OpenCoverage

p12_crt.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/pkcs12/p12_crt.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: p12_crt.c,v 1.18 2018/05/13 13:46:55 tb Exp $ */-
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL-
3 * project.-
4 */-
5/* ====================================================================-
6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.-
7 *-
8 * Redistribution and use in source and binary forms, with or without-
9 * modification, are permitted provided that the following conditions-
10 * are met:-
11 *-
12 * 1. Redistributions of source code must retain the above copyright-
13 * notice, this list of conditions and the following disclaimer.-
14 *-
15 * 2. Redistributions in binary form must reproduce the above copyright-
16 * notice, this list of conditions and the following disclaimer in-
17 * the documentation and/or other materials provided with the-
18 * distribution.-
19 *-
20 * 3. All advertising materials mentioning features or use of this-
21 * software must display the following acknowledgment:-
22 * "This product includes software developed by the OpenSSL Project-
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"-
24 *-
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
26 * endorse or promote products derived from this software without-
27 * prior written permission. For written permission, please contact-
28 * licensing@OpenSSL.org.-
29 *-
30 * 5. Products derived from this software may not be called "OpenSSL"-
31 * nor may "OpenSSL" appear in their names without prior written-
32 * permission of the OpenSSL Project.-
33 *-
34 * 6. Redistributions of any form whatsoever must retain the following-
35 * acknowledgment:-
36 * "This product includes software developed by the OpenSSL Project-
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"-
38 *-
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
50 * OF THE POSSIBILITY OF SUCH DAMAGE.-
51 * ====================================================================-
52 *-
53 * This product includes cryptographic software written by Eric Young-
54 * (eay@cryptsoft.com). This product includes software written by Tim-
55 * Hudson (tjh@cryptsoft.com).-
56 *-
57 */-
58-
59#include <stdio.h>-
60-
61#include <openssl/err.h>-
62#include <openssl/pkcs12.h>-
63-
64static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,-
65 PKCS12_SAFEBAG *bag);-
66-
67static int-
68copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)-
69{-
70 int idx;-
71 X509_ATTRIBUTE *attr;-
72-
73 idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);-
74 if (idx < 0)
idx < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
75 return 1;
never executed: return 1;
0
76 attr = EVP_PKEY_get_attr(pkey, idx);-
77 if (!X509at_add1_attr(&bag->attrib, attr))
!X509at_add1_a...>attrib, attr)Description
TRUEnever evaluated
FALSEnever evaluated
0
78 return 0;
never executed: return 0;
0
79 return 1;
never executed: return 1;
0
80}-
81-
82PKCS12 *-
83PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,-
84 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,-
85 int keytype)-
86{-
87 PKCS12 *p12 = NULL;-
88 STACK_OF(PKCS7) *safes = NULL;-
89 STACK_OF(PKCS12_SAFEBAG) *bags = NULL;-
90 PKCS12_SAFEBAG *bag = NULL;-
91 int i;-
92 unsigned char keyid[EVP_MAX_MD_SIZE];-
93 unsigned int keyidlen = 0;-
94-
95 /* Set defaults */-
96 if (!nid_cert) {
!nid_certDescription
TRUEnever evaluated
FALSEnever evaluated
0
97 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;-
98 }
never executed: end of block
0
99 if (!nid_key)
!nid_keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
100 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
never executed: nid_key = 146;
0
101 if (!iter)
!iterDescription
TRUEnever evaluated
FALSEnever evaluated
0
102 iter = PKCS12_DEFAULT_ITER;
never executed: iter = 2048;
0
103 if (!mac_iter)
!mac_iterDescription
TRUEnever evaluated
FALSEnever evaluated
0
104 mac_iter = 1;
never executed: mac_iter = 1;
0
