OpenCoverage

p12_kiss.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/pkcs12/p12_kiss.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */-
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL-
3 * project 1999.-
4 */-
5/* ====================================================================-
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.-
7 *-
8 * Redistribution and use in source and binary forms, with or without-
9 * modification, are permitted provided that the following conditions-
10 * are met:-
11 *-
12 * 1. Redistributions of source code must retain the above copyright-
13 * notice, this list of conditions and the following disclaimer.-
14 *-
15 * 2. Redistributions in binary form must reproduce the above copyright-
16 * notice, this list of conditions and the following disclaimer in-
17 * the documentation and/or other materials provided with the-
18 * distribution.-
19 *-
20 * 3. All advertising materials mentioning features or use of this-
21 * software must display the following acknowledgment:-
22 * "This product includes software developed by the OpenSSL Project-
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"-
24 *-
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
26 * endorse or promote products derived from this software without-
27 * prior written permission. For written permission, please contact-
28 * licensing@OpenSSL.org.-
29 *-
30 * 5. Products derived from this software may not be called "OpenSSL"-
31 * nor may "OpenSSL" appear in their names without prior written-
32 * permission of the OpenSSL Project.-
33 *-
34 * 6. Redistributions of any form whatsoever must retain the following-
35 * acknowledgment:-
36 * "This product includes software developed by the OpenSSL Project-
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"-
38 *-
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
50 * OF THE POSSIBILITY OF SUCH DAMAGE.-
51 * ====================================================================-
52 *-
53 * This product includes cryptographic software written by Eric Young-
54 * (eay@cryptsoft.com). This product includes software written by Tim-
55 * Hudson (tjh@cryptsoft.com).-
56 *-
57 */-
58-
59#include <stdio.h>-
60-
61#include <openssl/err.h>-
62#include <openssl/pkcs12.h>-
63-
64/* Simplified PKCS#12 routines */-
65-
66static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,-
67 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);-
68-
69static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,-
70 int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);-
71-
72static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,-
73 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);-
74-
75/* Parse and decrypt a PKCS#12 structure returning user key, user cert-
76 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,-
77 * or it should point to a valid STACK structure. pkey and cert can be-
78 * passed unitialised.-
79 */-
80-
81int-
82PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,-
83 STACK_OF(X509) **ca)-
84{-
85 STACK_OF(X509) *ocerts = NULL;-
86 X509 *x = NULL;-
87 /* Check for NULL PKCS12 structure */-
88-
89 if (!p12) {
!p12Description
TRUEnever evaluated
FALSEnever evaluated
0
90 PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);-
91 return 0;
never executed: return 0;
0
92 }-
93-
94 if (pkey)
pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
95 *pkey = NULL;
never executed: *pkey = ((void *)0) ;
0
96 if (cert)
certDescription
TRUEnever evaluated
FALSEnever evaluated
0
97 *cert = NULL;
never executed: *cert = ((void *)0) ;
0
98-
99 /* Check the mac */-
100-
101 /* If password is zero length or NULL then try verifying both cases-
102 * to determine which password is correct. The reason for this is that-
103 * under PKCS#12 password based encryption no password and a zero length-
104 * password are two different things...-
105 */-
106-
107 if (!pass || !*pass) {
!passDescription
TRUEnever evaluated
FALSEnever evaluated
!*passDescription
TRUEnever evaluated
FALSEnever evaluated
0
108 if (PKCS12_verify_mac(p12, NULL, 0))
PKCS12_verify_...void *)0) , 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
109 pass = NULL;
never executed: pass = ((void *)0) ;
0
110 else if (PKCS12_verify_mac(p12, "", 0))
PKCS12_verify_mac(p12, "", 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
111 pass = "";
never executed: pass = "";
0
112 else {-
113 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);-
114 goto err;
never executed: goto err;
0
115 }-
116 } else if (!PKCS12_verify_mac(p12, pass, -1)) {
!PKCS12_verify...p12, pass, -1)Description
TRUEnever evaluated
