hdkv/yuzu
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

early-access version 1255

Browse Source
This commit is contained in:
pineappleEA
2020-12-28 15:15:37 +00:00
parent 84b39492d1
commit 78b48028e1
6254 changed files with 1868140 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

258
externals/libressl/crypto/pkcs12/p12_add.c vendored Executable file
View File

@@ -0,0 +1,258 @@
/* $OpenBSD: p12_add.c,v 1.17 2018/05/13 14:24:07 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* Pack an object into an OCTET STRING and turn into a safebag */
PKCS12_SAFEBAG *
PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
{
PKCS12_BAGS *bag;
PKCS12_SAFEBAG *safebag;
if (!(bag = PKCS12_BAGS_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return NULL;
}
bag->type = OBJ_nid2obj(nid1);
if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
PKCS12error(ERR_R_MALLOC_FAILURE);
PKCS12_BAGS_free(bag);
return NULL;
}
if (!(safebag = PKCS12_SAFEBAG_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
PKCS12_BAGS_free(bag);
return NULL;
}
safebag->value.bag = bag;
safebag->type = OBJ_nid2obj(nid2);
return safebag;
}
/* Turn PKCS8 object into a keybag */
PKCS12_SAFEBAG *
PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
{
PKCS12_SAFEBAG *bag;
if (!(bag = PKCS12_SAFEBAG_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return NULL;
}
bag->type = OBJ_nid2obj(NID_keyBag);
bag->value.keybag = p8;
return bag;
}
/* Turn PKCS8 object into a shrouded keybag */
PKCS12_SAFEBAG *
PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
{
PKCS12_SAFEBAG *bag;
const EVP_CIPHER *pbe_ciph;
/* Set up the safe bag */
if (!(bag = PKCS12_SAFEBAG_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return NULL;
}
bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
pbe_ciph = EVP_get_cipherbynid(pbe_nid);
if (pbe_ciph)
pbe_nid = -1;
if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
passlen, salt, saltlen, iter, p8))) {
PKCS12error(ERR_R_MALLOC_FAILURE);
PKCS12_SAFEBAG_free(bag);
return NULL;
}
return bag;
}
/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *
PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
{
PKCS7 *p7;
if (!(p7 = PKCS7_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return NULL;
}
p7->type = OBJ_nid2obj(NID_pkcs7_data);
if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) {
PKCS12error(PKCS12_R_CANT_PACK_STRUCTURE);
goto err;
}
return p7;
err:
PKCS7_free(p7);
return NULL;
}
/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
STACK_OF(PKCS12_SAFEBAG) *
PKCS12_unpack_p7data(PKCS7 *p7)
{
if (!PKCS7_type_is_data(p7)) {
PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
return NULL;
}
return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it);
}
/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
PKCS7 *
PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags)
{
PKCS7 *p7;
X509_ALGOR *pbe;
const EVP_CIPHER *pbe_ciph;
if (!(p7 = PKCS7_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
PKCS12error(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
goto err;
}
pbe_ciph = EVP_get_cipherbynid(pbe_nid);
if (pbe_ciph)
pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
else
pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
if (!pbe) {
PKCS12error(ERR_R_MALLOC_FAILURE);
goto err;
}
X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
p7->d.encrypted->enc_data->algorithm = pbe;
ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
pbe, &PKCS12_SAFEBAGS_it, pass, passlen, bags, 1))) {
PKCS12error(PKCS12_R_ENCRYPT_ERROR);
goto err;
}
return p7;
err:
PKCS7_free(p7);
return NULL;
}
STACK_OF(PKCS12_SAFEBAG) *
PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
{
if (!PKCS7_type_is_encrypted(p7))
return NULL;
return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
&PKCS12_SAFEBAGS_it, pass, passlen,
p7->d.encrypted->enc_data->enc_data, 1);
}
PKCS8_PRIV_KEY_INFO *
PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, const char *pass, int passlen)
{
return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
}
int
PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
{
if (ASN1_item_pack(safes, &PKCS12_AUTHSAFES_it,
&p12->authsafes->d.data))
return 1;
return 0;
}
STACK_OF(PKCS7) *
PKCS12_unpack_authsafes(const PKCS12 *p12)
{
if (!PKCS7_type_is_data(p12->authsafes)) {
PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
return NULL;
}
return ASN1_item_unpack(p12->authsafes->d.data,
&PKCS12_AUTHSAFES_it);
}

476
externals/libressl/crypto/pkcs12/p12_asn.c vendored Executable file
View File