105-
106 if (!pkey && !cert && !ca) {
!pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
!certDescription
TRUEnever evaluated
FALSEnever evaluated
!caDescription
TRUEnever evaluated
FALSEnever evaluated
0
107 PKCS12error(PKCS12_R_INVALID_NULL_ARGUMENT);-
108 return NULL;
never executed: return ((void *)0) ;
0
109 }-
110-
111 if (pkey && cert) {
pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
certDescription
TRUEnever evaluated
FALSEnever evaluated
0
112 if (!X509_check_private_key(cert, pkey))
!X509_check_pr...ey(cert, pkey)Description
TRUEnever evaluated
FALSEnever evaluated
0
113 return NULL;
never executed: return ((void *)0) ;
0
114 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);-
115 }
never executed: end of block
0
116-
117 if (cert) {
certDescription
TRUEnever evaluated
FALSEnever evaluated
0
118 bag = PKCS12_add_cert(&bags, cert);-
119 if (name && !PKCS12_add_friendlyname(bag, name, -1))
nameDescription
TRUEnever evaluated
FALSEnever evaluated
!PKCS12_add_fr...bag, name, -1)Description
TRUEnever evaluated
FALSEnever evaluated
0
120 goto err;
never executed: goto err;
0
121 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
keyidlenDescription
TRUEnever evaluated
FALSEnever evaluated
!PKCS12_add_lo...yid, keyidlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
122 goto err;
never executed: goto err;
0
123 }
never executed: end of block
0
124-
125 /* Add all other certificates */-
126 for (i = 0; i < sk_X509_num(ca); i++) {
i < sk_num(((_..._st_X509*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
127 if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
!PKCS12_add_ce...9*)0)), (i))))Description
TRUEnever evaluated
FALSEnever evaluated
0
128 goto err;
never executed: goto err;
0
129 }
never executed: end of block
0
130-
131 if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
bagsDescription
TRUEnever evaluated
FALSEnever evaluated
!PKCS12_add_sa...t, iter, pass)Description
TRUEnever evaluated
FALSEnever evaluated
0
132 goto err;
never executed: goto err;
0
133-
134 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
135 bags = NULL;-
136-
137 if (pkey) {
pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
138 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);-
139-
140 if (!bag)
!bagDescription
TRUEnever evaluated
FALSEnever evaluated
0
141 goto err;
never executed: goto err;
0
142-
143 if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
!copy_bag_attr(bag, pkey, 417)Description
TRUEnever evaluated
FALSEnever evaluated
0
144 goto err;
never executed: goto err;
0
145 if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
!copy_bag_attr(bag, pkey, 856)Description
TRUEnever evaluated
FALSEnever evaluated
0
146 goto err;
never executed: goto err;
0
147-
148 if (name && !PKCS12_add_friendlyname(bag, name, -1))
nameDescription
TRUEnever evaluated
FALSEnever evaluated
!PKCS12_add_fr...bag, name, -1)Description
TRUEnever evaluated
FALSEnever evaluated
0
149 goto err;
never executed: goto err;
0
150 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
keyidlenDescription
TRUEnever evaluated
FALSEnever evaluated
!PKCS12_add_lo...yid, keyidlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
151 goto err;
never executed: goto err;
0
152 }
never executed: end of block
0
153-
154 if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
bagsDescription
TRUEnever evaluated
FALSEnever evaluated
!PKCS12_add_sa... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
155 goto err;
never executed: goto err;
0
156-
157 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
158 bags = NULL;-
159-
160 p12 = PKCS12_add_safes(safes, 0);-
161-
162 if (!p12)
!p12Description
TRUEnever evaluated
FALSEnever evaluated
0
163 goto err;
never executed: goto err;
0
164-
165 sk_PKCS7_pop_free(safes, PKCS7_free);-
166-
167 safes = NULL;-
168-
169 if ((mac_iter != -1) &&
(mac_iter != -1)Description
TRUEnever evaluated
FALSEnever evaluated
0
170 !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
