summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c229
-rw-r--r--src/lib/libcrypto/pkcs12/p12_asn.c485
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c158
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c336
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c184
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c100
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c197
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c299
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c265
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c300
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8d.c72
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8e.c104
-rw-r--r--src/lib/libcrypto/pkcs12/p12_sbag.c235
-rw-r--r--src/lib/libcrypto/pkcs12/p12_utl.c157
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c113
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h284
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12_local.h174
17 files changed, 0 insertions, 3692 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
deleted file mode 100644
index f6f42c558c..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ /dev/null
@@ -1,229 +0,0 @@
1/* $OpenBSD: p12_add.c,v 1.25 2024/03/02 10:20:27 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64#include "pkcs12_local.h"
65#include "x509_local.h"
66
67/* Pack an object into an OCTET STRING and turn into a safebag */
68
69PKCS12_SAFEBAG *
70PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
71{
72 PKCS12_BAGS *bag;
73 PKCS12_SAFEBAG *safebag;
74
75 if (!(bag = PKCS12_BAGS_new())) {
76 PKCS12error(ERR_R_MALLOC_FAILURE);
77 return NULL;
78 }
79 bag->type = OBJ_nid2obj(nid1);
80 if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
81 PKCS12error(ERR_R_MALLOC_FAILURE);
82 PKCS12_BAGS_free(bag);
83 return NULL;
84 }
85 if (!(safebag = PKCS12_SAFEBAG_new())) {
86 PKCS12error(ERR_R_MALLOC_FAILURE);
87 PKCS12_BAGS_free(bag);
88 return NULL;
89 }
90 safebag->value.bag = bag;
91 safebag->type = OBJ_nid2obj(nid2);
92 return safebag;
93}
94
95/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
96PKCS7 *
97PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
98{
99 PKCS7 *p7;
100
101 if (!(p7 = PKCS7_new())) {
102 PKCS12error(ERR_R_MALLOC_FAILURE);
103 return NULL;
104 }
105 p7->type = OBJ_nid2obj(NID_pkcs7_data);
106 if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
107 PKCS12error(ERR_R_MALLOC_FAILURE);
108 goto err;
109 }
110
111 if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) {
112 PKCS12error(PKCS12_R_CANT_PACK_STRUCTURE);
113 goto err;
114 }
115 return p7;
116
117err:
118 PKCS7_free(p7);
119 return NULL;
120}
121
122/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
123STACK_OF(PKCS12_SAFEBAG) *
124PKCS12_unpack_p7data(PKCS7 *p7)
125{
126 ASN1_OCTET_STRING *aos;
127
128 if (!PKCS7_type_is_data(p7)) {
129 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
130 return NULL;
131 }
132 if ((aos = PKCS7_get_octet_string(p7)) == NULL)
133 return NULL;
134 return ASN1_item_unpack(aos, &PKCS12_SAFEBAGS_it);
135}
136LCRYPTO_ALIAS(PKCS12_unpack_p7data);
137
138/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
139
140PKCS7 *
141PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
142 unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags)
143{
144 PKCS7 *p7;
145 X509_ALGOR *pbe;
146 const EVP_CIPHER *pbe_ciph;
147
148 if (!(p7 = PKCS7_new())) {
149 PKCS12error(ERR_R_MALLOC_FAILURE);
150 return NULL;
151 }
152 if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
153 PKCS12error(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
154 goto err;
155 }
156
157 pbe_ciph = EVP_get_cipherbynid(pbe_nid);
158
159 if (pbe_ciph)
160 pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
161 else
162 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
163
164 if (!pbe) {
165 PKCS12error(ERR_R_MALLOC_FAILURE);
166 goto err;
167 }
168 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
169 p7->d.encrypted->enc_data->algorithm = pbe;
170 ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
171 if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
172 pbe, &PKCS12_SAFEBAGS_it, pass, passlen, bags, 1))) {
173 PKCS12error(PKCS12_R_ENCRYPT_ERROR);
174 goto err;
175 }
176
177 return p7;
178
179err:
180 PKCS7_free(p7);
181 return NULL;
182}
183
184STACK_OF(PKCS12_SAFEBAG) *
185PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
186{
187 PKCS7_ENC_CONTENT *content;
188
189 if (!PKCS7_type_is_encrypted(p7))
190 return NULL;
191 if (p7->d.encrypted == NULL)
192 return NULL;
193 if ((content = p7->d.encrypted->enc_data) == NULL)
194 return NULL;
195 return PKCS12_item_decrypt_d2i(content->algorithm, &PKCS12_SAFEBAGS_it,
196 pass, passlen, content->enc_data, 1);
197}
198LCRYPTO_ALIAS(PKCS12_unpack_p7encdata);
199
200PKCS8_PRIV_KEY_INFO *
201PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, const char *pass, int passlen)
202{
203 return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
204}
205LCRYPTO_ALIAS(PKCS12_decrypt_skey);
206
207int
208PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
209{
210 if (ASN1_item_pack(safes, &PKCS12_AUTHSAFES_it,
211 &p12->authsafes->d.data))
212 return 1;
213 return 0;
214}
215
216STACK_OF(PKCS7) *
217PKCS12_unpack_authsafes(const PKCS12 *p12)
218{
219 ASN1_OCTET_STRING *aos;
220
221 if (!PKCS7_type_is_data(p12->authsafes)) {
222 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
223 return NULL;
224 }
225 if ((aos = PKCS7_get_octet_string(p12->authsafes)) == NULL)
226 return NULL;
227 return ASN1_item_unpack(aos, &PKCS12_AUTHSAFES_it);
228}
229LCRYPTO_ALIAS(PKCS12_unpack_authsafes);
diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c
deleted file mode 100644
index fd2f431f46..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_asn.c
+++ /dev/null
@@ -1,485 +0,0 @@
1/* $OpenBSD: p12_asn.c,v 1.16 2024/07/09 06:13:22 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/pkcs12.h>
63
64#include "pkcs12_local.h"
65
66/* PKCS#12 ASN1 module */
67
68static const ASN1_TEMPLATE PKCS12_seq_tt[] = {
69 {
70 .flags = 0,
71 .tag = 0,
72 .offset = offsetof(PKCS12, version),
73 .field_name = "version",
74 .item = &ASN1_INTEGER_it,
75 },
76 {
77 .flags = 0,
78 .tag = 0,
79 .offset = offsetof(PKCS12, authsafes),
80 .field_name = "authsafes",
81 .item = &PKCS7_it,
82 },
83 {
84 .flags = ASN1_TFLG_OPTIONAL,
85 .tag = 0,
86 .offset = offsetof(PKCS12, mac),
87 .field_name = "mac",
88 .item = &PKCS12_MAC_DATA_it,
89 },
90};
91
92const ASN1_ITEM PKCS12_it = {
93 .itype = ASN1_ITYPE_SEQUENCE,
94 .utype = V_ASN1_SEQUENCE,
95 .templates = PKCS12_seq_tt,
96 .tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE),
97 .funcs = NULL,
98 .size = sizeof(PKCS12),
99 .sname = "PKCS12",
100};
101LCRYPTO_ALIAS(PKCS12_it);
102
103
104PKCS12 *
105d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len)
106{
107 return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
108 &PKCS12_it);
109}
110LCRYPTO_ALIAS(d2i_PKCS12);
111
112int
113i2d_PKCS12(PKCS12 *a, unsigned char **out)
114{
115 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it);
116}
117LCRYPTO_ALIAS(i2d_PKCS12);
118
119PKCS12 *
120PKCS12_new(void)
121{
122 return (PKCS12 *)ASN1_item_new(&PKCS12_it);
123}
124LCRYPTO_ALIAS(PKCS12_new);
125
126void
127PKCS12_free(PKCS12 *a)
128{
129 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it);
130}
131LCRYPTO_ALIAS(PKCS12_free);
132
133static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = {
134 {
135 .flags = 0,
136 .tag = 0,
137 .offset = offsetof(PKCS12_MAC_DATA, dinfo),
138 .field_name = "dinfo",
139 .item = &X509_SIG_it,
140 },
141 {
142 .flags = 0,
143 .tag = 0,
144 .offset = offsetof(PKCS12_MAC_DATA, salt),
145 .field_name = "salt",
146 .item = &ASN1_OCTET_STRING_it,
147 },
148 {
149 .flags = ASN1_TFLG_OPTIONAL,
150 .tag = 0,
151 .offset = offsetof(PKCS12_MAC_DATA, iter),
152 .field_name = "iter",
153 .item = &ASN1_INTEGER_it,
154 },
155};
156
157const ASN1_ITEM PKCS12_MAC_DATA_it = {
158 .itype = ASN1_ITYPE_SEQUENCE,
159 .utype = V_ASN1_SEQUENCE,
160 .templates = PKCS12_MAC_DATA_seq_tt,
161 .tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE),
162 .funcs = NULL,
163 .size = sizeof(PKCS12_MAC_DATA),
164 .sname = "PKCS12_MAC_DATA",
165};
166
167
168PKCS12_MAC_DATA *
169d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
170{
171 return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
172 &PKCS12_MAC_DATA_it);
173}
174
175int
176i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
177{
178 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
179}
180
181PKCS12_MAC_DATA *
182PKCS12_MAC_DATA_new(void)
183{
184 return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
185}
186
187void
188PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
