summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c240
-rw-r--r--src/lib/libcrypto/pkcs12/p12_asn.c125
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c145
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c112
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c359
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c184
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c92
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c219
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c302
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c190
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c225
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8d.c68
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8e.c97
-rw-r--r--src/lib/libcrypto/pkcs12/p12_utl.c146
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c144
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h331
16 files changed, 0 insertions, 2979 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
deleted file mode 100644
index 27ac5facfa..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ /dev/null
@@ -1,240 +0,0 @@
1/* p12_add.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Pack an object into an OCTET STRING and turn into a safebag */
64
65PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
66 int nid2)
67{
68 PKCS12_BAGS *bag;
69 PKCS12_SAFEBAG *safebag;
70 if (!(bag = PKCS12_BAGS_new())) {
71 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
72 return NULL;
73 }
74 bag->type = OBJ_nid2obj(nid1);
75 if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
76 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
77 return NULL;
78 }
79 if (!(safebag = PKCS12_SAFEBAG_new())) {
80 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
81 return NULL;
82 }
83 safebag->value.bag = bag;
84 safebag->type = OBJ_nid2obj(nid2);
85 return safebag;
86}
87
88/* Turn PKCS8 object into a keybag */
89
90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
91{
92 PKCS12_SAFEBAG *bag;
93 if (!(bag = PKCS12_SAFEBAG_new())) {
94 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
95 return NULL;
96 }
97 bag->type = OBJ_nid2obj(NID_keyBag);
98 bag->value.keybag = p8;
99 return bag;
100}
101
102/* Turn PKCS8 object into a shrouded keybag */
103
104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
105 int passlen, unsigned char *salt, int saltlen, int iter,
106 PKCS8_PRIV_KEY_INFO *p8)
107{
108 PKCS12_SAFEBAG *bag;
109 const EVP_CIPHER *pbe_ciph;
110
111 /* Set up the safe bag */
112 if (!(bag = PKCS12_SAFEBAG_new())) {
113 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116
117 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
118
119 pbe_ciph = EVP_get_cipherbynid(pbe_nid);
120
121 if (pbe_ciph)
122 pbe_nid = -1;
123
124 if (!(bag->value.shkeybag =
125 PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
126 p8))) {
127 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
128 return NULL;
129 }
130
131 return bag;
132}
133
134/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
135PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
136{
137 PKCS7 *p7;
138 if (!(p7 = PKCS7_new())) {
139 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
140 return NULL;
141 }
142 p7->type = OBJ_nid2obj(NID_pkcs7_data);
143 if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
144 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
145 return NULL;
146 }
147
148 if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
149 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
150 return NULL;
151 }
152 return p7;
153}
154
155/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
156STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
157{
158 if(!PKCS7_type_is_data(p7))
159 {
160 PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
161 return NULL;
162 }
163 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
164}
165
166/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
167
168PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
169 unsigned char *salt, int saltlen, int iter,
170 STACK_OF(PKCS12_SAFEBAG) *bags)
171{
172 PKCS7 *p7;
173 X509_ALGOR *pbe;
174 const EVP_CIPHER *pbe_ciph;
175 if (!(p7 = PKCS7_new())) {
176 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
177 return NULL;
178 }
179 if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
180 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
181 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
182 return NULL;
183 }
184
185 pbe_ciph = EVP_get_cipherbynid(pbe_nid);
186
187 if (pbe_ciph)
188 pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
189 else
190 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
191
192 if (!pbe) {
193 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
194 return NULL;
195 }
196 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
197 p7->d.encrypted->enc_data->algorithm = pbe;
198 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
199 if (!(p7->d.encrypted->enc_data->enc_data =
200 PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
201 bags, 1))) {
202 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
203 return NULL;
204 }
205
206 return p7;
207}
208
209STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
210{
211 if(!PKCS7_type_is_encrypted(p7)) return NULL;
212 return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
213 ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
214 pass, passlen,
215 p7->d.encrypted->enc_data->enc_data, 1);
216}
217
218PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
219 int passlen)
220{
221 return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
222}
223
224int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
225{
226 if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
227 &p12->authsafes->d.data))
228 return 1;
229 return 0;
230}
231
232STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
233{
234 if (!PKCS7_type_is_data(p12->authsafes))
235 {
236 PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
237 return NULL;
238 }
239 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
240}
diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c
deleted file mode 100644
index 6e27633817..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_asn.c
+++ /dev/null
@@ -1,125 +0,0 @@
1/* p12_asn.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1t.h>
62#include <openssl/pkcs12.h>
63
64/* PKCS#12 ASN1 module */
65
66ASN1_SEQUENCE(PKCS12) = {
67 ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
68 ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
69 ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
70} ASN1_SEQUENCE_END(PKCS12)
71
72IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
73
74ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
75 ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
76 ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
77 ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
78} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
79
80IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
81
82ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
83
84ASN1_ADB(PKCS12_BAGS) = {
85 ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
86 ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
87 ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
88} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
89
90ASN1_SEQUENCE(PKCS12_BAGS) = {
91 ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
92 ASN1_ADB_OBJECT(PKCS12_BAGS),
93} ASN1_SEQUENCE_END(PKCS12_BAGS)
94
95IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
96
97ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
98
99ASN1_ADB(PKCS12_SAFEBAG) = {
100 ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
101 ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
102 ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
103 ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
104 ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
105 ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
106} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
107
108ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
109 ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
