summaryrefslogtreecommitdiff
path: root/Cryptlib/OpenSSL/crypto/pkcs12
diff options
context:
space:
mode:
authorMathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>2017-09-13 12:09:40 -0700
committerMathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>2017-09-13 12:09:40 -0700
commitb6f94dbeacfc6f0a507413096189304c58dbe66c (patch)
treebce8c7db22209078618294c51d95a0c033aec7d9 /Cryptlib/OpenSSL/crypto/pkcs12
parent25f7fd1fb389a5f6356f353d16c5ead80dac6bbc (diff)
downloadefi-boot-shim-upstream/13_git1505328970.9c1c35c5.tar.gz
efi-boot-shim-upstream/13_git1505328970.9c1c35c5.zip
New upstream version 13~git1505328970.9c1c35c5upstream/13_git1505328970.9c1c35c5
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/pkcs12')
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c130
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c63
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c116
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c87
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c115
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c107
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c73
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c139
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c108
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h43
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c206
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c86
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c71
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c110
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c170
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c260
-rw-r--r--Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c88
17 files changed, 1156 insertions, 816 deletions
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
index 193ed809..d9f03a39 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
@@ -1,16 +1,65 @@
+/* p12_add.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
-#include "p12_lcl.h"
/* Pack an object into an OCTET STRING and turn into a safebag */
@@ -19,8 +68,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
{
PKCS12_BAGS *bag;
PKCS12_SAFEBAG *safebag;
-
- if ((bag = PKCS12_BAGS_new()) == NULL) {
+ if (!(bag = PKCS12_BAGS_new())) {
PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -29,7 +77,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
goto err;
}
- if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
+ if (!(safebag = PKCS12_SAFEBAG_new())) {
PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -42,17 +90,64 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
return NULL;
}
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
+{
+ PKCS12_SAFEBAG *bag;
+ if (!(bag = PKCS12_SAFEBAG_new())) {
+ PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ bag->type = OBJ_nid2obj(NID_keyBag);
+ bag->value.keybag = p8;
+ return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+ int passlen, unsigned char *salt,
+ int saltlen, int iter,
+ PKCS8_PRIV_KEY_INFO *p8)
+{
+ PKCS12_SAFEBAG *bag;
+ const EVP_CIPHER *pbe_ciph;
+
+ /* Set up the safe bag */
+ if (!(bag = PKCS12_SAFEBAG_new())) {
+ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+
+ pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+ if (pbe_ciph)
+ pbe_nid = -1;
+
+ if (!(bag->value.shkeybag =
+ PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
+ p8))) {
+ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+ PKCS12_SAFEBAG_free(bag);
+ return NULL;
+ }
+
+ return bag;
+}
+
/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
{
PKCS7 *p7;
-
- if ((p7 = PKCS7_new()) == NULL) {
+ if (!(p7 = PKCS7_new())) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
return NULL;
}
p7->type = OBJ_nid2obj(NID_pkcs7_data);
- if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) {
+ if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -88,8 +183,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
PKCS7 *p7;
X509_ALGOR *pbe;
const EVP_CIPHER *pbe_ciph;
-
- if ((p7 = PKCS7_new()) == NULL) {
+ if (!(p7 = PKCS7_new())) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -112,7 +206,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
}
X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
p7->d.encrypted->enc_data->algorithm = pbe;
- ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+ M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
if (!(p7->d.encrypted->enc_data->enc_data =
PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
passlen, bags, 1))) {
@@ -138,7 +232,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
p7->d.encrypted->enc_data->enc_data, 1);
}
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
const char *pass, int passlen)
{
return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
@@ -152,7 +246,7 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
return 0;
}
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
{
if (!PKCS7_type_is_data(p12->authsafes)) {
PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c
index f2bfe32e..370ddbd6 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c
@@ -1,17 +1,66 @@
+/* p12_asn.c */
/*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pkcs12.h>
-#include "p12_lcl.h"
/* PKCS#12 ASN1 module */
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c
index c324f505..fff3ba1e 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c
@@ -1,16 +1,65 @@
+/* p12_attr.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
-#include "p12_lcl.h"
/* Add a local keyid to a safebag */
@@ -28,9 +77,13 @@ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
{
- unsigned char us_val = (unsigned char)usage;
- return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage,
- V_ASN1_BIT_STRING, &us_val, 1);
+ unsigned char us_val;
+ us_val = (unsigned char)usage;
+ if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
+ V_ASN1_BIT_STRING, &us_val, 1))
+ return 1;
+ else
+ return 0;
}
/* Add a friendlyname to a safebag */
@@ -45,16 +98,6 @@ int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
return 0;
}
-int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
- int namelen)
-{
- if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
- MBSTRING_UTF8, (unsigned char *)name, namelen))
- return 1;
- else
- return 0;
-}
-
int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
const unsigned char *name, int namelen)
{
@@ -74,30 +117,31 @@ int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
return 0;
}
-ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
- int attr_nid)
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
{
X509_ATTRIBUTE *attrib;
int i;
- i = X509at_get_attr_by_NID(attrs, attr_nid, -1);
- attrib = X509at_get_attr(attrs, i);
- return X509_ATTRIBUTE_get0_type(attrib, 0);
+ if (!attrs)
+ return NULL;
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
+ attrib = sk_X509_ATTRIBUTE_value(attrs, i);
+ if (OBJ_obj2nid(attrib->object) == attr_nid) {
+ if (sk_ASN1_TYPE_num(attrib->value.set))
+ return sk_ASN1_TYPE_value(attrib->value.set, 0);
+ else
+ return NULL;
+ }
+ }
+ return NULL;
}
char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
{
- const ASN1_TYPE *atype;
-
