OpenCoverage

p12_npas.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/pkcs12/p12_npas.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#include <stdio.h>-
11#include <stdlib.h>-
12#include <string.h>-
13#include <openssl/pem.h>-
14#include <openssl/err.h>-
15#include <openssl/pkcs12.h>-
16#include "p12_lcl.h"-
17-
18/* PKCS#12 password change routine */-
19-
20static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);-
21static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,-
22 const char *newpass);-
23static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,-
24 const char *newpass);-
25static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,-
26 int *psaltlen);-
27-
28/*-
29 * Change the password on a PKCS#12 structure.-
30 */-
31-
32int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)-
33{-
34 /* Check for NULL PKCS12 structure */-
35-
36 if (!p12) {
!p12Description
TRUEnever evaluated
FALSEnever evaluated
0
37 PKCS12err(PKCS12_F_PKCS12_NEWPASS,-
38 PKCS12_R_INVALID_NULL_PKCS12_POINTER);-
39 return 0;
never executed: return 0;
0
40 }-
41-
42 /* Check the mac */-
43-
44 if (!PKCS12_verify_mac(p12, oldpass, -1)) {
!PKCS12_verify..., oldpass, -1)Description
TRUEnever evaluated
FALSEnever evaluated
0
45 PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);-
46 return 0;
never executed: return 0;
0
47 }-
48-
49 if (!newpass_p12(p12, oldpass, newpass)) {
!newpass_p12(p...pass, newpass)Description
TRUEnever evaluated
FALSEnever evaluated
0
50 PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);-
51 return 0;
never executed: return 0;
0
52 }-
53-
54 return 1;
never executed: return 1;
0
55}-
56-
57/* Parse the outer PKCS#12 structure */-
58-
59static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)-
60{-
61 STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;-
62 STACK_OF(PKCS12_SAFEBAG) *bags = NULL;-
63 int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;-
64 PKCS7 *p7, *p7new;-
65 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;-
66 unsigned char mac[EVP_MAX_MD_SIZE];-
67 unsigned int maclen;-
68 int rv = 0;-
69-
70 if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
(asafes = PKCS...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
71 goto err;
never executed: goto err;
0
72 if ((newsafes = sk_PKCS7_new_null()) == NULL)
(newsafes = sk...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
73 goto err;
never executed: goto err;
0
74 for (i = 0; i < sk_PKCS7_num(asafes); i++) {
i < sk_PKCS7_num(asafes)Description
TRUEnever evaluated
FALSEnever evaluated
0
75 p7 = sk_PKCS7_value(asafes, i);-
76 bagnid = OBJ_obj2nid(p7->type);-
77 if (bagnid == NID_pkcs7_data) {
bagnid == 21Description
TRUEnever evaluated
FALSEnever evaluated
0
78 bags = PKCS12_unpack_p7data(p7);-
79 } else if (bagnid == NID_pkcs7_encrypted) {
never executed: end of block
bagnid == 26Description
TRUEnever evaluated
FALSEnever evaluated
0
80 bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);-
81 if (!alg_get(p7->d.encrypted->enc_data->algorithm,
!alg_get(p7->d... &pbe_saltlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
82 &pbe_nid, &pbe_iter, &pbe_saltlen))
!alg_get(p7->d... &pbe_saltlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
83 goto err;
never executed: goto err;
0
84 } else {
never executed: end of block
0
85 continue;
never executed: continue;
0
86 }-
87 if (bags == NULL)
bags == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
88 goto err;
never executed: goto err;
0
89 if (!newpass_bags(bags, oldpass, newpass))
!newpass_bags(...pass, newpass)Description
TRUEnever evaluated
FALSEnever evaluated
0
90 goto err;
never executed: goto err;
0
91 /* Repack bag in same form with new password */-
92 if (bagnid == NID_pkcs7_data)
bagnid == 21Description
TRUEnever evaluated
FALSEnever evaluated
0
93 p7new = PKCS12_pack_p7data(bags);
never executed: p7new = PKCS12_pack_p7data(bags);
0
94 else-
95 p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
never executed: p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, ((void *)0) , pbe_saltlen, pbe_iter, bags);
0
96 pbe_saltlen, pbe_iter, bags);
never executed: p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, ((void *)0) , pbe_saltlen, pbe_iter, bags);
0
97 if (!p7new || !sk_PKCS7_push(newsafes, p7new))
