8 object into a shrouded keybag */
103
104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
105 int passlen, unsigned char *salt, int saltlen, int iter,
106 PKCS8_PRIV_KEY_INFO *p8)
107{
108 PKCS12_SAFEBAG *bag;
109
110 /* Set up the safe bag */
111 if (!(bag = PKCS12_SAFEBAG_new())) {
112 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
113 return NULL;
114 }
115
116 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
117 if (!(bag->value.shkeybag =
118 PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
119 p8))) {
120 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
121 return NULL;
122 }
123
124 return bag;
125}
126
127/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
128PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
129{
130 PKCS7 *p7;
131 if (!(p7 = PKCS7_new())) {
132 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
133 return NULL;
134 }
135 p7->type = OBJ_nid2obj(NID_pkcs7_data);
136 if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
138 return NULL;
139 }
140
141 if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
142 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
143 return NULL;
144 }
145 return p7;
146}
147
148/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
149STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
150{
151 if(!PKCS7_type_is_data(p7)) return NULL;
152 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
153}
154
155/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
156
157PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
158 unsigned char *salt, int saltlen, int iter,
159 STACK_OF(PKCS12_SAFEBAG) *bags)
160{
161 PKCS7 *p7;
162 X509_ALGOR *pbe;
163 if (!(p7 = PKCS7_new())) {
164 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
165 return NULL;
166 }
167 if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
168 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
169 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
170 return NULL;
171 }
172 if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
173 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
174 return NULL;
175 }
176 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
177 p7->d.encrypted->enc_data->algorithm = pbe;
178 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
179 if (!(p7->d.encrypted->enc_data->enc_data =
180 PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
181 bags, 1))) {
182 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
183 return NULL;
184 }
185
186 return p7;
187}
188
189STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
190{
191 if(!PKCS7_type_is_encrypted(p7)) return NULL;
192 return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
193 ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
194 pass, passlen,
195 p7->d.encrypted->enc_data->enc_data, 1);
196}
197
198PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
199 int passlen)
200{
201 return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
202}
203
204int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
205{
206 if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
207 &p12->authsafes->d.data))
208 return 1;
209 return 0;
210}
211
212STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
213{
214 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
215}
diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c
deleted file mode 100644
index a3739fee1a..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_asn.c
+++ /dev/null
@@ -1,125 +0,0 @@
1/* p12_asn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1t.h>
62#include <openssl/pkcs12.h>
63
64/* PKCS#12 ASN1 module */
65
66ASN1_SEQUENCE(PKCS12) = {
67 ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
68 ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
69 ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
70} ASN1_SEQUENCE_END(PKCS12)
71
72IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
73
74ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
75 ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
76 ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
77 ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
78} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
79
80IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
81
82ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
83
84ASN1_ADB(PKCS12_BAGS) = {
85 ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
86 ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
87 ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
88} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
89
90ASN1_SEQUENCE(PKCS12_BAGS) = {
91 ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
92 ASN1_ADB_OBJECT(PKCS12_BAGS),
93} ASN1_SEQUENCE_END(PKCS12_BAGS)
94
95IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
96
97ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
98
99ASN1_ADB(PKCS12_SAFEBAG) = {
100 ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
101 ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
102 ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
103 ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
104 ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
105 ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
106} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
107
108ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
109 ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
110 ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
111 ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
112} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
113
114IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
115
116/* SEQUENCE OF SafeBag */
117ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) =
118 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
119ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
120
121/* Authsafes: SEQUENCE OF PKCS7 */
122ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) =
123 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
124ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
125
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
deleted file mode 100644
index 026cf3826a..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ /dev/null
@@ -1,145 +0,0 @@
1/* p12_attr.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Add a local keyid to a safebag */
64
65int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
66 int namelen)
67{
68 if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
69 V_ASN1_OCTET_STRING, name, namelen))
70 return 1;
71 else
72 return 0;
73}
74
75/* Add key usage to PKCS#8 structure */
76
77int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
78{
79 unsigned char us_val;
80 us_val = (unsigned char) usage;
81 if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
82 V_ASN1_BIT_STRING, &us_val, 1))
83 return 1;
84 else
85 return 0;
86}
87
88/* Add a friendlyname to a safebag */
89
90int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
91 int namelen)
92{
93 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
94 MBSTRING_ASC, (unsigned char *)name, namelen))
95 return 1;
96 else
97 return 0;
98}
99
100
101int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
102 const unsigned char *name, int namelen)
103{
104 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
105 MBSTRING_BMP, name, namelen))
106 return 1;
107 else
108 return 0;
109}
110
111int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
112 int namelen)
113{
114 if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
115 MBSTRING_ASC, (unsigned char *)name, namelen))
116 return 1;
117 else
118 return 0;
119}
120
121ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
122{
123 X509_ATTRIBUTE *attrib;
124 int i;
125 if (!attrs) return NULL;
