From 293042c9d9411bd785d3f951ffe02ff6573e4854 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 27 Sep 2015 13:28:26 +0100 Subject: [PATCH] Reorganise functions. Move all PKCS12_SAFEBAG functions into new file p12_sbag.c. Move MAC functions into p12_mutl.c Reviewed-by: Rich Salz --- crypto/pkcs12/p12_add.c | 49 ---------- crypto/pkcs12/p12_crt.c | 2 +- crypto/pkcs12/p12_mutl.c | 30 ++++++ crypto/pkcs12/p12_sbag.c | 192 +++++++++++++++++++++++++++++++++++++++ crypto/pkcs12/p12_utl.c | 112 ----------------------- include/openssl/pkcs12.h | 20 ++-- 6 files changed, 234 insertions(+), 171 deletions(-) create mode 100644 crypto/pkcs12/p12_sbag.c diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 85f9faf3a4..b7dffc4eea 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -91,55 +91,6 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, return NULL; } -/* Turn PKCS8 object into a keybag */ - -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) -{ - PKCS12_SAFEBAG *bag; - - if ((bag = PKCS12_SAFEBAG_new()) == NULL) { - PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); - return NULL; - } - bag->type = OBJ_nid2obj(NID_keyBag); - bag->value.keybag = p8; - return bag; -} - -/* Turn PKCS8 object into a shrouded keybag */ - -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8) -{ - PKCS12_SAFEBAG *bag; - const EVP_CIPHER *pbe_ciph; - - /* Set up the safe bag */ - if ((bag = PKCS12_SAFEBAG_new()) == NULL) { - PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); - return NULL; - } - - bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); - - pbe_ciph = EVP_get_cipherbynid(pbe_nid); - - if (pbe_ciph) - pbe_nid = -1; - - if (!(bag->value.shkeybag = - PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, - p8))) { - PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); - PKCS12_SAFEBAG_free(bag); - return NULL; - } - - return bag; -} - /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) { diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 71f8561352..4041b966a2 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -189,7 +189,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) int keyidlen = -1; /* Add user certificate */ - if ((bag = PKCS12_SAFEBAG_new_cert(cert)) == NULL) + if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL) goto err; /* diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 726e7f1360..62a62cbe9b 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -64,6 +64,36 @@ # include # include "p12_lcl.h" +int PKCS12_mac_present(PKCS12 *p12) +{ +return p12->mac ? 1 : 0; +} + +void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg, + ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter, + PKCS12 *p12) +{ + if (p12->mac) { + if (pmac) + *pmac = p12->mac->dinfo->digest; + if (pmacalg) + *pmacalg = p12->mac->dinfo->algor; + if (psalt) + *psalt = p12->mac->salt; + if (piter) + *piter = p12->mac->iter; + } else { + if (pmac) + *pmac = NULL; + if (pmacalg) + *pmacalg = NULL; + if (psalt) + *psalt = NULL; + if (piter) + *piter = NULL; + } +} + # define TK26_MAC_KEY_LEN 32 static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c new file mode 100644 index 0000000000..a54367216d --- /dev/null +++ b/crypto/pkcs12/p12_sbag.c @@ -0,0 +1,192 @@ +/* p12_sbag.c */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999-2015. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "internal/cryptlib.h" +#include +#include "p12_lcl.h" + +ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid) +{ + return PKCS12_get_attr_gen(bag->attrib, attr_nid); +} + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid) +{ + return PKCS12_get_attr_gen(p8->attributes, attr_nid); +} + +PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag) +{ + if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag) + return NULL; + return bag->value.keybag; +} + +X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag) +{ + if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag) + return NULL; + return bag->value.shkeybag; +} + +STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag) +{ + if (OBJ_obj2nid(bag->type) != NID_safeContentsBag) + return NULL; + return bag->value.safes; +} + +ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag) +{ + return bag->type; +} + +int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag) +{ + return OBJ_obj2nid(bag->type); +} + +int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag) +{ + int btype = PKCS12_SAFEBAG_get_nid(bag); + if (btype != NID_certBag || btype != NID_crlBag || btype != NID_secretBag) + return -1; + return OBJ_obj2nid(bag->value.bag->type); +} + +X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag) +{ + if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag) + return NULL; + if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) + return NULL; + return ASN1_item_unpack(bag->value.bag->value.octet, + ASN1_ITEM_rptr(X509)); +} + +X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag) +{ + if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag) + return NULL; + if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) + return NULL; + return ASN1_item_unpack(bag->value.bag->value.octet, + ASN1_ITEM_rptr(X509_CRL)); +} + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509) +{ + return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), + NID_x509Certificate, NID_certBag); +} + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl) +{ + return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), + NID_x509Crl, NID_crlBag); +} + +/* Turn PKCS8 object into a keybag */ + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8) +{ + PKCS12_SAFEBAG *bag; + + if ((bag = PKCS12_SAFEBAG_new()) == NULL) { + PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } + bag->type = OBJ_nid2obj(NID_keyBag); + bag->value.keybag = p8; + return bag; +} + +/* Turn PKCS8 object into a shrouded keybag */ + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8(int pbe_nid, const char *pass, + int passlen, unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8) +{ + PKCS12_SAFEBAG *bag; + const EVP_CIPHER *pbe_ciph; + + /* Set up the safe bag */ + if ((bag = PKCS12_SAFEBAG_new()) == NULL) { + PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } + + bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); + + pbe_ciph = EVP_get_cipherbynid(pbe_nid); + + if (pbe_ciph) + pbe_nid = -1; + + if (!(bag->value.shkeybag = + PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, + p8))) { + PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } + + return bag; +} diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index 5ad9336053..817327fc99 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -59,7 +59,6 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" /* Cheap and nasty Unicode stuff */ @@ -129,114 +128,3 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); } #endif - -PKCS12_SAFEBAG *PKCS12_SAFEBAG_new_cert(X509 *x509) -{ - return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), - NID_x509Certificate, NID_certBag); -} - -PKCS12_SAFEBAG *PKCS12_SAFEBAG_new_crl(X509_CRL *crl) -{ - return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), - NID_x509Crl, NID_crlBag); -} - -X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag) -{ - if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag) - return NULL; - if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) - return NULL; - return ASN1_item_unpack(bag->value.bag->value.octet, - ASN1_ITEM_rptr(X509)); -} - -X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag) -{ - if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag) - return NULL; - if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) - return NULL; - return ASN1_item_unpack(bag->value.bag->value.octet, - ASN1_ITEM_rptr(X509_CRL)); -} - -ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid) -{ - return PKCS12_get_attr_gen(bag->attrib, attr_nid); -} - -ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid) -{ - return PKCS12_get_attr_gen(p8->attributes, attr_nid); -} - -int PKCS12_mac_present(PKCS12 *p12) -{ -return p12->mac ? 1 : 0; -} - -void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg, - ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter, - PKCS12 *p12) -{ - if (p12->mac) { - if (pmac) - *pmac = p12->mac->dinfo->digest; - if (pmacalg) - *pmacalg = p12->mac->dinfo->algor; - if (psalt) - *psalt = p12->mac->salt; - if (piter) - *piter = p12->mac->iter; - } else { - if (pmac) - *pmac = NULL; - if (pmacalg) - *pmacalg = NULL; - if (psalt) - *psalt = NULL; - if (piter) - *piter = NULL; - } -} - -PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag) -{ - if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag) - return NULL; - return bag->value.keybag; -} - -X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag) -{ - if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag) - return NULL; - return bag->value.shkeybag; -} - -STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag) -{ - if (OBJ_obj2nid(bag->type) != NID_safeContentsBag) - return NULL; - return bag->value.safes; -} - -ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag) -{ - return bag->type; -} - -int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag) -{ - return OBJ_obj2nid(bag->type); -} - -int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag) -{ - int btype = PKCS12_SAFEBAG_get_nid(bag); - if (btype != NID_certBag || btype != NID_crlBag || btype != NID_secretBag) - return -1; - return OBJ_obj2nid(bag->value.bag->type); -} diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index 46ae49a3a3..a1377f7c6b 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -132,13 +132,15 @@ typedef struct pkcs12_bag_st PKCS12_BAGS; # define M_PKCS12_crl_bag_type PKCS12_cert_bag_type /* Compatibility macros for pre 1.1.0 function names */ -# define PKCS12_x5092certbag PKCS12_SAFEBAG_new_cert -# define PKCS12_crl2certbag PKCS12_SAFEBAG_new_crl # define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert # define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl # define PKCS12_get_attr PKCS12_SAFEBAG_get0_attr # define PKCS12_bag_type PKCS12_SAFEBAG_get_nid # define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8 ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); int PKCS12_mac_present(PKCS12 *p12); @@ -157,12 +159,16 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag); PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag); X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_new_cert(X509 *x509); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_new_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8(int pbe_nid, const char *pass, + int passlen, unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2); -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, @@ -172,10 +178,6 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8); PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, -- 2.40.0