diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-22 03:29:12 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:31:38 +0000 |
commit | ae5c8664e587f2445c8e4eb436cffbb64af4f6b8 (patch) | |
tree | 6d5b2cbee6396484f83126f8c7e7a36b9777a652 /crypto/pkcs12 | |
parent | aae3233e1e08e9f11742f8f351af5c98cd8add16 (diff) |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/pkcs12')
-rw-r--r-- | crypto/pkcs12/p12_add.c | 265 | ||||
-rw-r--r-- | crypto/pkcs12/p12_asn.c | 56 | ||||
-rw-r--r-- | crypto/pkcs12/p12_attr.c | 110 | ||||
-rw-r--r-- | crypto/pkcs12/p12_crpt.c | 86 | ||||
-rw-r--r-- | crypto/pkcs12/p12_crt.c | 516 | ||||
-rw-r--r-- | crypto/pkcs12/p12_decr.c | 228 | ||||
-rw-r--r-- | crypto/pkcs12/p12_init.c | 56 | ||||
-rw-r--r-- | crypto/pkcs12/p12_key.c | 275 | ||||
-rw-r--r-- | crypto/pkcs12/p12_kiss.c | 425 | ||||
-rw-r--r-- | crypto/pkcs12/p12_mutl.c | 222 | ||||
-rw-r--r-- | crypto/pkcs12/p12_npas.c | 268 | ||||
-rw-r--r-- | crypto/pkcs12/p12_p8d.c | 16 | ||||
-rw-r--r-- | crypto/pkcs12/p12_p8e.c | 77 | ||||
-rw-r--r-- | crypto/pkcs12/p12_utl.c | 103 | ||||
-rw-r--r-- | crypto/pkcs12/pk12err.c | 145 | ||||
-rw-r--r-- | crypto/pkcs12/pkcs12.h | 339 |
16 files changed, 1625 insertions, 1562 deletions
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 27ac5facfa..982805d988 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -1,6 +1,7 @@ /* p12_add.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,179 +63,183 @@ /* Pack an object into an OCTET STRING and turn into a safebag */ -PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, - int nid2) +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2) { - PKCS12_BAGS *bag; - PKCS12_SAFEBAG *safebag; - if (!(bag = PKCS12_BAGS_new())) { - PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - return NULL; - } - bag->type = OBJ_nid2obj(nid1); - if (!ASN1_item_pack(obj, it, &bag->value.octet)) { - PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!(safebag = PKCS12_SAFEBAG_new())) { - PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - return NULL; - } - safebag->value.bag = bag; - safebag->type = OBJ_nid2obj(nid2); - return safebag; + PKCS12_BAGS *bag; + PKCS12_SAFEBAG *safebag; + if (!(bag = PKCS12_BAGS_new())) { + PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } + bag->type = OBJ_nid2obj(nid1); + if (!ASN1_item_pack(obj, it, &bag->value.octet)) { + PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (!(safebag = PKCS12_SAFEBAG_new())) { + PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } + safebag->value.bag = bag; + safebag->type = OBJ_nid2obj(nid2); + return safebag; } /* Turn PKCS8 object into a keybag */ PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) { - PKCS12_SAFEBAG *bag; - if (!(bag = PKCS12_SAFEBAG_new())) { - PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE); - return NULL; - } - bag->type = OBJ_nid2obj(NID_keyBag); - bag->value.keybag = p8; - return bag; + PKCS12_SAFEBAG *bag; + if (!(bag = PKCS12_SAFEBAG_new())) { + PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } + bag->type = OBJ_nid2obj(NID_keyBag); + bag->value.keybag = p8; + return bag; } /* Turn PKCS8 object into a shrouded keybag */ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8) + int passlen, unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8) { - PKCS12_SAFEBAG *bag; - const EVP_CIPHER *pbe_ciph; + PKCS12_SAFEBAG *bag; + const EVP_CIPHER *pbe_ciph; - /* Set up the safe bag */ - if (!(bag = PKCS12_SAFEBAG_new())) { - PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); - return NULL; - } + /* Set up the safe bag */ + if (!(bag = PKCS12_SAFEBAG_new())) { + PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } - bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); + bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); - pbe_ciph = EVP_get_cipherbynid(pbe_nid); + pbe_ciph = EVP_get_cipherbynid(pbe_nid); - if (pbe_ciph) - pbe_nid = -1; + if (pbe_ciph) + pbe_nid = -1; - if (!(bag->value.shkeybag = - PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, - p8))) { - PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); - return NULL; - } + if (!(bag->value.shkeybag = + PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, + p8))) { + PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } - return bag; + return bag; } /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) { - PKCS7 *p7; - if (!(p7 = PKCS7_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); - return NULL; - } - p7->type = OBJ_nid2obj(NID_pkcs7_data); - if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); - return NULL; - } - return p7; + PKCS7 *p7; + if (!(p7 = PKCS7_new())) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); + return NULL; + } + p7->type = OBJ_nid2obj(NID_pkcs7_data); + if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); + return NULL; + } + return p7; } /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) { - if(!PKCS7_type_is_data(p7)) - { - PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA); - return NULL; - } - return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); + if (!PKCS7_type_is_data(p7)) { + PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } + return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); } /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags) + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags) { - PKCS7 *p7; - X509_ALGOR *pbe; - const EVP_CIPHER *pbe_ciph; - if (!(p7 = PKCS7_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); - return NULL; - } - if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, - PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); - return NULL; - } - - pbe_ciph = EVP_get_cipherbynid(pbe_nid); - - if (pbe_ciph) - pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen); - else - pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); - - if (!pbe) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); - return NULL; - } - X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); - p7->d.encrypted->enc_data->algorithm = pbe; - M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); - if (!(p7->d.encrypted->enc_data->enc_data = - PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, - bags, 1))) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); - return NULL; - } - - return p7; + PKCS7 *p7; + X509_ALGOR *pbe; + const EVP_CIPHER *pbe_ciph; + if (!(p7 = PKCS7_new())) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, + PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); + return NULL; + } + + pbe_ciph = EVP_get_cipherbynid(pbe_nid); + + if (pbe_ciph) + pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen); + else + pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); + + if (!pbe) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); + return NULL; + } + X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); + p7->d.encrypted->enc_data->algorithm = pbe; + M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); + if (!(p7->d.encrypted->enc_data->enc_data = + PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, + passlen, bags, 1))) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); + return NULL; + } + + return p7; } -STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen) { - if(!PKCS7_type_is_encrypted(p7)) return NULL; - return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, - ASN1_ITEM_rptr(PKCS12_SAFEBAGS), - pass, passlen, - p7->d.encrypted->enc_data->enc_data, 1); + if (!PKCS7_type_is_encrypted(p7)) + return NULL; + return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, + ASN1_ITEM_rptr(PKCS12_SAFEBAGS), + pass, passlen, + p7->d.encrypted->enc_data->enc_data, 1); } -PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, - int passlen) +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, + const char *pass, int passlen) { - return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); + return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); } -int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) { - if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), - &p12->authsafes->d.data)) - return 1; - return 0; + if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), + &p12->authsafes->d.data)) + return 1; + return 0; } STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) { - if (!PKCS7_type_is_data(p12->authsafes)) - { - PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA); - return NULL; - } - return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); + if (!PKCS7_type_is_data(p12->authsafes)) { + PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } + return ASN1_item_unpack(p12->authsafes->d.data, + ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); } diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index 6e27633817..370ddbd6e7 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -1,6 +1,7 @@ /* p12_asn.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,17 +65,17 @@ /* PKCS#12 ASN1 module */ ASN1_SEQUENCE(PKCS12) = { - ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS12, authsafes, PKCS7), - ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) + ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS12, authsafes, PKCS7), + ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) } ASN1_SEQUENCE_END(PKCS12) IMPLEMENT_ASN1_FUNCTIONS(PKCS12) ASN1_SEQUENCE(PKCS12_MAC_DATA) = { - ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), - ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), - ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) + ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), + ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), + ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) } ASN1_SEQUENCE_END(PKCS12_MAC_DATA) IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA) @@ -82,14 +83,14 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA) ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0); ASN1_ADB(PKCS12_BAGS) = { - ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), + ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), + ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), + ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), } ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL); ASN1_SEQUENCE(PKCS12_BAGS) = { - ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS12_BAGS), + ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(PKCS12_BAGS), } ASN1_SEQUENCE_END(PKCS12_BAGS) IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS) @@ -97,29 +98,28 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS) ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0); ASN1_ADB(PKCS12_SAFEBAG) = { - ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), - ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), - ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), - ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), - ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) + ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), + ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), + ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), + ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), + ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), + ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) } ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL); ASN1_SEQUENCE(PKCS12_SAFEBAG) = { - ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS12_SAFEBAG), - ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) + ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(PKCS12_SAFEBAG), + ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) } ASN1_SEQUENCE_END(PKCS12_SAFEBAG) IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG) /* SEQUENCE OF SafeBag */ -ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) +ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS) /* Authsafes: SEQUENCE OF PKCS7 */ -ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) +ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES) - diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index e4d9c25647..fff3ba1ece 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -1,6 +1,7 @@ /* p12_attr.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -63,83 +64,84 @@ /* Add a local keyid to a safebag */ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - int namelen) + int namelen) { - if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, - V_ASN1_OCTET_STRING, name, namelen)) - return 1; - else - return 0; + if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, + V_ASN1_OCTET_STRING, name, namelen)) + return 1; + else + return 0; } /* Add key usage to PKCS#8 structure */ int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) { - unsigned char us_val; - us_val = (unsigned char) usage; - if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, - V_ASN1_BIT_STRING, &us_val, 1)) - return 1; - else - return 0; + unsigned char us_val; + us_val = (unsigned char)usage; + if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, + V_ASN1_BIT_STRING, &us_val, 1)) + return 1; + else + return 0; } /* Add a friendlyname to a safebag */ int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen) + int namelen) { - if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_ASC, (unsigned char *)name, namelen)) - return 1; - else - return 0; + if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, + MBSTRING_ASC, (unsigned char *)name, namelen)) + return 1; + else + return 0; } - int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, - const unsigned char *name, int namelen) + const unsigned char *name, int namelen) { - if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_BMP, name, namelen)) - return 1; - else - return 0; + if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, + MBSTRING_BMP, name, namelen)) + return 1; + else + return 0; } -int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen) +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) { - if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, - MBSTRING_ASC, (unsigned char *)name, namelen)) - return 1; - else - return 0; + if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, + MBSTRING_ASC, (unsigned char *)name, namelen)) + return 1; + else + return 0; } ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) { - X509_ATTRIBUTE *attrib; - int i; - if (!attrs) return NULL; - for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) { - attrib = sk_X509_ATTRIBUTE_value (attrs, i); - if (OBJ_obj2nid (attrib->object) == attr_nid) { - if (sk_ASN1_TYPE_num (attrib->value.set)) - return sk_ASN1_TYPE_value(attrib->value.set, 0); - else return NULL; - } - } - return NULL; + X509_ATTRIBUTE *attrib; + int i; + if (!attrs) + return NULL; + for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { + attrib = sk_X509_ATTRIBUTE_value(attrs, i); + if (OBJ_obj2nid(attrib->object) == attr_nid) { + if (sk_ASN1_TYPE_num(attrib->value.set)) + return sk_ASN1_TYPE_value(attrib->value.set, 0); + else + return NULL; + } + } + return NULL; } char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) { - ASN1_TYPE *atype; - if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL; - if (atype->type != V_ASN1_BMPSTRING) return NULL; - return OPENSSL_uni2asc(atype->value.bmpstring->data, - atype->value.bmpstring->length); + ASN1_TYPE *atype; + if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) + return NULL; + if (atype->type != V_ASN1_BMPSTRING) + return NULL; + return OPENSSL_uni2asc(atype->value.bmpstring->data, + atype->value.bmpstring->length); } - diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c index b71d07b4d0..3a166e6130 100644 --- a/crypto/pkcs12/p12_crpt.c +++ b/crypto/pkcs12/p12_crpt.c @@ -1,6 +1,7 @@ /* p12_crpt.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -67,46 +68,49 @@ void PKCS12_PBE_add(void) } int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de) { - PBEPARAM *pbe; - int saltlen, iter, ret; - unsigned char *salt; - const unsigned char *pbuf; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; + PBEPARAM *pbe; + int saltlen, iter, ret; + unsigned char *salt; + const unsigned char *pbuf; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - /* Extract useful info from parameter */ - if (param == NULL || param->type != V_ASN1_SEQUENCE || - param->value.sequence == NULL) { - PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); - return 0; - } + /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); + return 0; + } - pbuf = param->value.sequence->data; - if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { - PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); - return 0; - } + pbuf = param->value.sequence->data; + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); + return 0; + } - if (!pbe->iter) iter = 1; - else iter = ASN1_INTEGER_get (pbe->iter); - salt = pbe->salt->data; - saltlen = pbe->salt->length; - if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID, - iter, EVP_CIPHER_key_length(cipher), key, md)) { - PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR); - PBEPARAM_free(pbe); - return 0; - } - if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID, - iter, EVP_CIPHER_iv_length(cipher), iv, md)) { - PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR); - PBEPARAM_free(pbe); - return 0; - } - PBEPARAM_free(pbe); - ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); - OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); - OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); - return ret; + if (!pbe->iter) + iter = 1; + else + iter = ASN1_INTEGER_get(pbe->iter); + salt = pbe->salt->data; + saltlen = pbe->salt->length; + if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, + iter, EVP_CIPHER_key_length(cipher), key, md)) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR); + PBEPARAM_free(pbe); + return 0; + } + if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, + iter, EVP_CIPHER_iv_length(cipher), iv, md)) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR); + PBEPARAM_free(pbe); + return 0; + } + PBEPARAM_free(pbe); + ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); + OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); + return ret; } diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 35e8a4a8d4..7d2aeefac3 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -1,5 +1,6 @@ /* p12_crt.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -60,315 +61,298 @@ #include "cryptlib.h" #include <openssl/pkcs12.h> - -static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); +static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, + PKCS12_SAFEBAG *bag); static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) - { - int idx; - X509_ATTRIBUTE *attr; - idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); - if (idx < 0) - return 1; - attr = EVP_PKEY_get_attr(pkey, idx); - if (!X509at_add1_attr(&bag->attrib, attr)) - return 0; - return 1; - } +{ + int idx; + X509_ATTRIBUTE *attr; + idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); + if (idx < 0) + return 1; + attr = EVP_PKEY_get_attr(pkey, idx); + if (!X509at_add1_attr(&bag->attrib, attr)) + return 0; + return 1; +} PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, - STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, - int keytype) + STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, + int mac_iter, int keytype) { - PKCS12 *p12 = NULL; - STACK_OF(PKCS7) *safes = NULL; - STACK_OF(PKCS12_SAFEBAG) *bags = NULL; - PKCS12_SAFEBAG *bag = NULL; - int i; - unsigned char keyid[EVP_MAX_MD_SIZE]; - unsigned int keyidlen = 0; - - /* Set defaults */ - if (!nid_cert) - { + PKCS12 *p12 = NULL; + STACK_OF(PKCS7) *safes = NULL; + STACK_OF(PKCS12_SAFEBAG) *bags = NULL; + PKCS12_SAFEBAG *bag = NULL; + int i; + unsigned char keyid[EVP_MAX_MD_SIZE]; + unsigned int keyidlen = 0; + + /* Set defaults */ + if (!nid_cert) { #ifdef OPENSSL_FIPS - if (FIPS_mode()) - nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else + if (FIPS_mode()) + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else #endif #ifdef OPENSSL_NO_RC2 - nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; #else - nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; #endif - } - if (!nid_key) - nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - if (!iter) - iter = PKCS12_DEFAULT_ITER; - if (!mac_iter) - mac_iter = 1; - - if(!pkey && !cert && !ca) - { - PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); - return NULL; - } - - if (pkey && cert) - { - if(!X509_check_private_key(cert, pkey)) - return NULL; - X509_digest(cert, EVP_sha1(), keyid, &keyidlen); - } - - if (cert) - { - bag = PKCS12_add_cert(&bags, cert); - if(name && !PKCS12_add_friendlyname(bag, name, -1)) - goto err; - if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) - goto err; - } - - /* Add all other certificates */ - for(i = 0; i < sk_X509_num(ca); i++) - { - if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) - goto err; - } - - if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) - goto err; - - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - - if (pkey) - { - bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); - - if (!bag) - goto err; - - if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) - goto err; - if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) - goto err; - - if(name & |