- if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL)
+ ASN1_TYPE *atype;
+ if (!(atype = PKCS12_get_attr(bag, NID_friendlyName)))
return NULL;
if (atype->type != V_ASN1_BMPSTRING)
return NULL;
- return OPENSSL_uni2utf8(atype->value.bmpstring->data,
- atype->value.bmpstring->length);
-}
-
-const STACK_OF(X509_ATTRIBUTE) *
-PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
-{
- return bag->attrib;
+ return OPENSSL_uni2asc(atype->value.bmpstring->data,
+ atype->value.bmpstring->length);
}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c
index feef9d1f..9c2dcab0 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c
@@ -1,14 +1,64 @@
+/* p12_crpt.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
/* PKCS#12 PBE algorithms now in static table */
@@ -24,22 +74,21 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
PBEPARAM *pbe;
int saltlen, iter, ret;
unsigned char *salt;
+ const unsigned char *pbuf;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
- int (*pkcs12_key_gen)(const char *pass, int passlen,
- unsigned char *salt, int slen,
- int id, int iter, int n,
- unsigned char *out,
- const EVP_MD *md_type);
-
- pkcs12_key_gen = PKCS12_key_gen_utf8;
if (cipher == NULL)
return 0;
/* Extract useful info from parameter */
+ if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+ param->value.sequence == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+ return 0;
+ }
- pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
- if (pbe == NULL) {
+ pbuf = param->value.sequence->data;
+ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
return 0;
}
@@ -50,14 +99,14 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
iter = ASN1_INTEGER_get(pbe->iter);
salt = pbe->salt->data;
saltlen = pbe->salt->length;
- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
- iter, EVP_CIPHER_key_length(cipher), key, md)) {
+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+ iter, EVP_CIPHER_key_length(cipher), key, md)) {
PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
PBEPARAM_free(pbe);
return 0;
}
- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_IV_ID,
- iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
+ iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
PBEPARAM_free(pbe);
return 0;
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
index 10cf8dd5..7d2aeefa 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
@@ -1,16 +1,65 @@
+/* p12_crt.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
-#include "p12_lcl.h"
static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
PKCS12_SAFEBAG *bag);
@@ -28,7 +77,7 @@ static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
return 1;
}
-PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
int mac_iter, int keytype)
{
@@ -41,12 +90,18 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *
unsigned int keyidlen = 0;
/* Set defaults */
- if (!nid_cert)
+ if (!nid_cert) {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+#endif
#ifdef OPENSSL_NO_RC2
- nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
#else
- nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+ nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
#endif
+ }
if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if (!iter)
@@ -124,9 +179,13 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *
return p12;
err:
- PKCS12_free(p12);
- sk_PKCS7_pop_free(safes, PKCS7_free);
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+
+ if (p12)
+ PKCS12_free(p12);
+ if (safes)
+ sk_PKCS7_pop_free(safes, PKCS7_free);
+ if (bags)
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
return NULL;
}
@@ -140,7 +199,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
int keyidlen = -1;
/* Add user certificate */
- if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
+ if (!(bag = PKCS12_x5092certbag(cert)))
goto err;
/*
@@ -163,30 +222,32 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
return bag;
err:
- PKCS12_SAFEBAG_free(bag);
+
+ if (bag)
+ PKCS12_SAFEBAG_free(bag);
+
return NULL;
}
PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
EVP_PKEY *key, int key_usage, int iter,
- int nid_key, const char *pass)
+ int nid_key, char *pass)
{
PKCS12_SAFEBAG *bag = NULL;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
/* Make a PKCS#8 structure */
- if ((p8 = EVP_PKEY2PKCS8(key)) == NULL)
+ if (!(p8 = EVP_PKEY2PKCS8(key)))
goto err;
if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
goto err;
if (nid_key != -1) {
- bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0,
- iter, p8);
+ bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
} else
- bag = PKCS12_SAFEBAG_create0_p8inf(p8);
+ bag = PKCS12_MAKE_KEYBAG(p8);
if (!bag)
goto err;
@@ -197,13 +258,16 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
return bag;
err:
- PKCS12_SAFEBAG_free(bag);
+
+ if (bag)
+ PKCS12_SAFEBAG_free(bag);
+
return NULL;
}
int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
- int nid_safe, int iter, const char *pass)
+ int nid_safe, int iter, char *pass)
{
PKCS7 *p7 = NULL;
int free_safes = 0;
@@ -240,7 +304,10 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
sk_PKCS7_free(*psafes);
*psafes = NULL;
}
- PKCS7_free(p7);
+
+ if (p7)
+ PKCS7_free(p7);
+
return 0;
}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c
index 3c860584..b40ea10c 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c
@@ -1,54 +1,99 @@
+/* p12_decr.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
/* Define this to dump decrypted output to files called DERnnn */
/*
- * #define OPENSSL_DEBUG_DECRYPT
+ * #define DEBUG_DECRYPT
*/
/*
* Encrypt/Decrypt a buffer based on password and algor, result in a
* OPENSSL_malloc'ed buffer
*/
-unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
- const char *pass, int passlen,
- const unsigned char *in, int inlen,
+
+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+ int passlen, unsigned char *in, int inlen,
unsigned char **data, int *datalen, int en_de)
{
- unsigned char *out = NULL;
+ unsigned char *out;
int outlen, i;
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
-
- if (ctx == NULL) {
- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
/* Decrypt data */
if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
- algor->parameter, ctx, en_de)) {
+ algor->parameter, &ctx, en_de)) {
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
- goto err;
+ return NULL;
}
- if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
- == NULL) {
+ if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
+ if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
OPENSSL_free(out);
out = NULL;
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
@@ -56,7 +101,7 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
}
outlen = i;
- if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
+ if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
OPENSSL_free(out);
out = NULL;
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
@@ -69,7 +114,7 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
if (data)
*data = out;
err:
- EVP_CIPHER_CTX_free(ctx);
+ EVP_CIPHER_CTX_cleanup(&ctx);
return out;
}
@@ -79,9 +124,9 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
* after use.