@@ -0,0 +1,476 @@
/* $OpenBSD: p12_asn.c,v 1.9 2015/07/25 17:08:40 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/asn1t.h>
#include <openssl/pkcs12.h>
/* PKCS#12 ASN1 module */
static const ASN1_TEMPLATE PKCS12_seq_tt[] = {
{
.flags = 0,
.tag = 0,
.offset = offsetof(PKCS12, version),
.field_name = "version",
.item = &ASN1_INTEGER_it,
},
{
.flags = 0,
.tag = 0,
.offset = offsetof(PKCS12, authsafes),
.field_name = "authsafes",
.item = &PKCS7_it,
},
{
.flags = ASN1_TFLG_OPTIONAL,
.tag = 0,
.offset = offsetof(PKCS12, mac),
.field_name = "mac",
.item = &PKCS12_MAC_DATA_it,
},
};
const ASN1_ITEM PKCS12_it = {
.itype = ASN1_ITYPE_SEQUENCE,
.utype = V_ASN1_SEQUENCE,
.templates = PKCS12_seq_tt,
.tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE),
.funcs = NULL,
.size = sizeof(PKCS12),
.sname = "PKCS12",
};
PKCS12 *
d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len)
{
return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&PKCS12_it);
}
int
i2d_PKCS12(PKCS12 *a, unsigned char **out)
{
return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it);
}
PKCS12 *
PKCS12_new(void)
{
return (PKCS12 *)ASN1_item_new(&PKCS12_it);
}
void
PKCS12_free(PKCS12 *a)
{
ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it);
}
static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = {
{
.flags = 0,
.tag = 0,
.offset = offsetof(PKCS12_MAC_DATA, dinfo),
.field_name = "dinfo",
.item = &X509_SIG_it,
},
{
.flags = 0,
.tag = 0,
.offset = offsetof(PKCS12_MAC_DATA, salt),
.field_name = "salt",
.item = &ASN1_OCTET_STRING_it,
},
{
.flags = ASN1_TFLG_OPTIONAL,
.tag = 0,
.offset = offsetof(PKCS12_MAC_DATA, iter),
.field_name = "iter",
.item = &ASN1_INTEGER_it,
},
};
const ASN1_ITEM PKCS12_MAC_DATA_it = {
.itype = ASN1_ITYPE_SEQUENCE,
.utype = V_ASN1_SEQUENCE,
.templates = PKCS12_MAC_DATA_seq_tt,
.tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE),
.funcs = NULL,
.size = sizeof(PKCS12_MAC_DATA),
.sname = "PKCS12_MAC_DATA",
};
PKCS12_MAC_DATA *
d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
{
return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&PKCS12_MAC_DATA_it);
}
int
i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
{
return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
}
PKCS12_MAC_DATA *
PKCS12_MAC_DATA_new(void)
{
return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
}
void
PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
{
ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
}
static const ASN1_TEMPLATE bag_default_tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_BAGS, value.other),
.field_name = "value.other",
.item = &ASN1_ANY_it,
};
static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
{
.value = NID_x509Certificate,
.tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_BAGS, value.x509cert),
.field_name = "value.x509cert",
.item = &ASN1_OCTET_STRING_it,
},
},
{
.value = NID_x509Crl,
.tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_BAGS, value.x509crl),
.field_name = "value.x509crl",
.item = &ASN1_OCTET_STRING_it,
},
},
{
.value = NID_sdsiCertificate,
.tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_BAGS, value.sdsicert),
.field_name = "value.sdsicert",
.item = &ASN1_IA5STRING_it,
},
},
};
static const ASN1_ADB PKCS12_BAGS_adb = {
.flags = 0,
.offset = offsetof(PKCS12_BAGS, type),
.app_items = 0,
.tbl = PKCS12_BAGS_adbtbl,
.tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
.default_tt = &bag_default_tt,
.null_tt = NULL,
};
static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = {
{
.flags = 0,
.tag = 0,
.offset = offsetof(PKCS12_BAGS, type),
.field_name = "type",
.item = &ASN1_OBJECT_it,
},
{
.flags = ASN1_TFLG_ADB_OID,
.tag = -1,
.offset = 0,
.field_name = "PKCS12_BAGS",
.item = (const ASN1_ITEM *)&PKCS12_BAGS_adb,
},
};
const ASN1_ITEM PKCS12_BAGS_it = {
.itype = ASN1_ITYPE_SEQUENCE,
.utype = V_ASN1_SEQUENCE,
.templates = PKCS12_BAGS_seq_tt,
.tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE),
.funcs = NULL,
.size = sizeof(PKCS12_BAGS),
.sname = "PKCS12_BAGS",
};
PKCS12_BAGS *
d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
{
return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&PKCS12_BAGS_it);
}
int
i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
{
return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
}
PKCS12_BAGS *
PKCS12_BAGS_new(void)
{
return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
}
void
PKCS12_BAGS_free(PKCS12_BAGS *a)
{
ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
}
static const ASN1_TEMPLATE safebag_default_tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_SAFEBAG, value.other),
.field_name = "value.other",
.item = &ASN1_ANY_it,
};
static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
{
.value = NID_keyBag,
.tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_SAFEBAG, value.keybag),
.field_name = "value.keybag",
.item = &PKCS8_PRIV_KEY_INFO_it,
},
},
{
.value = NID_pkcs8ShroudedKeyBag,
.tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_SAFEBAG, value.shkeybag),
.field_name = "value.shkeybag",
.item = &X509_SIG_it,
},
},
{
.value = NID_safeContentsBag,
.tt = {
.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SET_OF,
.tag = 0,
.offset = offsetof(PKCS12_SAFEBAG, value.safes),
.field_name = "value.safes",
.item = &PKCS12_SAFEBAG_it,
},
},
{
.value = NID_certBag,
.tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_SAFEBAG, value.bag),
.field_name = "value.bag",
.item = &PKCS12_BAGS_it,
},
},
{
.value = NID_crlBag,
.tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_SAFEBAG, value.bag),
.field_name = "value.bag",
.item = &PKCS12_BAGS_it,
},
},
{
.value = NID_secretBag,
.tt = {
.flags = ASN1_TFLG_EXPLICIT,
.tag = 0,
.offset = offsetof(PKCS12_SAFEBAG, value.bag),
.field_name = "value.bag",
.item = &PKCS12_BAGS_it,
},
},
};
static const ASN1_ADB PKCS12_SAFEBAG_adb = {
.flags = 0,
.offset = offsetof(PKCS12_SAFEBAG, type),
.app_items = 0,
.tbl = PKCS12_SAFEBAG_adbtbl,
.tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
.default_tt = &safebag_default_tt,
.null_tt = NULL,
};
static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = {
{
.flags = 0,
.tag = 0,
.offset = offsetof(PKCS12_SAFEBAG, type),
.field_name = "type",
.item = &ASN1_OBJECT_it,
},
{
.flags = ASN1_TFLG_ADB_OID,
.tag = -1,
.offset = 0,
.field_name = "PKCS12_SAFEBAG",
.item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb,
},
{
.flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
.tag = 0,
.offset = offsetof(PKCS12_SAFEBAG, attrib),
.field_name = "attrib",
.item = &X509_ATTRIBUTE_it,
},
};
const ASN1_ITEM PKCS12_SAFEBAG_it = {
.itype = ASN1_ITYPE_SEQUENCE,
.utype = V_ASN1_SEQUENCE,
.templates = PKCS12_SAFEBAG_seq_tt,
.tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE),
.funcs = NULL,
.size = sizeof(PKCS12_SAFEBAG),
.sname = "PKCS12_SAFEBAG",
};
PKCS12_SAFEBAG *
d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
{
return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&PKCS12_SAFEBAG_it);
}
int
i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out)
{
return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);
}
PKCS12_SAFEBAG *
PKCS12_SAFEBAG_new(void)
{
return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it);
}
void
PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a)
{
ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it);
}
/* SEQUENCE OF SafeBag */
static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = {
.flags = ASN1_TFLG_SEQUENCE_OF,
.tag = 0,
.offset = 0,
.field_name = "PKCS12_SAFEBAGS",
.item = &PKCS12_SAFEBAG_it,
};
const ASN1_ITEM PKCS12_SAFEBAGS_it = {
.itype = ASN1_ITYPE_PRIMITIVE,
.utype = -1,
.templates = &PKCS12_SAFEBAGS_item_tt,
.tcount = 0,
.funcs = NULL,
.size = 0,
.sname = "PKCS12_SAFEBAGS",
};
/* Authsafes: SEQUENCE OF PKCS7 */
static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = {
.flags = ASN1_TFLG_SEQUENCE_OF,
.tag = 0,
.offset = 0,
.field_name = "PKCS12_AUTHSAFES",
.item = &PKCS7_it,
};
const ASN1_ITEM PKCS12_AUTHSAFES_it = {
.itype = ASN1_ITYPE_PRIMITIVE,
.utype = -1,
.templates = &PKCS12_AUTHSAFES_item_tt,
.tcount = 0,
.funcs = NULL,
.size = 0,
.sname = "PKCS12_AUTHSAFES",
};

