Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame crypto/pkcs12/p12_decr.c

Blob History Raw

Packit	c4476c	`/*`
Packit	c4476c	`* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.`
Packit	c4476c	`*`
Packit	c4476c	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit	c4476c	`* this file except in compliance with the License. You can obtain a copy`
Packit	c4476c	`* in the file LICENSE in the source distribution or at`
Packit	c4476c	`* https://www.openssl.org/source/license.html`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`#include <stdio.h>`
Packit	c4476c	`#include "internal/cryptlib.h"`
Packit	c4476c	`#include <openssl/pkcs12.h>`
Packit	c4476c
Packit	c4476c	`/* Define this to dump decrypted output to files called DERnnn */`
Packit	c4476c	`/*`
Packit	c4476c	`* #define OPENSSL_DEBUG_DECRYPT`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Encrypt/Decrypt a buffer based on password and algor, result in a`
Packit	c4476c	`* OPENSSL_malloc'ed buffer`
Packit	c4476c	`*/`
Packit	c4476c	`unsigned char PKCS12_pbe_crypt(const X509_ALGOR algor,`
Packit	c4476c	`const char *pass, int passlen,`
Packit	c4476c	`const unsigned char *in, int inlen,`
Packit	c4476c	`unsigned char *data, int datalen, int en_de)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned char *out = NULL;`
Packit	c4476c	`int outlen, i;`
Packit	c4476c	`EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();`
Packit	c4476c
Packit	c4476c	`if (ctx == NULL) {`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* Decrypt data */`
Packit	c4476c	`if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,`
Packit	c4476c	`algor->parameter, ctx, en_de)) {`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,`
Packit	c4476c	`PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))`
Packit	c4476c	`== NULL) {`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {`
Packit	c4476c	`OPENSSL_free(out);`
Packit	c4476c	`out = NULL;`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`outlen = i;`
Packit	c4476c	`if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {`
Packit	c4476c	`OPENSSL_free(out);`
Packit	c4476c	`out = NULL;`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,`
Packit	c4476c	`PKCS12_R_PKCS12_CIPHERFINAL_ERROR);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`outlen += i;`
Packit	c4476c	`if (datalen)`
Packit	c4476c	`*datalen = outlen;`
Packit	c4476c	`if (data)`
Packit	c4476c	`*data = out;`
Packit	c4476c	`err:`
Packit	c4476c	`EVP_CIPHER_CTX_free(ctx);`
Packit	c4476c	`return out;`
Packit	c4476c
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer`
Packit	c4476c	`* after use.`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`void PKCS12_item_decrypt_d2i(const X509_ALGOR algor, const ASN1_ITEM *it,`
Packit	c4476c	`const char *pass, int passlen,`
Packit	c4476c	`const ASN1_OCTET_STRING *oct, int zbuf)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned char *out;`
Packit	c4476c	`const unsigned char *p;`
Packit	c4476c	`void *ret;`
Packit	c4476c	`int outlen;`
Packit	c4476c
Packit	c4476c	`if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,`
Packit	c4476c	`&out, &outlen, 0)) {`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,`
Packit	c4476c	`PKCS12_R_PKCS12_PBE_CRYPT_ERROR);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c	`p = out;`
Packit	c4476c	`#ifdef OPENSSL_DEBUG_DECRYPT`
Packit	c4476c	`{`
Packit	c4476c	`FILE *op;`
Packit	c4476c
Packit	c4476c	`char fname[30];`
Packit	c4476c	`static int fnm = 1;`
Packit	c4476c	`sprintf(fname, "DER%d", fnm++);`
Packit	c4476c	`op = fopen(fname, "wb");`
Packit	c4476c	`fwrite(p, 1, outlen, op);`
Packit	c4476c	`fclose(op);`
Packit	c4476c	`}`
Packit	c4476c	`#endif`
Packit	c4476c	`ret = ASN1_item_d2i(NULL, &p, outlen, it);`
Packit	c4476c	`if (zbuf)`
Packit	c4476c	`OPENSSL_cleanse(out, outlen);`
Packit	c4476c	`if (!ret)`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);`
Packit	c4476c	`OPENSSL_free(out);`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero`
Packit	c4476c	`* encoding.`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`ASN1_OCTET_STRING PKCS12_item_i2d_encrypt(X509_ALGOR algor,`
Packit	c4476c	`const ASN1_ITEM *it,`
Packit	c4476c	`const char *pass, int passlen,`
Packit	c4476c	`void *obj, int zbuf)`
Packit	c4476c	`{`
Packit	c4476c	`ASN1_OCTET_STRING *oct = NULL;`
Packit	c4476c	`unsigned char *in = NULL;`
Packit	c4476c	`int inlen;`
Packit	c4476c
Packit	c4476c	`if ((oct = ASN1_OCTET_STRING_new()) == NULL) {`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`inlen = ASN1_item_i2d(obj, &in, it);`
Packit	c4476c	`if (!in) {`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,`
Packit	c4476c	`&oct->length, 1)) {`
Packit	c4476c	`PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);`
Packit	c4476c	`OPENSSL_free(in);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`if (zbuf)`
Packit	c4476c	`OPENSSL_cleanse(in, inlen);`
Packit	c4476c	`OPENSSL_free(in);`
Packit	c4476c	`return oct;`
Packit	c4476c	`err:`
Packit	c4476c	`ASN1_OCTET_STRING_free(oct);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`

source-git / openssl

Source Code

Blame crypto/pkcs12/p12_decr.c