*/
-void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
const char *pass, int passlen,
- const ASN1_OCTET_STRING *oct, int zbuf)
+ ASN1_OCTET_STRING *oct, int zbuf)
{
unsigned char *out;
const unsigned char *p;
@@ -95,7 +140,7 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
return NULL;
}
p = out;
-#ifdef OPENSSL_DEBUG_DECRYPT
+#ifdef DEBUG_DECRYPT
{
FILE *op;
@@ -129,8 +174,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
ASN1_OCTET_STRING *oct = NULL;
unsigned char *in = NULL;
int inlen;
-
- if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+ if (!(oct = M_ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -150,6 +194,9 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
OPENSSL_free(in);
return oct;
err:
- ASN1_OCTET_STRING_free(oct);
+ if (oct)
+ ASN1_OCTET_STRING_free(oct);
return NULL;
}
+
+IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c
index a78e183c..0322df94 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c
@@ -1,24 +1,72 @@
+/* p12_init.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
-#include "p12_lcl.h"
/* Initialise a PKCS12 structure to take data */
PKCS12 *PKCS12_init(int mode)
{
PKCS12 *pkcs12;
-
- if ((pkcs12 = PKCS12_new()) == NULL) {
+ if (!(pkcs12 = PKCS12_new())) {
PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -26,7 +74,7 @@ PKCS12 *PKCS12_init(int mode)
pkcs12->authsafes->type = OBJ_nid2obj(mode);
switch (mode) {
case NID_pkcs7_data:
- if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) {
+ if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -35,9 +83,10 @@ PKCS12 *PKCS12_init(int mode)
PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
goto err;
}
- return pkcs12;
+ return pkcs12;
err:
- PKCS12_free(pkcs12);
+ if (pkcs12 != NULL)
+ PKCS12_free(pkcs12);
return NULL;
}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c
index 9c13a451..99b8260c 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c
@@ -1,22 +1,72 @@
+/* p12_key.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
#include <openssl/bn.h>
/* Uncomment out this line to get debugging info about key generation */
/*
- * #define OPENSSL_DEBUG_KEYGEN
+ * #define DEBUG_KEYGEN
*/
-#ifdef OPENSSL_DEBUG_KEYGEN
+#ifdef DEBUG_KEYGEN
# include <openssl/bio.h>
extern BIO *bio_err;
void h__dump(unsigned char *p, int len);
@@ -46,30 +96,10 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
id, iter, n, out, md_type);
if (ret <= 0)
return 0;
- OPENSSL_clear_free(unipass, uniplen);
- return ret;
-}
-
-int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
- int saltlen, int id, int iter, int n,
- unsigned char *out, const EVP_MD *md_type)
-{
- int ret;
- unsigned char *unipass;
- int uniplen;
-
- if (!pass) {
- unipass = NULL;
- uniplen = 0;
- } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) {
- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UTF8, ERR_R_MALLOC_FAILURE);
- return 0;
+ if (unipass) {
+ OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
+ OPENSSL_free(unipass);
}
- ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
- id, iter, n, out, md_type);
- if (ret <= 0)
- return 0;
- OPENSSL_clear_free(unipass, uniplen);
return ret;
}
@@ -77,22 +107,26 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
int saltlen, int id, int iter, int n,
unsigned char *out, const EVP_MD *md_type)
{
- unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL;
+ unsigned char *B, *D, *I, *p, *Ai;
int Slen, Plen, Ilen, Ijlen;
int i, j, u, v;
int ret = 0;
- BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */
- EVP_MD_CTX *ctx = NULL;
-#ifdef OPENSSL_DEBUG_KEYGEN
+ BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
+ EVP_MD_CTX ctx;
+#ifdef DEBUG_KEYGEN
unsigned char *tmpout = out;
int tmpn = n;
#endif
- ctx = EVP_MD_CTX_new();
- if (ctx == NULL)
- goto err;
+#if 0
+ if (!pass) {
+ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+#endif
-#ifdef OPENSSL_DEBUG_KEYGEN
+ EVP_MD_CTX_init(&ctx);
+#ifdef DEBUG_KEYGEN
fprintf(stderr, "KEYGEN DEBUG\n");
fprintf(stderr, "ID %d, ITER %d\n", id, iter);
fprintf(stderr, "Password (length %d):\n", passlen);
@@ -102,8 +136,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
#endif
v = EVP_MD_block_size(md_type);
u = EVP_MD_size(md_type);
- if (u < 0 || v <= 0)
- goto err;
+ if (u < 0)
+ return 0;
D = OPENSSL_malloc(v);
Ai = OPENSSL_malloc(u);
B = OPENSSL_malloc(v + 1);
@@ -116,8 +150,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
I = OPENSSL_malloc(Ilen);
Ij = BN_new();
Bpl1 = BN_new();
- if (D == NULL || Ai == NULL || B == NULL || I == NULL || Ij == NULL
- || Bpl1 == NULL)
+ if (!D || !Ai || !B || !I || !Ij || !Bpl1)
goto err;
for (i = 0; i < v; i++)
D[i] = id;
@@ -127,20 +160,20 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
for (i = 0; i < Plen; i++)
*p++ = pass[i % passlen];
for (;;) {
- if (!EVP_DigestInit_ex(ctx, md_type, NULL)
- || !EVP_DigestUpdate(ctx, D, v)
- || !EVP_DigestUpdate(ctx, I, Ilen)
- || !EVP_DigestFinal_ex(ctx, Ai, NULL))
+ if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
+ || !EVP_DigestUpdate(&ctx, D, v)
+ || !EVP_DigestUpdate(&ctx, I, Ilen)
+ || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
