OpenCoverage

p12_npas.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/pkcs12/p12_npas.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: p12_npas.c,v 1.13 2018/05/13 14:22:34 tb Exp $ */-
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL-
3 * project 1999.-
4 */-
5/* ====================================================================-
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.-
7 *-
8 * Redistribution and use in source and binary forms, with or without-
9 * modification, are permitted provided that the following conditions-
10 * are met:-
11 *-
12 * 1. Redistributions of source code must retain the above copyright-
13 * notice, this list of conditions and the following disclaimer.-
14 *-
15 * 2. Redistributions in binary form must reproduce the above copyright-
16 * notice, this list of conditions and the following disclaimer in-
17 * the documentation and/or other materials provided with the-
18 * distribution.-
19 *-
20 * 3. All advertising materials mentioning features or use of this-
21 * software must display the following acknowledgment:-
22 * "This product includes software developed by the OpenSSL Project-
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"-
24 *-
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
26 * endorse or promote products derived from this software without-
27 * prior written permission. For written permission, please contact-
28 * licensing@OpenSSL.org.-
29 *-
30 * 5. Products derived from this software may not be called "OpenSSL"-
31 * nor may "OpenSSL" appear in their names without prior written-
32 * permission of the OpenSSL Project.-
33 *-
34 * 6. Redistributions of any form whatsoever must retain the following-
35 * acknowledgment:-
36 * "This product includes software developed by the OpenSSL Project-
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"-
38 *-
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
50 * OF THE POSSIBILITY OF SUCH DAMAGE.-
51 * ====================================================================-
52 *-
53 * This product includes cryptographic software written by Eric Young-
54 * (eay@cryptsoft.com). This product includes software written by Tim-
55 * Hudson (tjh@cryptsoft.com).-
56 *-
57 */-
58-
59#include <stdio.h>-
60#include <stdlib.h>-
61#include <string.h>-
62#include <openssl/pem.h>-
63#include <openssl/err.h>-
64#include <openssl/pkcs12.h>-
65-
66/* PKCS#12 password change routine */-
67-
68static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);-
69static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,-
70 const char *newpass);-
71static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,-
72 const char *newpass);-
73static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);-
74-
75/*-
76 * Change the password on a PKCS#12 structure.-
77 */-
78-
79int-
80PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)-
81{-
82 /* Check for NULL PKCS12 structure */-
83-
84 if (!p12) {
!p12Description
TRUEnever evaluated
FALSEnever evaluated
0
85 PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);-
86 return 0;
never executed: return 0;
0
87 }-
88-
89 /* Check the mac */-
90-
91 if (!PKCS12_verify_mac(p12, oldpass, -1)) {
!PKCS12_verify..., oldpass, -1)Description
TRUEnever evaluated
FALSEnever evaluated
0
92 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);-
93 return 0;
never executed: return 0;
0
94 }-
95-
96 if (!newpass_p12(p12, oldpass, newpass)) {
!newpass_p12(p...pass, newpass)Description
TRUEnever evaluated
FALSEnever evaluated
0
97 PKCS12error(PKCS12_R_PARSE_ERROR);-
98 return 0;
never executed: return 0;
0
99 }-
100-
101 return 1;
never executed: return 1;
0
102}-
103-
104/* Parse the outer PKCS#12 structure */-
105-
106static int-
107newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)-
108{-
109 STACK_OF(PKCS7) *asafes, *newsafes;-
110 STACK_OF(PKCS12_SAFEBAG) *bags;-
111 int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;-
112 PKCS7 *p7, *p7new;-
113 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;-
114 unsigned char mac[EVP_MAX_MD_SIZE];-
115 unsigned int maclen;-
116-
117 if (!(asafes = PKCS12_unpack_authsafes(p12)))
!(asafes = PKC...uthsafes(p12))Description
TRUEnever evaluated
FALSEnever evaluated
0
118 return 0;
never executed: return 0;
0
119 if (!(newsafes = sk_PKCS7_new_null()))
!(newsafes = (...k_new_null()))Description
TRUEnever evaluated
FALSEnever evaluated
0
120 return 0;
never executed: return 0;
0
121 for (i = 0; i < sk_PKCS7_num(asafes); i++) {
i < sk_num(((_...st_PKCS7*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
122 p7 = sk_PKCS7_value(asafes, i);-
123 bagnid = OBJ_obj2nid(p7->type);-
124 if (bagnid == NID_pkcs7_data) {
bagnid == 21Description
TRUEnever evaluated
FALSEnever evaluated
0
125 bags = PKCS12_unpack_p7data(p7);-
126 } else if (bagnid == NID_pkcs7_encrypted) {
never executed: end of block
bagnid == 26Description
TRUEnever evaluated
FALSEnever evaluated
0
127 bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);-
128 if (!alg_get(p7->d.encrypted->enc_data->algorithm,
!alg_get(p7->d... &pbe_saltlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
129 &pbe_nid, &pbe_iter, &pbe_saltlen)) {
!alg_get(p7->d... &pbe_saltlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
130 sk_PKCS12_SAFEBAG_pop_free(bags,-
131 PKCS12_SAFEBAG_free);-
132 bags = NULL;-
133 }
never executed: end of block
0
134 } else
never executed: end of block
0
135 continue;
never executed: continue;
0
136 if (bags == NULL)
bags == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
137 goto err;