126 for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
127 attrib = sk_X509_ATTRIBUTE_value (attrs, i);
128 if (OBJ_obj2nid (attrib->object) == attr_nid) {
129 if (sk_ASN1_TYPE_num (attrib->value.set))
130 return sk_ASN1_TYPE_value(attrib->value.set, 0);
131 else return NULL;
132 }
133 }
134 return NULL;
135}
136
137char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
138{
139 ASN1_TYPE *atype;
140 if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
141 if (atype->type != V_ASN1_BMPSTRING) return NULL;
142 return uni2asc(atype->value.bmpstring->data,
143 atype->value.bmpstring->length);
144}
145
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
deleted file mode 100644
index 5e8958612b..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ /dev/null
@@ -1,124 +0,0 @@
1/* p12_crpt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* PKCS#12 specific PBE functions */
64
65void PKCS12_PBE_add(void)
66{
67#ifndef OPENSSL_NO_RC4
68EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
69 PKCS12_PBE_keyivgen);
70EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
71 PKCS12_PBE_keyivgen);
72#endif
73#ifndef OPENSSL_NO_DES
74EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
75 EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
76EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
77 EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
78#endif
79#ifndef OPENSSL_NO_RC2
80EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
81 EVP_sha1(), PKCS12_PBE_keyivgen);
82EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
83 EVP_sha1(), PKCS12_PBE_keyivgen);
84#endif
85}
86
87int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
88 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
89{
90 PBEPARAM *pbe;
91 int saltlen, iter;
92 unsigned char *salt, *pbuf;
93 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
94
95 /* Extract useful info from parameter */
96 pbuf = param->value.sequence->data;
97 if (!param || (param->type != V_ASN1_SEQUENCE) ||
98 !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
99 EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
100 return 0;
101 }
102
103 if (!pbe->iter) iter = 1;
104 else iter = ASN1_INTEGER_get (pbe->iter);
105 salt = pbe->salt->data;
106 saltlen = pbe->salt->length;
107 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
108 iter, EVP_CIPHER_key_length(cipher), key, md)) {
109 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
110 PBEPARAM_free(pbe);
111 return 0;
112 }
113 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
114 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
115 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
116 PBEPARAM_free(pbe);
117 return 0;
118 }
119 PBEPARAM_free(pbe);
120 EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
121 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
122 OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
123 return 1;
124}
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
deleted file mode 100644
index 4c36c643ce..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ /dev/null
@@ -1,164 +0,0 @@
1/* p12_crt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
64 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
65 int keytype)
66{
67 PKCS12 *p12;
68 STACK_OF(PKCS12_SAFEBAG) *bags;
69 STACK_OF(PKCS7) *safes;
70 PKCS12_SAFEBAG *bag;
71 PKCS8_PRIV_KEY_INFO *p8;
72 PKCS7 *authsafe;
73 X509 *tcert;
74 int i;
75 unsigned char keyid[EVP_MAX_MD_SIZE];
76 unsigned int keyidlen;
77
78 /* Set defaults */
79 if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
80 if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
81 if(!iter) iter = PKCS12_DEFAULT_ITER;
82 if(!mac_iter) mac_iter = 1;
83
84 if(!pkey || !cert) {
85 PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
86 return NULL;
87 }
88
89 if(!X509_check_private_key(cert, pkey)) return NULL;
90
91 if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
92 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
93 return NULL;
94 }
95
96 /* Add user certificate */
97 if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
98 if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
99 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
100 if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
101
102 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
103 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
104 return NULL;
105 }
106
107 /* Add all other certificates */
108 if(ca) {
109 for(i = 0; i < sk_X509_num(ca); i++) {
110 tcert = sk_X509_value(ca, i);
111 if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
112 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
113 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116 }
117 }
118
119 /* Turn certbags into encrypted authsafe */
120 authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
121 iter, bags);
122 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
123
124 if (!authsafe) return NULL;
125
126 if(!(safes = sk_PKCS7_new_null ())
127 || !sk_PKCS7_push(safes, authsafe)) {
128 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
129 return NULL;
130 }
131
132 /* Make a shrouded key bag */
133 if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
134 if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
135 bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
136 if(!bag) return NULL;
137 PKCS8_PRIV_KEY_INFO_free(p8);
138 if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
139 if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
140 if(!(bags = sk_PKCS12_SAFEBAG_new_null())
141 || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
142 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
143 return NULL;
144 }
145 /* Turn it into unencrypted safe bag */
146 if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
147 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
148 if(!sk_PKCS7_push(safes, authsafe)) {
149 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
150 return NULL;
151 }
152
153 if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
154
155 if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
156
157 sk_PKCS7_pop_free(safes, PKCS7_free);
158
159 if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
160 return NULL;
161
162 return p12;
163
164}
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
deleted file mode 100644
index b5684a83ba..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ /dev/null
@@ -1,176 +0,0 @@
1/* p12_decr.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Define this to dump decrypted output to files called DERnnn */
64/*#define DEBUG_DECRYPT*/
65
66
67/* Encrypt/Decrypt a buffer based on password and algor, result in a
68 * OPENSSL_malloc'ed buffer
69 */
70
71unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
72 int passlen, unsigned char *in, int inlen, unsigned char **data,
73 int *datalen, int en_de)
74{
75 unsigned char *out;
76 int outlen, i;
77 EVP_CIPHER_CTX ctx;
78
79 EVP_CIPHER_CTX_init(&ctx);
80 /* Decrypt data */
81 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
82 algor->parameter, &ctx, en_de)) {
83 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
84 return NULL;
85 }
86
87 if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
88 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
89 goto err;
90 }
91
92 EVP_CipherUpdate(&ctx, out, &i, in, inlen);
93 outlen = i;
94 if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
95 OPENSSL_free(out);
96 out = NULL;
97 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
98 goto err;
99 }
100 outlen += i;
101 if (datalen) *datalen = outlen;
102 if (data) *data = out;
103 err:
104 EVP_CIPHER_CTX_cleanup(&ctx);
105 return out;
106
107}
108
109/* Decrypt an OCTET STRING and decode ASN1 structure
110 * if zbuf set zero buffer after use.