189{
190 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
191}
192
193static const ASN1_TEMPLATE bag_default_tt = {
194 .flags = ASN1_TFLG_EXPLICIT,
195 .tag = 0,
196 .offset = offsetof(PKCS12_BAGS, value.other),
197 .field_name = "value.other",
198 .item = &ASN1_ANY_it,
199};
200
201static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
202 {
203 .value = NID_x509Certificate,
204 .tt = {
205 .flags = ASN1_TFLG_EXPLICIT,
206 .tag = 0,
207 .offset = offsetof(PKCS12_BAGS, value.x509cert),
208 .field_name = "value.x509cert",
209 .item = &ASN1_OCTET_STRING_it,
210 },
211
212 },
213 {
214 .value = NID_x509Crl,
215 .tt = {
216 .flags = ASN1_TFLG_EXPLICIT,
217 .tag = 0,
218 .offset = offsetof(PKCS12_BAGS, value.x509crl),
219 .field_name = "value.x509crl",
220 .item = &ASN1_OCTET_STRING_it,
221 },
222
223 },
224 {
225 .value = NID_sdsiCertificate,
226 .tt = {
227 .flags = ASN1_TFLG_EXPLICIT,
228 .tag = 0,
229 .offset = offsetof(PKCS12_BAGS, value.sdsicert),
230 .field_name = "value.sdsicert",
231 .item = &ASN1_IA5STRING_it,
232 },
233
234 },
235};
236
237static const ASN1_ADB PKCS12_BAGS_adb = {
238 .flags = 0,
239 .offset = offsetof(PKCS12_BAGS, type),
240 .tbl = PKCS12_BAGS_adbtbl,
241 .tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
242 .default_tt = &bag_default_tt,
243 .null_tt = NULL,
244};
245
246static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = {
247 {
248 .flags = 0,
249 .tag = 0,
250 .offset = offsetof(PKCS12_BAGS, type),
251 .field_name = "type",
252 .item = &ASN1_OBJECT_it,
253 },
254 {
255 .flags = ASN1_TFLG_ADB_OID,
256 .tag = -1,
257 .offset = 0,
258 .field_name = "PKCS12_BAGS",
259 .item = (const ASN1_ITEM *)&PKCS12_BAGS_adb,
260 },
261};
262
263const ASN1_ITEM PKCS12_BAGS_it = {
264 .itype = ASN1_ITYPE_SEQUENCE,
265 .utype = V_ASN1_SEQUENCE,
266 .templates = PKCS12_BAGS_seq_tt,
267 .tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE),
268 .funcs = NULL,
269 .size = sizeof(PKCS12_BAGS),
270 .sname = "PKCS12_BAGS",
271};
272
273
274PKCS12_BAGS *
275d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
276{
277 return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
278 &PKCS12_BAGS_it);
279}
280
281int
282i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
283{
284 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
285}
286
287PKCS12_BAGS *
288PKCS12_BAGS_new(void)
289{
290 return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
291}
292
293void
294PKCS12_BAGS_free(PKCS12_BAGS *a)
295{
296 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
297}
298
299static const ASN1_TEMPLATE safebag_default_tt = {
300 .flags = ASN1_TFLG_EXPLICIT,
301 .tag = 0,
302 .offset = offsetof(PKCS12_SAFEBAG, value.other),
303 .field_name = "value.other",
304 .item = &ASN1_ANY_it,
305};
306
307static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
308 {
309 .value = NID_keyBag,
310 .tt = {
311 .flags = ASN1_TFLG_EXPLICIT,
312 .tag = 0,
313 .offset = offsetof(PKCS12_SAFEBAG, value.keybag),
314 .field_name = "value.keybag",
315 .item = &PKCS8_PRIV_KEY_INFO_it,
316 },
317
318 },
319 {
320 .value = NID_pkcs8ShroudedKeyBag,
321 .tt = {
322 .flags = ASN1_TFLG_EXPLICIT,
323 .tag = 0,
324 .offset = offsetof(PKCS12_SAFEBAG, value.shkeybag),
325 .field_name = "value.shkeybag",
326 .item = &X509_SIG_it,
327 },
328
329 },
330 {
331 .value = NID_safeContentsBag,
332 .tt = {
333 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF,
334 .tag = 0,
335 .offset = offsetof(PKCS12_SAFEBAG, value.safes),
336 .field_name = "value.safes",
337 .item = &PKCS12_SAFEBAG_it,
338 },
339 },
340 {
341 .value = NID_certBag,
342 .tt = {
343 .flags = ASN1_TFLG_EXPLICIT,
344 .tag = 0,
345 .offset = offsetof(PKCS12_SAFEBAG, value.bag),
346 .field_name = "value.bag",
347 .item = &PKCS12_BAGS_it,
348 },
349
350 },
351 {
352 .value = NID_crlBag,
353 .tt = {
354 .flags = ASN1_TFLG_EXPLICIT,
355 .tag = 0,
356 .offset = offsetof(PKCS12_SAFEBAG, value.bag),
357 .field_name = "value.bag",
358 .item = &PKCS12_BAGS_it,
359 },
360
361 },
362 {
363 .value = NID_secretBag,
364 .tt = {
365 .flags = ASN1_TFLG_EXPLICIT,
366 .tag = 0,
367 .offset = offsetof(PKCS12_SAFEBAG, value.bag),
368 .field_name = "value.bag",
369 .item = &PKCS12_BAGS_it,
370 },
371
372 },
373};
374
375static const ASN1_ADB PKCS12_SAFEBAG_adb = {
376 .flags = 0,
377 .offset = offsetof(PKCS12_SAFEBAG, type),
378 .tbl = PKCS12_SAFEBAG_adbtbl,
379 .tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
380 .default_tt = &safebag_default_tt,
381 .null_tt = NULL,
382};
383
384static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = {
385 {
386 .flags = 0,
387 .tag = 0,
388 .offset = offsetof(PKCS12_SAFEBAG, type),
389 .field_name = "type",
390 .item = &ASN1_OBJECT_it,
391 },
392 {
393 .flags = ASN1_TFLG_ADB_OID,
394 .tag = -1,
395 .offset = 0,
396 .field_name = "PKCS12_SAFEBAG",
397 .item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb,
398 },
399 {
400 .flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
401 .tag = 0,
402 .offset = offsetof(PKCS12_SAFEBAG, attrib),
403 .field_name = "attrib",
404 .item = &X509_ATTRIBUTE_it,
405 },
406};
407
408const ASN1_ITEM PKCS12_SAFEBAG_it = {
409 .itype = ASN1_ITYPE_SEQUENCE,
410 .utype = V_ASN1_SEQUENCE,
411 .templates = PKCS12_SAFEBAG_seq_tt,
412 .tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE),
413 .funcs = NULL,
414 .size = sizeof(PKCS12_SAFEBAG),
415 .sname = "PKCS12_SAFEBAG",
416};
417LCRYPTO_ALIAS(PKCS12_SAFEBAG_it);
418
419
420PKCS12_SAFEBAG *
421d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
422{
423 return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
424 &PKCS12_SAFEBAG_it);
425}
426LCRYPTO_ALIAS(d2i_PKCS12_SAFEBAG);
427
428int
429i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out)
430{
431 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);
432}
433LCRYPTO_ALIAS(i2d_PKCS12_SAFEBAG);
434
435PKCS12_SAFEBAG *
436PKCS12_SAFEBAG_new(void)
437{
438 return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it);
439}
440LCRYPTO_ALIAS(PKCS12_SAFEBAG_new);
441
442void
443PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a)
444{
445 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it);
446}
447LCRYPTO_ALIAS(PKCS12_SAFEBAG_free);
448
449/* SEQUENCE OF SafeBag */
450static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = {
451 .flags = ASN1_TFLG_SEQUENCE_OF,
452 .tag = 0,
453 .offset = 0,
454 .field_name = "PKCS12_SAFEBAGS",
455 .item = &PKCS12_SAFEBAG_it,
456};
457
458const ASN1_ITEM PKCS12_SAFEBAGS_it = {
459 .itype = ASN1_ITYPE_PRIMITIVE,
460 .utype = -1,
461 .templates = &PKCS12_SAFEBAGS_item_tt,
462 .tcount = 0,
463 .funcs = NULL,
464 .size = 0,
465 .sname = "PKCS12_SAFEBAGS",
466};
467
468/* Authsafes: SEQUENCE OF PKCS7 */
469static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = {
470 .flags = ASN1_TFLG_SEQUENCE_OF,
471 .tag = 0,
472 .offset = 0,
473 .field_name = "PKCS12_AUTHSAFES",
474 .item = &PKCS7_it,
475};
476
477const ASN1_ITEM PKCS12_AUTHSAFES_it = {
478 .itype = ASN1_ITYPE_PRIMITIVE,
479 .utype = -1,
480 .templates = &PKCS12_AUTHSAFES_item_tt,
481 .tcount = 0,
482 .funcs = NULL,
483 .size = 0,
484 .sname = "PKCS12_AUTHSAFES",
485};
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
deleted file mode 100644
index 533be3b69c..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ /dev/null
@@ -1,158 +0,0 @@
1/* $OpenBSD: p12_attr.c,v 1.21 2024/03/24 06:48:03 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/pkcs12.h>
62
63#include "pkcs12_local.h"
64#include "x509_local.h"
65
66/* Add a local keyid to a safebag */
67
68int
69PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
70{
71 if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
72 V_ASN1_OCTET_STRING, name, namelen))
73 return 1;
74 else
75 return 0;
76}
77
78/* Add key usage to PKCS#8 structure */
79
80int
81PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
82{
83 unsigned char us_val = (unsigned char)usage;
84
85 return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, V_ASN1_BIT_STRING,
86 &us_val, 1);
87}
88LCRYPTO_ALIAS(PKCS8_add_keyusage);
89
90/* Add a friendlyname to a safebag */
91
92int
93PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
94{
95 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
96 MBSTRING_ASC, (unsigned char *)name, namelen))
97 return 1;
98 else
99 return 0;
100}
101
102int
103PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
104 int namelen)
105{
106 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
107 MBSTRING_BMP, name, namelen))
108 return 1;
109 else
110 return 0;
111}
112
113int
114PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
115{
116 if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
117 MBSTRING_ASC, (unsigned char *)name, namelen))