110 ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
111 ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
112} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
113
114IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
115
116/* SEQUENCE OF SafeBag */
117ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) =
118 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
119ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
120
121/* Authsafes: SEQUENCE OF PKCS7 */
122ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) =
123 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
124ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
125
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
deleted file mode 100644
index e4d9c25647..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ /dev/null
@@ -1,145 +0,0 @@
1/* p12_attr.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Add a local keyid to a safebag */
64
65int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
66 int namelen)
67{
68 if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
69 V_ASN1_OCTET_STRING, name, namelen))
70 return 1;
71 else
72 return 0;
73}
74
75/* Add key usage to PKCS#8 structure */
76
77int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
78{
79 unsigned char us_val;
80 us_val = (unsigned char) usage;
81 if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
82 V_ASN1_BIT_STRING, &us_val, 1))
83 return 1;
84 else
85 return 0;
86}
87
88/* Add a friendlyname to a safebag */
89
90int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
91 int namelen)
92{
93 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
94 MBSTRING_ASC, (unsigned char *)name, namelen))
95 return 1;
96 else
97 return 0;
98}
99
100
101int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
102 const unsigned char *name, int namelen)
103{
104 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
105 MBSTRING_BMP, name, namelen))
106 return 1;
107 else
108 return 0;
109}
110
111int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
112 int namelen)
113{
114 if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
115 MBSTRING_ASC, (unsigned char *)name, namelen))
116 return 1;
117 else
118 return 0;
119}
120
121ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
122{
123 X509_ATTRIBUTE *attrib;
124 int i;
125 if (!attrs) return NULL;
126 for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
127 attrib = sk_X509_ATTRIBUTE_value (attrs, i);
128 if (OBJ_obj2nid (attrib->object) == attr_nid) {
129 if (sk_ASN1_TYPE_num (attrib->value.set))
130 return sk_ASN1_TYPE_value(attrib->value.set, 0);
131 else return NULL;
132 }
133 }
134 return NULL;
135}
136
137char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
138{
139 ASN1_TYPE *atype;
140 if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
141 if (atype->type != V_ASN1_BMPSTRING) return NULL;
142 return OPENSSL_uni2asc(atype->value.bmpstring->data,
143 atype->value.bmpstring->length);
144}
145
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
deleted file mode 100644
index b71d07b4d0..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ /dev/null
@@ -1,112 +0,0 @@
1/* p12_crpt.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* PKCS#12 PBE algorithms now in static table */
64
65void PKCS12_PBE_add(void)
66{
67}
68
69int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
70 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
71{
72 PBEPARAM *pbe;
73 int saltlen, iter, ret;
74 unsigned char *salt;
75 const unsigned char *pbuf;
76 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
77
78 /* Extract useful info from parameter */
79 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
80 param->value.sequence == NULL) {
81 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
82 return 0;
83 }
84
85 pbuf = param->value.sequence->data;
86 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
87 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
88 return 0;
89 }
90
91 if (!pbe->iter) iter = 1;
92 else iter = ASN1_INTEGER_get (pbe->iter);
93 salt = pbe->salt->data;
94 saltlen = pbe->salt->length;
95 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
96 iter, EVP_CIPHER_key_length(cipher), key, md)) {
97 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
98 PBEPARAM_free(pbe);
99 return 0;
100 }
101 if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
102 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
103 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
104 PBEPARAM_free(pbe);
105 return 0;
106 }
107 PBEPARAM_free(pbe);
108 ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
109 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
110 OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
111 return ret;
112}
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
deleted file mode 100644
index 96b131defa..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ /dev/null
@@ -1,359 +0,0 @@
1/* p12_crt.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63
64static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
65
66static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
67 {
68 int idx;
69 X509_ATTRIBUTE *attr;
70 idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
71 if (idx < 0)
72 return 1;
73 attr = EVP_PKEY_get_attr(pkey, idx);
74 if (!X509at_add1_attr(&bag->attrib, attr))
75 return 0;
76 return 1;
77 }
78
79PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
80 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
81 int keytype)
82{
83 PKCS12 *p12 = NULL;
84 STACK_OF(PKCS7) *safes = NULL;
85 STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
86 PKCS12_SAFEBAG *bag = NULL;
87 int i;
88 unsigned char keyid[EVP_MAX_MD_SIZE];
89 unsigned int keyidlen = 0;
90
91 /* Set defaults */
92 if (!nid_cert)
93 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
94 if (!nid_key)
95 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
96 if (!iter)
97 iter = PKCS12_DEFAULT_ITER;
98 if (!mac_iter)
99 mac_iter = 1;
100
101 if(!pkey && !cert && !ca)
102 {
103 PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
104 return NULL;
105 }
106
107 if (pkey && cert)
108 {
109 if(!X509_check_private_key(cert, pkey))
110 return NULL;
111 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
112 }
113
114 if (cert)
115 {
116 bag = PKCS12_add_cert(&bags, cert);
117 if(name && !PKCS12_add_friendlyname(bag, name, -1))
118 goto err;
119 if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
120 goto err;
121 }
122
123 /* Add all other certificates */
124 for(i = 0; i < sk_X509_num(ca); i++)
125 {
126 if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
127 goto err;
128 }
129
130 if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
131 goto err;
132
133 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
134 bags = NULL;
135
136 if (pkey)
137 {
138 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
139
140 if (!bag)
141 goto err;
142
143 if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
144 goto err;
145 if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
146 goto err;
147
148 if(name && !PKCS12_add_friendlyname(bag, name, -1))
149 goto err;
150 if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
151 goto err;
152 }
153
154 if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
155 goto err;
156
157 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
158 bags = NULL;
159
160 p12 = PKCS12_add_safes(safes, 0);
161
162 if (!p12)
163 goto err;
164
165 sk_PKCS7_pop_free(safes, PKCS7_free);
166
167 safes = NULL;
168
169 if ((mac_iter != -1) &&
170 !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
171 goto err;
172
173 return p12;
174
175 err:
176
177 if (p12)
178 PKCS12_free(p12);
179 if (safes)
180 sk_PKCS7_pop_free(safes, PKCS7_free);
181 if (bags)
182 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
183 return NULL;
184
185}
186
187PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
188 {
189 PKCS12_SAFEBAG *bag = NULL;
190 char *name;
191 int namelen = -1;
192 unsigned char *keyid;
193 int keyidlen = -1;
194
195 /* Add user certificate */
196 if(!(bag = PKCS12_x5092certbag(cert)))
197 goto err;
198
199 /* Use friendlyName and localKeyID in certificate.