111 */
112
113void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
114 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
115{
116 unsigned char *out, *p;
117 void *ret;
118 int outlen;
119
120 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
121 &out, &outlen, 0)) {
122 PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
123 return NULL;
124 }
125 p = out;
126#ifdef DEBUG_DECRYPT
127 {
128 FILE *op;
129
130 char fname[30];
131 static int fnm = 1;
132 sprintf(fname, "DER%d", fnm++);
133 op = fopen(fname, "wb");
134 fwrite (p, 1, outlen, op);
135 fclose(op);
136 }
137#endif
138 ret = ASN1_item_d2i(NULL, &p, outlen, it);
139 if (zbuf) OPENSSL_cleanse(out, outlen);
140 if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
141 OPENSSL_free(out);
142 return ret;
143}
144
145/* Encode ASN1 structure and encrypt, return OCTET STRING
146 * if zbuf set zero encoding.
147 */
148
149ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
150 const char *pass, int passlen,
151 void *obj, int zbuf)
152{
153 ASN1_OCTET_STRING *oct;
154 unsigned char *in = NULL;
155 int inlen;
156 if (!(oct = M_ASN1_OCTET_STRING_new ())) {
157 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
158 return NULL;
159 }
160 inlen = ASN1_item_i2d(obj, &in, it);
161 if (!in) {
162 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
163 return NULL;
164 }
165 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
166 &oct->length, 1)) {
167 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
168 OPENSSL_free(in);
169 return NULL;
170 }
171 if (zbuf) OPENSSL_cleanse(in, inlen);
172 OPENSSL_free(in);
173 return oct;
174}
175
176IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
deleted file mode 100644
index eb837a78cf..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ /dev/null
@@ -1,90 +0,0 @@
1/* p12_init.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Initialise a PKCS12 structure to take data */
64
65PKCS12 *PKCS12_init (int mode)
66{
67 PKCS12 *pkcs12;
68 if (!(pkcs12 = PKCS12_new())) {
69 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
70 return NULL;
71 }
72 ASN1_INTEGER_set(pkcs12->version, 3);
73 pkcs12->authsafes->type = OBJ_nid2obj(mode);
74 switch (mode) {
75 case NID_pkcs7_data:
76 if (!(pkcs12->authsafes->d.data =
77 M_ASN1_OCTET_STRING_new())) {
78 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
79 return NULL;
80 }
81 break;
82 default:
83 PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE);
84 PKCS12_free(pkcs12);
85 return NULL;
86 break;
87 }
88
89 return pkcs12;
90}
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
deleted file mode 100644
index 9196a34b4a..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ /dev/null
@@ -1,206 +0,0 @@
1/* p12_key.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63
64/* Uncomment out this line to get debugging info about key generation */
65/*#define DEBUG_KEYGEN*/
66#ifdef DEBUG_KEYGEN
67#include <openssl/bio.h>
68extern BIO *bio_err;
69void h__dump (unsigned char *p, int len);
70#endif
71
72/* PKCS12 compatible key/IV generation */
73#ifndef min
74#define min(a,b) ((a) < (b) ? (a) : (b))
75#endif
76
77int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
78 int saltlen, int id, int iter, int n, unsigned char *out,
79 const EVP_MD *md_type)
80{
81 int ret;
82 unsigned char *unipass;
83 int uniplen;
84 if(!pass) {
85 unipass = NULL;
86 uniplen = 0;
87 } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
88 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
89 return 0;
90 }
91 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
92 id, iter, n, out, md_type);
93 if(unipass) {
94 OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
95 OPENSSL_free(unipass);
96 }
97 return ret;
98}
99
100int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
101 int saltlen, int id, int iter, int n, unsigned char *out,
102 const EVP_MD *md_type)
103{
104 unsigned char *B, *D, *I, *p, *Ai;
105 int Slen, Plen, Ilen, Ijlen;
106 int i, j, u, v;
107 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
108 EVP_MD_CTX ctx;
109#ifdef DEBUG_KEYGEN
110 unsigned char *tmpout = out;
111 int tmpn = n;
112#endif
113
114#if 0
115 if (!pass) {
116 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
117 return 0;
118 }
119#endif
120
121 EVP_MD_CTX_init(&ctx);
122#ifdef DEBUG_KEYGEN
123 fprintf(stderr, "KEYGEN DEBUG\n");
124 fprintf(stderr, "ID %d, ITER %d\n", id, iter);
125 fprintf(stderr, "Password (length %d):\n", passlen);
126 h__dump(pass, passlen);
127 fprintf(stderr, "Salt (length %d):\n", saltlen);
128 h__dump(salt, saltlen);
129#endif
130 v = EVP_MD_block_size (md_type);
131 u = EVP_MD_size (md_type);
132 D = OPENSSL_malloc (v);
133 Ai = OPENSSL_malloc (u);
134 B = OPENSSL_malloc (v + 1);
135 Slen = v * ((saltlen+v-1)/v);
136 if(passlen) Plen = v * ((passlen+v-1)/v);
137 else Plen = 0;
138 Ilen = Slen + Plen;
139 I = OPENSSL_malloc (Ilen);
140 Ij = BN_new();
141 Bpl1 = BN_new();
142 if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
143 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
144 return 0;
145 }
146 for (i = 0; i < v; i++) D[i] = id;
147 p = I;
148 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
149 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
150 for (;;) {
151 EVP_DigestInit_ex(&ctx, md_type, NULL);
152 EVP_DigestUpdate(&ctx, D, v);
153 EVP_DigestUpdate(&ctx, I, Ilen);
154 EVP_DigestFinal_ex(&ctx, Ai, NULL);
155 for (j = 1; j < iter; j++) {
156 EVP_DigestInit_ex(&ctx, md_type, NULL);
157 EVP_DigestUpdate(&ctx, Ai, u);
158 EVP_DigestFinal_ex(&ctx, Ai, NULL);
159 }
160 memcpy (out, Ai, min (n, u));
161 if (u >= n) {
162 OPENSSL_free (Ai);
163 OPENSSL_free (B);
164 OPENSSL_free (D);
165 OPENSSL_free (I);
166 BN_free (Ij);
167 BN_free (Bpl1);
168 EVP_MD_CTX_cleanup(&ctx);
169#ifdef DEBUG_KEYGEN
170 fprintf(stderr, "Output KEY (length %d)\n", tmpn);
