Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | | - |
40 | | - |
41 | | - |
42 | | - |
43 | | - |
44 | | - |
45 | | - |
46 | | - |
47 | | - |
48 | | - |
49 | | - |
50 | | - |
51 | | - |
52 | | - |
53 | | - |
54 | | - |
55 | | - |
56 | | - |
57 | | - |
58 | | - |
59 | #include <stdio.h> | - |
60 | | - |
61 | #include <openssl/err.h> | - |
62 | #include <openssl/pkcs12.h> | - |
63 | | - |
64 | static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, | - |
65 | PKCS12_SAFEBAG *bag); | - |
66 | | - |
67 | static int | - |
68 | copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) | - |
69 | { | - |
70 | int idx; | - |
71 | X509_ATTRIBUTE *attr; | - |
72 | | - |
73 | idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); | - |
74 | if (idx < 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
75 | return 1; never executed: return 1; | 0 |
76 | attr = EVP_PKEY_get_attr(pkey, idx); | - |
77 | if (!X509at_add1_attr(&bag->attrib, attr))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
78 | return 0; never executed: return 0; | 0 |
79 | return 1; never executed: return 1; | 0 |
80 | } | - |
81 | | - |
82 | PKCS12 * | - |
83 | PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, | - |
84 | STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, | - |
85 | int keytype) | - |
86 | { | - |
87 | PKCS12 *p12 = NULL; | - |
88 | STACK_OF(PKCS7) *safes = NULL; | - |
89 | STACK_OF(PKCS12_SAFEBAG) *bags = NULL; | - |
90 | PKCS12_SAFEBAG *bag = NULL; | - |
91 | int i; | - |
92 | unsigned char keyid[EVP_MAX_MD_SIZE]; | - |
93 | unsigned int keyidlen = 0; | - |
94 | | - |
95 | | - |
96 | if (!nid_cert) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
97 | nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; | - |
98 | } never executed: end of block | 0 |
99 | if (!nid_key)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
100 | nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; never executed: nid_key = 146; | 0 |
101 | if (!iter)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
102 | iter = PKCS12_DEFAULT_ITER; never executed: iter = 2048; | 0 |
103 | if (!mac_iter)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
104 | mac_iter = 1; never executed: mac_iter = 1; | 0 |
105 | | - |
106 | if (!pkey && !cert && !ca) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
107 | PKCS12error(PKCS12_R_INVALID_NULL_ARGUMENT); | - |
108 | return NULL; never executed: return ((void *)0) ; | 0 |
109 | } | - |
110 | | - |
111 | if (pkey && cert) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
112 | if (!X509_check_private_key(cert, pkey))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
113 | return NULL; never executed: return ((void *)0) ; | 0 |
114 | X509_digest(cert, EVP_sha1(), keyid, &keyidlen); | - |
115 | } never executed: end of block | 0 |
116 | | - |
117 | if (cert) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
118 | bag = PKCS12_add_cert(&bags, cert); | - |
119 | if (name && !PKCS12_add_friendlyname(bag, name, -1))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
120 | goto err; never executed: goto err; | 0 |
121 | if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
122 | goto err; never executed: goto err; | 0 |
123 | } never executed: end of block | 0 |
124 | | - |
125 | | - |
126 | for (i = 0; i < sk_X509_num(ca); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
127 | if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
128 | goto err; never executed: goto err; | 0 |
129 | } never executed: end of block | 0 |
130 | | - |
131 | if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
132 | goto err; never executed: goto err; | 0 |
133 | | - |
134 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | - |
135 | bags = NULL; | - |
136 | | - |
137 | if (pkey) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
138 | bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); | - |
139 | | - |
140 | if (!bag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
141 | goto err; never executed: goto err; | 0 |
142 | | - |
143 | if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
144 | goto err; never executed: goto err; | 0 |
145 | if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
146 | goto err; never executed: goto err; | 0 |
147 | | - |
148 | if (name && !PKCS12_add_friendlyname(bag, name, -1))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
149 | goto err; never executed: goto err; | 0 |