118 return 1;
119 else
120 return 0;
121}
122
123ASN1_TYPE *
124PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
125{
126 X509_ATTRIBUTE *attrib;
127 int i;
128
129 if (!attrs)
130 return NULL;
131 for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
132 attrib = sk_X509_ATTRIBUTE_value(attrs, i);
133 if (OBJ_obj2nid(attrib->object) == attr_nid)
134 return sk_ASN1_TYPE_value(attrib->set, 0);
135 }
136 return NULL;
137}
138
139char *
140PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
141{
142 const ASN1_TYPE *atype;
143
144 if (!(atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
145 return NULL;
146 if (atype->type != V_ASN1_BMPSTRING)
147 return NULL;
148 return OPENSSL_uni2asc(atype->value.bmpstring->data,
149 atype->value.bmpstring->length);
150}
151LCRYPTO_ALIAS(PKCS12_get_friendlyname);
152
153const STACK_OF(X509_ATTRIBUTE) *
154PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
155{
156 return bag->attrib;
157}
158LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_attrs);
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
deleted file mode 100644
index 502ccecd25..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ /dev/null
@@ -1,336 +0,0 @@
1/* $OpenBSD: p12_crt.c,v 1.26 2024/08/22 12:22:42 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63#include <openssl/x509.h>
64
65#include "evp_local.h"
66#include "pkcs12_local.h"
67#include "x509_local.h"
68
69static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
70 PKCS12_SAFEBAG *bag);
71
72PKCS12 *
73PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
74 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
75 int keytype)
76{
77 PKCS12 *p12 = NULL;
78 STACK_OF(PKCS7) *safes = NULL;
79 STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
80 PKCS12_SAFEBAG *bag = NULL;
81 int i;
82 unsigned char keyid[EVP_MAX_MD_SIZE];
83 unsigned int keyidlen = 0;
84
85 /* Set defaults */
86 if (!nid_cert) {
87 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
88 }
89 if (!nid_key)
90 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
91 if (!iter)
92 iter = PKCS12_DEFAULT_ITER;
93 if (!mac_iter)
94 mac_iter = 1;
95
96 if (!pkey && !cert && !ca) {
97 PKCS12error(PKCS12_R_INVALID_NULL_ARGUMENT);
98 return NULL;
99 }
100
101 if (pkey && cert) {
102 if (!X509_check_private_key(cert, pkey))
103 return NULL;
104 if (!X509_digest(cert, EVP_sha1(), keyid, &keyidlen))
105 return NULL;
106 }
107
108 if (cert) {
109 bag = PKCS12_add_cert(&bags, cert);
110 if (name && !PKCS12_add_friendlyname(bag, name, -1))
111 goto err;
112 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
113 goto err;
114 }
115
116 /* Add all other certificates */
117 for (i = 0; i < sk_X509_num(ca); i++) {
118 if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
119 goto err;
120 }
121
122 if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
123 goto err;
124
125 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
126 bags = NULL;
127
128 if (pkey) {
129 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
130
131 if (!bag)
132 goto err;
133
134 if (name && !PKCS12_add_friendlyname(bag, name, -1))
135 goto err;
136 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
137 goto err;
138 }
139
140 if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
141 goto err;
142
143 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
144 bags = NULL;
145
146 p12 = PKCS12_add_safes(safes, 0);
147
148 if (!p12)
149 goto err;
150
151 sk_PKCS7_pop_free(safes, PKCS7_free);
152
153 safes = NULL;
154
155 if ((mac_iter != -1) &&
156 !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
157 goto err;
158
159 return p12;
160
161err:
162 if (p12)
163 PKCS12_free(p12);
164 if (safes)
165 sk_PKCS7_pop_free(safes, PKCS7_free);
166 if (bags)
167 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
168 return NULL;
169}
170LCRYPTO_ALIAS(PKCS12_create);
171
172PKCS12_SAFEBAG *
173PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
174{
175 PKCS12_SAFEBAG *bag = NULL;
176 char *name;
177 int namelen = -1;
178 unsigned char *keyid;
179 int keyidlen = -1;
180
181 /* Add user certificate */
182 if (!(bag = PKCS12_x5092certbag(cert)))
183 goto err;
184
185 /* Use friendlyName and localKeyID in certificate.
186 * (if present)
187 */
188 name = (char *)X509_alias_get0(cert, &namelen);
189 if (name && !PKCS12_add_friendlyname(bag, name, namelen))
190 goto err;
191
192 keyid = X509_keyid_get0(cert, &keyidlen);
193
194 if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
195 goto err;
196
197 if (!pkcs12_add_bag(pbags, bag))
198 goto err;
199
200 return bag;
201
202err:
203 if (bag)
204 PKCS12_SAFEBAG_free(bag);
205
206 return NULL;
207}
208
209PKCS12_SAFEBAG *
210PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,
211 int iter, int nid_key, const char *pass)
212{
213 PKCS12_SAFEBAG *bag = NULL;
214 PKCS8_PRIV_KEY_INFO *p8 = NULL;
215
216 /* Make a PKCS#8 structure */
217 if (!(p8 = EVP_PKEY2PKCS8(key)))
218 goto err;
219 if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
220 goto err;
221 if (nid_key != -1) {
222 bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1,
223 NULL, 0, iter, p8);
224 PKCS8_PRIV_KEY_INFO_free(p8);
225 p8 = NULL;
226 } else {
227 bag = PKCS12_SAFEBAG_create0_p8inf(p8);
228 if (bag != NULL)
229 p8 = NULL;
230 }
231
232 if (!bag)
233 goto err;
234
235 if (!pkcs12_add_bag(pbags, bag))
236 goto err;
237
238 return bag;
239
240err:
241 if (bag)
242 PKCS12_SAFEBAG_free(bag);
243 if (p8)
244 PKCS8_PRIV_KEY_INFO_free(p8);
245
246 return NULL;
247}
248
249int
250PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
251 int nid_safe, int iter, const char *pass)
252{
253 PKCS7 *p7 = NULL;
254 int free_safes = 0;
255
256 if (!*psafes) {
257 *psafes = sk_PKCS7_new_null();
258 if (!*psafes)
259 return 0;
260 free_safes = 1;
261 } else
262 free_safes = 0;
263
264 if (nid_safe == 0)
265 nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
266
267 if (nid_safe == -1)
268 p7 = PKCS12_pack_p7data(bags);
269 else
270 p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
271 iter, bags);
272 if (!p7)
273 goto err;
274
275 if (!sk_PKCS7_push(*psafes, p7))
276 goto err;
277
278 return 1;
279
280err:
281 if (free_safes) {
282 sk_PKCS7_free(*psafes);
283 *psafes = NULL;
284 }
285
286 if (p7)
287 PKCS7_free(p7);
288
289 return 0;
290}
291
292static int
293pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
294{
295 int free_bags;
296
297 if (!pbags)
298 return 1;
299 if (!*pbags) {
300 *pbags = sk_PKCS12_SAFEBAG_new_null();
301 if (!*pbags)
302 return 0;
303 free_bags = 1;
304 } else
305 free_bags = 0;
306
307 if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
308 if (free_bags) {
309 sk_PKCS12_SAFEBAG_free(*pbags);
310 *pbags = NULL;
311 }
312 return 0;
313 }
314
315 return 1;
316}
317
318PKCS12 *
319PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
320{
321 PKCS12 *p12;
322
323 if (nid_p7 <= 0)
324 nid_p7 = NID_pkcs7_data;
325 p12 = PKCS12_init(nid_p7);
326
327 if (!p12)
328 return NULL;
329
330 if (!PKCS12_pack_authsafes(p12, safes)) {
331 PKCS12_free(p12);
332 return NULL;
333 }
334
335 return p12;
336}
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
deleted file mode 100644
index 907d4e52a6..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ /dev/null
@@ -1,184 +0,0 @@
1/* $OpenBSD: p12_decr.c,v 1.26 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65#include "evp_local.h"
66
67/* Encrypt/Decrypt a buffer based on password and algor, result in a
68 * malloc'ed buffer
69 */
70
71unsigned char *
72PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen,
73 const unsigned char *in, int inlen, unsigned char **data, int *datalen,
74 int en_de)
75{
76 unsigned char *out;
77 int outlen, i;
78 EVP_CIPHER_CTX ctx;
79
80 EVP_CIPHER_CTX_legacy_clear(&ctx);
81 /* Decrypt data */
82 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
83 algor->parameter, &ctx, en_de)) {
84 out = NULL;
85 PKCS12error(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
86 goto err;
87 }
88
89 if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
90 PKCS12error(ERR_R_MALLOC_FAILURE);
91 goto err;
92 }
93
94 if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
95 free(out);
96 out = NULL;
97 PKCS12error(ERR_R_EVP_LIB);
98 goto err;
99 }
100
101 outlen = i;
102 if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
103 free(out);
104 out = NULL;
105 PKCS12error(PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
106 goto err;
107 }
108 outlen += i;
109 if (datalen)
110 *datalen = outlen;
111 if (data)
112 *data = out;
113
114err:
115 EVP_CIPHER_CTX_cleanup(&ctx);
116 return out;
117
118}
119
120/* Decrypt an OCTET STRING and decode ASN1 structure
121 * if zbuf set zero buffer after use.