171 h__dump(tmpout, tmpn);
172#endif
173 return 1;
174 }
175 n -= u;
176 out += u;
177 for (j = 0; j < v; j++) B[j] = Ai[j % u];
178 /* Work out B + 1 first then can use B as tmp space */
179 BN_bin2bn (B, v, Bpl1);
180 BN_add_word (Bpl1, 1);
181 for (j = 0; j < Ilen ; j+=v) {
182 BN_bin2bn (I + j, v, Ij);
183 BN_add (Ij, Ij, Bpl1);
184 BN_bn2bin (Ij, B);
185 Ijlen = BN_num_bytes (Ij);
186 /* If more than 2^(v*8) - 1 cut off MSB */
187 if (Ijlen > v) {
188 BN_bn2bin (Ij, B);
189 memcpy (I + j, B + 1, v);
190#ifndef PKCS12_BROKEN_KEYGEN
191 /* If less than v bytes pad with zeroes */
192 } else if (Ijlen < v) {
193 memset(I + j, 0, v - Ijlen);
194 BN_bn2bin(Ij, I + j + v - Ijlen);
195#endif
196 } else BN_bn2bin (Ij, I + j);
197 }
198 }
199}
200#ifdef DEBUG_KEYGEN
201void h__dump (unsigned char *p, int len)
202{
203 for (; len --; p++) fprintf(stderr, "%02X", *p);
204 fprintf(stderr, "\n");
205}
206#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
deleted file mode 100644
index 885087ad00..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ /dev/null
@@ -1,285 +0,0 @@
1/* p12_kiss.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Simplified PKCS#12 routines */
64
65static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
66 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
67
68static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
69 int passlen, EVP_PKEY **pkey, X509 **cert,
70 STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
71 char *keymatch);
72
73static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
74 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
75 ASN1_OCTET_STRING **keyid, char *keymatch);
76
77/* Parse and decrypt a PKCS#12 structure returning user key, user cert
78 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
79 * or it should point to a valid STACK structure. pkey and cert can be
80 * passed unitialised.
81 */
82
83int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
84 STACK_OF(X509) **ca)
85{
86
87 /* Check for NULL PKCS12 structure */
88
89 if(!p12) {
90 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
91 return 0;
92 }
93
94 /* Allocate stack for ca certificates if needed */
95 if ((ca != NULL) && (*ca == NULL)) {
96 if (!(*ca = sk_X509_new_null())) {
97 PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
98 return 0;
99 }
100 }
101
102 if(pkey) *pkey = NULL;
103 if(cert) *cert = NULL;
104
105 /* Check the mac */
106
107 /* If password is zero length or NULL then try verifying both cases
108 * to determine which password is correct. The reason for this is that
109 * under PKCS#12 password based encryption no password and a zero length
110 * password are two different things...
111 */
112
113 if(!pass || !*pass) {
114 if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
115 else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
116 else {
117 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
118 goto err;
119 }
120 } else if (!PKCS12_verify_mac(p12, pass, -1)) {
121 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
122 goto err;
123 }
124
125 if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
126 {
127 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
128 goto err;
129 }
130
131 return 1;
132
133 err:
134
135 if (pkey && *pkey) EVP_PKEY_free(*pkey);
136 if (cert && *cert) X509_free(*cert);
137 if (ca) sk_X509_pop_free(*ca, X509_free);
138 return 0;
139
140}
141
142/* Parse the outer PKCS#12 structure */
143
144static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
145 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
146{
147 STACK_OF(PKCS7) *asafes;
148 STACK_OF(PKCS12_SAFEBAG) *bags;
149 int i, bagnid;
150 PKCS7 *p7;
151 ASN1_OCTET_STRING *keyid = NULL;
152
153 char keymatch = 0;
154 if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
155 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
156 p7 = sk_PKCS7_value (asafes, i);
157 bagnid = OBJ_obj2nid (p7->type);
158 if (bagnid == NID_pkcs7_data) {
159 bags = PKCS12_unpack_p7data(p7);
160 } else if (bagnid == NID_pkcs7_encrypted) {
161 bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
162 } else continue;
163 if (!bags) {
164 sk_PKCS7_pop_free(asafes, PKCS7_free);
165 return 0;
166 }
167 if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
168 &keyid, &keymatch)) {
169 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
170 sk_PKCS7_pop_free(asafes, PKCS7_free);
171 return 0;
172 }
173 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
174 }
175 sk_PKCS7_pop_free(asafes, PKCS7_free);
176 if (keyid) M_ASN1_OCTET_STRING_free(keyid);
177 return 1;
178}
179
180
181static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
182 int passlen, EVP_PKEY **pkey, X509 **cert,
183 STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
184 char *keymatch)
185{
186 int i;
187 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
188 if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
189 pass, passlen, pkey, cert, ca, keyid,
190 keymatch)) return 0;
191 }
192 return 1;
193}
194
195#define MATCH_KEY 0x1
196#define MATCH_CERT 0x2
197#define MATCH_ALL 0x3
198
199static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
200 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
201 ASN1_OCTET_STRING **keyid,
202 char *keymatch)
203{
204 PKCS8_PRIV_KEY_INFO *p8;
205 X509 *x509;
206 ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
207 ASN1_TYPE *attrib;
208 ASN1_BMPSTRING *fname = NULL;
209
210 if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
211 fname = attrib->value.bmpstring;
212
213 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
214 lkey = attrib->value.octet_string;
215 ckid = lkey;
216 }
217
218 /* Check for any local key id matching (if needed) */
219 if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