200 * (if present)
201 */
202
203 name = (char *)X509_alias_get0(cert, &namelen);
204
205 if(name && !PKCS12_add_friendlyname(bag, name, namelen))
206 goto err;
207
208 keyid = X509_keyid_get0(cert, &keyidlen);
209
210 if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
211 goto err;
212
213 if (!pkcs12_add_bag(pbags, bag))
214 goto err;
215
216 return bag;
217
218 err:
219
220 if (bag)
221 PKCS12_SAFEBAG_free(bag);
222
223 return NULL;
224
225 }
226
227PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
228 int key_usage, int iter,
229 int nid_key, char *pass)
230 {
231
232 PKCS12_SAFEBAG *bag = NULL;
233 PKCS8_PRIV_KEY_INFO *p8 = NULL;
234
235 /* Make a PKCS#8 structure */
236 if(!(p8 = EVP_PKEY2PKCS8(key)))
237 goto err;
238 if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
239 goto err;
240 if (nid_key != -1)
241 {
242 bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
243 PKCS8_PRIV_KEY_INFO_free(p8);
244 }
245 else
246 bag = PKCS12_MAKE_KEYBAG(p8);
247
248 if(!bag)
249 goto err;
250
251 if (!pkcs12_add_bag(pbags, bag))
252 goto err;
253
254 return bag;
255
256 err:
257
258 if (bag)
259 PKCS12_SAFEBAG_free(bag);
260
261 return NULL;
262
263 }
264
265int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
266 int nid_safe, int iter, char *pass)
267 {
268 PKCS7 *p7 = NULL;
269 int free_safes = 0;
270
271 if (!*psafes)
272 {
273 *psafes = sk_PKCS7_new_null();
274 if (!*psafes)
275 return 0;
276 free_safes = 1;
277 }
278 else
279 free_safes = 0;
280
281 if (nid_safe == 0)
282 nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
283
284 if (nid_safe == -1)
285 p7 = PKCS12_pack_p7data(bags);
286 else
287 p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
288 iter, bags);
289 if (!p7)
290 goto err;
291
292 if (!sk_PKCS7_push(*psafes, p7))
293 goto err;
294
295 return 1;
296
297 err:
298 if (free_safes)
299 {
300 sk_PKCS7_free(*psafes);
301 *psafes = NULL;
302 }
303
304 if (p7)
305 PKCS7_free(p7);
306
307 return 0;
308
309 }
310
311static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
312 {
313 int free_bags;
314 if (!pbags)
315 return 1;
316 if (!*pbags)
317 {
318 *pbags = sk_PKCS12_SAFEBAG_new_null();
319 if (!*pbags)
320 return 0;
321 free_bags = 1;
322 }
323 else
324 free_bags = 0;
325
326 if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
327 {
328 if (free_bags)
329 {
330 sk_PKCS12_SAFEBAG_free(*pbags);
331 *pbags = NULL;
332 }
333 return 0;
334 }
335
336 return 1;
337
338 }
339
340
341PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
342 {
343 PKCS12 *p12;
344 if (nid_p7 <= 0)
345 nid_p7 = NID_pkcs7_data;
346 p12 = PKCS12_init(nid_p7);
347
348 if (!p12)
349 return NULL;
350
351 if(!PKCS12_pack_authsafes(p12, safes))
352 {
353 PKCS12_free(p12);
354 return NULL;
355 }
356
357 return p12;
358
359 }
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
deleted file mode 100644
index 9d3557e8d7..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ /dev/null
@@ -1,184 +0,0 @@
1/* p12_decr.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Define this to dump decrypted output to files called DERnnn */
64/*#define DEBUG_DECRYPT*/
65
66
67/* Encrypt/Decrypt a buffer based on password and algor, result in a
68 * OPENSSL_malloc'ed buffer
69 */
70
71unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
72 int passlen, unsigned char *in, int inlen, unsigned char **data,
73 int *datalen, int en_de)
74{
75 unsigned char *out;
76 int outlen, i;
77 EVP_CIPHER_CTX ctx;
78
79 EVP_CIPHER_CTX_init(&ctx);
80 /* Decrypt data */
81 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
82 algor->parameter, &ctx, en_de)) {
83 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
84 return NULL;
85 }
86
87 if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
88 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
89 goto err;
90 }
91
92 if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen))
93 {
94 OPENSSL_free(out);
95 out = NULL;
96 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_EVP_LIB);
97 goto err;
98 }
99
100 outlen = i;
101 if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
102 OPENSSL_free(out);
103 out = NULL;
104 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
105 goto err;
106 }
107 outlen += i;
108 if (datalen) *datalen = outlen;
109 if (data) *data = out;
110 err:
111 EVP_CIPHER_CTX_cleanup(&ctx);
112 return out;
113
114}
115
116/* Decrypt an OCTET STRING and decode ASN1 structure
117 * if zbuf set zero buffer after use.
118 */
119
120void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
121 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
122{
123 unsigned char *out;
124 const unsigned char *p;
125 void *ret;
126 int outlen;
127
128 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
129 &out, &outlen, 0)) {
130 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
131 return NULL;
132 }
133 p = out;
134#ifdef DEBUG_DECRYPT
135 {
136 FILE *op;
137
138 char fname[30];
139 static int fnm = 1;
140 sprintf(fname, "DER%d", fnm++);
141 op = fopen(fname, "wb");
142 fwrite (p, 1, outlen, op);
143 fclose(op);
144 }
145#endif
146 ret = ASN1_item_d2i(NULL, &p, outlen, it);
147 if (zbuf) OPENSSL_cleanse(out, outlen);
148 if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
149 OPENSSL_free(out);
150 return ret;
151}
152
153/* Encode ASN1 structure and encrypt, return OCTET STRING
154 * if zbuf set zero encoding.