goto err;
for (j = 1; j < iter; j++) {
- if (!EVP_DigestInit_ex(ctx, md_type, NULL)
- || !EVP_DigestUpdate(ctx, Ai, u)
- || !EVP_DigestFinal_ex(ctx, Ai, NULL))
+ if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
+ || !EVP_DigestUpdate(&ctx, Ai, u)
+ || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
goto err;
}
memcpy(out, Ai, min(n, u));
if (u >= n) {
-#ifdef OPENSSL_DEBUG_KEYGEN
+#ifdef DEBUG_KEYGEN
fprintf(stderr, "Output KEY (length %d)\n", tmpn);
h__dump(tmpout, tmpn);
#endif
@@ -191,11 +224,11 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
OPENSSL_free(I);
BN_free(Ij);
BN_free(Bpl1);
- EVP_MD_CTX_free(ctx);
+ EVP_MD_CTX_cleanup(&ctx);
return ret;
}
-#ifdef OPENSSL_DEBUG_KEYGEN
+#ifdef DEBUG_KEYGEN
void h__dump(unsigned char *p, int len)
{
for (; len--; p++)
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
index 62f5d1ec..9aa3c90c 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
@@ -1,14 +1,64 @@
+/* p12_kiss.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
/* Simplified PKCS#12 routines */
@@ -16,7 +66,7 @@
static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
-static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
@@ -26,7 +76,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
* Parse and decrypt a PKCS#12 structure returning user key, user cert and
* other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it
* should point to a valid STACK structure. pkey and cert can be passed
- * uninitialised.
+ * unitialised.
*/
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
@@ -102,21 +152,25 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
goto err;
x = NULL;
}
- X509_free(x);
+ if (x)
+ X509_free(x);
}
- sk_X509_pop_free(ocerts, X509_free);
+ if (ocerts)
+ sk_X509_pop_free(ocerts, X509_free);
return 1;
err:
- if (pkey)
+ if (pkey && *pkey)
EVP_PKEY_free(*pkey);
- if (cert)
+ if (cert && *cert)
X509_free(*cert);
- X509_free(x);
- sk_X509_pop_free(ocerts, X509_free);
+ if (x)
+ X509_free(x);
+ if (ocerts)
+ sk_X509_pop_free(ocerts, X509_free);
return 0;
}
@@ -131,7 +185,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
int i, bagnid;
PKCS7 *p7;
- if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+ if (!(asafes = PKCS12_unpack_authsafes(p12)))
return 0;
for (i = 0; i < sk_PKCS7_num(asafes); i++) {
p7 = sk_PKCS7_value(asafes, i);
@@ -157,7 +211,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
return 1;
}
-static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
{
int i;
@@ -174,29 +228,28 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
{
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
- const ASN1_TYPE *attrib;
+ ASN1_TYPE *attrib;
ASN1_BMPSTRING *fname = NULL;
ASN1_OCTET_STRING *lkid = NULL;
- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
+ if ((attrib = PKCS12_get_attr(bag, NID_friendlyName)))
fname = attrib->value.bmpstring;
- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
+ if ((attrib = PKCS12_get_attr(bag, NID_localKeyID)))
lkid = attrib->value.octet_string;
- switch (PKCS12_SAFEBAG_get_nid(bag)) {
+ switch (M_PKCS12_bag_type(bag)) {
case NID_keyBag:
if (!pkey || *pkey)
return 1;
- *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
- if (*pkey == NULL)
+ if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
return 0;
break;
case NID_pkcs8ShroudedKeyBag:
if (!pkey || *pkey)
return 1;
- if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
+ if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
return 0;
*pkey = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
@@ -205,9 +258,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
break;
case NID_certBag:
- if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
return 1;
- if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
+ if (!(x509 = PKCS12_certbag2x509(bag)))
return 0;
if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
X509_free(x509);
@@ -235,11 +288,12 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
break;
case NID_safeContentsBag:
- return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
- ocerts);
+ return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts);
+ break;
default:
return 1;
+ break;
}
return 1;
}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h b/Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h
deleted file mode 100644
index 0b52f1e1..00000000
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-struct PKCS12_MAC_DATA_st {
- X509_SIG *dinfo;
- ASN1_OCTET_STRING *salt;
- ASN1_INTEGER *iter; /* defaults to 1 */
-};
-
-struct PKCS12_st {
- ASN1_INTEGER *version;
- PKCS12_MAC_DATA *mac;
- PKCS7 *authsafes;
-};
-
-struct PKCS12_SAFEBAG_st {
- ASN1_OBJECT *type;
- union {
- struct pkcs12_bag_st *bag; /* secret, crl and certbag */
- struct pkcs8_priv_key_info_st *keybag; /* keybag */
- X509_SIG *shkeybag; /* shrouded key bag */
- STACK_OF(PKCS12_SAFEBAG) *safes;
- ASN1_TYPE *other;
- } value;
- STACK_OF(X509_ATTRIBUTE) *attrib;
-};
-
-struct pkcs12_bag_st {
- ASN1_OBJECT *type;
- union {
- ASN1_OCTET_STRING *x509cert;
- ASN1_OCTET_STRING *x509crl;
- ASN1_OCTET_STRING *octet;
- ASN1_IA5STRING *sdsicert;
