summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_decr.c85
1 files changed, 50 insertions, 35 deletions
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
index 01fe24835f..577bb06f80 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_decr.c,v 1.10 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: p12_decr.c,v 1.11 2014/07/08 09:24:53 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -68,9 +68,9 @@
68 * malloc'ed buffer 68 * malloc'ed buffer
69 */ 69 */
70 70
71unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, 71unsigned char *
72 int passlen, unsigned char *in, int inlen, unsigned char **data, 72PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
73 int *datalen, int en_de) 73 unsigned char *in, int inlen, unsigned char **data, int *datalen, int en_de)
74{ 74{
75 unsigned char *out; 75 unsigned char *out;
76 int outlen, i; 76 int outlen, i;
@@ -78,47 +78,52 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
78 78
79 EVP_CIPHER_CTX_init(&ctx); 79 EVP_CIPHER_CTX_init(&ctx);
80 /* Decrypt data */ 80 /* Decrypt data */
81 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, 81 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
82 algor->parameter, &ctx, en_de)) { 82 algor->parameter, &ctx, en_de)) {
83 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); 83 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
84 PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
84 return NULL; 85 return NULL;
85 } 86 }
86 87
87 if(!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { 88 if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
88 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE); 89 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
89 goto err; 90 goto err;
90 } 91 }
91 92
92 if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) 93 if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
93 {
94 free(out); 94 free(out);
95 out = NULL; 95 out = NULL;
96 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_EVP_LIB); 96 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
97 goto err; 97 goto err;
98 } 98 }
99 99
100 outlen = i; 100 outlen = i;
101 if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) { 101 if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
102 free(out); 102 free(out);
103 out = NULL; 103 out = NULL;
104 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR); 104 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
105 PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
105 goto err; 106 goto err;
106 } 107 }
107 outlen += i; 108 outlen += i;
108 if (datalen) *datalen = outlen; 109 if (datalen)
109 if (data) *data = out; 110 *datalen = outlen;
110 err: 111 if (data)
112 *data = out;
113
114err:
111 EVP_CIPHER_CTX_cleanup(&ctx); 115 EVP_CIPHER_CTX_cleanup(&ctx);
112 return out; 116 return out;
113 117
114} 118}
115 119
116/* Decrypt an OCTET STRING and decode ASN1 structure 120/* Decrypt an OCTET STRING and decode ASN1 structure
117 * if zbuf set zero buffer after use. 121 * if zbuf set zero buffer after use.
118 */ 122 */
119 123
120void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, 124void *
121 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) 125PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
126 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
122{ 127{
123 unsigned char *out; 128 unsigned char *out;
124 const unsigned char *p; 129 const unsigned char *p;
@@ -126,8 +131,9 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
126 int outlen; 131 int outlen;
127 132
128 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, 133 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
129 &out, &outlen, 0)) { 134 &out, &outlen, 0)) {
130 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); 135 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
136 PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
131 return NULL; 137 return NULL;
132 } 138 }
133 p = out; 139 p = out;
@@ -144,39 +150,48 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
144 } 150 }
145#endif 151#endif
146 ret = ASN1_item_d2i(NULL, &p, outlen, it); 152 ret = ASN1_item_d2i(NULL, &p, outlen, it);
147 if (zbuf) OPENSSL_cleanse(out, outlen); 153 if (zbuf)
148 if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); 154 OPENSSL_cleanse(out, outlen);
155 if (!ret)
156 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
157 PKCS12_R_DECODE_ERROR);
149 free(out); 158 free(out);
150 return ret; 159 return ret;
151} 160}
152 161
153/* Encode ASN1 structure and encrypt, return OCTET STRING 162/* Encode ASN1 structure and encrypt, return OCTET STRING
154 * if zbuf set zero encoding. 163 * if zbuf set zero encoding.
155 */ 164 */
156 165
157ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, 166ASN1_OCTET_STRING *
158 const char *pass, int passlen, 167PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
159 void *obj, int zbuf) 168 const char *pass, int passlen,
169 void *obj, int zbuf)
160{ 170{
161 ASN1_OCTET_STRING *oct; 171 ASN1_OCTET_STRING *oct;
162 unsigned char *in = NULL; 172 unsigned char *in = NULL;
163 int inlen; 173 int inlen;
174
164 if (!(oct = M_ASN1_OCTET_STRING_new ())) { 175 if (!(oct = M_ASN1_OCTET_STRING_new ())) {
165 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); 176 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
177 ERR_R_MALLOC_FAILURE);
166 return NULL; 178 return NULL;
167 } 179 }
168 inlen = ASN1_item_i2d(obj, &in, it); 180 inlen = ASN1_item_i2d(obj, &in, it);
169 if (!in) { 181 if (!in) {
170 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); 182 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
183 PKCS12_R_ENCODE_ERROR);
171 return NULL; 184 return NULL;
172 } 185 }
173 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, 186 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
174 &oct->length, 1)) { 187 &oct->length, 1)) {
175 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); 188 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,
189 PKCS12_R_ENCRYPT_ERROR);
176 free(in); 190 free(in);
177 return NULL; 191 return NULL;
178 } 192 }
179 if (zbuf) OPENSSL_cleanse(in, inlen); 193 if (zbuf)
194 OPENSSL_cleanse(in, inlen);
180 free(in); 195 free(in);
181 return oct; 196 return oct;
182} 197}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 22:47:20 +0000