151
externals/libressl/crypto/pkcs12/p12_attr.c vendored Executable file
View File

@@ -0,0 +1,151 @@
/* $OpenBSD: p12_attr.c,v 1.12 2018/08/24 20:07:41 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/pkcs12.h>
/* Add a local keyid to a safebag */
int
PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
{
if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
V_ASN1_OCTET_STRING, name, namelen))
return 1;
else
return 0;
}
/* Add key usage to PKCS#8 structure */
int
PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
{
unsigned char us_val = (unsigned char)usage;
return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, V_ASN1_BIT_STRING,
&us_val, 1);
}
/* Add a friendlyname to a safebag */
int
PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
{
if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
MBSTRING_ASC, (unsigned char *)name, namelen))
return 1;
else
return 0;
}
int
PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
int namelen)
{
if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
MBSTRING_BMP, name, namelen))
return 1;
else
return 0;
}
int
PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
{
if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
MBSTRING_ASC, (unsigned char *)name, namelen))
return 1;
else
return 0;
}
ASN1_TYPE *
PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
{
X509_ATTRIBUTE *attrib;
int i;
if (!attrs)
return NULL;
for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
attrib = sk_X509_ATTRIBUTE_value (attrs, i);
if (OBJ_obj2nid (attrib->object) == attr_nid) {
if (sk_ASN1_TYPE_num (attrib->value.set))
return sk_ASN1_TYPE_value(attrib->value.set, 0);
else
return NULL;
}
}
return NULL;
}
char *
PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
{
ASN1_TYPE *atype;
if (!(atype = PKCS12_get_attr(bag, NID_friendlyName)))
return NULL;
if (atype->type != V_ASN1_BMPSTRING)
return NULL;
return OPENSSL_uni2asc(atype->value.bmpstring->data,
atype->value.bmpstring->length);
}

121
externals/libressl/crypto/pkcs12/p12_crpt.c vendored Executable file
View File

@@ -0,0 +1,121 @@
/* $OpenBSD: p12_crpt.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* PKCS#12 PBE algorithms now in static table */
void
PKCS12_PBE_add(void)
{
}
int
PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
{
PBEPARAM *pbe;
int saltlen, iter, ret;
unsigned char *salt;
const unsigned char *pbuf;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
/* Extract useful info from parameter */
if (param == NULL || param->type != V_ASN1_SEQUENCE ||
param->value.sequence == NULL) {
PKCS12error(PKCS12_R_DECODE_ERROR);
return 0;
}
pbuf = param->value.sequence->data;
if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
PKCS12error(PKCS12_R_DECODE_ERROR);
return 0;
}
if (!pbe->iter)
iter = 1;
else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
PKCS12error(PKCS12_R_DECODE_ERROR);
PBEPARAM_free(pbe);
return 0;
}
salt = pbe->salt->data;
saltlen = pbe->salt->length;
if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
iter, EVP_CIPHER_key_length(cipher), key, md)) {
PKCS12error(PKCS12_R_KEY_GEN_ERROR);
PBEPARAM_free(pbe);
return 0;
}
if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
PKCS12error(PKCS12_R_IV_GEN_ERROR);
PBEPARAM_free(pbe);
return 0;
}
PBEPARAM_free(pbe);
ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
explicit_bzero(key, EVP_MAX_KEY_LENGTH);
explicit_bzero(iv, EVP_MAX_IV_LENGTH);
return ret;
}

349
externals/libressl/crypto/pkcs12/p12_crt.c vendored Executable file
View File