- ASN1_TYPE *other; /* Secret or other bag */
- } value;
-};
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
index d6b89192..cbf34da0 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
@@ -1,91 +1,79 @@
+/* p12_mutl.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
+#ifndef OPENSSL_NO_HMAC
# include <stdio.h>
-# include "internal/cryptlib.h"
+# include "cryptlib.h"
# include <openssl/crypto.h>
# include <openssl/hmac.h>
# include <openssl/rand.h>
# include <openssl/pkcs12.h>
-# include "p12_lcl.h"
-
-int PKCS12_mac_present(const PKCS12 *p12)
-{
- return p12->mac ? 1 : 0;
-}
-
-void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
- const X509_ALGOR **pmacalg,
- const ASN1_OCTET_STRING **psalt,
- const ASN1_INTEGER **piter,
- const PKCS12 *p12)
-{
- if (p12->mac) {
- X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);
- if (psalt)
- *psalt = p12->mac->salt;
- if (piter)
- *piter = p12->mac->iter;
- } else {
- if (pmac)
- *pmac = NULL;
- if (pmacalg)
- *pmacalg = NULL;
- if (psalt)
- *psalt = NULL;
- if (piter)
- *piter = NULL;
- }
-}
-
-# define TK26_MAC_KEY_LEN 32
-
-static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
- const unsigned char *salt, int saltlen,
- int iter, int keylen, unsigned char *key,
- const EVP_MD *digest)
-{
- unsigned char out[96];
-
- if (keylen != TK26_MAC_KEY_LEN) {
- return 0;
- }
-
- if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
- digest, sizeof(out), out)) {
- return 0;
- }
- memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN);
- OPENSSL_cleanse(out, sizeof(out));
- return 1;
-}
/* Generate a MAC */
-static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *mac, unsigned int *maclen,
- int (*pkcs12_key_gen)(const char *pass, int passlen,
- unsigned char *salt, int slen,
- int id, int iter, int n,
- unsigned char *out,
- const EVP_MD *md_type))
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *mac, unsigned int *maclen)
{
const EVP_MD *md_type;
- HMAC_CTX *hmac = NULL;
+ HMAC_CTX hmac;
unsigned char key[EVP_MAX_MD_SIZE], *salt;
int saltlen, iter;
- int md_size = 0;
- int md_type_nid;
- const X509_ALGOR *macalg;
- const ASN1_OBJECT *macoid;
-
- if (pkcs12_key_gen == NULL)
- pkcs12_key_gen = PKCS12_key_gen_utf8;
+ int md_size;
if (!PKCS7_type_is_data(p12->authsafes)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
@@ -98,71 +86,46 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
iter = 1;
else
iter = ASN1_INTEGER_get(p12->mac->iter);
- X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
- X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
- if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
+ if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
return 0;
}
md_size = EVP_MD_size(md_type);
- md_type_nid = EVP_MD_type(md_type);
if (md_size < 0)
return 0;
- if ((md_type_nid == NID_id_GostR3411_94
- || md_type_nid == NID_id_GostR3411_2012_256
- || md_type_nid == NID_id_GostR3411_2012_512)
- && !getenv("LEGACY_GOST_PKCS12")) {
- md_size = TK26_MAC_KEY_LEN;
- if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
- md_size, key, md_type)) {
- PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
- return 0;
- }
- } else
- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
- iter, md_size, key, md_type)) {
+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+ md_size, key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
return 0;
}
- hmac = HMAC_CTX_new();
- if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
- || !HMAC_Update(hmac, p12->authsafes->d.data->data,
+ HMAC_CTX_init(&hmac);
+ if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
+ || !HMAC_Update(&hmac, p12->authsafes->d.data->data,
p12->authsafes->d.data->length)
- || !HMAC_Final(hmac, mac, maclen)) {
- HMAC_CTX_free(hmac);
+ || !HMAC_Final(&hmac, mac, maclen)) {
+ HMAC_CTX_cleanup(&hmac);
return 0;
}
- HMAC_CTX_free(hmac);
+ HMAC_CTX_cleanup(&hmac);
return 1;
}
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *mac, unsigned int *maclen)
-{
- return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL);
-}
-
/* Verify the mac */
int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
{
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
- const ASN1_OCTET_STRING *macoct;
-
if (p12->mac == NULL) {
PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
return 0;
}
- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
- PKCS12_key_gen_utf8)) {
+ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
- X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
- if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
- || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0)
+ if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
+ || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
return 0;
-
return 1;
}
@@ -174,7 +137,6 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
{
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
- ASN1_OCTET_STRING *macoct;
if (!md_type)
md_type = EVP_sha1();
@@ -182,16 +144,11 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
return 0;
}
- /*
- * Note that output mac is forced to UTF-8...