155 */
156
157ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
158 const char *pass, int passlen,
159 void *obj, int zbuf)
160{
161 ASN1_OCTET_STRING *oct;
162 unsigned char *in = NULL;
163 int inlen;
164 if (!(oct = M_ASN1_OCTET_STRING_new ())) {
165 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
166 return NULL;
167 }
168 inlen = ASN1_item_i2d(obj, &in, it);
169 if (!in) {
170 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
171 return NULL;
172 }
173 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
174 &oct->length, 1)) {
175 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
176 OPENSSL_free(in);
177 return NULL;
178 }
179 if (zbuf) OPENSSL_cleanse(in, inlen);
180 OPENSSL_free(in);
181 return oct;
182}
183
184IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
deleted file mode 100644
index d4d84b056a..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ /dev/null
@@ -1,92 +0,0 @@
1/* p12_init.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Initialise a PKCS12 structure to take data */
64
65PKCS12 *PKCS12_init(int mode)
66{
67 PKCS12 *pkcs12;
68 if (!(pkcs12 = PKCS12_new())) {
69 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
70 return NULL;
71 }
72 ASN1_INTEGER_set(pkcs12->version, 3);
73 pkcs12->authsafes->type = OBJ_nid2obj(mode);
74 switch (mode) {
75 case NID_pkcs7_data:
76 if (!(pkcs12->authsafes->d.data =
77 M_ASN1_OCTET_STRING_new())) {
78 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
79 goto err;
80 }
81 break;
82 default:
83 PKCS12err(PKCS12_F_PKCS12_INIT,
84 PKCS12_R_UNSUPPORTED_PKCS12_MODE);
85 goto err;
86 }
87
88 return pkcs12;
89err:
90 if (pkcs12 != NULL) PKCS12_free(pkcs12);
91 return NULL;
92}
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
deleted file mode 100644
index c55c7b60b3..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ /dev/null
@@ -1,219 +0,0 @@
1/* p12_key.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62#include <openssl/bn.h>
63
64/* Uncomment out this line to get debugging info about key generation */
65/*#define DEBUG_KEYGEN*/
66#ifdef DEBUG_KEYGEN
67#include <openssl/bio.h>
68extern BIO *bio_err;
69void h__dump (unsigned char *p, int len);
70#endif
71
72/* PKCS12 compatible key/IV generation */
73#ifndef min
74#define min(a,b) ((a) < (b) ? (a) : (b))
75#endif
76
77int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
78 int saltlen, int id, int iter, int n, unsigned char *out,
79 const EVP_MD *md_type)
80{
81 int ret;
82 unsigned char *unipass;
83 int uniplen;
84
85 if(!pass) {
86 unipass = NULL;
87 uniplen = 0;
88 } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
89 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
90 return 0;
91 }
92 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
93 id, iter, n, out, md_type);
94 if (ret <= 0)
95 return 0;
96 if(unipass) {
97 OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
98 OPENSSL_free(unipass);
99 }
100 return ret;
101}
102
103int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
104 int saltlen, int id, int iter, int n, unsigned char *out,
105 const EVP_MD *md_type)
106{
107 unsigned char *B, *D, *I, *p, *Ai;
108 int Slen, Plen, Ilen, Ijlen;
109 int i, j, u, v;
110 int ret = 0;
111 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
112 EVP_MD_CTX ctx;
113#ifdef DEBUG_KEYGEN
114 unsigned char *tmpout = out;
115 int tmpn = n;
116#endif
117
118#if 0
119 if (!pass) {
120 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
121 return 0;
122 }
123#endif
124
125 EVP_MD_CTX_init(&ctx);
126#ifdef DEBUG_KEYGEN
127 fprintf(stderr, "KEYGEN DEBUG\n");
128 fprintf(stderr, "ID %d, ITER %d\n", id, iter);
129 fprintf(stderr, "Password (length %d):\n", passlen);
130 h__dump(pass, passlen);
131 fprintf(stderr, "Salt (length %d):\n", saltlen);
132 h__dump(salt, saltlen);
133#endif
134 v = EVP_MD_block_size (md_type);
135 u = EVP_MD_size (md_type);
136 if (u < 0)
137 return 0;
138 D = OPENSSL_malloc (v);
139 Ai = OPENSSL_malloc (u);
140 B = OPENSSL_malloc (v + 1);
141 Slen = v * ((saltlen+v-1)/v);
142 if(passlen) Plen = v * ((passlen+v-1)/v);
143 else Plen = 0;
144 Ilen = Slen + Plen;
145 I = OPENSSL_malloc (Ilen);
146 Ij = BN_new();
147 Bpl1 = BN_new();
148 if (!D || !Ai || !B || !I || !Ij || !Bpl1)
149 goto err;
150 for (i = 0; i < v; i++) D[i] = id;
151 p = I;
152 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
153 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
154 for (;;) {
155 if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
156 || !EVP_DigestUpdate(&ctx, D, v)
157 || !EVP_DigestUpdate(&ctx, I, Ilen)
158 || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
159 goto err;
160 for (j = 1; j < iter; j++) {
161 if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
162 || !EVP_DigestUpdate(&ctx, Ai, u)
163 || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
164 goto err;
165 }
166 memcpy (out, Ai, min (n, u));
167 if (u >= n) {
168#ifdef DEBUG_KEYGEN
169 fprintf(stderr, "Output KEY (length %d)\n", tmpn);
170 h__dump(tmpout, tmpn);
171#endif
172 ret = 1;
173 goto end;
174 }
175 n -= u;
176 out += u;
177 for (j = 0; j < v; j++) B[j] = Ai[j % u];
178 /* Work out B + 1 first then can use B as tmp space */
179 if (!BN_bin2bn (B, v, Bpl1)) goto err;
180 if (!BN_add_word (Bpl1, 1)) goto err;
181 for (j = 0; j < Ilen ; j+=v) {
182 if (!BN_bin2bn (I + j, v, Ij)) goto err;
183 if (!BN_add (Ij, Ij, Bpl1)) goto err;
184 BN_bn2bin (Ij, B);
185 Ijlen = BN_num_bytes (Ij);
186 /* If more than 2^(v*8) - 1 cut off MSB */
187 if (Ijlen > v) {
188 BN_bn2bin (Ij, B);
189 memcpy (I + j, B + 1, v);
190#ifndef PKCS12_BROKEN_KEYGEN
191 /* If less than v bytes pad with zeroes */
192 } else if (Ijlen < v) {
193 memset(I + j, 0, v - Ijlen);
194 BN_bn2bin(Ij, I + j + v - Ijlen);
195#endif
196 } else BN_bn2bin (Ij, I + j);
197 }
198 }
199
200err:
201 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
202
203end:
204 OPENSSL_free (Ai);
205 OPENSSL_free (B);
206 OPENSSL_free (D);
207 OPENSSL_free (I);
208 BN_free (Ij);
209 BN_free (Bpl1);
210 EVP_MD_CTX_cleanup(&ctx);
211 return ret;
212}
213#ifdef DEBUG_KEYGEN
214void h__dump (unsigned char *p, int len)
215{
216 for (; len --; p++) fprintf(stderr, "%02X", *p);
217 fprintf(stderr, "\n");
218}
219#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
deleted file mode 100644
index 206b1b0b18..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ /dev/null
@@ -1,302 +0,0 @@
1/* p12_kiss.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Simplified PKCS#12 routines */
64
65static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
66 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
67
68static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
69 int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
70
71static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
72 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
73
74/* Parse and decrypt a PKCS#12 structure returning user key, user cert
75 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
76 * or it should point to a valid STACK structure. pkey and cert can be
77 * passed unitialised.