122 */
123
124void *
125PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
126 const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf)
127{
128 unsigned char *out;
129 const unsigned char *p;
130 void *ret;
131 int outlen;
132
133 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
134 &out, &outlen, 0)) {
135 PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
136 return NULL;
137 }
138 p = out;
139 ret = ASN1_item_d2i(NULL, &p, outlen, it);
140 if (zbuf)
141 explicit_bzero(out, outlen);
142 if (!ret)
143 PKCS12error(PKCS12_R_DECODE_ERROR);
144 free(out);
145 return ret;
146}
147
148/* Encode ASN1 structure and encrypt, return OCTET STRING
149 * if zbuf set zero encoding.
150 */
151
152ASN1_OCTET_STRING *
153PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
154 const char *pass, int passlen,
155 void *obj, int zbuf)
156{
157 ASN1_OCTET_STRING *oct;
158 unsigned char *in = NULL;
159 int inlen;
160
161 if (!(oct = ASN1_OCTET_STRING_new())) {
162 PKCS12error(ERR_R_MALLOC_FAILURE);
163 return NULL;
164 }
165 inlen = ASN1_item_i2d(obj, &in, it);
166 if (!in) {
167 PKCS12error(PKCS12_R_ENCODE_ERROR);
168 goto err;
169 }
170 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
171 &oct->length, 1)) {
172 PKCS12error(PKCS12_R_ENCRYPT_ERROR);
173 goto err;
174 }
175 if (zbuf)
176 explicit_bzero(in, inlen);
177 free(in);
178 return oct;
179
180err:
181 free(in);
182 ASN1_OCTET_STRING_free(oct);
183 return NULL;
184}
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
deleted file mode 100644
index cd9422d215..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ /dev/null
@@ -1,100 +0,0 @@
1/* $OpenBSD: p12_init.c,v 1.17 2024/03/24 06:48:03 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64#include "pkcs12_local.h"
65
66/* Initialise a PKCS12 structure to take data */
67
68PKCS12 *
69PKCS12_init(int mode)
70{
71 PKCS12 *pkcs12;
72
73 if (!(pkcs12 = PKCS12_new())) {
74 PKCS12error(ERR_R_MALLOC_FAILURE);
75 return NULL;
76 }
77 if (!ASN1_INTEGER_set(pkcs12->version, 3))
78 goto err;
79 if ((pkcs12->authsafes->type = OBJ_nid2obj(mode)) == NULL)
80 goto err;
81 switch (mode) {
82 case NID_pkcs7_data:
83 if (!(pkcs12->authsafes->d.data =
84 ASN1_OCTET_STRING_new())) {
85 PKCS12error(ERR_R_MALLOC_FAILURE);
86 goto err;
87 }
88 break;
89 default:
90 PKCS12error(PKCS12_R_UNSUPPORTED_PKCS12_MODE);
91 goto err;
92 }
93
94 return pkcs12;
95
96err:
97 if (pkcs12 != NULL)
98 PKCS12_free(pkcs12);
99 return NULL;
100}
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
deleted file mode 100644
index 443d632c87..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ /dev/null
@@ -1,197 +0,0 @@
1/* $OpenBSD: p12_key.c,v 1.36 2025/03/09 15:45:52 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/bn.h>
63#include <openssl/err.h>
64#include <openssl/pkcs12.h>
65
66#include "evp_local.h"
67#include "pkcs12_local.h"
68
69/* PKCS12 compatible key/IV generation */
70#ifndef min
71#define min(a,b) ((a) < (b) ? (a) : (b))
72#endif
73
74int
75PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
76 int saltlen, int id, int iter, int n, unsigned char *out,
77 const EVP_MD *md_type)
78{
79 int ret;
80 unsigned char *unipass;
81 int uniplen;
82
83 if (!pass) {
84 unipass = NULL;
85 uniplen = 0;
86 } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
87 PKCS12error(ERR_R_MALLOC_FAILURE);
88 return 0;
89 }
90 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
91 id, iter, n, out, md_type);
92 if (ret <= 0)
93 return 0;
94 freezero(unipass, uniplen);
95 return ret;
96}
97
98int
99PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
100 int saltlen, int id, int iter, int n, unsigned char *out,
101 const EVP_MD *md_type)
102{
103 EVP_MD_CTX *ctx = NULL;
104 unsigned char *B = NULL, *D = NULL, *I = NULL, *Ai = NULL;
105 unsigned char *p;
106 int Slen, Plen, Ilen;
107 int i, j, u, v;
108 int ret = 0;
109
110 if ((ctx = EVP_MD_CTX_new()) == NULL)
111 goto err;
112
113 if ((v = EVP_MD_block_size(md_type)) <= 0)
114 goto err;
115 if ((u = EVP_MD_size(md_type)) <= 0)
116 goto err;
117
118 if ((D = malloc(v)) == NULL)
119 goto err;
120 if ((Ai = malloc(u)) == NULL)
121 goto err;
122 if ((B = malloc(v + 1)) == NULL)
123 goto err;
124
125 Slen = v * ((saltlen + v - 1) / v);
126
127 Plen = 0;
128 if (passlen)
129 Plen = v * ((passlen + v - 1) / v);
130
131 Ilen = Slen + Plen;
132
133 if ((I = malloc(Ilen)) == NULL)
134 goto err;
135
136 for (i = 0; i < v; i++)
137 D[i] = id;
138
139 p = I;
140 for (i = 0; i < Slen; i++)
141 *p++ = salt[i % saltlen];
142 for (i = 0; i < Plen; i++)
143 *p++ = pass[i % passlen];
144
145 for (;;) {
146 if (!EVP_DigestInit_ex(ctx, md_type, NULL))
147 goto err;
148 if (!EVP_DigestUpdate(ctx, D, v))
149 goto err;
150 if (!EVP_DigestUpdate(ctx, I, Ilen))
151 goto err;
152 if (!EVP_DigestFinal_ex(ctx, Ai, NULL))
153 goto err;
154 for (j = 1; j < iter; j++) {
155 if (!EVP_DigestInit_ex(ctx, md_type, NULL))
156 goto err;
157 if (!EVP_DigestUpdate(ctx, Ai, u))
158 goto err;
159 if (!EVP_DigestFinal_ex(ctx, Ai, NULL))
160 goto err;
161 }
162 memcpy(out, Ai, min(n, u));
163 if (u >= n) {
164 ret = 1;
165 goto end;
166 }
167 n -= u;
168 out += u;
169 for (j = 0; j < v; j++)
170 B[j] = Ai[j % u];
171
172 for (j = 0; j < Ilen; j += v) {
173 uint16_t c = 1;
174 int k;
175
176 /* Work out I[j] = I[j] + B + 1. */
177 for (k = v - 1; k >= 0; k--) {
178 c += I[j + k] + B[k];
179 I[j + k] = (unsigned char)c;
180 c >>= 8;
181 }
182 }
183 }
184
185 err:
186 PKCS12error(ERR_R_MALLOC_FAILURE);
187
188 end:
189 free(Ai);
190 free(B);
191 free(D);
192 free(I);
193 EVP_MD_CTX_free(ctx);
194
195 return ret;
196}
197LCRYPTO_ALIAS(PKCS12_key_gen_uni);
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
deleted file mode 100644
index e4de2eb61c..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ /dev/null
@@ -1,299 +0,0 @@
1/* $OpenBSD: p12_kiss.c,v 1.28 2025/01/06 23:35:25 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64#include "pkcs12_local.h"
65
66/* Simplified PKCS#12 routines */
67
68static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
69 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
70
71static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
72 int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
73
74static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
75 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
76
77/* Parse and decrypt a PKCS#12 structure returning user key, user cert
78 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
79 * or it should point to a valid STACK structure. pkey and cert can be
80 * passed uninitialised.
81 */
82
83int
84PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
85 STACK_OF(X509) **ca)
86{
87 STACK_OF(X509) *ocerts = NULL;
88 X509 *x = NULL;
89
90 if (pkey != NULL)
91 *pkey = NULL;
92 if (cert != NULL)
93 *cert = NULL;
94
95 if (p12 == NULL) {
96 PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
97 goto err;
98 }
99
100 /* Check the mac */
101
102 /* If password is zero length or NULL then try verifying both cases
103 * to determine which password is correct. The reason for this is that
104 * under PKCS#12 password based encryption no password and a zero length
105 * password are two different things...