220 if (*keyid) {
221 if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
222 } else {
223 if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
224 PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
225 return 0;
226 }
227 }
228 }
229
230 switch (M_PKCS12_bag_type(bag))
231 {
232 case NID_keyBag:
233 if (!lkey || !pkey) return 1;
234 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
235 *keymatch |= MATCH_KEY;
236 break;
237
238 case NID_pkcs8ShroudedKeyBag:
239 if (!lkey || !pkey) return 1;
240 if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
241 return 0;
242 *pkey = EVP_PKCS82PKEY(p8);
243 PKCS8_PRIV_KEY_INFO_free(p8);
244 if (!(*pkey)) return 0;
245 *keymatch |= MATCH_KEY;
246 break;
247
248 case NID_certBag:
249 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
250 return 1;
251 if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
252 if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
253 if(fname) {
254 int len;
255 unsigned char *data;
256 len = ASN1_STRING_to_UTF8(&data, fname);
257 if(len > 0) {
258 X509_alias_set1(x509, data, len);
259 OPENSSL_free(data);
260 }
261 }
262
263
264 if (lkey) {
265 *keymatch |= MATCH_CERT;
266 if (cert) *cert = x509;
267 else X509_free(x509);
268 } else {
269 if(ca) sk_X509_push (*ca, x509);
270 else X509_free(x509);
271 }
272 break;
273
274 case NID_safeContentsBag:
275 return parse_bags(bag->value.safes, pass, passlen,
276 pkey, cert, ca, keyid, keymatch);
277 break;
278
279 default:
280 return 1;
281 break;
282 }
283 return 1;
284}
285
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
deleted file mode 100644
index 0fb67f74b8..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ /dev/null
@@ -1,173 +0,0 @@
1/* p12_mutl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef OPENSSL_NO_HMAC
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/hmac.h>
63#include <openssl/rand.h>
64#include <openssl/pkcs12.h>
65
66/* Generate a MAC */
67int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
68 unsigned char *mac, unsigned int *maclen)
69{
70 const EVP_MD *md_type;
71 HMAC_CTX hmac;
72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
73 int saltlen, iter;
74
75 salt = p12->mac->salt->data;
76 saltlen = p12->mac->salt->length;
77 if (!p12->mac->iter) iter = 1;
78 else iter = ASN1_INTEGER_get (p12->mac->iter);
79 if(!(md_type =
80 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
81 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
82 return 0;
83 }
84 if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
85 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
86 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
87 return 0;
88 }
89 HMAC_CTX_init(&hmac);
90 HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
91 HMAC_Update(&hmac, p12->authsafes->d.data->data,
92 p12->authsafes->d.data->length);
93 HMAC_Final(&hmac, mac, maclen);
94 HMAC_CTX_cleanup(&hmac);
95 return 1;
96}
97
98/* Verify the mac */
99int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
100{
101 unsigned char mac[EVP_MAX_MD_SIZE];
102 unsigned int maclen;
103 if(p12->mac == NULL) {
104 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
105 return 0;
106 }
107 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
108 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
109 return 0;
110 }
111 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
112 || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
113 return 1;
114}
115
116/* Set a mac */
117
118int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
119 unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
120{
121 unsigned char mac[EVP_MAX_MD_SIZE];
122 unsigned int maclen;
123
124 if (!md_type) md_type = EVP_sha1();
125 if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
126 PKCS12_ERROR) {
127 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
128 return 0;
129 }
130 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
131 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
132 return 0;
133 }
134 if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
135 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
136 return 0;
137 }
138 return 1;
139}
140
141/* Set up a mac structure */
142int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
143 const EVP_MD *md_type)
144{
145 if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
146 if (iter > 1) {
147 if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
148 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
149 return 0;
150 }
151 ASN1_INTEGER_set(p12->mac->iter, iter);
152 }
153 if (!saltlen) saltlen = PKCS12_SALT_LEN;
154 p12->mac->salt->length = saltlen;
155 if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
156 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 if (!salt) {
160 if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
161 return 0;
162 }
163 else memcpy (p12->mac->salt->data, salt, saltlen);
164 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
165 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
166 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
167 return 0;
168 }
169 p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
170
171 return 1;
172}
173#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
deleted file mode 100644
index af708a2743..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ /dev/null
@@ -1,217 +0,0 @@
1/* p12_npas.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include <openssl/pkcs12.h>
65
66/* PKCS#12 password change routine */
67
68static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
69static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
70 char *newpass);
71static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
72static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
73
74/*
75 * Change the password on a PKCS#12 structure.