@@ -0,0 +1,349 @@
/* $OpenBSD: p12_crt.c,v 1.18 2018/05/13 13:46:55 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
PKCS12_SAFEBAG *bag);
static int
copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
{
int idx;
X509_ATTRIBUTE *attr;
idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
if (idx < 0)
return 1;
attr = EVP_PKEY_get_attr(pkey, idx);
if (!X509at_add1_attr(&bag->attrib, attr))
return 0;
return 1;
}
PKCS12 *
PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
int keytype)
{
PKCS12 *p12 = NULL;
STACK_OF(PKCS7) *safes = NULL;
STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
PKCS12_SAFEBAG *bag = NULL;
int i;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
/* Set defaults */
if (!nid_cert) {
nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
}
if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if (!iter)
iter = PKCS12_DEFAULT_ITER;
if (!mac_iter)
mac_iter = 1;
if (!pkey && !cert && !ca) {
PKCS12error(PKCS12_R_INVALID_NULL_ARGUMENT);
return NULL;
}
if (pkey && cert) {
if (!X509_check_private_key(cert, pkey))
return NULL;
X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
}
if (cert) {
bag = PKCS12_add_cert(&bags, cert);
if (name && !PKCS12_add_friendlyname(bag, name, -1))
goto err;
if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
goto err;
}
/* Add all other certificates */
for (i = 0; i < sk_X509_num(ca); i++) {
if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
goto err;
}
if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
goto err;
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
bags = NULL;
if (pkey) {
bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
if (!bag)
goto err;
if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
goto err;
if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
goto err;
if (name && !PKCS12_add_friendlyname(bag, name, -1))
goto err;
if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
goto err;
}
if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
goto err;
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
bags = NULL;
p12 = PKCS12_add_safes(safes, 0);
if (!p12)
goto err;
sk_PKCS7_pop_free(safes, PKCS7_free);
safes = NULL;
if ((mac_iter != -1) &&
!PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
goto err;
return p12;
err:
if (p12)
PKCS12_free(p12);
if (safes)
sk_PKCS7_pop_free(safes, PKCS7_free);
if (bags)
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
return NULL;
}
PKCS12_SAFEBAG *
PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
{
PKCS12_SAFEBAG *bag = NULL;
char *name;
int namelen = -1;
unsigned char *keyid;
int keyidlen = -1;
/* Add user certificate */
if (!(bag = PKCS12_x5092certbag(cert)))
goto err;
/* Use friendlyName and localKeyID in certificate.
* (if present)
*/
name = (char *)X509_alias_get0(cert, &namelen);
if (name && !PKCS12_add_friendlyname(bag, name, namelen))
goto err;
keyid = X509_keyid_get0(cert, &keyidlen);
if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
goto err;
if (!pkcs12_add_bag(pbags, bag))
goto err;
return bag;
err:
if (bag)
PKCS12_SAFEBAG_free(bag);
return NULL;
}
PKCS12_SAFEBAG *
PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,
int iter, int nid_key, const char *pass)
{
PKCS12_SAFEBAG *bag = NULL;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
/* Make a PKCS#8 structure */
if (!(p8 = EVP_PKEY2PKCS8(key)))
goto err;
if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
goto err;
if (nid_key != -1) {
bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0,
iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
p8 = NULL;
} else {
bag = PKCS12_MAKE_KEYBAG(p8);
if (bag != NULL)
p8 = NULL;
}
if (!bag)
goto err;
if (!pkcs12_add_bag(pbags, bag))
goto err;
return bag;
err:
if (bag)
PKCS12_SAFEBAG_free(bag);
if (p8)
PKCS8_PRIV_KEY_INFO_free(p8);
return NULL;
}
int
PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
int nid_safe, int iter, const char *pass)
{
PKCS7 *p7 = NULL;
int free_safes = 0;
if (!*psafes) {
*psafes = sk_PKCS7_new_null();
if (!*psafes)
return 0;
free_safes = 1;
} else
free_safes = 0;
if (nid_safe == 0)
nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
if (nid_safe == -1)
p7 = PKCS12_pack_p7data(bags);
else
p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
iter, bags);
if (!p7)
goto err;
if (!sk_PKCS7_push(*psafes, p7))
goto err;
return 1;
err:
if (free_safes) {
sk_PKCS7_free(*psafes);
*psafes = NULL;
}
if (p7)
PKCS7_free(p7);
return 0;
}
static int
pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
{
int free_bags;
if (!pbags)
return 1;
if (!*pbags) {
*pbags = sk_PKCS12_SAFEBAG_new_null();
if (!*pbags)
return 0;
free_bags = 1;
} else
free_bags = 0;
if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
if (free_bags) {
sk_PKCS12_SAFEBAG_free(*pbags);
*pbags = NULL;
}
return 0;
}
return 1;
}
PKCS12 *
PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
{
PKCS12 *p12;
if (nid_p7 <= 0)
nid_p7 = NID_pkcs7_data;
p12 = PKCS12_init(nid_p7);
if (!p12)
return NULL;
if (!PKCS12_pack_authsafes(p12, safes)) {
PKCS12_free(p12);
return NULL;
}
return p12;
}

184
externals/libressl/crypto/pkcs12/p12_decr.c vendored Executable file
View File

@@ -0,0 +1,184 @@
/* $OpenBSD: p12_decr.c,v 1.19 2018/05/13 14:22:34 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* Encrypt/Decrypt a buffer based on password and algor, result in a
* malloc'ed buffer
*/
unsigned char *
PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen,
const unsigned char *in, int inlen, unsigned char **data, int *datalen,
int en_de)
{
unsigned char *out;
int outlen, i;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
/* Decrypt data */
if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
algor->parameter, &ctx, en_de)) {
out = NULL;
PKCS12error(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
goto err;
}
if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
PKCS12error(ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
free(out);
out = NULL;
PKCS12error(ERR_R_EVP_LIB);
goto err;
}
outlen = i;
if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
free(out);
out = NULL;
PKCS12error(PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
goto err;
}
outlen += i;
if (datalen)
*datalen = outlen;
if (data)
*data = out;
err:
EVP_CIPHER_CTX_cleanup(&ctx);
return out;
}
/* Decrypt an OCTET STRING and decode ASN1 structure
* if zbuf set zero buffer after use.
*/
void *
PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf)
{
unsigned char *out;
const unsigned char *p;
void *ret;
int outlen;
if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
&out, &outlen, 0)) {
PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
return NULL;
}
p = out;
ret = ASN1_item_d2i(NULL, &p, outlen, it);
if (zbuf)
explicit_bzero(out, outlen);
if (!ret)
PKCS12error(PKCS12_R_DECODE_ERROR);
free(out);
return ret;
}
/* Encode ASN1 structure and encrypt, return OCTET STRING
* if zbuf set zero encoding.
*/
ASN1_OCTET_STRING *
PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
const char *pass, int passlen,
void *obj, int zbuf)
{
ASN1_OCTET_STRING *oct;
unsigned char *in = NULL;
int inlen;
if (!(oct = ASN1_OCTET_STRING_new ())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return NULL;
}
inlen = ASN1_item_i2d(obj, &in, it);
if (!in) {
PKCS12error(PKCS12_R_ENCODE_ERROR);
goto err;
}
if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
&oct->length, 1)) {
PKCS12error(PKCS12_R_ENCRYPT_ERROR);
goto err;
}
if (zbuf)
explicit_bzero(in, inlen);
free(in);
return oct;
err:
free(in);
ASN1_OCTET_STRING_free(oct);
return NULL;
}
IMPLEMENT_PKCS12_STACK_OF(PKCS7)