never executed: goto err;
0
138 if (!newpass_bags(bags, oldpass, newpass)) {
!newpass_bags(...pass, newpass)Description
TRUEnever evaluated
FALSEnever evaluated
0
139 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
140 goto err;
never executed: goto err;
0
141 }-
142 /* Repack bag in same form with new password */-
143 if (bagnid == NID_pkcs7_data)
bagnid == 21Description
TRUEnever evaluated
FALSEnever evaluated
0
144 p7new = PKCS12_pack_p7data(bags);
never executed: p7new = PKCS12_pack_p7data(bags);
0
145 else-
146 p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1,
never executed: p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, ((void *)0) , pbe_saltlen, pbe_iter, bags);
0
147 NULL, pbe_saltlen, pbe_iter, bags);
never executed: p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, ((void *)0) , pbe_saltlen, pbe_iter, bags);
0
148 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
149 if (p7new == NULL)
p7new == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
150 goto err;
never executed: goto err;
0
151 if (sk_PKCS7_push(newsafes, p7new) == 0)
sk_push(((_STA...CS7*)0))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
152 goto err;
never executed: goto err;
0
153 }
never executed: end of block
0
154 sk_PKCS7_pop_free(asafes, PKCS7_free);-
155-
156 /* Repack safe: save old safe in case of error */-
157-
158 p12_data_tmp = p12->authsafes->d.data;-
159 if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) {
!(p12->authsaf..._STRING_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
160 p12->authsafes->d.data = p12_data_tmp;-
161 goto err;
never executed: goto err;
0
162 }-
163 if (!PKCS12_pack_authsafes(p12, newsafes))
!PKCS12_pack_a...p12, newsafes)Description
TRUEnever evaluated
FALSEnever evaluated
0
164 goto saferr;
never executed: goto saferr;
0
165-
166 if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
!PKCS12_gen_ma... mac, &maclen)Description
TRUEnever evaluated
FALSEnever evaluated
0
167 goto saferr;
never executed: goto saferr;
0
168 if (!(macnew = ASN1_OCTET_STRING_new()))
!(macnew = ASN..._STRING_new())Description
TRUEnever evaluated
FALSEnever evaluated
0
169 goto saferr;
never executed: goto saferr;
0
170 if (!ASN1_OCTET_STRING_set(macnew, mac, maclen))
!ASN1_OCTET_ST..., mac, maclen)Description
TRUEnever evaluated
FALSEnever evaluated
0
171 goto saferr;
never executed: goto saferr;
0
172 ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);-
173 p12->mac->dinfo->digest = macnew;-
174 ASN1_OCTET_STRING_free(p12_data_tmp);-
175-
176 return 1;
never executed: return 1;
0
177-
178saferr:-
179 /* Restore old safe */-
180 ASN1_OCTET_STRING_free(p12->authsafes->d.data);-
181 ASN1_OCTET_STRING_free(macnew);-
182 p12->authsafes->d.data = p12_data_tmp;-
183 return 0;
never executed: return 0;
0
184-
185err:-
186 sk_PKCS7_pop_free(asafes, PKCS7_free);-
187 sk_PKCS7_pop_free(newsafes, PKCS7_free);-
188 return 0;
never executed: return 0;
0
189}-
190-
191-
192static int-
193newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,-
194 const char *newpass)-
195{-
196 int i;-
197-
198 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
i < sk_num(((_..._SAFEBAG*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
199 if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
!newpass_bag((...pass, newpass)Description
TRUEnever evaluated
FALSEnever evaluated
0
200 oldpass, newpass))
!newpass_bag((...pass, newpass)Description
TRUEnever evaluated
FALSEnever evaluated
0
201 return 0;
never executed: return 0;
0
202 }
never executed: end of block
0
203 return 1;
never executed: return 1;
0
204}-
205-
206/* Change password of safebag: only needs handle shrouded keybags */-
207-
208static int-
209newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, const char *newpass)-
210{-
211 PKCS8_PRIV_KEY_INFO *p8;-
212 X509_SIG *p8new;-
213 int p8_nid, p8_saltlen, p8_iter;-
214-
215 if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
OBJ_obj2nid(bag->type) != 151Description
TRUEnever evaluated
FALSEnever evaluated
0
216 return 1;
never executed: return 1;
0
217-
218 if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
!(p8 = PKCS8_d... oldpass, -1))Description
TRUEnever evaluated
FALSEnever evaluated
0
219 return 0;
never executed: return 0;
0
220 if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
!alg_get(bag->..., &p8_saltlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
221 &p8_saltlen))
!alg_get(bag->..., &p8_saltlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
222 return 0;
never executed: return 0;
0
223 if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
!(p8new = PKCS... p8_iter, p8))Description
TRUEnever evaluated
FALSEnever evaluated
0
224 p8_iter, p8))) return 0;
never executed: return 0;
!(p8new = PKCS... p8_iter, p8))Description
TRUEnever evaluated
FALSEnever evaluated
0
225 X509_SIG_free(bag->value.shkeybag);-
226 bag->value.shkeybag = p8new;-
227 return 1;
never executed: return 1;
0
228}-
229-
230static int-
231alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)-
232{-
233 PBEPARAM *pbe;-
234 const unsigned char *p;-
235-
236 p = alg->parameter->value.sequence->data;-
237 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);-
238 if (!pbe)
!pbeDescription
TRUEnever evaluated
FALSEnever evaluated
0
239 return 0;
never executed: return 0;
0
240 *pnid = OBJ_obj2nid(alg->algorithm);-
241 *piter = ASN1_INTEGER_get(pbe->iter);-
242 *psaltlen = pbe->salt->length;-
243 PBEPARAM_free(pbe);-
244 return 1;
never executed: return 1;
0
245}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2