76 */
77
78int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
79{
80
81/* Check for NULL PKCS12 structure */
82
83if(!p12) {
84 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
85 return 0;
86}
87
88/* Check the mac */
89
90if (!PKCS12_verify_mac(p12, oldpass, -1)) {
91 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
92 return 0;
93}
94
95if (!newpass_p12(p12, oldpass, newpass)) {
96 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
97 return 0;
98}
99
100return 1;
101
102}
103
104/* Parse the outer PKCS#12 structure */
105
106static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
107{
108 STACK_OF(PKCS7) *asafes, *newsafes;
109 STACK_OF(PKCS12_SAFEBAG) *bags;
110 int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
111 PKCS7 *p7, *p7new;
112 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
113 unsigned char mac[EVP_MAX_MD_SIZE];
114 unsigned int maclen;
115
116 if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
117 if(!(newsafes = sk_PKCS7_new_null())) return 0;
118 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
119 p7 = sk_PKCS7_value(asafes, i);
120 bagnid = OBJ_obj2nid(p7->type);
121 if (bagnid == NID_pkcs7_data) {
122 bags = PKCS12_unpack_p7data(p7);
123 } else if (bagnid == NID_pkcs7_encrypted) {
124 bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
125 alg_get(p7->d.encrypted->enc_data->algorithm,
126 &pbe_nid, &pbe_iter, &pbe_saltlen);
127 } else continue;
128 if (!bags) {
129 sk_PKCS7_pop_free(asafes, PKCS7_free);
130 return 0;
131 }
132 if (!newpass_bags(bags, oldpass, newpass)) {
133 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
134 sk_PKCS7_pop_free(asafes, PKCS7_free);
135 return 0;
136 }
137 /* Repack bag in same form with new password */
138 if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
139 else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
140 pbe_saltlen, pbe_iter, bags);
141 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
142 if(!p7new) {
143 sk_PKCS7_pop_free(asafes, PKCS7_free);
144 return 0;
145 }
146 sk_PKCS7_push(newsafes, p7new);
147 }
148 sk_PKCS7_pop_free(asafes, PKCS7_free);
149
150 /* Repack safe: save old safe in case of error */
151
152 p12_data_tmp = p12->authsafes->d.data;
153 if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
154 if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
155
156 if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
157 if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
158 if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
159 ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
160 p12->mac->dinfo->digest = macnew;
161 ASN1_OCTET_STRING_free(p12_data_tmp);
162
163 return 1;
164
165 saferr:
166 /* Restore old safe */
167 ASN1_OCTET_STRING_free(p12->authsafes->d.data);
168 ASN1_OCTET_STRING_free(macnew);
169 p12->authsafes->d.data = p12_data_tmp;
170 return 0;
171
172}
173
174
175static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
176 char *newpass)
177{
178 int i;
179 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
180 if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
181 oldpass, newpass))
182 return 0;
183 }
184 return 1;
185}
186
187/* Change password of safebag: only needs handle shrouded keybags */
188
189static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
190{
191 PKCS8_PRIV_KEY_INFO *p8;
192 X509_SIG *p8new;
193 int p8_nid, p8_saltlen, p8_iter;
194
195 if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
196
197 if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
198 alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
199 if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
200 p8_iter, p8))) return 0;
201 X509_SIG_free(bag->value.shkeybag);
202 bag->value.shkeybag = p8new;
203 return 1;
204}
205
206static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
207{
208 PBEPARAM *pbe;
209 unsigned char *p;
210 p = alg->parameter->value.sequence->data;
211 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
212 *pnid = OBJ_obj2nid(alg->algorithm);
213 *piter = ASN1_INTEGER_get(pbe->iter);
214 *psaltlen = pbe->salt->length;
215 PBEPARAM_free(pbe);
216 return 0;
217}
diff --git a/src/lib/libcrypto/pkcs12/p12_p8d.c b/src/lib/libcrypto/pkcs12/p12_p8d.c
deleted file mode 100644
index 3c6f377933..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8d.c
+++ /dev/null
@@ -1,68 +0,0 @@
1/* p12_p8d.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
64{
65 return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
66 passlen, p8->digest, 1);
67}
68
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
deleted file mode 100644
index 3d47956652..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8e.c
+++ /dev/null
@@ -1,97 +0,0 @@
1/* p12_p8e.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
64 const char *pass, int passlen,
65 unsigned char *salt, int saltlen, int iter,
66 PKCS8_PRIV_KEY_INFO *p8inf)
67{
68 X509_SIG *p8 = NULL;
69 X509_ALGOR *pbe;
70
71 if (!(p8 = X509_SIG_new())) {
72 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
73 goto err;
74 }
75
76 if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
77 else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
78 if(!pbe) {
79 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
80 goto err;
81 }
82 X509_ALGOR_free(p8->algor);
83 p8->algor = pbe;
84 M_ASN1_OCTET_STRING_free(p8->digest);
85 p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
86 pass, passlen, p8inf, 1);
87 if(!p8->digest) {
88 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
89 goto err;
90 }
91
92 return p8;
93
94 err:
95 X509_SIG_free(p8);
96 return NULL;
97}
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
deleted file mode 100644
index 243ec76be9..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ /dev/null
@@ -1,146 +0,0 @@
1/* p12_utl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Cheap and nasty Unicode stuff */
64
65unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
66{
67 int ulen, i;
68 unsigned char *unitmp;
69 if (asclen == -1) asclen = strlen(asc);
70 ulen = asclen*2 + 2;
71 if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
72 for (i = 0; i < ulen - 2; i+=2) {
73 unitmp[i] = 0;
74 unitmp[i + 1] = asc[i>>1];
75 }
76 /* Make result double null terminated */
77 unitmp[ulen - 2] = 0;
78 unitmp[ulen - 1] = 0;
79 if (unilen) *unilen = ulen;
80 if (uni) *uni = unitmp;
81 return unitmp;
82}
83
84char *uni2asc(unsigned char *uni, int unilen)
85{
86 int asclen, i;
87 char *asctmp;
88 asclen = unilen / 2;
89 /* If no terminating zero allow for one */
90 if (!unilen || uni[unilen - 1]) asclen++;
91 uni++;
92 if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
93 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
94 asctmp[asclen - 1] = 0;
95 return asctmp;
96}
97
98int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
99{
100 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
101}
102
103#ifndef OPENSSL_NO_FP_API
104int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
105{
106 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
107}
108#endif
109
110PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