78 */
79
80int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
81 STACK_OF(X509) **ca)
82{
83 STACK_OF(X509) *ocerts = NULL;
84 X509 *x = NULL;
85 /* Check for NULL PKCS12 structure */
86
87 if(!p12)
88 {
89 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
90 return 0;
91 }
92
93 if(pkey)
94 *pkey = NULL;
95 if(cert)
96 *cert = NULL;
97
98 /* Check the mac */
99
100 /* If password is zero length or NULL then try verifying both cases
101 * to determine which password is correct. The reason for this is that
102 * under PKCS#12 password based encryption no password and a zero length
103 * password are two different things...
104 */
105
106 if(!pass || !*pass) {
107 if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
108 else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
109 else {
110 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
111 goto err;
112 }
113 } else if (!PKCS12_verify_mac(p12, pass, -1)) {
114 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
115 goto err;
116 }
117
118 /* Allocate stack for other certificates */
119 ocerts = sk_X509_new_null();
120
121 if (!ocerts)
122 {
123 PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
124 return 0;
125 }
126
127 if (!parse_pk12 (p12, pass, -1, pkey, ocerts))
128 {
129 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
130 goto err;
131 }
132
133 while ((x = sk_X509_pop(ocerts)))
134 {
135 if (pkey && *pkey && cert && !*cert)
136 {
137 if (X509_check_private_key(x, *pkey))
138 {
139 *cert = x;
140 x = NULL;
141 }
142 }
143
144 if (ca && x)
145 {
146 if (!*ca)
147 *ca = sk_X509_new_null();
148 if (!*ca)
149 goto err;
150 if (!sk_X509_push(*ca, x))
151 goto err;
152 x = NULL;
153 }
154 if (x)
155 X509_free(x);
156 }
157
158 if (ocerts)
159 sk_X509_pop_free(ocerts, X509_free);
160
161 return 1;
162
163 err:
164
165 if (pkey && *pkey)
166 EVP_PKEY_free(*pkey);
167 if (cert && *cert)
168 X509_free(*cert);
169 if (x)
170 X509_free(x);
171 if (ocerts)
172 sk_X509_pop_free(ocerts, X509_free);
173 return 0;
174
175}
176
177/* Parse the outer PKCS#12 structure */
178
179static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
180 EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
181{
182 STACK_OF(PKCS7) *asafes;
183 STACK_OF(PKCS12_SAFEBAG) *bags;
184 int i, bagnid;
185 PKCS7 *p7;
186
187 if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
188 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
189 p7 = sk_PKCS7_value (asafes, i);
190 bagnid = OBJ_obj2nid (p7->type);
191 if (bagnid == NID_pkcs7_data) {
192 bags = PKCS12_unpack_p7data(p7);
193 } else if (bagnid == NID_pkcs7_encrypted) {
194 bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
195 } else continue;
196 if (!bags) {
197 sk_PKCS7_pop_free(asafes, PKCS7_free);
198 return 0;
199 }
200 if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
201 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
202 sk_PKCS7_pop_free(asafes, PKCS7_free);
203 return 0;
204 }
205 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
206 }
207 sk_PKCS7_pop_free(asafes, PKCS7_free);
208 return 1;
209}
210
211
212static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
213 int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
214{
215 int i;
216 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
217 if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
218 pass, passlen, pkey, ocerts))
219 return 0;
220 }
221 return 1;
222}
223
224static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
225 EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
226{
227 PKCS8_PRIV_KEY_INFO *p8;
228 X509 *x509;
229 ASN1_TYPE *attrib;
230 ASN1_BMPSTRING *fname = NULL;
231 ASN1_OCTET_STRING *lkid = NULL;
232
233 if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
234 fname = attrib->value.bmpstring;
235
236 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
237 lkid = attrib->value.octet_string;
238
239 switch (M_PKCS12_bag_type(bag))
240 {
241 case NID_keyBag:
242 if (!pkey || *pkey)
243 return 1;
244 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
245 return 0;
246 break;
247
248 case NID_pkcs8ShroudedKeyBag:
249 if (!pkey || *pkey)
250 return 1;
251 if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
252 return 0;
253 *pkey = EVP_PKCS82PKEY(p8);
254 PKCS8_PRIV_KEY_INFO_free(p8);
255 if (!(*pkey)) return 0;
256 break;
257
258 case NID_certBag:
259 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
260 return 1;
261 if (!(x509 = PKCS12_certbag2x509(bag)))
262 return 0;
263 if(lkid && !X509_keyid_set1(x509, lkid->data, lkid->length))
264 {
265 X509_free(x509);
266 return 0;
267 }
268 if(fname) {
269 int len, r;
270 unsigned char *data;
271 len = ASN1_STRING_to_UTF8(&data, fname);
272 if(len > 0) {
273 r = X509_alias_set1(x509, data, len);
274 OPENSSL_free(data);
275 if (!r)
276 {
277 X509_free(x509);
278 return 0;
279 }
280 }
281 }
282
283 if(!sk_X509_push(ocerts, x509))
284 {
285 X509_free(x509);
286 return 0;
287 }
288
289 break;
290
291 case NID_safeContentsBag:
292 return parse_bags(bag->value.safes, pass, passlen,
293 pkey, ocerts);
294 break;
295
296 default:
297 return 1;
298 break;
299 }
300 return 1;
301}
302
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
deleted file mode 100644
index 96de1bd11e..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ /dev/null
@@ -1,190 +0,0 @@
1/* p12_mutl.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef OPENSSL_NO_HMAC
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/hmac.h>
63#include <openssl/rand.h>
64#include <openssl/pkcs12.h>
65
66/* Generate a MAC */
67int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
68 unsigned char *mac, unsigned int *maclen)
69{
70 const EVP_MD *md_type;
71 HMAC_CTX hmac;
72 unsigned char key[EVP_MAX_MD_SIZE], *salt;
73 int saltlen, iter;
74 int md_size;
75
76 if (!PKCS7_type_is_data(p12->authsafes))
77 {
78 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
79 return 0;
80 }
81
82 salt = p12->mac->salt->data;
83 saltlen = p12->mac->salt->length;
84 if (!p12->mac->iter) iter = 1;
85 else iter = ASN1_INTEGER_get (p12->mac->iter);
86 if(!(md_type =
87 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
88 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
89 return 0;
90 }
91 md_size = EVP_MD_size(md_type);
92 if (md_size < 0)
93 return 0;
94 if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
95 md_size, key, md_type)) {
96 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
97 return 0;
98 }
99 HMAC_CTX_init(&hmac);
100 if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
101 || !HMAC_Update(&hmac, p12->authsafes->d.data->data,
102 p12->authsafes->d.data->length)
103 || !HMAC_Final(&hmac, mac, maclen))
104 {
105 HMAC_CTX_cleanup(&hmac);
106 return 0;
107 }
108 HMAC_CTX_cleanup(&hmac);
109 return 1;
110}
111
112/* Verify the mac */
113int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
114{
115 unsigned char mac[EVP_MAX_MD_SIZE];
116 unsigned int maclen;
117 if(p12->mac == NULL) {
118 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
119 return 0;
120 }
121 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
122 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
123 return 0;
124 }
125 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
126 || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
127 return 1;
128}
129
130/* Set a mac */
131
132int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
133 unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
134{
135 unsigned char mac[EVP_MAX_MD_SIZE];
136 unsigned int maclen;
137
138 if (!md_type) md_type = EVP_sha1();
139 if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
140 PKCS12_ERROR) {
141 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
142 return 0;
143 }
144 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
145 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
146 return 0;
147 }
148 if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
149 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
150 return 0;
151 }
152 return 1;
153}
154
155/* Set up a mac structure */
