p12_decr.c revision 280304
1/* p12_decr.c */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 1999. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#include <stdio.h> 61#include "cryptlib.h" 62#include <openssl/pkcs12.h> 63 64/* Define this to dump decrypted output to files called DERnnn */ 65/* 66 * #define DEBUG_DECRYPT 67 */ 68 69/* 70 * Encrypt/Decrypt a buffer based on password and algor, result in a 71 * OPENSSL_malloc'ed buffer 72 */ 73 74unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, 75 int passlen, unsigned char *in, int inlen, 76 unsigned char **data, int *datalen, int en_de) 77{ 78 unsigned char *out; 79 int outlen, i; 80 EVP_CIPHER_CTX ctx; 81 82 EVP_CIPHER_CTX_init(&ctx); 83 /* Decrypt data */ 84 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, 85 algor->parameter, &ctx, en_de)) { 86 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, 87 PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); 88 return NULL; 89 } 90 91 if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { 92 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); 93 goto err; 94 } 95 96 if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) { 97 OPENSSL_free(out); 98 out = NULL; 99 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB); 100 goto err; 101 } 102 103 outlen = i; 104 if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) { 105 OPENSSL_free(out); 106 out = NULL; 107 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, 108 PKCS12_R_PKCS12_CIPHERFINAL_ERROR); 109 goto err; 110 } 111 outlen += i; 112 if (datalen) 113 *datalen = outlen; 114 if (data) 115 *data = out; 116 err: 117 EVP_CIPHER_CTX_cleanup(&ctx); 118 return out; 119 120} 121 122/* 123 * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer 124 * after use. 125 */ 126 127void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, 128 const char *pass, int passlen, 129 ASN1_OCTET_STRING *oct, int zbuf) 130{ 131 unsigned char *out; 132 const unsigned char *p; 133 void *ret; 134 int outlen; 135 136 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, 137 &out, &outlen, 0)) { 138 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 139 PKCS12_R_PKCS12_PBE_CRYPT_ERROR); 140 return NULL; 141 } 142 p = out; 143#ifdef DEBUG_DECRYPT 144 { 145 FILE *op; 146 147 char fname[30]; 148 static int fnm = 1; 149 sprintf(fname, "DER%d", fnm++); 150 op = fopen(fname, "wb"); 151 fwrite(p, 1, outlen, op); 152 fclose(op); 153 } 154#endif 155 ret = ASN1_item_d2i(NULL, &p, outlen, it); 156 if (zbuf) 157 OPENSSL_cleanse(out, outlen); 158 if (!ret) 159 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR); 160 OPENSSL_free(out); 161 return ret; 162} 163 164/* 165 * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero 166 * encoding. 167 */ 168 169ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, 170 const ASN1_ITEM *it, 171 const char *pass, int passlen, 172 void *obj, int zbuf) 173{ 174 ASN1_OCTET_STRING *oct; 175 unsigned char *in = NULL; 176 int inlen; 177 if (!(oct = M_ASN1_OCTET_STRING_new())) { 178 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE); 179 return NULL; 180 } 181 inlen = ASN1_item_i2d(obj, &in, it); 182 if (!in) { 183 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR); 184 return NULL; 185 } 186 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, 187 &oct->length, 1)) { 188 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); 189 OPENSSL_free(in); 190 return NULL; 191 } 192 if (zbuf) 193 OPENSSL_cleanse(in, inlen); 194 OPENSSL_free(in); 195 return oct; 196} 197 198IMPLEMENT_PKCS12_STACK_OF(PKCS7) 199