111{
112 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
113}
114#ifndef OPENSSL_NO_FP_API
115PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
116{
117 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
118}
119#endif
120
121PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
122{
123 return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
124 NID_x509Certificate, NID_certBag);
125}
126
127PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
128{
129 return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
130 NID_x509Crl, NID_crlBag);
131}
132
133X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
134{
135 if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
136 if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
137 return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
138}
139
140X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
141{
142 if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
143 if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
144 return ASN1_item_unpack(bag->value.bag->value.octet,
145 ASN1_ITEM_rptr(X509_CRL));
146}
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
deleted file mode 100644
index 10ab80502c..0000000000
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ /dev/null
@@ -1,139 +0,0 @@
1/* crypto/pkcs12/pk12err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA PKCS12_str_functs[]=
68 {
69{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"},
70{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"},
71{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"},
72{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"},
73{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"},
74{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"},
75{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"},
76{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"},
77{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"},
78{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"},
79{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"},
80{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
82{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
83{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
85{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
86{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
87{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"},
88{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"},
89{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"},
90{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"},
91{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"},
92{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"},
93{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"},
94{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"},
95{0,NULL}
96 };
97
98static ERR_STRING_DATA PKCS12_str_reasons[]=
99 {
100{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"},
101{PKCS12_R_DECODE_ERROR ,"decode error"},
102{PKCS12_R_ENCODE_ERROR ,"encode error"},
103{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"},
104{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
105{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
106{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"},
107{PKCS12_R_IV_GEN_ERROR ,"iv gen error"},
108{PKCS12_R_KEY_GEN_ERROR ,"key gen error"},
109{PKCS12_R_MAC_ABSENT ,"mac absent"},
110{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"},
111{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"},
112{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"},
113{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"},
114{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"},
115{PKCS12_R_PARSE_ERROR ,"parse error"},
116{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"},
117{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"},
118{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"},
119{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"},
120{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"},
121{0,NULL}
122 };
123
124#endif
125
126void ERR_load_PKCS12_strings(void)
127 {
128 static int init=1;
129
130 if (init)
131 {
132 init=0;
133#ifndef OPENSSL_NO_ERR
134 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
135 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
136#endif
137
138 }
139 }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
deleted file mode 100644
index dd338f266c..0000000000
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,320 +0,0 @@
1/* pkcs12.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_PKCS12_H
60#define HEADER_PKCS12_H
61
62#include <openssl/bio.h>
63#include <openssl/x509.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69#define PKCS12_KEY_ID 1
70#define PKCS12_IV_ID 2
71#define PKCS12_MAC_ID 3
72
73/* Default iteration count */
74#ifndef PKCS12_DEFAULT_ITER
75#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER
76#endif
77
78#define PKCS12_MAC_KEY_LENGTH 20
79
80#define PKCS12_SALT_LEN 8
81
82/* Uncomment out next line for unicode password and names, otherwise ASCII */
83
84/*#define PBE_UNICODE*/
85
86#ifdef PBE_UNICODE
87#define PKCS12_key_gen PKCS12_key_gen_uni
88#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
89#else
90#define PKCS12_key_gen PKCS12_key_gen_asc
91#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
92#endif
93
94/* MS key usage constants */
95
96#define KEY_EX 0x10
97#define KEY_SIG 0x80
98
99typedef struct {
100X509_SIG *dinfo;
101ASN1_OCTET_STRING *salt;
102ASN1_INTEGER *iter; /* defaults to 1 */
103} PKCS12_MAC_DATA;
104
105typedef struct {
106ASN1_INTEGER *version;
107PKCS12_MAC_DATA *mac;
108PKCS7 *authsafes;
109} PKCS12;
110
111PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
112
113typedef struct {
114ASN1_OBJECT *type;
115union {
116 struct pkcs12_bag_st *bag; /* secret, crl and certbag */
117 struct pkcs8_priv_key_info_st *keybag; /* keybag */
118 X509_SIG *shkeybag; /* shrouded key bag */
119 STACK_OF(PKCS12_SAFEBAG) *safes;
120 ASN1_TYPE *other;
121}value;
122STACK_OF(X509_ATTRIBUTE) *attrib;
123} PKCS12_SAFEBAG;
124
125DECLARE_STACK_OF(PKCS12_SAFEBAG)
126DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
127DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
128
129typedef struct pkcs12_bag_st {
130ASN1_OBJECT *type;
131union {
132 ASN1_OCTET_STRING *x509cert;
133 ASN1_OCTET_STRING *x509crl;
134 ASN1_OCTET_STRING *octet;
135 ASN1_IA5STRING *sdsicert;
136 ASN1_TYPE *other; /* Secret or other bag */
137}value;
138} PKCS12_BAGS;
139
140#define PKCS12_ERROR 0
141#define PKCS12_OK 1
142
143/* Compatibility macros */
144
145#define M_PKCS12_x5092certbag PKCS12_x5092certbag
146#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
147
148#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
149#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
150
151#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
152#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
153#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
154#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