96
externals/libressl/crypto/pkcs12/p12_init.c vendored Executable file
View File

@@ -0,0 +1,96 @@
/* $OpenBSD: p12_init.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* Initialise a PKCS12 structure to take data */
PKCS12 *
PKCS12_init(int mode)
{
PKCS12 *pkcs12;
if (!(pkcs12 = PKCS12_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return NULL;
}
ASN1_INTEGER_set(pkcs12->version, 3);
pkcs12->authsafes->type = OBJ_nid2obj(mode);
switch (mode) {
case NID_pkcs7_data:
if (!(pkcs12->authsafes->d.data =
ASN1_OCTET_STRING_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
goto err;
}
break;
default:
PKCS12error(PKCS12_R_UNSUPPORTED_PKCS12_MODE);
goto err;
}
return pkcs12;
err:
if (pkcs12 != NULL)
PKCS12_free(pkcs12);
return NULL;
}

197
externals/libressl/crypto/pkcs12/p12_key.c vendored Executable file
View File

@@ -0,0 +1,197 @@
/* $OpenBSD: p12_key.c,v 1.26 2017/05/02 03:59:45 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* PKCS12 compatible key/IV generation */
#ifndef min
#define min(a,b) ((a) < (b) ? (a) : (b))
#endif
int
PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
int saltlen, int id, int iter, int n, unsigned char *out,
const EVP_MD *md_type)
{
int ret;
unsigned char *unipass;
int uniplen;
if (!pass) {
unipass = NULL;
uniplen = 0;
} else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return 0;
}
ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
id, iter, n, out, md_type);
if (ret <= 0)
return 0;
freezero(unipass, uniplen);
return ret;
}
int
PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
int saltlen, int id, int iter, int n, unsigned char *out,
const EVP_MD *md_type)
{
unsigned char *B, *D, *I, *p, *Ai;
int Slen, Plen, Ilen, Ijlen;
int i, j, u, v;
int ret = 0;
BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
EVP_MD_CTX ctx;
v = EVP_MD_block_size(md_type);
u = EVP_MD_size(md_type);
if (u < 0)
return 0;
EVP_MD_CTX_init(&ctx);
D = malloc(v);
Ai = malloc(u);
B = malloc(v + 1);
Slen = v * ((saltlen + v - 1) / v);
if (passlen)
Plen = v * ((passlen + v - 1)/v);
else
Plen = 0;
Ilen = Slen + Plen;
I = malloc(Ilen);
Ij = BN_new();
Bpl1 = BN_new();
if (!D || !Ai || !B || !I || !Ij || !Bpl1)
goto err;
for (i = 0; i < v; i++)
D[i] = id;
p = I;
for (i = 0; i < Slen; i++)
*p++ = salt[i % saltlen];
for (i = 0; i < Plen; i++)
*p++ = pass[i % passlen];
for (;;) {
if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ||
!EVP_DigestUpdate(&ctx, D, v) ||
!EVP_DigestUpdate(&ctx, I, Ilen) ||
!EVP_DigestFinal_ex(&ctx, Ai, NULL))
goto err;
for (j = 1; j < iter; j++) {
if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ||
!EVP_DigestUpdate(&ctx, Ai, u) ||
!EVP_DigestFinal_ex(&ctx, Ai, NULL))
goto err;
}
memcpy (out, Ai, min (n, u));
if (u >= n) {
ret = 1;
goto end;
}
n -= u;
out += u;
for (j = 0; j < v; j++)
B[j] = Ai[j % u];
/* Work out B + 1 first then can use B as tmp space */
if (!BN_bin2bn (B, v, Bpl1))
goto err;
if (!BN_add_word (Bpl1, 1))
goto err;
for (j = 0; j < Ilen; j += v) {
if (!BN_bin2bn(I + j, v, Ij))
goto err;
if (!BN_add(Ij, Ij, Bpl1))
goto err;
if (!BN_bn2bin(Ij, B))
goto err;
Ijlen = BN_num_bytes (Ij);
/* If more than 2^(v*8) - 1 cut off MSB */
if (Ijlen > v) {
if (!BN_bn2bin (Ij, B))
goto err;
memcpy (I + j, B + 1, v);
#ifndef PKCS12_BROKEN_KEYGEN
/* If less than v bytes pad with zeroes */
} else if (Ijlen < v) {
memset(I + j, 0, v - Ijlen);
if (!BN_bn2bin(Ij, I + j + v - Ijlen))
goto err;
#endif
} else if (!BN_bn2bin (Ij, I + j))
goto err;
}
}
err:
PKCS12error(ERR_R_MALLOC_FAILURE);
end:
free(Ai);
free(B);
free(D);
free(I);
BN_free(Ij);
BN_free(Bpl1);
EVP_MD_CTX_cleanup(&ctx);
return ret;
}

295
externals/libressl/crypto/pkcs12/p12_kiss.c vendored Executable file
View File

