Branch data Line data Source code
1 : : /* p12_decr.c */
2 : : /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 : : * project 1999.
4 : : */
5 : : /* ====================================================================
6 : : * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 : : *
8 : : * Redistribution and use in source and binary forms, with or without
9 : : * modification, are permitted provided that the following conditions
10 : : * are met:
11 : : *
12 : : * 1. Redistributions of source code must retain the above copyright
13 : : * notice, this list of conditions and the following disclaimer.
14 : : *
15 : : * 2. Redistributions in binary form must reproduce the above copyright
16 : : * notice, this list of conditions and the following disclaimer in
17 : : * the documentation and/or other materials provided with the
18 : : * distribution.
19 : : *
20 : : * 3. All advertising materials mentioning features or use of this
21 : : * software must display the following acknowledgment:
22 : : * "This product includes software developed by the OpenSSL Project
23 : : * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 : : *
25 : : * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 : : * endorse or promote products derived from this software without
27 : : * prior written permission. For written permission, please contact
28 : : * licensing@OpenSSL.org.
29 : : *
30 : : * 5. Products derived from this software may not be called "OpenSSL"
31 : : * nor may "OpenSSL" appear in their names without prior written
32 : : * permission of the OpenSSL Project.
33 : : *
34 : : * 6. Redistributions of any form whatsoever must retain the following
35 : : * acknowledgment:
36 : : * "This product includes software developed by the OpenSSL Project
37 : : * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 : : *
39 : : * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 : : * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 : : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 : : * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 : : * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 : : * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 : : * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 : : * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 : : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 : : * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 : : * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 : : * OF THE POSSIBILITY OF SUCH DAMAGE.
51 : : * ====================================================================
52 : : *
53 : : * This product includes cryptographic software written by Eric Young
54 : : * (eay@cryptsoft.com). This product includes software written by Tim
55 : : * Hudson (tjh@cryptsoft.com).
56 : : *
57 : : */
58 : :
59 : : #include <stdio.h>
60 : : #include "cryptlib.h"
61 : : #include <openssl/pkcs12.h>
62 : :
63 : : /* Define this to dump decrypted output to files called DERnnn */
64 : : /*#define DEBUG_DECRYPT*/
65 : :
66 : :
67 : : /* Encrypt/Decrypt a buffer based on password and algor, result in a
68 : : * OPENSSL_malloc'ed buffer
69 : : */
70 : :
71 : 0 : unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
72 : : int passlen, unsigned char *in, int inlen, unsigned char **data,
73 : : int *datalen, int en_de)
74 : : {
75 : : unsigned char *out;
76 : : int outlen, i;
77 : : EVP_CIPHER_CTX ctx;
78 : :
79 : 0 : EVP_CIPHER_CTX_init(&ctx);
80 : : /* Decrypt data */
81 [ # # ]: 0 : if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
82 : : algor->parameter, &ctx, en_de)) {
83 : 0 : PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
84 : 0 : return NULL;
85 : : }
86 : :
87 [ # # ]: 0 : if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
88 : 0 : PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
89 : 0 : goto err;
90 : : }
91 : :
92 [ # # ]: 0 : if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen))
93 : : {
94 : 0 : OPENSSL_free(out);
95 : 0 : out = NULL;
96 : 0 : PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_EVP_LIB);
97 : 0 : goto err;
98 : : }
99 : :
100 : 0 : outlen = i;
101 [ # # ]: 0 : if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
102 : 0 : OPENSSL_free(out);
103 : 0 : out = NULL;
104 : 0 : PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
105 : 0 : goto err;
106 : : }
107 : 0 : outlen += i;
108 [ # # ]: 0 : if (datalen) *datalen = outlen;
109 [ # # ]: 0 : if (data) *data = out;
110 : : err:
111 : 0 : EVP_CIPHER_CTX_cleanup(&ctx);
112 : 0 : return out;
113 : :
114 : : }
115 : :
116 : : /* Decrypt an OCTET STRING and decode ASN1 structure
117 : : * if zbuf set zero buffer after use.
118 : : */
119 : :
120 : 0 : void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
121 : : const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
122 : : {
123 : : unsigned char *out;
124 : : const unsigned char *p;
125 : : void *ret;
126 : : int outlen;
127 : :
128 [ # # ]: 0 : if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
129 : : &out, &outlen, 0)) {
130 : 0 : PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
131 : 0 : return NULL;
132 : : }
133 : 0 : p = out;
134 : : #ifdef DEBUG_DECRYPT
135 : : {
136 : : FILE *op;
137 : :
138 : : char fname[30];
139 : : static int fnm = 1;
140 : : sprintf(fname, "DER%d", fnm++);
141 : : op = fopen(fname, "wb");
142 : : fwrite (p, 1, outlen, op);
143 : : fclose(op);
144 : : }
145 : : #endif
146 : 0 : ret = ASN1_item_d2i(NULL, &p, outlen, it);
147 [ # # ]: 0 : if (zbuf) OPENSSL_cleanse(out, outlen);
148 [ # # ]: 0 : if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
149 : 0 : OPENSSL_free(out);
150 : 0 : return ret;
151 : : }
152 : :
153 : : /* Encode ASN1 structure and encrypt, return OCTET STRING
154 : : * if zbuf set zero encoding.
155 : : */
156 : :
157 : 0 : ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
158 : : const char *pass, int passlen,
159 : : void *obj, int zbuf)
160 : : {
161 : 0 : ASN1_OCTET_STRING *oct = NULL;
162 : 0 : unsigned char *in = NULL;
163 : : int inlen;
164 [ # # ]: 0 : if (!(oct = M_ASN1_OCTET_STRING_new ())) {
165 : 0 : PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
166 : 0 : goto err;
167 : : }
168 : 0 : inlen = ASN1_item_i2d(obj, &in, it);
169 [ # # ]: 0 : if (!in) {
170 : 0 : PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
171 : 0 : goto err;
172 : : }
173 [ # # ]: 0 : if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
174 : : &oct->length, 1)) {
175 : 0 : PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
176 : 0 : OPENSSL_free(in);
177 : 0 : goto err;
178 : : }
179 [ # # ]: 0 : if (zbuf) OPENSSL_cleanse(in, inlen);
180 : 0 : OPENSSL_free(in);
181 : 0 : return oct;
182 : : err:
183 [ # # ]: 0 : if (oct)
184 : 0 : ASN1_OCTET_STRING_free(oct);
185 : : return NULL;
186 : : }
187 : :
188 : : IMPLEMENT_PKCS12_STACK_OF(PKCS7)
|