106 */
107
108 if (pass == NULL || *pass == '\0') {
109 if (PKCS12_verify_mac(p12, NULL, 0))
110 pass = NULL;
111 else if (PKCS12_verify_mac(p12, "", 0))
112 pass = "";
113 else {
114 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
115 goto err;
116 }
117 } else if (!PKCS12_verify_mac(p12, pass, -1)) {
118 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
119 goto err;
120 }
121
122 /* Allocate stack for other certificates */
123 if ((ocerts = sk_X509_new_null()) == NULL) {
124 PKCS12error(ERR_R_MALLOC_FAILURE);
125 goto err;
126 }
127
128 if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
129 PKCS12error(PKCS12_R_PARSE_ERROR);
130 goto err;
131 }
132
133 while ((x = sk_X509_pop(ocerts)) != NULL) {
134 if (pkey != NULL && *pkey != NULL &&
135 cert != NULL && *cert == NULL) {
136 ERR_set_mark();
137 if (X509_check_private_key(x, *pkey)) {
138 *cert = x;
139 x = NULL;
140 }
141 ERR_pop_to_mark();
142 }
143
144 if (ca != NULL && x != NULL) {
145 if (*ca == NULL)
146 *ca = sk_X509_new_null();
147 if (*ca == NULL)
148 goto err;
149 if (!sk_X509_push(*ca, x))
150 goto err;
151 x = NULL;
152 }
153 X509_free(x);
154 x = NULL;
155 }
156
157 sk_X509_pop_free(ocerts, X509_free);
158
159 return 1;
160
161err:
162 if (pkey != NULL)
163 EVP_PKEY_free(*pkey);
164 if (cert != NULL)
165 X509_free(*cert);
166 X509_free(x);
167 sk_X509_pop_free(ocerts, X509_free);
168
169 return 0;
170}
171LCRYPTO_ALIAS(PKCS12_parse);
172
173/* Parse the outer PKCS#12 structure */
174
175static int
176parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey,
177 STACK_OF(X509) *ocerts)
178{
179 STACK_OF(PKCS7) *asafes;
180 STACK_OF(PKCS12_SAFEBAG) *bags;
181 int i, bagnid;
182 PKCS7 *p7;
183
184 if (!(asafes = PKCS12_unpack_authsafes(p12)))
185 return 0;
186 for (i = 0; i < sk_PKCS7_num(asafes); i++) {
187 p7 = sk_PKCS7_value(asafes, i);
188 bagnid = OBJ_obj2nid(p7->type);
189 if (bagnid == NID_pkcs7_data) {
190 bags = PKCS12_unpack_p7data(p7);
191 } else if (bagnid == NID_pkcs7_encrypted) {
192 bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
193 } else
194 continue;
195 if (!bags) {
196 sk_PKCS7_pop_free(asafes, PKCS7_free);
197 return 0;
198 }
199 if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
200 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
201 sk_PKCS7_pop_free(asafes, PKCS7_free);
202 return 0;
203 }
204 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
205 }
206 sk_PKCS7_pop_free(asafes, PKCS7_free);
207 return 1;
208}
209
210static int
211parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen,
212 EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
213{
214 int i;
215
216 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
217 if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), pass, passlen,
218 pkey, ocerts))
219 return 0;
220 }
221 return 1;
222}
223
224static int
225parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey,
226 STACK_OF(X509) *ocerts)
227{
228 PKCS8_PRIV_KEY_INFO *p8;
229 X509 *x509;
230 const ASN1_TYPE *attrib;
231 ASN1_BMPSTRING *fname = NULL;
232 ASN1_OCTET_STRING *lkid = NULL;
233
234 if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
235 fname = attrib->value.bmpstring;
236
237 if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
238 lkid = attrib->value.octet_string;
239
240 switch (OBJ_obj2nid(bag->type)) {
241 case NID_keyBag:
242 if (!pkey || *pkey)
243 return 1;
244 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
245 return 0;
246 break;
247
248 case NID_pkcs8ShroudedKeyBag:
249 if (!pkey || *pkey)
250 return 1;
251 if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
252 return 0;
253 *pkey = EVP_PKCS82PKEY(p8);
254 PKCS8_PRIV_KEY_INFO_free(p8);
255 if (!(*pkey))
256 return 0;
257 break;
258
259 case NID_certBag:
260 if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate )
261 return 1;
262 if (!(x509 = PKCS12_certbag2x509(bag)))
263 return 0;
264 if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
265 X509_free(x509);
266 return 0;
267 }
268 if (fname) {
269 int len, r;
270 unsigned char *data = NULL;
271 len = ASN1_STRING_to_UTF8(&data, fname);
272 if (len >= 0) {
273 r = X509_alias_set1(x509, data, len);
274 free(data);
275 if (!r) {
276 X509_free(x509);
277 return 0;
278 }
279 }
280 }
281
282 if (!sk_X509_push(ocerts, x509)) {
283 X509_free(x509);
284 return 0;
285 }
286
287 break;
288
289 case NID_safeContentsBag:
290 return parse_bags(bag->value.safes, pass, passlen,
291 pkey, ocerts);
292 break;
293
294 default:
295 return 1;
296 break;
297 }
298 return 1;
299}
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
deleted file mode 100644
index 2060358188..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ /dev/null
@@ -1,265 +0,0 @@
1/* $OpenBSD: p12_mutl.c,v 1.38 2024/03/24 06:48:03 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/opensslconf.h>
64
65#ifndef OPENSSL_NO_HMAC
66
67#include <openssl/err.h>
68#include <openssl/hmac.h>
69#include <openssl/pkcs12.h>
70
71#include "evp_local.h"
72#include "hmac_local.h"
73#include "pkcs12_local.h"
74#include "x509_local.h"
75
76int
77PKCS12_mac_present(const PKCS12 *p12)
78{
79 return p12->mac != NULL;
80}
81LCRYPTO_ALIAS(PKCS12_mac_present);
82
83void
84PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg,
85 const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter,
86 const PKCS12 *p12)
87{
88 if (p12->mac == NULL) {
89 if (pmac != NULL)
90 *pmac = NULL;
91 if (pmacalg != NULL)
92 *pmacalg = NULL;
93 if (psalt != NULL)
94 *psalt = NULL;
95 if (piter != NULL)
96 *piter = NULL;
97 return;
98 }
99
100 if (pmac != NULL)
101 *pmac = p12->mac->dinfo->digest;
102 if (pmacalg != NULL)
103 *pmacalg = p12->mac->dinfo->algor;
104 if (psalt != NULL)
105 *psalt = p12->mac->salt;
106 if (piter != NULL)
107 *piter = p12->mac->iter;
108}
109LCRYPTO_ALIAS(PKCS12_get0_mac);
110
111/* Generate a MAC */
112int
113PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
114 unsigned char *mac, unsigned int *maclen)
115{
116 const EVP_MD *md_type;
117 HMAC_CTX *hmac = NULL;
118 ASN1_OCTET_STRING *aos;
119 unsigned char key[EVP_MAX_MD_SIZE], *salt;
120 int saltlen, iter;
121 int md_size;
122 int ret = 0;
123
124 if (!PKCS7_type_is_data(p12->authsafes)) {
125 PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
126 goto err;
127 }
128 if ((aos = PKCS7_get_octet_string(p12->authsafes)) == NULL) {
129 PKCS12error(PKCS12_R_DECODE_ERROR);
130 goto err;
131 }
132
133 salt = p12->mac->salt->data;
134 saltlen = p12->mac->salt->length;
135
136 iter = 1;
137 if (p12->mac->iter != NULL) {
138 if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
139 PKCS12error(PKCS12_R_DECODE_ERROR);
140 goto err;
141 }
142 }
143
144 md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm);
145 if (md_type == NULL) {
146 PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
147 goto err;
148 }
149
150 if ((md_size = EVP_MD_size(md_type)) < 0)
151 goto err;
152
153 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
154 md_size, key, md_type)) {
155 PKCS12error(PKCS12_R_KEY_GEN_ERROR);
156 goto err;
157 }
158
159 if ((hmac = HMAC_CTX_new()) == NULL)
160 goto err;
161 if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL))
162 goto err;
163 if (!HMAC_Update(hmac, aos->data, aos->length))
164 goto err;
165 if (!HMAC_Final(hmac, mac, maclen))
166 goto err;
167
168 ret = 1;
169
170 err:
171 explicit_bzero(key, sizeof(key));
172 HMAC_CTX_free(hmac);
173
174 return ret;
175}
176
177/* Verify the mac */
178int
179PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
180{
181 unsigned char mac[EVP_MAX_MD_SIZE];
182 unsigned int maclen;
183
184 if (p12->mac == NULL) {
185 PKCS12error(PKCS12_R_MAC_ABSENT);
186 return 0;
187 }
188 if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
189 PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
190 return 0;
191 }
192 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ||
193 memcmp(mac, p12->mac->dinfo->digest->data, maclen))
194 return 0;
195 return 1;
196}
197LCRYPTO_ALIAS(PKCS12_verify_mac);
198
199/* Set a mac */
200
201int
202PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt,
203 int saltlen, int iter, const EVP_MD *md_type)
204{
205 unsigned char mac[EVP_MAX_MD_SIZE];
206 unsigned int maclen;
207
208 if (!md_type)
209 md_type = EVP_sha1();
210 if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) ==
211 PKCS12_ERROR) {
212 PKCS12error(PKCS12_R_MAC_SETUP_ERROR);
213 return 0;
214 }
215 if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
216 PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
217 return 0;
218 }
219 if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
220 PKCS12error(PKCS12_R_MAC_STRING_SET_ERROR);
221 return 0;
222 }
223 return 1;
224}
225LCRYPTO_ALIAS(PKCS12_set_mac);
226
227/* Set up a mac structure */
228int
229PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
230 const EVP_MD *md_type)
231{
232 PKCS12_MAC_DATA_free(p12->mac);
233 if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
234 return PKCS12_ERROR;
