OpenCoverage

p12_kiss.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/pkcs12/p12_kiss.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#include <stdio.h>-
11#include "internal/cryptlib.h"-
12#include <openssl/pkcs12.h>-
13-
14/* Simplified PKCS#12 routines */-
15-
16static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,-
17 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);-
18-
19static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,-
20 int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);-
21-
22static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,-
23 EVP_PKEY **pkey, STACK_OF(X509) *ocerts);-
24-
25/*-
26 * Parse and decrypt a PKCS#12 structure returning user key, user cert and-
27 * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it-
28 * should point to a valid STACK structure. pkey and cert can be passed-
29 * uninitialised.-
30 */-
31-
32int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,-
33 STACK_OF(X509) **ca)-
34{-
35 STACK_OF(X509) *ocerts = NULL;-
36 X509 *x = NULL;-
37-
38 if (pkey)
pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
39 *pkey = NULL;
never executed: *pkey = ((void *)0) ;
0
40 if (cert)
certDescription
TRUEnever evaluated
FALSEnever evaluated
0
41 *cert = NULL;
never executed: *cert = ((void *)0) ;
0
42-
43 /* Check for NULL PKCS12 structure */-
44-
45 if (!p12) {
!p12Description
TRUEnever evaluated
FALSEnever evaluated
0
46 PKCS12err(PKCS12_F_PKCS12_PARSE,-
47 PKCS12_R_INVALID_NULL_PKCS12_POINTER);-
48 return 0;
never executed: return 0;
0
49 }-
50-
51 /* Check the mac */-
52-
53 /*-
54 * If password is zero length or NULL then try verifying both cases to-
55 * determine which password is correct. The reason for this is that under-
56 * PKCS#12 password based encryption no password and a zero length-
57 * password are two different things...-
58 */-
59-
60 if (!pass || !*pass) {
!passDescription
TRUEnever evaluated
FALSEnever evaluated
!*passDescription
TRUEnever evaluated
FALSEnever evaluated
0
61 if (PKCS12_verify_mac(p12, NULL, 0))
PKCS12_verify_...void *)0) , 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
62 pass = NULL;
never executed: pass = ((void *)0) ;
0
63 else if (PKCS12_verify_mac(p12, "", 0))
PKCS12_verify_mac(p12, "", 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
64 pass = "";
never executed: pass = "";
0
65 else {-
66 PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);-
67 goto err;
never executed: goto err;
0
68 }-
69 } else if (!PKCS12_verify_mac(p12, pass, -1)) {
!PKCS12_verify...p12, pass, -1)Description
TRUEnever evaluated
FALSEnever evaluated
0
70 PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);-
71 goto err;
never executed: goto err;
0
72 }-
73-
74 /* Allocate stack for other certificates */-
75 ocerts = sk_X509_new_null();-
76-
77 if (!ocerts) {
!ocertsDescription
TRUEnever evaluated
FALSEnever evaluated
0
78 PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);-
79 goto err;
never executed: goto err;
0
80 }-
81-
82 if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
!parse_pk12(p1... pkey, ocerts)Description
TRUEnever evaluated
FALSEnever evaluated
0
83 PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);-
84 goto err;
never executed: goto err;
0
85 }-
86-
87 while ((x = sk_X509_pop(ocerts))) {
(x = sk_X509_pop(ocerts))Description
TRUEnever evaluated
FALSEnever evaluated
0
88 if (pkey && *pkey && cert && !*cert) {
pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
*pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
certDescription
TRUEnever evaluated
FALSEnever evaluated
!*certDescription
TRUEnever evaluated
FALSEnever evaluated
0
89 ERR_set_mark();-
90 if (X509_check_private_key(x, *pkey)) {
X509_check_pri..._key(x, *pkey)Description
TRUEnever evaluated
FALSEnever evaluated
0
