source-git / openssl

Clone
Source Code
GIT

Blame crypto/pkcs12/p12_decr.c

c8 c8s master
  1.   3c126e197bf64be56e1432546d39885b80b61a84
  2.   crypto
  3.   pkcs12
  4.   p12_decr.c
Blob History Raw
Packit Service 084de1 
/*
Packit Service 084de1 
 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
Packit Service 084de1 
 *
Packit Service 084de1 
 * Licensed under the OpenSSL license (the "License").  You may not use
Packit Service 084de1 
 * this file except in compliance with the License.  You can obtain a copy
Packit Service 084de1 
 * in the file LICENSE in the source distribution or at
Packit Service 084de1 
 * https://www.openssl.org/source/license.html
Packit Service 084de1 
 */
Packit Service 084de1
Packit Service 084de1 
#include <stdio.h>
Packit Service 084de1 
#include "internal/cryptlib.h"
Packit Service 084de1 
#include <openssl/pkcs12.h>
Packit Service 084de1
Packit Service 084de1 
/* Define this to dump decrypted output to files called DERnnn */
Packit Service 084de1 
/*
Packit Service 084de1 
 * #define OPENSSL_DEBUG_DECRYPT
Packit Service 084de1 
 */
Packit Service 084de1
Packit Service 084de1 
/*
Packit Service 084de1 
 * Encrypt/Decrypt a buffer based on password and algor, result in a
Packit Service 084de1 
 * OPENSSL_malloc'ed buffer
Packit Service 084de1 
 */
Packit Service 084de1 
unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
Packit Service 084de1 
                                const char *pass, int passlen,
Packit Service 084de1 
                                const unsigned char *in, int inlen,
Packit Service 084de1 
                                unsigned char **data, int *datalen, int en_de)
Packit Service 084de1 
{
Packit Service 084de1 
    unsigned char *out = NULL;
Packit Service 084de1 
    int outlen, i;
Packit Service 084de1 
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
Packit Service 084de1
Packit Service 084de1 
    if (ctx == NULL) {
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1
Packit Service 084de1 
    /* Decrypt data */
Packit Service 084de1 
    if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
Packit Service 084de1 
                            algor->parameter, ctx, en_de)) {
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
Packit Service 084de1 
                  PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1
Packit Service 084de1 
    if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
Packit Service 084de1 
            == NULL) {
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1
Packit Service 084de1 
    if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
Packit Service 084de1 
        OPENSSL_free(out);
Packit Service 084de1 
        out = NULL;
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1
Packit Service 084de1 
    outlen = i;
Packit Service 084de1 
    if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
Packit Service 084de1 
        OPENSSL_free(out);
Packit Service 084de1 
        out = NULL;
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
Packit Service 084de1 
                  PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    outlen += i;
Packit Service 084de1 
    if (datalen)
Packit Service 084de1 
        *datalen = outlen;
Packit Service 084de1 
    if (data)
Packit Service 084de1 
        *data = out;
Packit Service 084de1 
 err:
Packit Service 084de1 
    EVP_CIPHER_CTX_free(ctx);
Packit Service 084de1 
    return out;
Packit Service 084de1
Packit Service 084de1 
}
Packit Service 084de1
Packit Service 084de1 
/*
Packit Service 084de1 
 * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
Packit Service 084de1 
 * after use.
Packit Service 084de1 
 */
Packit Service 084de1
Packit Service 084de1 
void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
Packit Service 084de1 
                              const char *pass, int passlen,
Packit Service 084de1 
                              const ASN1_OCTET_STRING *oct, int zbuf)
Packit Service 084de1 
{
Packit Service 084de1 
    unsigned char *out;
Packit Service 084de1 
    const unsigned char *p;
Packit Service 084de1 
    void *ret;
Packit Service 084de1 
    int outlen;
Packit Service 084de1
Packit Service 084de1 
    if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
Packit Service 084de1 
                          &out, &outlen, 0)) {
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
Packit Service 084de1 
                  PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
Packit Service 084de1 
        return NULL;
Packit Service 084de1 
    }
Packit Service 084de1 
    p = out;
Packit Service 084de1 
#ifdef OPENSSL_DEBUG_DECRYPT
Packit Service 084de1 
    {
Packit Service 084de1 
        FILE *op;
Packit Service 084de1
Packit Service 084de1 
        char fname[30];
Packit Service 084de1 
        static int fnm = 1;
Packit Service 084de1 
        sprintf(fname, "DER%d", fnm++);
Packit Service 084de1 
        op = fopen(fname, "wb");
Packit Service 084de1 
        fwrite(p, 1, outlen, op);
Packit Service 084de1 
        fclose(op);
Packit Service 084de1 
    }
Packit Service 084de1 
#endif
Packit Service 084de1 
    ret = ASN1_item_d2i(NULL, &p, outlen, it);
Packit Service 084de1 
    if (zbuf)
Packit Service 084de1 
        OPENSSL_cleanse(out, outlen);
Packit Service 084de1 
    if (!ret)
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);
Packit Service 084de1 
    OPENSSL_free(out);
Packit Service 084de1 
    return ret;
Packit Service 084de1 
}
Packit Service 084de1
Packit Service 084de1 
/*
Packit Service 084de1 
 * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
Packit Service 084de1 
 * encoding.
Packit Service 084de1 
 */
Packit Service 084de1
Packit Service 084de1 
ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
Packit Service 084de1 
                                           const ASN1_ITEM *it,
Packit Service 084de1 
                                           const char *pass, int passlen,
Packit Service 084de1 
                                           void *obj, int zbuf)
Packit Service 084de1 
{
Packit Service 084de1 
    ASN1_OCTET_STRING *oct = NULL;
Packit Service 084de1 
    unsigned char *in = NULL;
Packit Service 084de1 
    int inlen;
Packit Service 084de1
Packit Service 084de1 
    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    inlen = ASN1_item_i2d(obj, &in, it);
Packit Service 084de1 
    if (!in) {
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
Packit Service 084de1 
                          &oct->length, 1)) {
Packit Service 084de1 
        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
Packit Service 084de1 
        OPENSSL_free(in);
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (zbuf)
Packit Service 084de1 
        OPENSSL_cleanse(in, inlen);
Packit Service 084de1 
    OPENSSL_free(in);
Packit Service 084de1 
    return oct;
Packit Service 084de1 
 err:
Packit Service 084de1 
    ASN1_OCTET_STRING_free(oct);
Packit Service 084de1 
    return NULL;
Packit Service 084de1 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation