Absolute File Name: | /home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/pkcs12/p12_add.c |
Source code | Switch to Preprocessed file |
Line | Source | Count | ||||||
---|---|---|---|---|---|---|---|---|
1 | /* $OpenBSD: p12_add.c,v 1.17 2018/05/13 14:24:07 tb Exp $ */ | - | ||||||
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | - | ||||||
3 | * project 1999. | - | ||||||
4 | */ | - | ||||||
5 | /* ==================================================================== | - | ||||||
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | - | ||||||
7 | * | - | ||||||
8 | * Redistribution and use in source and binary forms, with or without | - | ||||||
9 | * modification, are permitted provided that the following conditions | - | ||||||
10 | * are met: | - | ||||||
11 | * | - | ||||||
12 | * 1. Redistributions of source code must retain the above copyright | - | ||||||
13 | * notice, this list of conditions and the following disclaimer. | - | ||||||
14 | * | - | ||||||
15 | * 2. Redistributions in binary form must reproduce the above copyright | - | ||||||
16 | * notice, this list of conditions and the following disclaimer in | - | ||||||
17 | * the documentation and/or other materials provided with the | - | ||||||
18 | * distribution. | - | ||||||
19 | * | - | ||||||
20 | * 3. All advertising materials mentioning features or use of this | - | ||||||
21 | * software must display the following acknowledgment: | - | ||||||
22 | * "This product includes software developed by the OpenSSL Project | - | ||||||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | - | ||||||
24 | * | - | ||||||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | - | ||||||
26 | * endorse or promote products derived from this software without | - | ||||||
27 | * prior written permission. For written permission, please contact | - | ||||||
28 | * licensing@OpenSSL.org. | - | ||||||
29 | * | - | ||||||
30 | * 5. Products derived from this software may not be called "OpenSSL" | - | ||||||
31 | * nor may "OpenSSL" appear in their names without prior written | - | ||||||
32 | * permission of the OpenSSL Project. | - | ||||||
33 | * | - | ||||||
34 | * 6. Redistributions of any form whatsoever must retain the following | - | ||||||
35 | * acknowledgment: | - | ||||||
36 | * "This product includes software developed by the OpenSSL Project | - | ||||||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | - | ||||||
38 | * | - | ||||||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | - | ||||||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | - | ||||||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | - | ||||||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | - | ||||||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | - | ||||||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | - | ||||||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | - | ||||||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | - | ||||||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | - | ||||||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | - | ||||||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | - | ||||||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | - | ||||||
51 | * ==================================================================== | - | ||||||
52 | * | - | ||||||
53 | * This product includes cryptographic software written by Eric Young | - | ||||||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | - | ||||||
55 | * Hudson (tjh@cryptsoft.com). | - | ||||||
56 | * | - | ||||||
57 | */ | - | ||||||
58 | - | |||||||
59 | #include <stdio.h> | - | ||||||
60 | - | |||||||
61 | #include <openssl/err.h> | - | ||||||
62 | #include <openssl/pkcs12.h> | - | ||||||
63 | - | |||||||
64 | /* Pack an object into an OCTET STRING and turn into a safebag */ | - | ||||||
65 | - | |||||||
66 | PKCS12_SAFEBAG * | - | ||||||
67 | PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2) | - | ||||||
68 | { | - | ||||||
69 | PKCS12_BAGS *bag; | - | ||||||
70 | PKCS12_SAFEBAG *safebag; | - | ||||||
71 | - | |||||||
72 | if (!(bag = PKCS12_BAGS_new())) {
| 0 | ||||||
73 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
74 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
75 | } | - | ||||||
76 | bag->type = OBJ_nid2obj(nid1); | - | ||||||
77 | if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
| 0 | ||||||
78 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