150 | if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
151 | goto err; never executed: goto err; | 0 |
152 | } never executed: end of block | 0 |
153 | | - |
154 | if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
155 | goto err; never executed: goto err; | 0 |
156 | | - |
157 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | - |
158 | bags = NULL; | - |
159 | | - |
160 | p12 = PKCS12_add_safes(safes, 0); | - |
161 | | - |
162 | if (!p12)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
163 | goto err; never executed: goto err; | 0 |
164 | | - |
165 | sk_PKCS7_pop_free(safes, PKCS7_free); | - |
166 | | - |
167 | safes = NULL; | - |
168 | | - |
169 | if ((mac_iter != -1) &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
170 | !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
171 | goto err; never executed: goto err; | 0 |
172 | | - |
173 | return p12; never executed: return p12; | 0 |
174 | | - |
175 | err: | - |
176 | if (p12)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
177 | PKCS12_free(p12); never executed: PKCS12_free(p12); | 0 |
178 | if (safes)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
179 | sk_PKCS7_pop_free(safes, PKCS7_free); never executed: sk_pop_free(((_STACK*) (1 ? (safes) : (struct stack_st_PKCS7*)0)), ((void (*)(void *)) ((1 ? (PKCS7_free) : (void (*)(PKCS7 *))0)))); | 0 |
180 | if (bags)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
181 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); never executed: sk_pop_free(((_STACK*) (1 ? (bags) : (struct stack_st_PKCS12_SAFEBAG*)0)), ((void (*)(void *)) ((1 ? (PKCS12_SAFEBAG_free) : (void (*)(PKCS12_SAFEBAG *))0)))); | 0 |
182 | return NULL; never executed: return ((void *)0) ; | 0 |
183 | } | - |
184 | | - |
185 | PKCS12_SAFEBAG * | - |
186 | PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) | - |
187 | { | - |
188 | PKCS12_SAFEBAG *bag = NULL; | - |
189 | char *name; | - |
190 | int namelen = -1; | - |
191 | unsigned char *keyid; | - |
192 | int keyidlen = -1; | - |
193 | | - |
194 | | - |
195 | if (!(bag = PKCS12_x5092certbag(cert)))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
196 | goto err; never executed: goto err; | 0 |
197 | | - |
198 | | - |
199 | | - |
200 | | - |
201 | name = (char *)X509_alias_get0(cert, &namelen); | - |
202 | if (name && !PKCS12_add_friendlyname(bag, name, namelen))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
203 | goto err; never executed: goto err; | 0 |
204 | | - |
205 | keyid = X509_keyid_get0(cert, &keyidlen); | - |
206 | | - |
207 | if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
208 | goto err; never executed: goto err; | 0 |
209 | | - |
210 | if (!pkcs12_add_bag(pbags, bag))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
211 | goto err; never executed: goto err; | 0 |
212 | | - |
213 | return bag; never executed: return bag; | 0 |
214 | | - |
215 | err: | - |
216 | if (bag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
217 | PKCS12_SAFEBAG_free(bag); never executed: PKCS12_SAFEBAG_free(bag); | 0 |
218 | | - |
219 | return NULL; never executed: return ((void *)0) ; | 0 |
220 | } | - |
221 | | - |
222 | PKCS12_SAFEBAG * | - |
223 | PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage, | - |
224 | int iter, int nid_key, const char *pass) | - |
225 | { | - |
226 | PKCS12_SAFEBAG *bag = NULL; | - |
227 | PKCS8_PRIV_KEY_INFO *p8 = NULL; | - |
228 | | - |
229 | | - |
230 | if (!(p8 = EVP_PKEY2PKCS8(key)))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
231 | goto err; never executed: goto err; | 0 |
232 | if (key_usage && !PKCS8_add_keyusage(p8, key_usage))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
233 | goto err; never executed: goto err; | 0 |
234 | if (nid_key != -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
235 | bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, | - |
236 | iter, p8); | - |
237 | PKCS8_PRIV_KEY_INFO_free(p8); | - |
238 | p8 = NULL; | - |
239 | } else { never executed: end of block | 0 |
240 | bag = PKCS12_MAKE_KEYBAG(p8); | - |
241 | if (bag != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
242 | p8 = NULL; never executed: p8 = ((void *)0) ; | 0 |
243 | } never executed: end of block | 0 |
244 | | - |
245 | if (!bag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
246 | goto err; never executed: goto err; | 0 |
247 | | - |
248 | if (!pkcs12_add_bag(pbags, bag))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
