p12_decr.c revision 296465
1/* p12_decr.c */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 1999. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#include <stdio.h> 61#include "cryptlib.h" 62#include <openssl/pkcs12.h> 63 64/* Define this to dump decrypted output to files called DERnnn */ 65/* 66 * #define DEBUG_DECRYPT 67 */ 68 69/* 70 * Encrypt/Decrypt a buffer based on password and algor, result in a 71 * OPENSSL_malloc'ed buffer 72 */ 73 74unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, 75 int passlen, unsigned char *in, int inlen, 76 unsigned char **data, int *datalen, int en_de) 77{ 78 unsigned char *out; 79 int outlen, i; 80 EVP_CIPHER_CTX ctx; 81 82 EVP_CIPHER_CTX_init(&ctx); 83 /* Decrypt data */ 84 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, 85 algor->parameter, &ctx, en_de)) { 86 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, 87 PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); 88 return NULL; 89 } 90 91 if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { 92 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); 93 goto err; 94 } 95 96 EVP_CipherUpdate(&ctx, out, &i, in, inlen); 97 outlen = i; 98 if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) { 99 OPENSSL_free(out); 100 out = NULL; 101 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, 102 PKCS12_R_PKCS12_CIPHERFINAL_ERROR); 103 goto err; 104 } 105 outlen += i; 106 if (datalen) 107 *datalen = outlen; 108 if (data) 109 *data = out; 110 err: 111 EVP_CIPHER_CTX_cleanup(&ctx); 112 return out; 113 114} 115 116/* 117 * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer 118 * after use. 119 */ 120 121void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, 122 const char *pass, int passlen, 123 ASN1_OCTET_STRING *oct, int zbuf) 124{ 125 unsigned char *out; 126 const unsigned char *p; 127 void *ret; 128 int outlen; 129 130 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, 131 &out, &outlen, 0)) { 132 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 133 PKCS12_R_PKCS12_PBE_CRYPT_ERROR); 134 return NULL; 135 } 136 p = out; 137#ifdef DEBUG_DECRYPT 138 { 139 FILE *op; 140 141 char fname[30]; 142 static int fnm = 1; 143 sprintf(fname, "DER%d", fnm++); 144 op = fopen(fname, "wb"); 145 fwrite(p, 1, outlen, op); 146 fclose(op); 147 } 148#endif 149 ret = ASN1_item_d2i(NULL, &p, outlen, it); 150 if (zbuf) 151 OPENSSL_cleanse(out, outlen); 152 if (!ret) 153 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR); 154 OPENSSL_free(out); 155 return ret; 156} 157 158/* 159 * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero 160 * encoding. 161 */ 162 163ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, 164 const ASN1_ITEM *it, 165 const char *pass, int passlen, 166 void *obj, int zbuf) 167{ 168 ASN1_OCTET_STRING *oct; 169 unsigned char *in = NULL; 170 int inlen; 171 if (!(oct = M_ASN1_OCTET_STRING_new())) { 172 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE); 173 return NULL; 174 } 175 inlen = ASN1_item_i2d(obj, &in, it); 176 if (!in) { 177 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR); 178 return NULL; 179 } 180 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, 181 &oct->length, 1)) { 182 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); 183 OPENSSL_free(in); 184 return NULL; 185 } 186 if (zbuf) 187 OPENSSL_cleanse(in, inlen); 188 OPENSSL_free(in); 189 return oct; 190} 191 192IMPLEMENT_PKCS12_STACK_OF(PKCS7) 193