@@ -0,0 +1,295 @@
/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* Simplified PKCS#12 routines */
static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
/* Parse and decrypt a PKCS#12 structure returning user key, user cert
* and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
* or it should point to a valid STACK structure. pkey and cert can be
* passed unitialised.
*/
int
PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
STACK_OF(X509) **ca)
{
STACK_OF(X509) *ocerts = NULL;
X509 *x = NULL;
/* Check for NULL PKCS12 structure */
if (!p12) {
PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
return 0;
}
if (pkey)
*pkey = NULL;
if (cert)
*cert = NULL;
/* Check the mac */
/* If password is zero length or NULL then try verifying both cases
* to determine which password is correct. The reason for this is that
* under PKCS#12 password based encryption no password and a zero length
* password are two different things...
*/
if (!pass || !*pass) {
if (PKCS12_verify_mac(p12, NULL, 0))
pass = NULL;
else if (PKCS12_verify_mac(p12, "", 0))
pass = "";
else {
PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
goto err;
}
} else if (!PKCS12_verify_mac(p12, pass, -1)) {
PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
goto err;
}
/* Allocate stack for other certificates */
ocerts = sk_X509_new_null();
if (!ocerts) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return 0;
}
if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) {
PKCS12error(PKCS12_R_PARSE_ERROR);
goto err;
}
while ((x = sk_X509_pop(ocerts))) {
if (pkey && *pkey && cert && !*cert) {
if (X509_check_private_key(x, *pkey)) {
*cert = x;
x = NULL;
}
}
if (ca && x) {
if (!*ca)
*ca = sk_X509_new_null();
if (!*ca)
goto err;
if (!sk_X509_push(*ca, x))
goto err;
x = NULL;
}
X509_free(x);
}
if (ocerts)
sk_X509_pop_free(ocerts, X509_free);
return 1;
err:
if (pkey && *pkey)
EVP_PKEY_free(*pkey);
if (cert)
X509_free(*cert);
X509_free(x);
if (ocerts)
sk_X509_pop_free(ocerts, X509_free);
return 0;
}
/* Parse the outer PKCS#12 structure */
static int
parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey,
STACK_OF(X509) *ocerts)
{
STACK_OF(PKCS7) *asafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid;
PKCS7 *p7;
if (!(asafes = PKCS12_unpack_authsafes (p12)))
return 0;
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
p7 = sk_PKCS7_value (asafes, i);
bagnid = OBJ_obj2nid (p7->type);
if (bagnid == NID_pkcs7_data) {
bags = PKCS12_unpack_p7data(p7);
} else if (bagnid == NID_pkcs7_encrypted) {
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
} else
continue;
if (!bags) {
sk_PKCS7_pop_free(asafes, PKCS7_free);
return 0;
}
if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sk_PKCS7_pop_free(asafes, PKCS7_free);
return 0;
}
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
}
sk_PKCS7_pop_free(asafes, PKCS7_free);
return 1;
}
static int
parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen,
EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
{
int i;
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), pass, passlen,
pkey, ocerts))
return 0;
}
return 1;
}
static int
parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey,
STACK_OF(X509) *ocerts)
{
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
ASN1_TYPE *attrib;
ASN1_BMPSTRING *fname = NULL;
ASN1_OCTET_STRING *lkid = NULL;
if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
fname = attrib->value.bmpstring;
if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
lkid = attrib->value.octet_string;
switch (OBJ_obj2nid(bag->type)) {
case NID_keyBag:
if (!pkey || *pkey)
return 1;
if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
return 0;
break;
case NID_pkcs8ShroudedKeyBag:
if (!pkey || *pkey)
return 1;
if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
return 0;
*pkey = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
if (!(*pkey))
return 0;
break;
case NID_certBag:
if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate )
return 1;
if (!(x509 = PKCS12_certbag2x509(bag)))
return 0;
if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
X509_free(x509);
return 0;
}
if (fname) {
int len, r;
unsigned char *data;
len = ASN1_STRING_to_UTF8(&data, fname);
if (len >= 0) {
r = X509_alias_set1(x509, data, len);
free(data);
if (!r) {
X509_free(x509);
return 0;
}
}
}
if (!sk_X509_push(ocerts, x509)) {
X509_free(x509);
return 0;
}
break;
case NID_safeContentsBag:
return parse_bags(bag->value.safes, pass, passlen,
pkey, ocerts);
break;
default:
return 1;
break;
}
return 1;
}

205
externals/libressl/crypto/pkcs12/p12_mutl.c vendored Executable file
View File