156int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
157 const EVP_MD *md_type)
158{
159 if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
160 if (iter > 1) {
161 if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
162 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
163 return 0;
164 }
165 if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
166 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
167 return 0;
168 }
169 }
170 if (!saltlen) saltlen = PKCS12_SALT_LEN;
171 p12->mac->salt->length = saltlen;
172 if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
173 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
174 return 0;
175 }
176 if (!salt) {
177 if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
178 return 0;
179 }
180 else memcpy (p12->mac->salt->data, salt, saltlen);
181 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
182 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
183 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
184 return 0;
185 }
186 p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
187
188 return 1;
189}
190#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
deleted file mode 100644
index 2f71355150..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ /dev/null
@@ -1,225 +0,0 @@
1/* p12_npas.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include <openssl/pkcs12.h>
65
66/* PKCS#12 password change routine */
67
68static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
69static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
70 char *newpass);
71static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
72static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
73
74/*
75 * Change the password on a PKCS#12 structure.
76 */
77
78int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
79{
80 /* Check for NULL PKCS12 structure */
81
82 if(!p12) {
83 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
84 return 0;
85 }
86
87 /* Check the mac */
88
89 if (!PKCS12_verify_mac(p12, oldpass, -1)) {
90 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
91 return 0;
92 }
93
94 if (!newpass_p12(p12, oldpass, newpass)) {
95 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
96 return 0;
97 }
98
99 return 1;
100}
101
102/* Parse the outer PKCS#12 structure */
103
104static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
105{
106 STACK_OF(PKCS7) *asafes, *newsafes;
107 STACK_OF(PKCS12_SAFEBAG) *bags;
108 int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
109 PKCS7 *p7, *p7new;
110 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
111 unsigned char mac[EVP_MAX_MD_SIZE];
112 unsigned int maclen;
113
114 if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
115 if(!(newsafes = sk_PKCS7_new_null())) return 0;
116 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
117 p7 = sk_PKCS7_value(asafes, i);
118 bagnid = OBJ_obj2nid(p7->type);
119 if (bagnid == NID_pkcs7_data) {
120 bags = PKCS12_unpack_p7data(p7);
121 } else if (bagnid == NID_pkcs7_encrypted) {
122 bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
123 if (!alg_get(p7->d.encrypted->enc_data->algorithm,
124 &pbe_nid, &pbe_iter, &pbe_saltlen))
125 {
126 sk_PKCS12_SAFEBAG_pop_free(bags,
127 PKCS12_SAFEBAG_free);
128 bags = NULL;
129 }
130 } else continue;
131 if (!bags) {
132 sk_PKCS7_pop_free(asafes, PKCS7_free);
133 return 0;
134 }
135 if (!newpass_bags(bags, oldpass, newpass)) {
136 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
137 sk_PKCS7_pop_free(asafes, PKCS7_free);
138 return 0;
139 }
140 /* Repack bag in same form with new password */
141 if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
142 else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
143 pbe_saltlen, pbe_iter, bags);
144 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
145 if(!p7new) {
146 sk_PKCS7_pop_free(asafes, PKCS7_free);
147 return 0;
148 }
149 sk_PKCS7_push(newsafes, p7new);
150 }
151 sk_PKCS7_pop_free(asafes, PKCS7_free);
152
153 /* Repack safe: save old safe in case of error */
154
155 p12_data_tmp = p12->authsafes->d.data;
156 if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
157 if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
158
159 if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
160 if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
161 if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
162 ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
163 p12->mac->dinfo->digest = macnew;
164 ASN1_OCTET_STRING_free(p12_data_tmp);
165
166 return 1;
167
168 saferr:
169 /* Restore old safe */
170 ASN1_OCTET_STRING_free(p12->authsafes->d.data);
171 ASN1_OCTET_STRING_free(macnew);
172 p12->authsafes->d.data = p12_data_tmp;
173 return 0;
174
175}
176
177
178static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
179 char *newpass)
180{
181 int i;
182 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
183 if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
184 oldpass, newpass))
185 return 0;
186 }
187 return 1;
188}
189
190/* Change password of safebag: only needs handle shrouded keybags */
191
192static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
193{
194 PKCS8_PRIV_KEY_INFO *p8;
195 X509_SIG *p8new;
196 int p8_nid, p8_saltlen, p8_iter;
197
198 if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
199
200 if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
201 if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
202 &p8_saltlen))
203 return 0;
204 if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
205 p8_iter, p8))) return 0;
206 X509_SIG_free(bag->value.shkeybag);
207 bag->value.shkeybag = p8new;
208 return 1;
209}
210
211static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
212{
213 PBEPARAM *pbe;
214 const unsigned char *p;
215
216 p = alg->parameter->value.sequence->data;
217 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
218 if (!pbe)
219 return 0;
220 *pnid = OBJ_obj2nid(alg->algorithm);
221 *piter = ASN1_INTEGER_get(pbe->iter);
222 *psaltlen = pbe->salt->length;
223 PBEPARAM_free(pbe);
224 return 1;
225}
diff --git a/src/lib/libcrypto/pkcs12/p12_p8d.c b/src/lib/libcrypto/pkcs12/p12_p8d.c
deleted file mode 100644
index deba81e4a9..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8d.c
+++ /dev/null
@@ -1,68 +0,0 @@
1/* p12_p8d.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
64{
65 return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
66 passlen, p8->digest, 1);
67}
68
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
deleted file mode 100644
index bf20a77b4c..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8e.c
+++ /dev/null
@@ -1,97 +0,0 @@
1/* p12_p8e.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
64 const char *pass, int passlen,
65 unsigned char *salt, int saltlen, int iter,
66 PKCS8_PRIV_KEY_INFO *p8inf)
67{
68 X509_SIG *p8 = NULL;
69 X509_ALGOR *pbe;
70
71 if (!(p8 = X509_SIG_new())) {
72 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
73 goto err;
74 }
75
76 if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
77 else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
78 if(!pbe) {
79 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
80 goto err;
81 }
82 X509_ALGOR_free(p8->algor);
83 p8->algor = pbe;
84 M_ASN1_OCTET_STRING_free(p8->digest);
85 p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
86 pass, passlen, p8inf, 1);
87 if(!p8->digest) {
88 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
89 goto err;
90 }
91
92 return p8;
93
94 err:
95 X509_SIG_free(p8);
96 return NULL;
97}
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
deleted file mode 100644
index 59c6f453f6..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ /dev/null
@@ -1,146 +0,0 @@
1/* p12_utl.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/pkcs12.h>
62
63/* Cheap and nasty Unicode stuff */
64
65unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
66{
67 int ulen, i;
68 unsigned char *unitmp;
69 if (asclen == -1) asclen = strlen(asc);
70 ulen = asclen*2 + 2;
71 if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
72 for (i = 0; i < ulen - 2; i+=2) {