235 if (iter > 1) {
236 if (!(p12->mac->iter = ASN1_INTEGER_new())) {
237 PKCS12error(ERR_R_MALLOC_FAILURE);
238 return 0;
239 }
240 if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
241 PKCS12error(ERR_R_MALLOC_FAILURE);
242 return 0;
243 }
244 }
245 if (!saltlen)
246 saltlen = PKCS12_SALT_LEN;
247 if (!(p12->mac->salt->data = malloc(saltlen))) {
248 PKCS12error(ERR_R_MALLOC_FAILURE);
249 return 0;
250 }
251 p12->mac->salt->length = saltlen;
252 if (!salt)
253 arc4random_buf(p12->mac->salt->data, saltlen);
254 else
255 memcpy(p12->mac->salt->data, salt, saltlen);
256 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
257 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
258 PKCS12error(ERR_R_MALLOC_FAILURE);
259 return 0;
260 }
261 p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
262
263 return 1;
264}
265#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
deleted file mode 100644
index 6d3b43ce22..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ /dev/null
@@ -1,300 +0,0 @@
1/* $OpenBSD: p12_npas.c,v 1.27 2024/01/25 15:33:35 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include <openssl/pkcs12.h>
65
66#include "pkcs12_local.h"
67#include "x509_local.h"
68
69/* PKCS#12 password change routine */
70
71static int
72alg_get(X509_ALGOR *alg, int *nid, int *iter, int *salt_len)
73{
74 const ASN1_OBJECT *aobj;
75 int param_type;
76 const void *param;
77 PBEPARAM *pbe = NULL;
78 int ret = 0;
79
80 *nid = *iter = *salt_len = 0;
81
82 X509_ALGOR_get0(&aobj, &param_type, &param, alg);
83 if (param_type != V_ASN1_SEQUENCE)
84 goto err;
85 if ((pbe = ASN1_item_unpack(param, &PBEPARAM_it)) == NULL)
86 goto err;
87
88 /* XXX - can we validate these somehow? */
89 *nid = OBJ_obj2nid(alg->algorithm);
90 *iter = ASN1_INTEGER_get(pbe->iter);
91 *salt_len = pbe->salt->length;
92
93 ret = 1;
94
95 err:
96 PBEPARAM_free(pbe);
97
98 return ret;
99}
100
101/* Change password of safebag: only needs handle shrouded keybags */
102static int
103newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, const char *newpass)
104{
105 PKCS8_PRIV_KEY_INFO *p8 = NULL;
106 X509_SIG *keybag;
107 int nid, salt_len, iter;
108 int ret = 0;
109
110 if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
111 goto done;
112
113 if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
114 goto err;
115 if (!alg_get(bag->value.shkeybag->algor, &nid, &iter, &salt_len))
116 goto err;
117
118 if ((keybag = PKCS8_encrypt(nid, NULL, newpass, -1, NULL, salt_len,
119 iter, p8)) == NULL)
120 goto err;
121
122 X509_SIG_free(bag->value.shkeybag);
123 bag->value.shkeybag = keybag;
124
125 done:
126 ret = 1;
127
128 err:
129 PKCS8_PRIV_KEY_INFO_free(p8);
130
131 return ret;
132}
133
134static int
135newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
136 const char *newpass)
137{
138 int i;
139
140 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
141 PKCS12_SAFEBAG *bag = sk_PKCS12_SAFEBAG_value(bags, i);
142
143 if (!newpass_bag(bag, oldpass, newpass))
144 return 0;
145 }
146
147 return 1;
148}
149
150static int
151pkcs7_repack_data(PKCS7 *pkcs7, STACK_OF(PKCS7) *safes, const char *oldpass,
152 const char *newpass)
153{
154 STACK_OF(PKCS12_SAFEBAG) *bags;
155 PKCS7 *data = NULL;
156 int ret = 0;
157
158 if ((bags = PKCS12_unpack_p7data(pkcs7)) == NULL)
159 goto err;
160 if (!newpass_bags(bags, oldpass, newpass))
161 goto err;
162 if ((data = PKCS12_pack_p7data(bags)) == NULL)
163 goto err;
164 if (sk_PKCS7_push(safes, data) == 0)
165 goto err;
166 data = NULL;
167
168 ret = 1;
169
170 err:
171 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
172 PKCS7_free(data);
173
174 return ret;
175}
176
177static int
178pkcs7_repack_encdata(PKCS7 *pkcs7, STACK_OF(PKCS7) *safes, const char *oldpass,
179 const char *newpass)
180{
181 STACK_OF(PKCS12_SAFEBAG) *bags;
182 int nid, iter, salt_len;
183 PKCS7 *data = NULL;
184 int ret = 0;
185
186 if ((bags = PKCS12_unpack_p7encdata(pkcs7, oldpass, -1)) == NULL)
187 goto err;
188 if (!alg_get(pkcs7->d.encrypted->enc_data->algorithm, &nid,
189 &iter, &salt_len))
190 goto err;
191 if (!newpass_bags(bags, oldpass, newpass))
192 goto err;
193 if ((data = PKCS12_pack_p7encdata(nid, newpass, -1, NULL, salt_len,
194 iter, bags)) == NULL)
195 goto err;
196 if (!sk_PKCS7_push(safes, data))
197 goto err;
198 data = NULL;
199
200 ret = 1;
201
202 err:
203 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
204 PKCS7_free(data);
205
206 return ret;
207}
208
209static int
210pkcs12_repack_authsafes(PKCS12 *pkcs12, STACK_OF(PKCS7) *safes,
211 const char *newpass)
212{
213 ASN1_OCTET_STRING *old_data;
214 ASN1_OCTET_STRING *new_mac = NULL;
215 unsigned char mac[EVP_MAX_MD_SIZE];
216 unsigned int mac_len;
217 int ret = 0;
218
219 if ((old_data = pkcs12->authsafes->d.data) == NULL)
220 goto err;
221 if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
222 goto err;
223 if (!PKCS12_pack_authsafes(pkcs12, safes))
224 goto err;
225 if (!PKCS12_gen_mac(pkcs12, newpass, -1, mac, &mac_len))
226 goto err;
227 if ((new_mac = ASN1_OCTET_STRING_new()) == NULL)
228 goto err;
229 if (!ASN1_OCTET_STRING_set(new_mac, mac, mac_len))
230 goto err;
231
232 ASN1_OCTET_STRING_free(pkcs12->mac->dinfo->digest);
233 pkcs12->mac->dinfo->digest = new_mac;
234 new_mac = NULL;
235
236 ASN1_OCTET_STRING_free(old_data);
237 old_data = NULL;
238
239 ret = 1;
240
241 err:
242 if (old_data != NULL) {
243 ASN1_OCTET_STRING_free(pkcs12->authsafes->d.data);
244 pkcs12->authsafes->d.data = old_data;
245 }
246 explicit_bzero(mac, sizeof(mac));
247 ASN1_OCTET_STRING_free(new_mac);
248
249 return ret;
250}
251
252int
253PKCS12_newpass(PKCS12 *pkcs12, const char *oldpass, const char *newpass)
254{
255 STACK_OF(PKCS7) *authsafes = NULL, *safes = NULL;
256 int i;
257 int ret = 0;
258
259 if (pkcs12 == NULL) {
260 PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
261 goto err;
262 }
263
264 if (!PKCS12_verify_mac(pkcs12, oldpass, -1)) {
265 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
266 goto err;
267 }
268
269 if ((authsafes = PKCS12_unpack_authsafes(pkcs12)) == NULL)
270 goto err;
271 if ((safes = sk_PKCS7_new_null()) == NULL)
272 goto err;
273
274 for (i = 0; i < sk_PKCS7_num(authsafes); i++) {
275 PKCS7 *pkcs7 = sk_PKCS7_value(authsafes, i);
276
277 switch (OBJ_obj2nid(pkcs7->type)) {
278 case NID_pkcs7_data:
279 if (pkcs7_repack_data(pkcs7, safes, oldpass, newpass))
280 goto err;
281 break;
282 case NID_pkcs7_encrypted:
283 if (pkcs7_repack_encdata(pkcs7, safes, oldpass, newpass))
284 goto err;
285 break;
286 }
287 }
288
289 if (!pkcs12_repack_authsafes(pkcs12, safes, newpass))
290 goto err;
291
292 ret = 1;
293
294 err:
295 sk_PKCS7_pop_free(authsafes, PKCS7_free);
296 sk_PKCS7_pop_free(safes, PKCS7_free);
297
298 return ret;
299}
300LCRYPTO_ALIAS(PKCS12_newpass);
diff --git a/src/lib/libcrypto/pkcs12/p12_p8d.c b/src/lib/libcrypto/pkcs12/p12_p8d.c
deleted file mode 100644
index d4874e3b73..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8d.c
+++ /dev/null
@@ -1,72 +0,0 @@
1/* $OpenBSD: p12_p8d.c,v 1.12 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/pkcs12.h>
62
63#include "pkcs12_local.h"
64#include "x509_local.h"
65
66PKCS8_PRIV_KEY_INFO *
67PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen)
68{
69 return PKCS12_item_decrypt_d2i(p8->algor,
70 &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8->digest, 1);
71}
72LCRYPTO_ALIAS(PKCS8_decrypt);
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
deleted file mode 100644
index bf61593266..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8e.c
+++ /dev/null
@@ -1,104 +0,0 @@
1/* $OpenBSD: p12_p8e.c,v 1.13 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/pkcs12.h>
63
64#include "pkcs12_local.h"
65#include "x509_local.h"
66
67X509_SIG *
68PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
69 int passlen, unsigned char *salt, int saltlen, int iter,
70 PKCS8_PRIV_KEY_INFO *p8inf)
71{
72 X509_SIG *p8 = NULL;
73 X509_ALGOR *pbe;
74
75 if (!(p8 = X509_SIG_new())) {
76 PKCS12error(ERR_R_MALLOC_FAILURE);
77 goto err;
78 }
79
80 if (pbe_nid == -1)
81 pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
82 else
83 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
84 if (!pbe) {
85 PKCS12error(ERR_R_ASN1_LIB);
86 goto err;
87 }
88 X509_ALGOR_free(p8->algor);
89 p8->algor = pbe;
90 ASN1_OCTET_STRING_free(p8->digest);
91 p8->digest = PKCS12_item_i2d_encrypt(pbe,
92 &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8inf, 1);
93 if (!p8->digest) {
94 PKCS12error(PKCS12_R_ENCRYPT_ERROR);
95 goto err;
96 }
97
98 return p8;
99
100err:
101 X509_SIG_free(p8);
102 return NULL;
103}
104LCRYPTO_ALIAS(PKCS8_encrypt);
diff --git a/src/lib/libcrypto/pkcs12/p12_sbag.c b/src/lib/libcrypto/pkcs12/p12_sbag.c
deleted file mode 100644
index 1664e9409d..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_sbag.c
+++ /dev/null
@@ -1,235 +0,0 @@
1/* $OpenBSD: p12_sbag.c,v 1.9 2024/03/24 06:48:03 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 * 1999-2018.