91 *cert = x;-
92 x = NULL;-
93 }
never executed: end of block
0
94 ERR_pop_to_mark();-
95 }
never executed: end of block
0
96-
97 if (ca && x) {
caDescription
TRUEnever evaluated
FALSEnever evaluated
xDescription
TRUEnever evaluated
FALSEnever evaluated
0
98 if (!*ca)
!*caDescription
TRUEnever evaluated
FALSEnever evaluated
0
99 *ca = sk_X509_new_null();
never executed: *ca = sk_X509_new_null();
0
100 if (!*ca)
!*caDescription
TRUEnever evaluated
FALSEnever evaluated
0
101 goto err;
never executed: goto err;
0
102 if (!sk_X509_push(*ca, x))
!sk_X509_push(*ca, x)Description
TRUEnever evaluated
FALSEnever evaluated
0
103 goto err;
never executed: goto err;
0
104 x = NULL;-
105 }
never executed: end of block
0
106 X509_free(x);-
107 }
never executed: end of block
0
108-
109 sk_X509_pop_free(ocerts, X509_free);-
110-
111 return 1;
never executed: return 1;
0
112-
113 err:-
114-
115 if (pkey) {
pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
116 EVP_PKEY_free(*pkey);-
117 *pkey = NULL;-
118 }
never executed: end of block
0
119 if (cert) {
certDescription
TRUEnever evaluated
FALSEnever evaluated
0
120 X509_free(*cert);-
121 *cert = NULL;-
122 }
never executed: end of block
0
123 X509_free(x);-
124 sk_X509_pop_free(ocerts, X509_free);-
125 return 0;
never executed: return 0;
0
126-
127}-
128-
129/* Parse the outer PKCS#12 structure */-
130-
131static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,-
132 EVP_PKEY **pkey, STACK_OF(X509) *ocerts)-
133{-
134 STACK_OF(PKCS7) *asafes;-
135 STACK_OF(PKCS12_SAFEBAG) *bags;-
136 int i, bagnid;-
137 PKCS7 *p7;-
138-
139 if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
(asafes = PKCS...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
140 return 0;
never executed: return 0;
0
141 for (i = 0; i < sk_PKCS7_num(asafes); i++) {
i < sk_PKCS7_num(asafes)Description
TRUEnever evaluated
FALSEnever evaluated
0
142 p7 = sk_PKCS7_value(asafes, i);-
143 bagnid = OBJ_obj2nid(p7->type);-
144 if (bagnid == NID_pkcs7_data) {
bagnid == 21Description
TRUEnever evaluated
FALSEnever evaluated
0
145 bags = PKCS12_unpack_p7data(p7);-
146 } else if (bagnid == NID_pkcs7_encrypted) {
never executed: end of block
bagnid == 26Description
TRUEnever evaluated
FALSEnever evaluated
0
147 bags = PKCS12_unpack_p7encdata(p7, pass, passlen);-
148 } else
never executed: end of block
0
149 continue;
never executed: continue;
0
150 if (!bags) {
!bagsDescription
TRUEnever evaluated
FALSEnever evaluated
0
151 sk_PKCS7_pop_free(asafes, PKCS7_free);-
152 return 0;
never executed: return 0;
0
153 }-
154 if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
!parse_bags(ba... pkey, ocerts)Description
TRUEnever evaluated
FALSEnever evaluated
0
155 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
156 sk_PKCS7_pop_free(asafes, PKCS7_free);-
157 return 0;
never executed: return 0;
0
158 }-
159 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);-
160 }
never executed: end of block
0
161 sk_PKCS7_pop_free(asafes, PKCS7_free);-
162 return 1;
never executed: return 1;
0
163}-
164-
165static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,-
166 int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)-
167{-
168 int i;-
169 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
i < sk_PKCS12_...EBAG_num(bags)Description
TRUEnever evaluated
FALSEnever evaluated
0
170 if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i),
!parse_bag(sk_... pkey, ocerts)Description
TRUEnever evaluated
FALSEnever evaluated
0
171 pass, passlen, pkey, ocerts))
!parse_bag(sk_... pkey, ocerts)Description
TRUEnever evaluated
FALSEnever evaluated
0
172 return 0;
never executed: return 0;
0
173 }
never executed: end of block
0
174 return 1;
never executed: return 1;
0
175}-
176-
177static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,-