!p7newDescription
TRUEnever evaluated
FALSEnever evaluated
!sk_PKCS7_push...wsafes, p7new)Description
TRUEnever evaluated
FALSEnever evaluated
0
98 goto err;
never executed: goto err;
0
99 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
100 bags = NULL;-
101 }
never executed: end of block
0
102-
103 /* Repack safe: save old safe in case of error */-
104-
105 p12_data_tmp = p12->authsafes->d.data;-
106 if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
(p12->authsafe...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
107 goto err;
never executed: goto err;
0
108 if (!PKCS12_pack_authsafes(p12, newsafes))
!PKCS12_pack_a...p12, newsafes)Description
TRUEnever evaluated
FALSEnever evaluated
0
109 goto err;
never executed: goto err;
0
110-
111 if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
!PKCS12_gen_ma... mac, &maclen)Description
TRUEnever evaluated
FALSEnever evaluated
0
112 goto err;
never executed: goto err;
0
113 X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);-
114 if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
!ASN1_OCTET_ST..., mac, maclen)Description
TRUEnever evaluated
FALSEnever evaluated
0
115 goto err;
never executed: goto err;
0
116-
117 rv = 1;-
118-
119err:
code before this statement never executed: err:
0
120 /* Restore old safe if necessary */-
121 if (rv == 1) {
rv == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
122 ASN1_OCTET_STRING_free(p12_data_tmp);-
123 } else if (p12_data_tmp != NULL) {
never executed: end of block
p12_data_tmp != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
124 ASN1_OCTET_STRING_free(p12->authsafes->d.data);-
125 p12->authsafes->d.data = p12_data_tmp;-
126 }
never executed: end of block
0
127 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
128 sk_PKCS7_pop_free(asafes, PKCS7_free);-
129 sk_PKCS7_pop_free(newsafes, PKCS7_free);-
130 return rv;
never executed: return rv;
0
131}-
132-
133static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,-
134 const char *newpass)-
135{-
136 int i;-
137 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
i < sk_PKCS12_...EBAG_num(bags)Description
TRUEnever evaluated
FALSEnever evaluated
0
138 if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass))
!newpass_bag(s...pass, newpass)Description
TRUEnever evaluated
FALSEnever evaluated
0
139 return 0;
never executed: return 0;
0
140 }
never executed: end of block
0
141 return 1;
never executed: return 1;
0
142}-
143-
144/* Change password of safebag: only needs handle shrouded keybags */-
145-
146static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,-
147 const char *newpass)-
148{-
149 PKCS8_PRIV_KEY_INFO *p8;-
150 X509_SIG *p8new;-
151 int p8_nid, p8_saltlen, p8_iter;-
152 const X509_ALGOR *shalg;-
153-
154 if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
PKCS12_SAFEBAG...id(bag) != 151Description
TRUEnever evaluated
FALSEnever evaluated
0
155 return 1;
never executed: return 1;
0
156-
157 if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
(p8 = PKCS8_de...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
158 return 0;
never executed: return 0;
0
159 X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);-
160 if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
!alg_get(shalg..., &p8_saltlen)Description
TRUEnever evaluated
FALSEnever evaluated
0
161 return 0;
never executed: return 0;
0
162 p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,-
163 p8_iter, p8);-
164 PKCS8_PRIV_KEY_INFO_free(p8);-
165 if (p8new == NULL)
p8new == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
166 return 0;
never executed: return 0;
0
167 X509_SIG_free(bag->value.shkeybag);-
168 bag->value.shkeybag = p8new;-
169 return 1;
never executed: return 1;
0
170}-
171-
172static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,-
173 int *psaltlen)-
174{-
175 PBEPARAM *pbe;-
176 pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);-
177 if (!pbe)
!pbeDescription
TRUEnever evaluated
FALSEnever evaluated
0
178 return 0;
never executed: return 0;
0
179 *pnid = OBJ_obj2nid(alg->algorithm);-
180 *piter = ASN1_INTEGER_get(pbe->iter);-
181 *psaltlen = pbe->salt->length;-
182 PBEPARAM_free(pbe);-
183 return 1;
never executed: return 1;
0
184}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2