79 | PKCS12_BAGS_free(bag); | - | ||||||
80 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
81 | } | - | ||||||
82 | if (!(safebag = PKCS12_SAFEBAG_new())) {
| 0 | ||||||
83 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
84 | PKCS12_BAGS_free(bag); | - | ||||||
85 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
86 | } | - | ||||||
87 | safebag->value.bag = bag; | - | ||||||
88 | safebag->type = OBJ_nid2obj(nid2); | - | ||||||
89 | return safebag; never executed: return safebag; | 0 | ||||||
90 | } | - | ||||||
91 | - | |||||||
92 | /* Turn PKCS8 object into a keybag */ | - | ||||||
93 | - | |||||||
94 | PKCS12_SAFEBAG * | - | ||||||
95 | PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) | - | ||||||
96 | { | - | ||||||
97 | PKCS12_SAFEBAG *bag; | - | ||||||
98 | - | |||||||
99 | if (!(bag = PKCS12_SAFEBAG_new())) {
| 0 | ||||||
100 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
101 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
102 | } | - | ||||||
103 | bag->type = OBJ_nid2obj(NID_keyBag); | - | ||||||
104 | bag->value.keybag = p8; | - | ||||||
105 | return bag; never executed: return bag; | 0 | ||||||
106 | } | - | ||||||
107 | - | |||||||
108 | /* Turn PKCS8 object into a shrouded keybag */ | - | ||||||
109 | - | |||||||
110 | PKCS12_SAFEBAG * | - | ||||||
111 | PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen, | - | ||||||
112 | unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8) | - | ||||||
113 | { | - | ||||||
114 | PKCS12_SAFEBAG *bag; | - | ||||||
115 | const EVP_CIPHER *pbe_ciph; | - | ||||||
116 | - | |||||||
117 | /* Set up the safe bag */ | - | ||||||
118 | if (!(bag = PKCS12_SAFEBAG_new())) {
| 0 | ||||||
119 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
120 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
121 | } | - | ||||||
122 | - | |||||||
123 | bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); | - | ||||||
124 | - | |||||||
125 | pbe_ciph = EVP_get_cipherbynid(pbe_nid); | - | ||||||
126 | - | |||||||
127 | if (pbe_ciph)
| 0 | ||||||
128 | pbe_nid = -1; never executed: pbe_nid = -1; | 0 | ||||||
129 | - | |||||||
130 | if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
| 0 | ||||||
131 | passlen, salt, saltlen, iter, p8))) {
| 0 | ||||||
132 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
133 | PKCS12_SAFEBAG_free(bag); | - | ||||||
134 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
135 | } | - | ||||||
136 | - | |||||||
137 | return bag; never executed: return bag; | 0 | ||||||
138 | } | - | ||||||
139 | - | |||||||
140 | /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ | - | ||||||
141 | PKCS7 * | - | ||||||
142 | PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) | - | ||||||
143 | { | - | ||||||
144 | PKCS7 *p7; | - | ||||||
145 | - | |||||||
146 | if (!(p7 = PKCS7_new())) {
| 0 | ||||||
147 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
148 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
149 | } | - | ||||||
150 | p7->type = OBJ_nid2obj(NID_pkcs7_data); | - | ||||||
151 | if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
| 0 | ||||||
152 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
153 | goto err; never executed: goto err; | 0 | ||||||
154 | } | - | ||||||
155 | - | |||||||
156 | if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) {
| 0 | ||||||
157 | PKCS12error(PKCS12_R_CANT_PACK_STRUCTURE); | - | ||||||
158 | goto err; never executed: goto err; | 0 | ||||||
159 | } | - | ||||||
160 | return p7; never executed: return p7; | 0 | ||||||
161 | - | |||||||
162 | err: | - | ||||||
163 | PKCS7_free(p7); | - | ||||||
164 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
165 | } | - | ||||||
166 | - | |||||||
167 | /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ | - | ||||||
168 | STACK_OF(PKCS12_SAFEBAG) * | - | ||||||
169 | PKCS12_unpack_p7data(PKCS7 *p7) | - | ||||||
170 | { | - | ||||||
171 | if (!PKCS7_type_is_data(p7)) {
| 0 | ||||||
172 | PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); | - | ||||||
173 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
174 | } | - | ||||||
175 | return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it); never executed: return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it); | 0 | ||||||
176 | } | - | ||||||
177 | - | |||||||
178 | /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ | - | ||||||
179 | - | |||||||
180 | PKCS7 * | - | ||||||