- */
- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
- PKCS12_key_gen_utf8)) {
+ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
- X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
- if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
+ if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
return 0;
}
@@ -202,12 +159,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
const EVP_MD *md_type)
{
- X509_ALGOR *macalg;
-
- if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
+ if (!(p12->mac = PKCS12_MAC_DATA_new()))
return PKCS12_ERROR;
if (iter > 1) {
- if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) {
+ if (!(p12->mac->iter = M_ASN1_INTEGER_new())) {
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -228,12 +183,13 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
- X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
- if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
- V_ASN1_NULL, NULL)) {
+ p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
+ if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
+ p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
return 1;
}
+#endif
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
index 0ce75ed3..9e8ebb2a 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
@@ -1,10 +1,60 @@
+/* p12_npas.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
@@ -13,7 +63,6 @@
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
-#include "p12_lcl.h"
/* PKCS#12 password change routine */
@@ -22,8 +71,7 @@ static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
const char *newpass);
static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
const char *newpass);
-static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
- int *psaltlen);
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
/*
* Change the password on a PKCS#12 structure.
@@ -62,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
PKCS7 *p7, *p7new;
- ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;
+ ASN1_OCTET_STRING *p12_data_tmp = NULL;
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
int rv = 0;
@@ -107,11 +155,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
goto err;
if (!PKCS12_pack_authsafes(p12, newsafes))
goto err;
-
if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
goto err;
- X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
- if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
+ if (!ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))
goto err;
rv = 1;
@@ -149,15 +195,13 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
PKCS8_PRIV_KEY_INFO *p8;
X509_SIG *p8new;
int p8_nid, p8_saltlen, p8_iter;
- const X509_ALGOR *shalg;
- if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
+ if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
return 1;
- if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
+ if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
return 0;
- X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
- if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
+ if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen))
return 0;
p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
p8_iter, p8);
@@ -169,11 +213,13 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
return 1;
}
-static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
- int *psaltlen)
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
{
PBEPARAM *pbe;
- pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);
+ const unsigned char *p;
+
+ p = alg->parameter->value.sequence->data;
+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
if (!pbe)
return 0;
*pnid = OBJ_obj2nid(alg->algorithm);
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c
index d926a77d..3cc7a9f4 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c
@@ -1,23 +1,70 @@
+/* p12_p8d.c */
/*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
int passlen)
{
- const X509_ALGOR *dalg;
- const ASN1_OCTET_STRING *doct;
- X509_SIG_get0(p8, &dalg, &doct);
- return PKCS12_item_decrypt_d2i(dalg,
+ return PKCS12_item_decrypt_d2i(p8->algor,
ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
- passlen, doct, 1);
+ passlen, p8->digest, 1);
}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c
index 86a07e13..861a087f 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c
@@ -1,16 +1,65 @@
+/* p12_p8e.c */
/*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
-#include "internal/x509_int.h"
X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
const char *pass, int passlen,
@@ -20,6 +69,11 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
X509_SIG *p8 = NULL;
X509_ALGOR *pbe;
+ if (!(p8 = X509_SIG_new())) {
+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
if (pbe_nid == -1)
pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
@@ -30,40 +84,22 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
}
if (!pbe) {
PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
- return NULL;
- }
- p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe);
- if (p8 == NULL) {
- X509_ALGOR_free(pbe);
- return NULL;
+ goto err;
}
-
- return p8;
-}
-
-X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
- PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe)
-{
- X509_SIG *p8;
- ASN1_OCTET_STRING *enckey;
-
- enckey =
+ X509_ALGOR_free(p8->algor);
+ p8->algor = pbe;
+ M_ASN1_OCTET_STRING_free(p8->digest);
+ p8->digest =
PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
pass, passlen, p8inf, 1);
- if (!enckey) {
- PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR);
- return NULL;
- }
-
- p8 = OPENSSL_zalloc(sizeof(*p8));
-
- if (p8 == NULL) {
- PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE);
- ASN1_OCTET_STRING_free(enckey);
- return NULL;
+ if (!p8->digest) {
+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+ goto err;
}
- p8->algor = pbe;
- p8->digest = enckey;
return p8;
+
+ err:
+ X509_SIG_free(p8);
+ return NULL;
}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c
deleted file mode 100644
index 4a3d2599..00000000
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/pkcs12.h>
-#include "p12_lcl.h"
-
-#if OPENSSL_API_COMPAT < 0x10100000L
-ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
-{
- return PKCS12_get_attr_gen(bag->attrib, attr_nid);
-}
-#endif
-