5 */
6/* ====================================================================
7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65#include "pkcs12_local.h"
66#include "x509_local.h"
67
68const ASN1_TYPE *
69PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
70{
71 return PKCS12_get_attr_gen(bag->attrib, attr_nid);
72}
73LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_attr);
74
75ASN1_TYPE *
76PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
77{
78 return PKCS12_get_attr_gen(p8->attributes, attr_nid);
79}
80LCRYPTO_ALIAS(PKCS8_get_attr);
81
82const PKCS8_PRIV_KEY_INFO *
83PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
84{
85 if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
86 return NULL;
87
88 return bag->value.keybag;
89}
90LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_p8inf);
91
92const X509_SIG *
93PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
94{
95 if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
96 return NULL;
97
98 return bag->value.shkeybag;
99}
100LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_pkcs8);
101
102const STACK_OF(PKCS12_SAFEBAG) *
103PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
104{
105 if (PKCS12_SAFEBAG_get_nid(bag) != NID_safeContentsBag)
106 return NULL;
107
108 return bag->value.safes;
109}
110LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_safes);
111
112const ASN1_OBJECT *
113PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
114{
115 return bag->type;
116}
117LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_type);
118
119int
120PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
121{
122 return OBJ_obj2nid(bag->type);
123}
124LCRYPTO_ALIAS(PKCS12_SAFEBAG_get_nid);
125
126int
127PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
128{
129 int bag_type;
130
131 bag_type = PKCS12_SAFEBAG_get_nid(bag);
132
133 if (bag_type == NID_certBag || bag_type == NID_crlBag ||
134 bag_type == NID_secretBag)
135 return OBJ_obj2nid(bag->value.bag->type);
136
137 return -1;
138}
139LCRYPTO_ALIAS(PKCS12_SAFEBAG_get_bag_nid);
140
141X509 *
142PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
143{
144 if (OBJ_obj2nid(bag->type) != NID_certBag)
145 return NULL;
146 if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
147 return NULL;
148 return ASN1_item_unpack(bag->value.bag->value.octet, &X509_it);
149}
150LCRYPTO_ALIAS(PKCS12_SAFEBAG_get1_cert);
151
152X509_CRL *
153PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
154{
155 if (OBJ_obj2nid(bag->type) != NID_crlBag)
156 return NULL;
157 if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
158 return NULL;
159 return ASN1_item_unpack(bag->value.bag->value.octet, &X509_CRL_it);
160}
161LCRYPTO_ALIAS(PKCS12_SAFEBAG_get1_crl);
162
163PKCS12_SAFEBAG *
164PKCS12_SAFEBAG_create_cert(X509 *x509)
165{
166 return PKCS12_item_pack_safebag(x509, &X509_it,
167 NID_x509Certificate, NID_certBag);
168}
169
170PKCS12_SAFEBAG *
171PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
172{
173 return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
174 NID_x509Crl, NID_crlBag);
175}
176
177/* Turn PKCS8 object into a keybag */
178
179PKCS12_SAFEBAG *
180PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
181{
182 PKCS12_SAFEBAG *bag;
183
184 if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
185 PKCS12error(ERR_R_MALLOC_FAILURE);
186 return NULL;
187 }
188
189 bag->type = OBJ_nid2obj(NID_keyBag);
190 bag->value.keybag = p8;
191
192 return bag;
193}
194
195/* Turn PKCS8 object into a shrouded keybag */
196
197PKCS12_SAFEBAG *
198PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
199{
200 PKCS12_SAFEBAG *bag;
201
202 /* Set up the safe bag */
203 if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
204 PKCS12error(ERR_R_MALLOC_FAILURE);
205 return NULL;
206 }
207
208 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
209 bag->value.shkeybag = p8;
210
211 return bag;
212}
213
214PKCS12_SAFEBAG *
215PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen,
216 unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8info)
217{
218 const EVP_CIPHER *pbe_ciph;
219 X509_SIG *p8;
220 PKCS12_SAFEBAG *bag;
221
222 if ((pbe_ciph = EVP_get_cipherbynid(pbe_nid)) != NULL)
223 pbe_nid = -1;
224
225 if ((p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen,
226 iter, p8info)) == NULL)
227 return NULL;
228
229 if ((bag = PKCS12_SAFEBAG_create0_pkcs8(p8)) == NULL) {
230 X509_SIG_free(p8);
231 return NULL;
232 }
233
234 return bag;
235}
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
deleted file mode 100644
index 72692a9eae..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ /dev/null
@@ -1,157 +0,0 @@
1/* $OpenBSD: p12_utl.c,v 1.21 2023/02/16 08:38:17 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/pkcs12.h>
64
65#include "pkcs12_local.h"
66
67/* Cheap and nasty Unicode stuff */
68
69unsigned char *
70OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
71{
72 size_t ulen, i;
73 unsigned char *unitmp;
74
75 if (asclen < 0)
76 ulen = strlen(asc);
77 else
78 ulen = (size_t)asclen;
79 ulen++;
80 if (ulen == 0) /* unlikely overflow */
81 return NULL;
82 if ((unitmp = reallocarray(NULL, ulen, 2)) == NULL)
83 return NULL;
84 ulen *= 2;
85 /* XXX This interface ought to use unsigned types */
86 if (ulen > INT_MAX) {
87 free(unitmp);
88 return NULL;
89 }
90 for (i = 0; i < ulen - 2; i += 2) {
91 unitmp[i] = 0;
92 unitmp[i + 1] = *asc++;
93 }
94 /* Make result double-NUL terminated */
95 unitmp[ulen - 2] = 0;
96 unitmp[ulen - 1] = 0;
97 if (unilen)
98 *unilen = ulen;
99 if (uni)
100 *uni = unitmp;
101 return unitmp;
102}
103LCRYPTO_ALIAS(OPENSSL_asc2uni);
104
105char *
106OPENSSL_uni2asc(const unsigned char *uni, int unilen)
107{
108 size_t asclen, u16len, i;
109 char *asctmp;
110
111 if (unilen < 0)
112 return NULL;
113
114 asclen = u16len = (size_t)unilen / 2;
115 /* If no terminating NUL, allow for one */
116 if (unilen == 0 || uni[unilen - 1] != '\0')
117 asclen++;
118 if ((asctmp = malloc(asclen)) == NULL)
119 return NULL;
120 /* Skip first zero byte */
121 uni++;
122 for (i = 0; i < u16len; i++) {
123 asctmp[i] = *uni;
124 uni += 2;
125 }
126 asctmp[asclen - 1] = '\0';
127 return asctmp;
128}
129LCRYPTO_ALIAS(OPENSSL_uni2asc);
130
131int
132i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
133{
134 return ASN1_item_i2d_bio(&PKCS12_it, bp, p12);
135}
136LCRYPTO_ALIAS(i2d_PKCS12_bio);
137
138int
139i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
140{
141 return ASN1_item_i2d_fp(&PKCS12_it, fp, p12);
142}
143LCRYPTO_ALIAS(i2d_PKCS12_fp);
144
145PKCS12 *
146d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
147{
148 return ASN1_item_d2i_bio(&PKCS12_it, bp, p12);
149}
150LCRYPTO_ALIAS(d2i_PKCS12_bio);
151
152PKCS12 *
153d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
154{
155 return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);
156}
157LCRYPTO_ALIAS(d2i_PKCS12_fp);
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
deleted file mode 100644
index c04c83c4f1..0000000000
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ /dev/null
@@ -1,113 +0,0 @@
1/* $OpenBSD: pk12err.c,v 1.15 2024/06/24 06:43:22 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <stdio.h>
57
58#include <openssl/opensslconf.h>
59
60#include <openssl/err.h>
61#include <openssl/pkcs12.h>
62
63#include "err_local.h"
64
65#ifndef OPENSSL_NO_ERR
66
67#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
68#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
69
70static const ERR_STRING_DATA PKCS12_str_functs[] = {
71 {ERR_FUNC(0xfff), "CRYPTO_internal"},
72 {0, NULL}
73};
74
75static const ERR_STRING_DATA PKCS12_str_reasons[] = {
76 {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"},
77 {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"},
78 {ERR_REASON(PKCS12_R_DECODE_ERROR) , "decode error"},
79 {ERR_REASON(PKCS12_R_ENCODE_ERROR) , "encode error"},
80 {ERR_REASON(PKCS12_R_ENCRYPT_ERROR) , "encrypt error"},
81 {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), "error setting encrypted data type"},
82 {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
83 {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER), "invalid null pkcs12 pointer"},
84 {ERR_REASON(PKCS12_R_IV_GEN_ERROR) , "iv gen error"},
85 {ERR_REASON(PKCS12_R_KEY_GEN_ERROR) , "key gen error"},
86 {ERR_REASON(PKCS12_R_MAC_ABSENT) , "mac absent"},
87 {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
88 {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) , "mac setup error"},
89 {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
90 {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) , "mac verify error"},
91 {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) , "mac verify failure"},
92 {ERR_REASON(PKCS12_R_PARSE_ERROR) , "parse error"},
93 {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), "pkcs12 algor cipherinit error"},
94 {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR), "pkcs12 cipherfinal error"},
95 {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"},
96 {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), "unknown digest algorithm"},
97 {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"},
98 {0, NULL}
99};
100
101#endif
102
103void
104ERR_load_PKCS12_strings(void)
105{
106#ifndef OPENSSL_NO_ERR
107 if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
108 ERR_load_const_strings(PKCS12_str_functs);
109 ERR_load_const_strings(PKCS12_str_reasons);
110 }
111#endif
112}
113LCRYPTO_ALIAS(ERR_load_PKCS12_strings);
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
deleted file mode 100644
index 200712039b..0000000000
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,284 +0,0 @@
1/* $OpenBSD: pkcs12.h,v 1.29 2025/03/09 15:45:52 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_PKCS12_H
60#define HEADER_PKCS12_H
61
62#include <openssl/bio.h>
63#include <openssl/x509.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69#define PKCS12_KEY_ID 1
70#define PKCS12_IV_ID 2
71#define PKCS12_MAC_ID 3
72
73/* Default iteration count */
74#ifndef PKCS12_DEFAULT_ITER
75#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER
76#endif
77
78#define PKCS12_MAC_KEY_LENGTH 20
79
80#define PKCS12_SALT_LEN 8
81
82/* Uncomment out next line for unicode password and names, otherwise ASCII */
83
84/*#define PBE_UNICODE*/
85
86#ifdef PBE_UNICODE
87#define PKCS12_key_gen PKCS12_key_gen_uni
88#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
89#else
90#define PKCS12_key_gen PKCS12_key_gen_asc
91#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
92#endif
93
94/* MS key usage constants */
95
96#define KEY_EX 0x10
97#define KEY_SIG 0x80
98
99typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
100
101typedef struct PKCS12_st PKCS12;
102
103typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
104
105DECLARE_STACK_OF(PKCS12_SAFEBAG)
106DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
107
108typedef struct pkcs12_bag_st PKCS12_BAGS;
109
110#define PKCS12_ERROR 0
111#define PKCS12_OK 1
112
113#ifndef LIBRESSL_INTERNAL
114
115/* Compatibility macros */
116
117#define M_PKCS12_x5092certbag PKCS12_x5092certbag
118#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
119
120#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
121#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
122