73 unitmp[i] = 0;
74 unitmp[i + 1] = asc[i>>1];
75 }
76 /* Make result double null terminated */
77 unitmp[ulen - 2] = 0;
78 unitmp[ulen - 1] = 0;
79 if (unilen) *unilen = ulen;
80 if (uni) *uni = unitmp;
81 return unitmp;
82}
83
84char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
85{
86 int asclen, i;
87 char *asctmp;
88 asclen = unilen / 2;
89 /* If no terminating zero allow for one */
90 if (!unilen || uni[unilen - 1]) asclen++;
91 uni++;
92 if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
93 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
94 asctmp[asclen - 1] = 0;
95 return asctmp;
96}
97
98int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
99{
100 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
101}
102
103#ifndef OPENSSL_NO_FP_API
104int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
105{
106 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
107}
108#endif
109
110PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
111{
112 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
113}
114#ifndef OPENSSL_NO_FP_API
115PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
116{
117 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
118}
119#endif
120
121PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
122{
123 return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
124 NID_x509Certificate, NID_certBag);
125}
126
127PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
128{
129 return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
130 NID_x509Crl, NID_crlBag);
131}
132
133X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
134{
135 if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
136 if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
137 return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
138}
139
140X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
141{
142 if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
143 if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
144 return ASN1_item_unpack(bag->value.bag->value.octet,
145 ASN1_ITEM_rptr(X509_CRL));
146}
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
deleted file mode 100644
index f6ddf2df12..0000000000
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ /dev/null
@@ -1,144 +0,0 @@
1/* crypto/pkcs12/pk12err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
70
71static ERR_STRING_DATA PKCS12_str_functs[]=
72 {
73{ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"},
74{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
75{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
76{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"},
77{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"},
78{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
79{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
80{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
81{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
82{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"},
83{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"},
84{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
85{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
86{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
87{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
88{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
89{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
90{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
91{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
92{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
93{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
94{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
95{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
96{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
97{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
98{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
99{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
100{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
101{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
102{0,NULL}
103 };
104
105static ERR_STRING_DATA PKCS12_str_reasons[]=
106 {
107{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
108{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
109{ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"},
110{ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"},
111{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"},
112{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},
113{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
114{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},
115{ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"},
116{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"},
117{ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"},
118{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},
119{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"},
120{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},
121{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"},
122{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},
123{ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"},
124{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},
125{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},
126{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},
127{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},
128{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},
129{0,NULL}
130 };
131
132#endif
133
134void ERR_load_PKCS12_strings(void)
135 {
136#ifndef OPENSSL_NO_ERR
137
138 if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL)
139 {
140 ERR_load_strings(0,PKCS12_str_functs);
141 ERR_load_strings(0,PKCS12_str_reasons);
142 }
143#endif
144 }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
deleted file mode 100644
index b17eb9f42b..0000000000
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,331 +0,0 @@
1/* pkcs12.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_PKCS12_H
60#define HEADER_PKCS12_H
61
62#include <openssl/bio.h>
63#include <openssl/x509.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69#define PKCS12_KEY_ID 1
70#define PKCS12_IV_ID 2
71#define PKCS12_MAC_ID 3
72
73/* Default iteration count */
74#ifndef PKCS12_DEFAULT_ITER
75#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER
76#endif
77
78#define PKCS12_MAC_KEY_LENGTH 20
79
80#define PKCS12_SALT_LEN 8
81
82/* Uncomment out next line for unicode password and names, otherwise ASCII */
83
84/*#define PBE_UNICODE*/
85
86#ifdef PBE_UNICODE
87#define PKCS12_key_gen PKCS12_key_gen_uni
88#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
89#else
90#define PKCS12_key_gen PKCS12_key_gen_asc
91#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
92#endif
93
94/* MS key usage constants */
95
96#define KEY_EX 0x10
97#define KEY_SIG 0x80
98
99typedef struct {
100X509_SIG *dinfo;
101ASN1_OCTET_STRING *salt;
102ASN1_INTEGER *iter; /* defaults to 1 */
103} PKCS12_MAC_DATA;
104
105typedef struct {
106ASN1_INTEGER *version;
107PKCS12_MAC_DATA *mac;
108PKCS7 *authsafes;
109} PKCS12;
110
111typedef struct {
112ASN1_OBJECT *type;
113union {
114 struct pkcs12_bag_st *bag; /* secret, crl and certbag */
115 struct pkcs8_priv_key_info_st *keybag; /* keybag */
116 X509_SIG *shkeybag; /* shrouded key bag */
117 STACK_OF(PKCS12_SAFEBAG) *safes;
118 ASN1_TYPE *other;
119}value;
120STACK_OF(X509_ATTRIBUTE) *attrib;
121} PKCS12_SAFEBAG;
122
123DECLARE_STACK_OF(PKCS12_SAFEBAG)
124DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
125DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
126
127typedef struct pkcs12_bag_st {
128ASN1_OBJECT *type;
129union {
130 ASN1_OCTET_STRING *x509cert;
131 ASN1_OCTET_STRING *x509crl;
132 ASN1_OCTET_STRING *octet;
133 ASN1_IA5STRING *sdsicert;
134 ASN1_TYPE *other; /* Secret or other bag */
135}value;
136} PKCS12_BAGS;
137
138#define PKCS12_ERROR 0
139#define PKCS12_OK 1
140
141/* Compatibility macros */
142
143#define M_PKCS12_x5092certbag PKCS12_x5092certbag
144#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