155
156#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
157#define M_PKCS8_decrypt PKCS8_decrypt
158
159#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
160#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
161#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
162
163#define PKCS12_get_attr(bag, attr_nid) \
164 PKCS12_get_attr_gen(bag->attrib, attr_nid)
165
166#define PKCS8_get_attr(p8, attr_nid) \
167 PKCS12_get_attr_gen(p8->attributes, attr_nid)
168
169#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
170
171
172PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
173PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
174X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
175X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
176
177PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
178 int nid2);
179PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
180PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
181PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
182 int passlen);
183X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
184 const char *pass, int passlen,
185 unsigned char *salt, int saltlen, int iter,
186 PKCS8_PRIV_KEY_INFO *p8);
187PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
188 int passlen, unsigned char *salt,
189 int saltlen, int iter,
190 PKCS8_PRIV_KEY_INFO *p8);
191PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
192STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
193PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
194 unsigned char *salt, int saltlen, int iter,
195 STACK_OF(PKCS12_SAFEBAG) *bags);
196STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
197
198int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
199STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
200
201int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
202int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
203 int namelen);
204int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
205 int namelen);
206int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
207 int namelen);
208int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
209ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
210char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
211unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
212 int passlen, unsigned char *in, int inlen,
213 unsigned char **data, int *datalen, int en_de);
214void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
215 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
216ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
217 const char *pass, int passlen,
218 void *obj, int zbuf);
219PKCS12 *PKCS12_init(int mode);
220int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
221 int saltlen, int id, int iter, int n,
222 unsigned char *out, const EVP_MD *md_type);
223int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
224int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
225 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
226 int en_de);
227int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
228 unsigned char *mac, unsigned int *maclen);
229int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
230int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
231 unsigned char *salt, int saltlen, int iter,
232 const EVP_MD *md_type);
233int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
234 int saltlen, const EVP_MD *md_type);
235unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
236char *uni2asc(unsigned char *uni, int unilen);
237
238DECLARE_ASN1_FUNCTIONS(PKCS12)
239DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
240DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
241DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
242
243DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
244DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
245
246void PKCS12_PBE_add(void);
247int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
248 STACK_OF(X509) **ca);
249PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
250 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
251 int mac_iter, int keytype);
252int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
253int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
254PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
255PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
256int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
257
258/* BEGIN ERROR CODES */
259/* The following lines are auto generated by the script mkerr.pl. Any changes
260 * made after this point may be overwritten when the script is next run.
261 */
262void ERR_load_PKCS12_strings(void);
263
264/* Error codes for the PKCS12 functions. */
265
266/* Function codes. */
267#define PKCS12_F_PARSE_BAGS 103
268#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
269#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
270#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
271#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
272#define PKCS12_F_PKCS12_CREATE 105
273#define PKCS12_F_PKCS12_DECRYPT_D2I 106
274#define PKCS12_F_PKCS12_GEN_MAC 107
275#define PKCS12_F_PKCS12_I2D_ENCRYPT 108
276#define PKCS12_F_PKCS12_INIT 109
277#define PKCS12_F_PKCS12_KEY_GEN_ASC 110
278#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
279#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
280#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
281#define PKCS12_F_PKCS12_NEWPASS 128
282#define PKCS12_F_PKCS12_PACK_P7DATA 114
283#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
284#define PKCS12_F_PKCS12_PACK_SAFEBAG 117
285#define PKCS12_F_PKCS12_PARSE 118
286#define PKCS12_F_PKCS12_PBE_CRYPT 119
287#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
288#define PKCS12_F_PKCS12_SETUP_MAC 122
289#define PKCS12_F_PKCS12_SET_MAC 123
290#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
291#define PKCS12_F_PKCS8_ENCRYPT 125
292#define PKCS12_F_VERIFY_MAC 126
293
294/* Reason codes. */
295#define PKCS12_R_CANT_PACK_STRUCTURE 100
296#define PKCS12_R_DECODE_ERROR 101
297#define PKCS12_R_ENCODE_ERROR 102
298#define PKCS12_R_ENCRYPT_ERROR 103
299#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
300#define PKCS12_R_INVALID_NULL_ARGUMENT 104
301#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
302#define PKCS12_R_IV_GEN_ERROR 106
303#define PKCS12_R_KEY_GEN_ERROR 107
304#define PKCS12_R_MAC_ABSENT 108
305#define PKCS12_R_MAC_GENERATION_ERROR 109
306#define PKCS12_R_MAC_SETUP_ERROR 110
307#define PKCS12_R_MAC_STRING_SET_ERROR 111
308#define PKCS12_R_MAC_VERIFY_ERROR 112
309#define PKCS12_R_MAC_VERIFY_FAILURE 113
310#define PKCS12_R_PARSE_ERROR 114
311#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
312#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
313#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
314#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
315#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
316
317#ifdef __cplusplus
318}
319#endif
320#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 21:49:05 +0000