!PKCS12_set_ma... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
171 goto err;
never executed: goto err;
0
172-
173 return p12;
never executed: return p12;
0
174-
175err:-
176 if (p12)
p12Description
TRUEnever evaluated
FALSEnever evaluated
0
177 PKCS12_free(p12);
never executed: PKCS12_free(p12);
0
178 if (safes)
safesDescription
TRUEnever evaluated
FALSEnever evaluated
0
179 sk_PKCS7_pop_free(safes, PKCS7_free);
never executed: sk_pop_free(((_STACK*) (1 ? (safes) : (struct stack_st_PKCS7*)0)), ((void (*)(void *)) ((1 ? (PKCS7_free) : (void (*)(PKCS7 *))0))));
0
180 if (bags)
bagsDescription
TRUEnever evaluated
FALSEnever evaluated
0
181 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
never executed: sk_pop_free(((_STACK*) (1 ? (bags) : (struct stack_st_PKCS12_SAFEBAG*)0)), ((void (*)(void *)) ((1 ? (PKCS12_SAFEBAG_free) : (void (*)(PKCS12_SAFEBAG *))0))));
0
182 return NULL;
never executed: return ((void *)0) ;
0
183}-
184-
185PKCS12_SAFEBAG *-
186PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)-
187{-
188 PKCS12_SAFEBAG *bag = NULL;-
189 char *name;-
190 int namelen = -1;-
191 unsigned char *keyid;-
192 int keyidlen = -1;-
193-
194 /* Add user certificate */-
195 if (!(bag = PKCS12_x5092certbag(cert)))
!(bag = PKCS12...certbag(cert))Description
TRUEnever evaluated
FALSEnever evaluated
0
196 goto err;
never executed: goto err;
0
197-
198 /* Use friendlyName and localKeyID in certificate.-
199 * (if present)-
200 */-
201 name = (char *)X509_alias_get0(cert, &namelen);-
202 if (name && !PKCS12_add_friendlyname(bag, name, namelen))
nameDescription
TRUEnever evaluated
FALSEnever evaluated
!PKCS12_add_fr...name, namelen)Description
TRUEnever evaluated
FALSEnever evaluated
0
203 goto err;
never executed: goto err;
0
204-
205 keyid = X509_keyid_get0(cert, &keyidlen);-
206-
207 if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
keyidDescription
TRUEnever evaluated
FALSEnever evaluated
!PKCS12_add_lo...yid, keyidlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
208 goto err;
never executed: goto err;
0
209-
210 if (!pkcs12_add_bag(pbags, bag))
!pkcs12_add_bag(pbags, bag)Description
TRUEnever evaluated
FALSEnever evaluated
0
211 goto err;
never executed: goto err;
0
212-
213 return bag;
never executed: return bag;
0
214-
215err:-
216 if (bag)
bagDescription
TRUEnever evaluated
FALSEnever evaluated
0
217 PKCS12_SAFEBAG_free(bag);
never executed: PKCS12_SAFEBAG_free(bag);
0
218-
219 return NULL;
never executed: return ((void *)0) ;
0
220}-
221-
222PKCS12_SAFEBAG *-
223PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,-
224 int iter, int nid_key, const char *pass)-
225{-
226 PKCS12_SAFEBAG *bag = NULL;-
227 PKCS8_PRIV_KEY_INFO *p8 = NULL;-
228-
229 /* Make a PKCS#8 structure */-
230 if (!(p8 = EVP_PKEY2PKCS8(key)))
!(p8 = EVP_PKEY2PKCS8(key))Description
TRUEnever evaluated
FALSEnever evaluated
0
231 goto err;
never executed: goto err;
0
232 if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
key_usageDescription
TRUEnever evaluated
FALSEnever evaluated
!PKCS8_add_key...p8, key_usage)Description
TRUEnever evaluated
FALSEnever evaluated
0
233 goto err;
never executed: goto err;
0
234 if (nid_key != -1) {
nid_key != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
235 bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0,-
236 iter, p8);-
237 PKCS8_PRIV_KEY_INFO_free(p8);-
238 p8 = NULL;-
239 } else {
never executed: end of block
0
240 bag = PKCS12_MAKE_KEYBAG(p8);-
241 if (bag != NULL)
bag != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
242 p8 = NULL;
never executed: p8 = ((void *)0) ;
0
243 }
never executed: end of block
0
244-
245 if (!bag)
!bagDescription
TRUEnever evaluated
FALSEnever evaluated
0
246 goto err;
never executed: goto err;
0
247-
248 if (!pkcs12_add_bag(pbags, bag))
!pkcs12_add_bag(pbags, bag)Description
TRUEnever evaluated
FALSEnever evaluated
0
249 goto err;
never executed: goto err;
0
250-
251 return bag;
never executed: return bag;
0
252-
253err:-
254 if (bag)
bagDescription