123#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
124#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
125#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
126#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
127
128#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
129#define M_PKCS8_decrypt PKCS8_decrypt
130
131#endif /* !LIBRESSL_INTERNAL */
132
133#define M_PKCS12_bag_type PKCS12_bag_type
134#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
135#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
136
137#define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
138#define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
139
140#define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert
141#define PKCS12_certbag2x509crl PKCS12_SAFEBAG_get1_crl
142
143#define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
144#define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl
145#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf
146#define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
147
148const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
149 int attr_nid);
150const STACK_OF(X509_ATTRIBUTE) *
151 PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
152int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag);
153int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
154
155X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
156X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
157
158ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
159int PKCS12_mac_present(const PKCS12 *p12);
160void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg,
161 const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter,
162 const PKCS12 *p12);
163
164const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);
165const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag);
166const STACK_OF(PKCS12_SAFEBAG) *
167 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
168const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
169
170PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
171 int passlen);
172PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
173 const char *pass, int passlen);
174X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
175 const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,
176 PKCS8_PRIV_KEY_INFO *p8);
177
178STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
179STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
180 int passlen);
181STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12);
182
183int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
184char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
185int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
186 int saltlen, int id, int iter, int n, unsigned char *out,
187 const EVP_MD *md_type);
188int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
189int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
190 unsigned char *salt, int saltlen, int iter,
191 const EVP_MD *md_type);
192
193unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
194 unsigned char **uni, int *unilen);
195char *OPENSSL_uni2asc(const unsigned char *uni, int unilen);
196
197PKCS12 *PKCS12_new(void);
198void PKCS12_free(PKCS12 *a);
199PKCS12 *d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len);
200int i2d_PKCS12(PKCS12 *a, unsigned char **out);
201extern const ASN1_ITEM PKCS12_it;
202
203PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);
204void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
205PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len);
206int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out);
207extern const ASN1_ITEM PKCS12_SAFEBAG_it;
208
209void PKCS12_PBE_add(void);
210int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
211 STACK_OF(X509) **ca);
212PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
213 X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
214 int mac_iter, int keytype);
215
216int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
217int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
218PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
219PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
220int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
221
222void ERR_load_PKCS12_strings(void);
223
224/* Error codes for the PKCS12 functions. */
225
226/* Function codes. */
227#define PKCS12_F_PARSE_BAG 129
228#define PKCS12_F_PARSE_BAGS 103
229#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
230#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
231#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
232#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
233#define PKCS12_F_PKCS12_CREATE 105
234#define PKCS12_F_PKCS12_GEN_MAC 107
235#define PKCS12_F_PKCS12_INIT 109
236#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106
237#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108
238#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117
239#define PKCS12_F_PKCS12_KEY_GEN_ASC 110
240#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
241#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
242#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
243#define PKCS12_F_PKCS12_NEWPASS 128
244#define PKCS12_F_PKCS12_PACK_P7DATA 114
245#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
246#define PKCS12_F_PKCS12_PARSE 118
247#define PKCS12_F_PKCS12_PBE_CRYPT 119
248#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
249#define PKCS12_F_PKCS12_SETUP_MAC 122
250#define PKCS12_F_PKCS12_SET_MAC 123
251#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
252#define PKCS12_F_PKCS12_UNPACK_P7DATA 131
253#define PKCS12_F_PKCS12_VERIFY_MAC 126
254#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
255#define PKCS12_F_PKCS8_ENCRYPT 125
256
257/* Reason codes. */
258#define PKCS12_R_CANT_PACK_STRUCTURE 100
259#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
260#define PKCS12_R_DECODE_ERROR 101
261#define PKCS12_R_ENCODE_ERROR 102
262#define PKCS12_R_ENCRYPT_ERROR 103
263#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
264#define PKCS12_R_INVALID_NULL_ARGUMENT 104
265#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
266#define PKCS12_R_IV_GEN_ERROR 106
267#define PKCS12_R_KEY_GEN_ERROR 107
268#define PKCS12_R_MAC_ABSENT 108
269#define PKCS12_R_MAC_GENERATION_ERROR 109
270#define PKCS12_R_MAC_SETUP_ERROR 110
271#define PKCS12_R_MAC_STRING_SET_ERROR 111
272#define PKCS12_R_MAC_VERIFY_ERROR 112
273#define PKCS12_R_MAC_VERIFY_FAILURE 113
274#define PKCS12_R_PARSE_ERROR 114
275#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
276#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
277#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
278#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
279#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
280
281#ifdef __cplusplus
282}
283#endif
284#endif
diff --git a/src/lib/libcrypto/pkcs12/pkcs12_local.h b/src/lib/libcrypto/pkcs12/pkcs12_local.h
deleted file mode 100644
index 4a3ce4b3f0..0000000000
--- a/src/lib/libcrypto/pkcs12/pkcs12_local.h
+++ /dev/null
@@ -1,174 +0,0 @@
1/* $OpenBSD: pkcs12_local.h,v 1.6 2025/03/09 15:45:52 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_PKCS12_LOCAL_H
60#define HEADER_PKCS12_LOCAL_H
61
62__BEGIN_HIDDEN_DECLS
63
64struct PKCS12_MAC_DATA_st {
65 X509_SIG *dinfo;
66 ASN1_OCTET_STRING *salt;
67 ASN1_INTEGER *iter; /* defaults to 1 */
68};
69
70struct PKCS12_st {
71 ASN1_INTEGER *version;
72 PKCS12_MAC_DATA *mac;
73 PKCS7 *authsafes;
74};
75
76struct PKCS12_SAFEBAG_st {
77 ASN1_OBJECT *type;
78 union {
79 struct pkcs12_bag_st *bag; /* secret, crl and certbag */
80 struct pkcs8_priv_key_info_st *keybag; /* keybag */
81 X509_SIG *shkeybag; /* shrouded key bag */
82 STACK_OF(PKCS12_SAFEBAG) *safes;
83 ASN1_TYPE *other;
84 } value;
85 STACK_OF(X509_ATTRIBUTE) *attrib;
86};
87
88struct pkcs12_bag_st {
89 ASN1_OBJECT *type;
90 union {
91 ASN1_OCTET_STRING *x509cert;
92 ASN1_OCTET_STRING *x509crl;
93 ASN1_OCTET_STRING *octet;
94 ASN1_IA5STRING *sdsicert;
95 ASN1_TYPE *other; /* Secret or other bag */
96 } value;
97};
98
99extern const ASN1_ITEM PKCS12_SAFEBAGS_it;
100extern const ASN1_ITEM PKCS12_AUTHSAFES_it;
101
102PKCS12_BAGS *PKCS12_BAGS_new(void);
103void PKCS12_BAGS_free(PKCS12_BAGS *a);
104PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len);
105int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out);
106extern const ASN1_ITEM PKCS12_BAGS_it;
107
108PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);
109void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
110PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len);
111int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out);
112extern const ASN1_ITEM PKCS12_MAC_DATA_it;
113
114PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
115PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
116PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
117PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
118PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
119 const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,
120 PKCS8_PRIV_KEY_INFO *p8);
121
122PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
123PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
124 int key_usage, int iter, int key_nid, const char *pass);
125int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
126 int safe_nid, int iter, const char *pass);
127PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
128
129int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
130 int namelen);
131int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
132 int namelen);
133int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
134 int namelen);
135int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
136 int namelen);
137
138int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
139 unsigned char *mac, unsigned int *maclen);
140
141ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
142 int attr_nid);
143
144PKCS12 *PKCS12_init(int mode);
145
146void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
147 const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf);
148ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
149 const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf);
150PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
151 int nid1, int nid2);
152
153int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
154 int saltlen, int id, int iter, int n, unsigned char *out,
155 const EVP_MD *md_type);
156
157int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
158PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
159PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
160 unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags);
161
162unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass,
163 int passlen, const unsigned char *in, int inlen, unsigned char **data,
164 int *datalen, int en_de);
165
166int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
167 int saltlen, const EVP_MD *md_type);
168
169/* XXX - should go into pkcs7_local.h. */
170ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7);
171
172__END_HIDDEN_DECLS
173
174#endif /* !HEADER_PKCS12_LOCAL_H */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-23 15:24:27 +0000