181 | PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, | - | ||||||
182 | unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags) | - | ||||||
183 | { | - | ||||||
184 | PKCS7 *p7; | - | ||||||
185 | X509_ALGOR *pbe; | - | ||||||
186 | const EVP_CIPHER *pbe_ciph; | - | ||||||
187 | - | |||||||
188 | if (!(p7 = PKCS7_new())) {
| 0 | ||||||
189 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
190 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
191 | } | - | ||||||
192 | if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
| 0 | ||||||
193 | PKCS12error(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); | - | ||||||
194 | goto err; never executed: goto err; | 0 | ||||||
195 | } | - | ||||||
196 | - | |||||||
197 | pbe_ciph = EVP_get_cipherbynid(pbe_nid); | - | ||||||
198 | - | |||||||
199 | if (pbe_ciph)
| 0 | ||||||
200 | pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen); never executed: pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen); | 0 | ||||||
201 | else | - | ||||||
202 | pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); never executed: pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); | 0 | ||||||
203 | - | |||||||
204 | if (!pbe) {
| 0 | ||||||
205 | PKCS12error(ERR_R_MALLOC_FAILURE); | - | ||||||
206 | goto err; never executed: goto err; | 0 | ||||||
207 | } | - | ||||||
208 | X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); | - | ||||||
209 | p7->d.encrypted->enc_data->algorithm = pbe; | - | ||||||
210 | ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); | - | ||||||
211 | if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
| 0 | ||||||
212 | pbe, &PKCS12_SAFEBAGS_it, pass, passlen, bags, 1))) {
| 0 | ||||||
213 | PKCS12error(PKCS12_R_ENCRYPT_ERROR); | - | ||||||
214 | goto err; never executed: goto err; | 0 | ||||||
215 | } | - | ||||||
216 | - | |||||||
217 | return p7; never executed: return p7; | 0 | ||||||
218 | - | |||||||
219 | err: | - | ||||||
220 | PKCS7_free(p7); | - | ||||||
221 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
222 | } | - | ||||||
223 | - | |||||||
224 | STACK_OF(PKCS12_SAFEBAG) * | - | ||||||
225 | PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) | - | ||||||
226 | { | - | ||||||
227 | if (!PKCS7_type_is_encrypted(p7))
| 0 | ||||||
228 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
229 | return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, never executed: return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, &PKCS12_SAFEBAGS_it, pass, passlen, p7->d.encrypted->enc_data->enc_data, 1); | 0 | ||||||
230 | &PKCS12_SAFEBAGS_it, pass, passlen, never executed: return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, &PKCS12_SAFEBAGS_it, pass, passlen, p7->d.encrypted->enc_data->enc_data, 1); | 0 | ||||||
231 | p7->d.encrypted->enc_data->enc_data, 1); never executed: return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, &PKCS12_SAFEBAGS_it, pass, passlen, p7->d.encrypted->enc_data->enc_data, 1); | 0 | ||||||
232 | } | - | ||||||
233 | - | |||||||
234 | PKCS8_PRIV_KEY_INFO * | - | ||||||
235 | PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, const char *pass, int passlen) | - | ||||||
236 | { | - | ||||||
237 | return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); never executed: return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); | 0 | ||||||
238 | } | - | ||||||
239 | - | |||||||
240 | int | - | ||||||
241 | PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) | - | ||||||
242 | { | - | ||||||
243 | if (ASN1_item_pack(safes, &PKCS12_AUTHSAFES_it,
| 0 | ||||||
244 | &p12->authsafes->d.data))
| 0 | ||||||
245 | return 1; never executed: return 1; | 0 | ||||||
246 | return 0; never executed: return 0; | 0 | ||||||
247 | } | - | ||||||
248 | - | |||||||
249 | STACK_OF(PKCS7) * | - | ||||||
250 | PKCS12_unpack_authsafes(const PKCS12 *p12) | - | ||||||
251 | { | - | ||||||
252 | if (!PKCS7_type_is_data(p12->authsafes)) {
| 0 | ||||||
253 | PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); | - | ||||||
254 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
255 | } | - | ||||||
256 | return ASN1_item_unpack(p12->authsafes->d.data, never executed: return ASN1_item_unpack(p12->authsafes->d.data, &PKCS12_AUTHSAFES_it); | 0 | ||||||
257 | &PKCS12_AUTHSAFES_it); never executed: return ASN1_item_unpack(p12->authsafes->d.data, &PKCS12_AUTHSAFES_it); | 0 | ||||||
258 | } | - | ||||||
Source code | Switch to Preprocessed file |