TRUEnever evaluated
FALSEnever evaluated
0
255 PKCS12_SAFEBAG_free(bag);
never executed: PKCS12_SAFEBAG_free(bag);
0
256 if (p8)
p8Description
TRUEnever evaluated
FALSEnever evaluated
0
257 PKCS8_PRIV_KEY_INFO_free(p8);
never executed: PKCS8_PRIV_KEY_INFO_free(p8);
0
258-
259 return NULL;
never executed: return ((void *)0) ;
0
260}-
261-
262int-
263PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,-
264 int nid_safe, int iter, const char *pass)-
265{-
266 PKCS7 *p7 = NULL;-
267 int free_safes = 0;-
268-
269 if (!*psafes) {
!*psafesDescription
TRUEnever evaluated
FALSEnever evaluated
0
270 *psafes = sk_PKCS7_new_null();-
271 if (!*psafes)
!*psafesDescription
TRUEnever evaluated
FALSEnever evaluated
0
272 return 0;
never executed: return 0;
0
273 free_safes = 1;-
274 } else
never executed: end of block
0
275 free_safes = 0;
never executed: free_safes = 0;
0
276-
277 if (nid_safe == 0)
nid_safe == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
278 nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
never executed: nid_safe = 149;
0
279-
280 if (nid_safe == -1)
nid_safe == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
281 p7 = PKCS12_pack_p7data(bags);
never executed: p7 = PKCS12_pack_p7data(bags);
0
282 else-
283 p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
never executed: p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, ((void *)0) , 0, iter, bags);
0
284 iter, bags);
never executed: p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, ((void *)0) , 0, iter, bags);
0
285 if (!p7)
!p7Description
TRUEnever evaluated
FALSEnever evaluated
0
286 goto err;
never executed: goto err;
0
287-
288 if (!sk_PKCS7_push(*psafes, p7))
!sk_push(((_ST...: (PKCS7*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
289 goto err;
never executed: goto err;
0
290-
291 return 1;
never executed: return 1;
0
292-
293err:-
294 if (free_safes) {
free_safesDescription
TRUEnever evaluated
FALSEnever evaluated
0
295 sk_PKCS7_free(*psafes);-
296 *psafes = NULL;-
297 }
never executed: end of block
0
298-
299 if (p7)
p7Description
TRUEnever evaluated
FALSEnever evaluated
0
300 PKCS7_free(p7);
never executed: PKCS7_free(p7);
0
301-
302 return 0;
never executed: return 0;
0
303}-
304-
305static int-
306pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)-
307{-
308 int free_bags;-
309-
310 if (!pbags)
!pbagsDescription
TRUEnever evaluated
FALSEnever evaluated
0
311 return 1;
never executed: return 1;
0
312 if (!*pbags) {
!*pbagsDescription
TRUEnever evaluated
FALSEnever evaluated
0
313 *pbags = sk_PKCS12_SAFEBAG_new_null();-
314 if (!*pbags)
!*pbagsDescription
TRUEnever evaluated
FALSEnever evaluated
0
315 return 0;
never executed: return 0;
0
316 free_bags = 1;-
317 } else
never executed: end of block
0
318 free_bags = 0;
never executed: free_bags = 0;
0
319-
320 if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
!sk_push(((_ST..._SAFEBAG*)0)))Description
TRUEnever evaluated
FALSEnever evaluated
0
321 if (free_bags) {
free_bagsDescription
TRUEnever evaluated
FALSEnever evaluated
0
322 sk_PKCS12_SAFEBAG_free(*pbags);-
323 *pbags = NULL;-
324 }
never executed: end of block
0
325 return 0;
never executed: return 0;
0
326 }-
327-
328 return 1;
never executed: return 1;
0
329}-
330-
331PKCS12 *-
332PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)-
333{-
334 PKCS12 *p12;-
335-
336 if (nid_p7 <= 0)
nid_p7 <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
337 nid_p7 = NID_pkcs7_data;
never executed: nid_p7 = 21;
0
338 p12 = PKCS12_init(nid_p7);-
339-
340 if (!p12)
!p12Description
TRUEnever evaluated
FALSEnever evaluated
0
341 return NULL;
never executed: return ((void *)0) ;
0
342-
343 if (!PKCS12_pack_authsafes(p12, safes)) {
!PKCS12_pack_a...es(p12, safes)Description
TRUEnever evaluated
FALSEnever evaluated
0
344 PKCS12_free(p12);-
345 return NULL;
never executed: return ((void *)0) ;
0
346 }-
347-
348 return p12;
never executed: return p12;
0
349}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2