@@ -0,0 +1,205 @@
/* $OpenBSD: p12_mutl.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_HMAC
#include <openssl/err.h>
#include <openssl/hmac.h>
#include <openssl/pkcs12.h>
/* Generate a MAC */
int
PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
unsigned char *mac, unsigned int *maclen)
{
const EVP_MD *md_type;
HMAC_CTX hmac;
unsigned char key[EVP_MAX_MD_SIZE], *salt;
int saltlen, iter;
int md_size;
if (!PKCS7_type_is_data(p12->authsafes)) {
PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
return 0;
}
salt = p12->mac->salt->data;
saltlen = p12->mac->salt->length;
if (!p12->mac->iter)
iter = 1;
else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
PKCS12error(PKCS12_R_DECODE_ERROR);
return 0;
}
if (!(md_type = EVP_get_digestbyobj(
p12->mac->dinfo->algor->algorithm))) {
PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
return 0;
}
md_size = EVP_MD_size(md_type);
if (md_size < 0)
return 0;
if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
md_size, key, md_type)) {
PKCS12error(PKCS12_R_KEY_GEN_ERROR);
return 0;
}
HMAC_CTX_init(&hmac);
if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) ||
!HMAC_Update(&hmac, p12->authsafes->d.data->data,
p12->authsafes->d.data->length) ||
!HMAC_Final(&hmac, mac, maclen)) {
HMAC_CTX_cleanup(&hmac);
return 0;
}
HMAC_CTX_cleanup(&hmac);
return 1;
}
/* Verify the mac */
int
PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
{
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
if (p12->mac == NULL) {
PKCS12error(PKCS12_R_MAC_ABSENT);
return 0;
}
if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ||
memcmp(mac, p12->mac->dinfo->digest->data, maclen))
return 0;
return 1;
}
/* Set a mac */
int
PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt,
int saltlen, int iter, const EVP_MD *md_type)
{
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
if (!md_type)
md_type = EVP_sha1();
if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) ==
PKCS12_ERROR) {
PKCS12error(PKCS12_R_MAC_SETUP_ERROR);
return 0;
}
if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
PKCS12error(PKCS12_R_MAC_STRING_SET_ERROR);
return 0;
}
return 1;
}
/* Set up a mac structure */
int
PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
const EVP_MD *md_type)
{
if (!(p12->mac = PKCS12_MAC_DATA_new()))
return PKCS12_ERROR;
if (iter > 1) {
if (!(p12->mac->iter = ASN1_INTEGER_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return 0;
}
if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return 0;
}
}
if (!saltlen)
saltlen = PKCS12_SALT_LEN;
if (!(p12->mac->salt->data = malloc(saltlen))) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return 0;
}
p12->mac->salt->length = saltlen;
if (!salt)
arc4random_buf(p12->mac->salt->data, saltlen);
else
memcpy (p12->mac->salt->data, salt, saltlen);
p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return 0;
}
p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
return 1;
}
#endif

245
externals/libressl/crypto/pkcs12/p12_npas.c vendored Executable file
View File

@@ -0,0 +1,245 @@
/* $OpenBSD: p12_npas.c,v 1.13 2018/05/13 14:22:34 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* PKCS#12 password change routine */
static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
const char *newpass);
static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
const char *newpass);
static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
/*
* Change the password on a PKCS#12 structure.
*/
int
PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
{
/* Check for NULL PKCS12 structure */
if (!p12) {
PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
return 0;
}
/* Check the mac */
if (!PKCS12_verify_mac(p12, oldpass, -1)) {
PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
return 0;
}
if (!newpass_p12(p12, oldpass, newpass)) {
PKCS12error(PKCS12_R_PARSE_ERROR);
return 0;
}
return 1;
}
/* Parse the outer PKCS#12 structure */
static int
newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
{
STACK_OF(PKCS7) *asafes, *newsafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
PKCS7 *p7, *p7new;
ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
if (!(asafes = PKCS12_unpack_authsafes(p12)))
return 0;
if (!(newsafes = sk_PKCS7_new_null()))
return 0;
for (i = 0; i < sk_PKCS7_num(asafes); i++) {
p7 = sk_PKCS7_value(asafes, i);
bagnid = OBJ_obj2nid(p7->type);
if (bagnid == NID_pkcs7_data) {
bags = PKCS12_unpack_p7data(p7);
} else if (bagnid == NID_pkcs7_encrypted) {
bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
if (!alg_get(p7->d.encrypted->enc_data->algorithm,
&pbe_nid, &pbe_iter, &pbe_saltlen)) {
sk_PKCS12_SAFEBAG_pop_free(bags,
PKCS12_SAFEBAG_free);
bags = NULL;
}
} else
continue;
if (bags == NULL)
goto err;
if (!newpass_bags(bags, oldpass, newpass)) {
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
goto err;
}
/* Repack bag in same form with new password */
if (bagnid == NID_pkcs7_data)
p7new = PKCS12_pack_p7data(bags);
else
p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1,
NULL, pbe_saltlen, pbe_iter, bags);
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if (p7new == NULL)
goto err;
if (sk_PKCS7_push(newsafes, p7new) == 0)
goto err;
}
sk_PKCS7_pop_free(asafes, PKCS7_free);
/* Repack safe: save old safe in case of error */
p12_data_tmp = p12->authsafes->d.data;
if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) {
p12->authsafes->d.data = p12_data_tmp;
goto err;
}
if (!PKCS12_pack_authsafes(p12, newsafes))
goto saferr;
if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
goto saferr;
if (!(macnew = ASN1_OCTET_STRING_new()))
goto saferr;
if (!ASN1_OCTET_STRING_set(macnew, mac, maclen))
goto saferr;
ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
p12->mac->dinfo->digest = macnew;
ASN1_OCTET_STRING_free(p12_data_tmp);
return 1;
saferr:
/* Restore old safe */
ASN1_OCTET_STRING_free(p12->authsafes->d.data);
ASN1_OCTET_STRING_free(macnew);
p12->authsafes->d.data = p12_data_tmp;
return 0;
err:
sk_PKCS7_pop_free(asafes, PKCS7_free);
sk_PKCS7_pop_free(newsafes, PKCS7_free);
return 0;
}
static int
newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
const char *newpass)
{
int i;
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
oldpass, newpass))
return 0;
}
return 1;
}
/* Change password of safebag: only needs handle shrouded keybags */
static int
newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, const char *newpass)
{
PKCS8_PRIV_KEY_INFO *p8;
X509_SIG *p8new;
int p8_nid, p8_saltlen, p8_iter;
if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
return 1;
if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
return 0;
if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
&p8_saltlen))
return 0;
if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
p8_iter, p8))) return 0;
X509_SIG_free(bag->value.shkeybag);
bag->value.shkeybag = p8new;
return 1;
}
static int
alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
{
PBEPARAM *pbe;
const unsigned char *p;
p = alg->parameter->value.sequence->data;
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
if (!pbe)
return 0;
*pnid = OBJ_obj2nid(alg->algorithm);
*piter = ASN1_INTEGER_get(pbe->iter);
*psaltlen = pbe->salt->length;
PBEPARAM_free(pbe);
return 1;
}