178 EVP_PKEY **pkey, STACK_OF(X509) *ocerts)-
179{-
180 PKCS8_PRIV_KEY_INFO *p8;-
181 X509 *x509;-
182 const ASN1_TYPE *attrib;-
183 ASN1_BMPSTRING *fname = NULL;-
184 ASN1_OCTET_STRING *lkid = NULL;-
185-
186 if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
(attrib = PKCS...ttr(bag, 156))Description
TRUEnever evaluated
FALSEnever evaluated
0
187 fname = attrib->value.bmpstring;
never executed: fname = attrib->value.bmpstring;
0
188-
189 if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
(attrib = PKCS...ttr(bag, 157))Description
TRUEnever evaluated
FALSEnever evaluated
0
190 lkid = attrib->value.octet_string;
never executed: lkid = attrib->value.octet_string;
0
191-
192 switch (PKCS12_SAFEBAG_get_nid(bag)) {-
193 case NID_keyBag:
never executed: case 150:
0
194 if (!pkey || *pkey)
!pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
*pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
195 return 1;
never executed: return 1;
0
196 *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));-
197 if (*pkey == NULL)
*pkey == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
198 return 0;
never executed: return 0;
0
199 break;
never executed: break;
0
200-
201 case NID_pkcs8ShroudedKeyBag:
never executed: case 151:
0
202 if (!pkey || *pkey)
!pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
*pkeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
203 return 1;
never executed: return 1;
0
204 if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
(p8 = PKCS12_d...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
205 return 0;
never executed: return 0;
0
206 *pkey = EVP_PKCS82PKEY(p8);-
207 PKCS8_PRIV_KEY_INFO_free(p8);-
208 if (!(*pkey))
!(*pkey)Description
TRUEnever evaluated
FALSEnever evaluated
0
209 return 0;
never executed: return 0;
0
210 break;
never executed: break;
0
211-
212 case NID_certBag:
never executed: case 152:
0
213 if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
PKCS12_SAFEBAG...id(bag) != 158Description
TRUEnever evaluated
FALSEnever evaluated
0
214 return 1;
never executed: return 1;
0
215 if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
(x509 = PKCS12...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
216 return 0;
never executed: return 0;
0
217 if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
lkidDescription
TRUEnever evaluated
FALSEnever evaluated
!X509_keyid_se... lkid->length)Description
TRUEnever evaluated
FALSEnever evaluated
0
218 X509_free(x509);-
219 return 0;
never executed: return 0;
0
220 }-
221 if (fname) {
fnameDescription
TRUEnever evaluated
FALSEnever evaluated
0
222 int len, r;-
223 unsigned char *data;-
224 len = ASN1_STRING_to_UTF8(&data, fname);-
225 if (len >= 0) {
len >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
226 r = X509_alias_set1(x509, data, len);-
227 OPENSSL_free(data);-
228 if (!r) {
!rDescription
TRUEnever evaluated
FALSEnever evaluated
0
229 X509_free(x509);-
230 return 0;
never executed: return 0;
0
231 }-
232 }
never executed: end of block
0
233 }
never executed: end of block
0
234-
235 if (!sk_X509_push(ocerts, x509)) {
!sk_X509_push(ocerts, x509)Description
TRUEnever evaluated
FALSEnever evaluated
0
236 X509_free(x509);-
237 return 0;
never executed: return 0;
0
238 }-
239-
240 break;
never executed: break;
0
241-
242 case NID_safeContentsBag:
never executed: case 155:
0
243 return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
never executed: return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey, ocerts);
0
244 ocerts);
never executed: return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey, ocerts);
0
245-
246 default:
never executed: default:
0
247 return 1;
never executed: return 1;
0
248 }-
249 return 1;
never executed: return 1;
0
250}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2