249 | goto err; never executed: goto err; | 0 |
250 | | - |
251 | return bag; never executed: return bag; | 0 |
252 | | - |
253 | err: | - |
254 | if (bag)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
255 | PKCS12_SAFEBAG_free(bag); never executed: PKCS12_SAFEBAG_free(bag); | 0 |
256 | if (p8)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
257 | PKCS8_PRIV_KEY_INFO_free(p8); never executed: PKCS8_PRIV_KEY_INFO_free(p8); | 0 |
258 | | - |
259 | return NULL; never executed: return ((void *)0) ; | 0 |
260 | } | - |
261 | | - |
262 | int | - |
263 | PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, | - |
264 | int nid_safe, int iter, const char *pass) | - |
265 | { | - |
266 | PKCS7 *p7 = NULL; | - |
267 | int free_safes = 0; | - |
268 | | - |
269 | if (!*psafes) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
270 | *psafes = sk_PKCS7_new_null(); | - |
271 | if (!*psafes)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
272 | return 0; never executed: return 0; | 0 |
273 | free_safes = 1; | - |
274 | } else never executed: end of block | 0 |
275 | free_safes = 0; never executed: free_safes = 0; | 0 |
276 | | - |
277 | if (nid_safe == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
278 | nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; never executed: nid_safe = 149; | 0 |
279 | | - |
280 | if (nid_safe == -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
281 | p7 = PKCS12_pack_p7data(bags); never executed: p7 = PKCS12_pack_p7data(bags); | 0 |
282 | else | - |
283 | p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, never executed: p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, ((void *)0) , 0, iter, bags); | 0 |
284 | iter, bags); never executed: p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, ((void *)0) , 0, iter, bags); | 0 |
285 | if (!p7)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
286 | goto err; never executed: goto err; | 0 |
287 | | - |
288 | if (!sk_PKCS7_push(*psafes, p7))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
289 | goto err; never executed: goto err; | 0 |
290 | | - |
291 | return 1; never executed: return 1; | 0 |
292 | | - |
293 | err: | - |
294 | if (free_safes) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
295 | sk_PKCS7_free(*psafes); | - |
296 | *psafes = NULL; | - |
297 | } never executed: end of block | 0 |
298 | | - |
299 | if (p7)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
300 | PKCS7_free(p7); never executed: PKCS7_free(p7); | 0 |
301 | | - |
302 | return 0; never executed: return 0; | 0 |
303 | } | - |
304 | | - |
305 | static int | - |
306 | pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag) | - |
307 | { | - |
308 | int free_bags; | - |
309 | | - |
310 | if (!pbags)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
311 | return 1; never executed: return 1; | 0 |
312 | if (!*pbags) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
313 | *pbags = sk_PKCS12_SAFEBAG_new_null(); | - |
314 | if (!*pbags)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
315 | return 0; never executed: return 0; | 0 |
316 | free_bags = 1; | - |
317 | } else never executed: end of block | 0 |
318 | free_bags = 0; never executed: free_bags = 0; | 0 |
319 | | - |
320 | if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
321 | if (free_bags) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
322 | sk_PKCS12_SAFEBAG_free(*pbags); | - |
323 | *pbags = NULL; | - |
324 | } never executed: end of block | 0 |
325 | return 0; never executed: return 0; | 0 |
326 | } | - |
327 | | - |
328 | return 1; never executed: return 1; | 0 |
329 | } | - |
330 | | - |
331 | PKCS12 * | - |
332 | PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) | - |
333 | { | - |
334 | PKCS12 *p12; | - |
335 | | - |
336 | if (nid_p7 <= 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
337 | nid_p7 = NID_pkcs7_data; never executed: nid_p7 = 21; | 0 |
338 | p12 = PKCS12_init(nid_p7); | - |
339 | | - |
340 | if (!p12)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
341 | return NULL; never executed: return ((void *)0) ; | 0 |
342 | | - |
343 | if (!PKCS12_pack_authsafes(p12, safes)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
344 | PKCS12_free(p12); | - |
345 | return NULL; never executed: return ((void *)0) ; | 0 |
346 | } | - |
347 | | - |
348 | return p12; never executed: return p12; | 0 |
349 | } | - |
| | |