68
externals/libressl/crypto/pkcs12/p12_p8d.c vendored Executable file
View File

@@ -0,0 +1,68 @@
/* $OpenBSD: p12_p8d.c,v 1.7 2018/05/13 14:28:14 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/pkcs12.h>
PKCS8_PRIV_KEY_INFO *
PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen)
{
return PKCS12_item_decrypt_d2i(p8->algor,
&PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8->digest, 1);
}

100
externals/libressl/crypto/pkcs12/p12_p8e.c vendored Executable file
View File

@@ -0,0 +1,100 @@
/* $OpenBSD: p12_p8e.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
X509_SIG *
PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
int passlen, unsigned char *salt, int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8inf)
{
X509_SIG *p8 = NULL;
X509_ALGOR *pbe;
if (!(p8 = X509_SIG_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
goto err;
}
if (pbe_nid == -1)
pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
else
pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
if (!pbe) {
PKCS12error(ERR_R_ASN1_LIB);
goto err;
}
X509_ALGOR_free(p8->algor);
p8->algor = pbe;
ASN1_OCTET_STRING_free(p8->digest);
p8->digest = PKCS12_item_i2d_encrypt(pbe,
&PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8inf, 1);
if (!p8->digest) {
PKCS12error(PKCS12_R_ENCRYPT_ERROR);
goto err;
}
return p8;
err:
X509_SIG_free(p8);
return NULL;
}

185
externals/libressl/crypto/pkcs12/p12_utl.c vendored Executable file
View File

@@ -0,0 +1,185 @@
/* $OpenBSD: p12_utl.c,v 1.16 2018/05/30 15:32:11 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <limits.h>
#include <stdio.h>
#include <string.h>
#include <openssl/pkcs12.h>
/* Cheap and nasty Unicode stuff */
unsigned char *
OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
{
size_t ulen, i;
unsigned char *unitmp;
if (asclen < 0)
ulen = strlen(asc);
else
ulen = (size_t)asclen;
ulen++;
if (ulen == 0) /* unlikely overflow */
return NULL;
if ((unitmp = reallocarray(NULL, ulen, 2)) == NULL)
return NULL;
ulen *= 2;
/* XXX This interface ought to use unsigned types */
if (ulen > INT_MAX) {
free(unitmp);
return NULL;
}
for (i = 0; i < ulen - 2; i += 2) {
unitmp[i] = 0;
unitmp[i + 1] = *asc++;
}
/* Make result double-NUL terminated */
unitmp[ulen - 2] = 0;
unitmp[ulen - 1] = 0;
if (unilen)
*unilen = ulen;
if (uni)
*uni = unitmp;
return unitmp;
}
char *
OPENSSL_uni2asc(const unsigned char *uni, int unilen)
{
size_t asclen, u16len, i;
char *asctmp;
if (unilen < 0)
return NULL;
asclen = u16len = (size_t)unilen / 2;
/* If no terminating NUL, allow for one */
if (unilen == 0 || uni[unilen - 1] != '\0')
asclen++;
if ((asctmp = malloc(asclen)) == NULL)
return NULL;
/* Skip first zero byte */
uni++;
for (i = 0; i < u16len; i++) {
asctmp[i] = *uni;
uni += 2;
}
asctmp[asclen - 1] = '\0';
return asctmp;
}
int
i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
{
return ASN1_item_i2d_bio(&PKCS12_it, bp, p12);
}
int
i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
{
return ASN1_item_i2d_fp(&PKCS12_it, fp, p12);
}
PKCS12 *
d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
{
return ASN1_item_d2i_bio(&PKCS12_it, bp, p12);
}
PKCS12 *
d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
{
return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);
}
PKCS12_SAFEBAG *
PKCS12_x5092certbag(X509 *x509)
{
return PKCS12_item_pack_safebag(x509, &X509_it,
NID_x509Certificate, NID_certBag);
}
PKCS12_SAFEBAG *
PKCS12_x509crl2certbag(X509_CRL *crl)
{
return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
NID_x509Crl, NID_crlBag);
}
X509 *
PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
{
if (OBJ_obj2nid(bag->type) != NID_certBag)
return NULL;
if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
return NULL;
return ASN1_item_unpack(bag->value.bag->value.octet,
&X509_it);
}
X509_CRL *
PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
{
if (OBJ_obj2nid(bag->type) != NID_crlBag)
return NULL;
if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
return NULL;
return ASN1_item_unpack(bag->value.bag->value.octet,
&X509_CRL_it);
}

116
externals/libressl/crypto/pkcs12/pk12err.c vendored Executable file
View File

@@ -0,0 +1,116 @@
/* $OpenBSD: pk12err.c,v 1.11 2020/06/05 16:51:12 jsing Exp $ */
/* ====================================================================
* Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/opensslconf.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
static ERR_STRING_DATA PKCS12_str_functs[]= {
{ERR_FUNC(0xfff), "CRYPTO_internal"},
{0, NULL}
};
static ERR_STRING_DATA PKCS12_str_reasons[]= {
{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"},
{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"},
{ERR_REASON(PKCS12_R_DECODE_ERROR) , "decode error"},
{ERR_REASON(PKCS12_R_ENCODE_ERROR) , "encode error"},
{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) , "encrypt error"},
{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), "error setting encrypted data type"},
{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER), "invalid null pkcs12 pointer"},
{ERR_REASON(PKCS12_R_IV_GEN_ERROR) , "iv gen error"},
{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) , "key gen error"},
{ERR_REASON(PKCS12_R_MAC_ABSENT) , "mac absent"},
{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) , "mac setup error"},
{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) , "mac verify error"},
{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) , "mac verify failure"},
{ERR_REASON(PKCS12_R_PARSE_ERROR) , "parse error"},
{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), "pkcs12 algor cipherinit error"},
{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR), "pkcs12 cipherfinal error"},
{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"},
{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), "unknown digest algorithm"},
{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"},
{0, NULL}
};
#endif
void
ERR_load_PKCS12_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
ERR_load_strings(0, PKCS12_str_functs);
ERR_load_strings(0, PKCS12_str_reasons);
}
#endif
}