FALSEnever evaluated
0
117 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);-
118 goto err;
never executed: goto err;
0
119 }-
120-
121 /* Allocate stack for other certificates */-
122 ocerts = sk_X509_new_null();-
123 if (!ocerts) {
!ocertsDescription
TRUEnever evaluated
FALSEnever evaluated
0
124 PKCS12error(ERR_R_MALLOC_FAILURE);-
125 return 0;
never executed: return 0;
0
126 }-
127-
128 if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) {
!parse_pk12 (p... pkey, ocerts)Description
TRUEnever evaluated
FALSEnever evaluated
0
129 PKCS12error(PKCS12_R_PARSE_ERROR);-
130 goto err;
never executed: goto err;
0
131 }-
132-
133 while ((x = sk_X509_pop(ocerts))) {
(x = (X509 *)s...st_X509*)0))))Description
TRUEnever evaluated
FALSEnever evaluated
0
134 if (pkey && *pkey && cert && !*cert) {
pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
*pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
certDescription
TRUEnever evaluated
FALSEnever evaluated
!*certDescription
TRUEnever evaluated
FALSEnever evaluated
0
135 if (X509_check_private_key(x, *pkey)) {
X509_check_pri..._key(x, *pkey)Description
TRUEnever evaluated
FALSEnever evaluated
0
136 *cert = x;-
137 x = NULL;-
138 }
never executed: end of block
0
139 }
never executed: end of block
0
140-
141 if (ca && x) {
caDescription
TRUEnever evaluated
FALSEnever evaluated
xDescription
TRUEnever evaluated
FALSEnever evaluated
0
142 if (!*ca)
!*caDescription
TRUEnever evaluated
FALSEnever evaluated
0
143 *ca = sk_X509_new_null();
never executed: *ca = ((struct stack_st_X509 *)sk_new_null());
0
144 if (!*ca)
!*caDescription
TRUEnever evaluated
FALSEnever evaluated
0
145 goto err;
never executed: goto err;
0
146 if (!sk_X509_push(*ca, x))
!sk_push(((_ST... : (X509*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
147 goto err;
never executed: goto err;
0
148 x = NULL;-
149 }
never executed: end of block
0
150 X509_free(x);-
151 }
never executed: end of block
0
152-
153 if (ocerts)
ocertsDescription
TRUEnever evaluated
FALSEnever evaluated
0
154 sk_X509_pop_free(ocerts, X509_free);
never executed: sk_pop_free(((_STACK*) (1 ? (ocerts) : (struct stack_st_X509*)0)), ((void (*)(void *)) ((1 ? (X509_free) : (void (*)(X509 *))0))));
0
155-
156 return 1;
never executed: return 1;
0
157-
158err:-
159 if (pkey && *pkey)
pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
*pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
160 EVP_PKEY_free(*pkey);
never executed: EVP_PKEY_free(*pkey);
0
161 if (cert)
certDescription
TRUEnever evaluated
FALSEnever evaluated
0
162 X509_free(*cert);
never executed: X509_free(*cert);
0
163 X509_free(x);-
164 if (ocerts)
ocertsDescription
TRUEnever evaluated
FALSEnever evaluated
0
165 sk_X509_pop_free(ocerts, X509_free);
never executed: sk_pop_free(((_STACK*) (1 ? (ocerts) : (struct stack_st_X509*)0)), ((void (*)(void *)) ((1 ? (X509_free) : (void (*)(X509 *))0))));
0
166 return 0;
never executed: return 0;
0
167}-
168-
169/* Parse the outer PKCS#12 structure */-
170-
171static int-
172parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey,-
173 STACK_OF(X509) *ocerts)-
174{-
175 STACK_OF(PKCS7) *asafes;-
176 STACK_OF(PKCS12_SAFEBAG) *bags;-
177 int i, bagnid;-
178 PKCS7 *p7;-
179-
180 if (!(asafes = PKCS12_unpack_authsafes (p12)))
!(asafes = PKC...thsafes (p12))Description
TRUEnever evaluated
FALSEnever evaluated
0
181 return 0;
never executed: return 0;
0
182 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
i < sk_num(((_...st_PKCS7*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
183 p7 = sk_PKCS7_value (asafes, i);-
184 bagnid = OBJ_obj2nid (p7->type);-
185 if (bagnid == NID_pkcs7_data) {
bagnid == 21Description
TRUEnever evaluated
FALSEnever evaluated
0
186 bags = PKCS12_unpack_p7data(p7);-
187 } else if (bagnid == NID_pkcs7_encrypted) {
never executed: end of block
bagnid == 26Description
TRUEnever evaluated
FALSEnever evaluated
0
188 bags = PKCS12_unpack_p7encdata(p7, pass, passlen);-
189 } else
never executed: end of block
0
190 continue;
never executed: continue;
0
191 if (!bags) {
!bagsDescription
TRUEnever evaluated
FALSEnever evaluated
0
192 sk_PKCS7_pop_free(asafes, PKCS7_free);-
193 return 0;
never executed: return 0;
0
194 }-
195 if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
!parse_bags(ba... pkey, ocerts)Description
TRUEnever evaluated
FALSEnever evaluated
0
196 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
197 sk_PKCS7_pop_free(asafes, PKCS7_free);-
198 return 0;
never executed: return 0;
0
199 }-
200 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
201 }
never executed: end of block
0
202 sk_PKCS7_pop_free(asafes, PKCS7_free);-