-const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
- int attr_nid)
-{
- return PKCS12_get_attr_gen(bag->attrib, attr_nid);
-}
-
-ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
-{
- return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
-}
-
-const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
-{
- if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
- return NULL;
- return bag->value.keybag;
-}
-
-const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
-{
- if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
- return NULL;
- return bag->value.shkeybag;
-}
-
-const STACK_OF(PKCS12_SAFEBAG) *
-PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
-{
- if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
- return NULL;
- return bag->value.safes;
-}
-
-const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
-{
- return bag->type;
-}
-
-int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
-{
- return OBJ_obj2nid(bag->type);
-}
-
-int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
-{
- int btype = PKCS12_SAFEBAG_get_nid(bag);
-
- if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
- return -1;
- return OBJ_obj2nid(bag->value.bag->type);
-}
-
-X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
-{
- if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
- return NULL;
- if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
- return NULL;
- return ASN1_item_unpack(bag->value.bag->value.octet,
- ASN1_ITEM_rptr(X509));
-}
-
-X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
-{
- if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
- return NULL;
- if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
- return NULL;
- return ASN1_item_unpack(bag->value.bag->value.octet,
- ASN1_ITEM_rptr(X509_CRL));
-}
-
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
-{
- return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
- NID_x509Certificate, NID_certBag);
-}
-
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
-{
- return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
- NID_x509Crl, NID_crlBag);
-}
-
-/* Turn PKCS8 object into a keybag */
-
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
-{
- PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
-
- if (bag == NULL) {
- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- bag->type = OBJ_nid2obj(NID_keyBag);
- bag->value.keybag = p8;
- return bag;
-}
-
-/* Turn PKCS8 object into a shrouded keybag */
-
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
-{
- PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
-
- /* Set up the safe bag */
- if (bag == NULL) {
- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
- bag->value.shkeybag = p8;
- return bag;
-}
-
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
- const char *pass,
- int passlen,
- unsigned char *salt,
- int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8inf)
-{
- PKCS12_SAFEBAG *bag;
- const EVP_CIPHER *pbe_ciph;
- X509_SIG *p8;
-
- pbe_ciph = EVP_get_cipherbynid(pbe_nid);
-
- if (pbe_ciph)
- pbe_nid = -1;
-
- p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
- p8inf);
-
- if (p8 == NULL) {
- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
-
- if (bag == NULL) {
- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
- X509_SIG_free(p8);
- return NULL;
- }
-
- return bag;
-}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c
index 07014786..e466f762 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c
@@ -1,14 +1,64 @@
+/* p12_utl.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/pkcs12.h>
/* Cheap and nasty Unicode stuff */
@@ -18,11 +68,10 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
{
int ulen, i;
unsigned char *unitmp;
-
if (asclen == -1)
asclen = strlen(asc);
ulen = asclen * 2 + 2;
- if ((unitmp = OPENSSL_malloc(ulen)) == NULL)
+ if (!(unitmp = OPENSSL_malloc(ulen)))
return NULL;
for (i = 0; i < ulen - 2; i += 2) {
unitmp[i] = 0;
@@ -38,10 +87,11 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
return unitmp;
}
-char *OPENSSL_uni2asc(const unsigned char *uni, int unilen)
+char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
{
int asclen, i;
char *asctmp;
+
/* string must contain an even number of bytes */
if (unilen & 1)
return NULL;
@@ -50,7 +100,7 @@ char *OPENSSL_uni2asc(const unsigned char *uni, int unilen)
if (!unilen || uni[unilen - 1])
asclen++;
uni++;
- if ((asctmp = OPENSSL_malloc(asclen)) == NULL)
+ if (!(asctmp = OPENSSL_malloc(asclen)))
return NULL;
for (i = 0; i < unilen; i += 2)
asctmp[i >> 1] = uni[i];
@@ -58,166 +108,12 @@ char *OPENSSL_uni2asc(const unsigned char *uni, int unilen)
return asctmp;
}
-/*
- * OPENSSL_{utf82uni|uni2utf8} perform conversion between UTF-8 and
- * PKCS#12 BMPString format, which is specified as big-endian UTF-16.
- * One should keep in mind that even though BMPString is passed as
- * unsigned char *, it's not the kind of string you can exercise e.g.
- * strlen on. Caller also has to keep in mind that its length is
- * expressed not in number of UTF-16 characters, but in number of
- * bytes the string occupies, and treat it, the length, accordingly.
- */
-unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
- unsigned char **uni, int *unilen)
-{
- int ulen, i, j;
- unsigned char *unitmp, *ret;
- unsigned long utf32chr = 0;
-
- if (asclen == -1)
- asclen = strlen(asc);
-
- for (ulen = 0, i = 0; i < asclen; i += j) {
- j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
-
- /*
- * Following condition is somewhat opportunistic is sense that
- * decoding failure is used as *indirect* indication that input
- * string might in fact be extended ASCII/ANSI/ISO-8859-X. The
- * fallback is taken in hope that it would allow to process
- * files created with previous OpenSSL version, which used the
- * naive OPENSSL_asc2uni all along. It might be worth noting
- * that probability of false positive depends on language. In
- * cases covered by ISO Latin 1 probability is very low, because
- * any printable non-ASCII alphabet letter followed by another
- * or any ASCII character will trigger failure and fallback.
- * In other cases situation can be intensified by the fact that
- * English letters are not part of alternative keyboard layout,
- * but even then there should be plenty of pairs that trigger
- * decoding failure...