145
146#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
147#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
148
149#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
150#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
151#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
152#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
153
154#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
155#define M_PKCS8_decrypt PKCS8_decrypt
156
157#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
158#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
159#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
160
161#define PKCS12_get_attr(bag, attr_nid) \
162 PKCS12_get_attr_gen(bag->attrib, attr_nid)
163
164#define PKCS8_get_attr(p8, attr_nid) \
165 PKCS12_get_attr_gen(p8->attributes, attr_nid)
166
167#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
168
169
170PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
171PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
172X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
173X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
174
175PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
176 int nid2);
177PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
178PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
179PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
180 int passlen);
181X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
182 const char *pass, int passlen,
183 unsigned char *salt, int saltlen, int iter,
184 PKCS8_PRIV_KEY_INFO *p8);
185PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
186 int passlen, unsigned char *salt,
187 int saltlen, int iter,
188 PKCS8_PRIV_KEY_INFO *p8);
189PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
190STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
191PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
192 unsigned char *salt, int saltlen, int iter,
193 STACK_OF(PKCS12_SAFEBAG) *bags);
194STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
195
196int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
197STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
198
199int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
200int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
201 int namelen);
202int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
203 int namelen);
204int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
205 int namelen);
206int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
207ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
208char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
209unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
210 int passlen, unsigned char *in, int inlen,
211 unsigned char **data, int *datalen, int en_de);
212void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
213 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
214ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
215 const char *pass, int passlen,
216 void *obj, int zbuf);
217PKCS12 *PKCS12_init(int mode);
218int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
219 int saltlen, int id, int iter, int n,
220 unsigned char *out, const EVP_MD *md_type);
221int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
222int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
223 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
224 int en_de);
225int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
226 unsigned char *mac, unsigned int *maclen);
227int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
228int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
229 unsigned char *salt, int saltlen, int iter,
230 const EVP_MD *md_type);
231int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
232 int saltlen, const EVP_MD *md_type);
233unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
234char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
235
236DECLARE_ASN1_FUNCTIONS(PKCS12)
237DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
238DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
239DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
240
241DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
242DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
243
244void PKCS12_PBE_add(void);
245int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
246 STACK_OF(X509) **ca);
247PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
248 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
249 int mac_iter, int keytype);
250
251PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
252PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
253 int key_usage, int iter,
254 int key_nid, char *pass);
255int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
256 int safe_nid, int iter, char *pass);
257PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
258
259int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
260int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
261PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
262PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
263int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
264
265/* BEGIN ERROR CODES */
266/* The following lines are auto generated by the script mkerr.pl. Any changes
267 * made after this point may be overwritten when the script is next run.
268 */
269void ERR_load_PKCS12_strings(void);
270
271/* Error codes for the PKCS12 functions. */
272
273/* Function codes. */
274#define PKCS12_F_PARSE_BAG 129
275#define PKCS12_F_PARSE_BAGS 103
276#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
277#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
278#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
279#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
280#define PKCS12_F_PKCS12_CREATE 105
281#define PKCS12_F_PKCS12_GEN_MAC 107
282#define PKCS12_F_PKCS12_INIT 109
283#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106
284#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108
285#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117
286#define PKCS12_F_PKCS12_KEY_GEN_ASC 110
287#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
288#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
289#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
290#define PKCS12_F_PKCS12_NEWPASS 128
291#define PKCS12_F_PKCS12_PACK_P7DATA 114
292#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
293#define PKCS12_F_PKCS12_PARSE 118
294#define PKCS12_F_PKCS12_PBE_CRYPT 119
295#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
296#define PKCS12_F_PKCS12_SETUP_MAC 122
297#define PKCS12_F_PKCS12_SET_MAC 123
298#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
299#define PKCS12_F_PKCS12_UNPACK_P7DATA 131
300#define PKCS12_F_PKCS12_VERIFY_MAC 126
301#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
302#define PKCS12_F_PKCS8_ENCRYPT 125
303
304/* Reason codes. */
305#define PKCS12_R_CANT_PACK_STRUCTURE 100
306#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
307#define PKCS12_R_DECODE_ERROR 101
308#define PKCS12_R_ENCODE_ERROR 102
309#define PKCS12_R_ENCRYPT_ERROR 103
310#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
311#define PKCS12_R_INVALID_NULL_ARGUMENT 104
312#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
313#define PKCS12_R_IV_GEN_ERROR 106
314#define PKCS12_R_KEY_GEN_ERROR 107
315#define PKCS12_R_MAC_ABSENT 108
316#define PKCS12_R_MAC_GENERATION_ERROR 109
317#define PKCS12_R_MAC_SETUP_ERROR 110
318#define PKCS12_R_MAC_STRING_SET_ERROR 111
319#define PKCS12_R_MAC_VERIFY_ERROR 112
320#define PKCS12_R_MAC_VERIFY_FAILURE 113
321#define PKCS12_R_PARSE_ERROR 114
322#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
323#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
324#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
325#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
326#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
327
328#ifdef __cplusplus
329}
330#endif
331#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 21:45:24 +0000