203 return 1;
never executed: return 1;
0
204}-
205-
206static int-
207parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen,-
208 EVP_PKEY **pkey, STACK_OF(X509) *ocerts)-
209{-
210 int i;-
211-
212 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
i < sk_num(((_..._SAFEBAG*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
213 if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), pass, passlen,
!parse_bag(((P... pkey, ocerts)Description
TRUEnever evaluated
FALSEnever evaluated
0
214 pkey, ocerts))
!parse_bag(((P... pkey, ocerts)Description
TRUEnever evaluated
FALSEnever evaluated
0
215 return 0;
never executed: return 0;
0
216 }
never executed: end of block
0
217 return 1;
never executed: return 1;
0
218}-
219-
220static int-
221parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey,-
222 STACK_OF(X509) *ocerts)-
223{-
224 PKCS8_PRIV_KEY_INFO *p8;-
225 X509 *x509;-
226 ASN1_TYPE *attrib;-
227 ASN1_BMPSTRING *fname = NULL;-
228 ASN1_OCTET_STRING *lkid = NULL;-
229-
230 if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
(attrib = PKCS...>attrib, 156))Description
TRUEnever evaluated
FALSEnever evaluated
0
231 fname = attrib->value.bmpstring;
never executed: fname = attrib->value.bmpstring;
0
232-
233 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
(attrib = PKCS...>attrib, 157))Description
TRUEnever evaluated
FALSEnever evaluated
0
234 lkid = attrib->value.octet_string;
never executed: lkid = attrib->value.octet_string;
0
235-
236 switch (OBJ_obj2nid(bag->type)) {-
237 case NID_keyBag:
never executed: case 150:
0
238 if (!pkey || *pkey)
!pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
*pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
239 return 1;
never executed: return 1;
0
240 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
!(*pkey = EVP_...value.keybag))Description
TRUEnever evaluated
FALSEnever evaluated
0
241 return 0;
never executed: return 0;
0
242 break;
never executed: break;
0
243-
244 case NID_pkcs8ShroudedKeyBag:
never executed: case 151:
0
245 if (!pkey || *pkey)
!pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
*pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
246 return 1;
never executed: return 1;
0
247 if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
!(p8 = PKCS12_...ass, passlen))Description
TRUEnever evaluated
FALSEnever evaluated
0
248 return 0;
never executed: return 0;
0
249 *pkey = EVP_PKCS82PKEY(p8);-
250 PKCS8_PRIV_KEY_INFO_free(p8);-
251 if (!(*pkey))
!(*pkey)Description
TRUEnever evaluated
FALSEnever evaluated
0
252 return 0;
never executed: return 0;
0
253 break;
never executed: break;
0
254-
255 case NID_certBag:
never executed: case 152:
0
256 if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate )
OBJ_obj2nid(ba...->type) != 158Description
TRUEnever evaluated
FALSEnever evaluated
0
257 return 1;
never executed: return 1;
0
258 if (!(x509 = PKCS12_certbag2x509(bag)))
!(x509 = PKCS1...bag2x509(bag))Description
TRUEnever evaluated
FALSEnever evaluated
0
259 return 0;
never executed: return 0;
0
260 if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
lkidDescription
TRUEnever evaluated
FALSEnever evaluated
!X509_keyid_se... lkid->length)Description
TRUEnever evaluated
FALSEnever evaluated
0
261 X509_free(x509);-
262 return 0;
never executed: return 0;
0
263 }-
264 if (fname) {
fnameDescription
TRUEnever evaluated
FALSEnever evaluated
0
265 int len, r;-
266 unsigned char *data;-
267 len = ASN1_STRING_to_UTF8(&data, fname);-
268 if (len >= 0) {
len >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
269 r = X509_alias_set1(x509, data, len);-
270 free(data);-
271 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
272 X509_free(x509);-
273 return 0;
never executed: return 0;
0
274 }-
275 }
never executed: end of block
0
276 }
never executed: end of block
0
277-
278 if (!sk_X509_push(ocerts, x509)) {
!sk_push(((_ST... : (X509*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
279 X509_free(x509);-
280 return 0;
never executed: return 0;
0
281 }-
282-
283 break;
never executed: break;
0
284-
285 case NID_safeContentsBag:
never executed: case 155:
0
286 return parse_bags(bag->value.safes, pass, passlen,
never executed: return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts);
0
287 pkey, ocerts);
never executed: return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts);
0
288 break;
dead code: break;
-
289-
290 default:
never executed: default:
0
291 return 1;
never executed: return 1;
0
292 break;
dead code: break;
-
293 }-
294 return 1;
never executed: return 1;
0
295}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2