- */
- if (j < 0)
- return OPENSSL_asc2uni(asc, asclen, uni, unilen);
-
- if (utf32chr > 0x10FFFF) /* UTF-16 cap */
- return NULL;
-
- if (utf32chr >= 0x10000) /* pair of UTF-16 characters */
- ulen += 2*2;
- else /* or just one */
- ulen += 2;
- }
-
- ulen += 2; /* for trailing UTF16 zero */
-
- if ((ret = OPENSSL_malloc(ulen)) == NULL)
- return NULL;
-
- /* re-run the loop writing down UTF-16 characters in big-endian order */
- for (unitmp = ret, i = 0; i < asclen; i += j) {
- j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
- if (utf32chr >= 0x10000) { /* pair if UTF-16 characters */
- unsigned int hi, lo;
-
- utf32chr -= 0x10000;
- hi = 0xD800 + (utf32chr>>10);
- lo = 0xDC00 + (utf32chr&0x3ff);
- *unitmp++ = (unsigned char)(hi>>8);
- *unitmp++ = (unsigned char)(hi);
- *unitmp++ = (unsigned char)(lo>>8);
- *unitmp++ = (unsigned char)(lo);
- } else { /* or just one */
- *unitmp++ = (unsigned char)(utf32chr>>8);
- *unitmp++ = (unsigned char)(utf32chr);
- }
- }
- /* Make result double null terminated */
- *unitmp++ = 0;
- *unitmp++ = 0;
- if (unilen)
- *unilen = ulen;
- if (uni)
- *uni = ret;
- return ret;
-}
-
-static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
-{
- unsigned long utf32chr;
-
- if (len == 0) return 0;
-
- if (len < 2) return -1;
-
- /* pull UTF-16 character in big-endian order */
- utf32chr = (utf16[0]<<8) | utf16[1];
-
- if (utf32chr >= 0xD800 && utf32chr < 0xE000) { /* two chars */
- unsigned int lo;
-
- if (len < 4) return -1;
-
- utf32chr -= 0xD800;
- utf32chr <<= 10;
- lo = (utf16[2]<<8) | utf16[3];
- if (lo < 0xDC00 || lo >= 0xE000) return -1;
- utf32chr |= lo-0xDC00;
- utf32chr += 0x10000;
- }
-
- return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
-}
-
-char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
-{
- int asclen, i, j;
- char *asctmp;
-
- /* string must contain an even number of bytes */
- if (unilen & 1)
- return NULL;
-
- for (asclen = 0, i = 0; i < unilen; ) {
- j = bmp_to_utf8(NULL, uni+i, unilen-i);
- /*
- * falling back to OPENSSL_uni2asc makes lesser sense [than
- * falling back to OPENSSL_asc2uni in OPENSSL_utf82uni above],
- * it's done rather to maintain symmetry...
- */
- if (j < 0) return OPENSSL_uni2asc(uni, unilen);
- if (j == 4) i += 4;
- else i += 2;
- asclen += j;
- }
-
- /* If no terminating zero allow for one */
- if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
- asclen++;
-
- if ((asctmp = OPENSSL_malloc(asclen)) == NULL)
- return NULL;
-
- /* re-run the loop emitting UTF-8 string */
- for (asclen = 0, i = 0; i < unilen; ) {
- j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
- if (j == 4) i += 4;
- else i += 2;
- asclen += j;
- }
-
- /* If no terminating zero write one */
- if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
- asctmp[asclen] = '\0';
-
- return asctmp;
-}
-
int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
}
-#ifndef OPENSSL_NO_STDIO
+#ifndef OPENSSL_NO_FP_API
int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
{
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
@@ -229,9 +125,41 @@ PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
}
-#ifndef OPENSSL_NO_STDIO
+#ifndef OPENSSL_NO_FP_API
PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
}
#endif
+
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
+{
+ return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+ NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
+{
+ return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+ NID_x509Crl, NID_crlBag);
+}
+
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
+{
+ if (M_PKCS12_bag_type(bag) != NID_certBag)
+ return NULL;
+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+ return NULL;
+ return ASN1_item_unpack(bag->value.bag->value.octet,
+ ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
+{
+ if (M_PKCS12_bag_type(bag) != NID_crlBag)
+ return NULL;
+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl)
+ return NULL;
+ return ASN1_item_unpack(bag->value.bag->value.octet,
+ ASN1_ITEM_rptr(X509_CRL));
+}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c
index f705084a..e58710b2 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c
@@ -1,11 +1,62 @@
-/*
- * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/pkcs12/pk12err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
*/
#include <stdio.h>
@@ -19,6 +70,14 @@
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
static ERR_STRING_DATA PKCS12_str_functs[] = {
+ {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"},
+ {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),
+ "PKCS12_add_friendlyname_asc"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),
+ "PKCS12_add_friendlyname_uni"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
@@ -27,26 +86,21 @@ static ERR_STRING_DATA PKCS12_str_functs[] = {
{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
- {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UTF8), "PKCS12_key_gen_utf8"},
+ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
+ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
- {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF),
- "PKCS12_SAFEBAG_create0_p8inf"},
- {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8),
- "PKCS12_SAFEBAG_create0_pkcs8"},
- {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT),
- "PKCS12_SAFEBAG_create_pkcs8_encrypt"},
{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
+ {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
- {ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"},
{0, NULL}
};
@@ -67,6 +121,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[] = {
{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
+ {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR), "mac verify error"},
{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"},
{ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"},
{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
@@ -82,7 +137,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[] = {
#endif
-int ERR_load_PKCS12_strings(void)
+void ERR_load_PKCS12_strings(void)
{
#ifndef OPENSSL_NO_ERR
@@ -91,5 +146,4 @@ int ERR_load_PKCS12_strings(void)
ERR_load_strings(0, PKCS12_str_reasons);
}
#endif
- return 1;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-01 05:41:49 +0000