MercurialSymaptic / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
os/ossrv/ssl/libcrypto/src/crypto/pkcs12/p12_decr.c
author sl
Tue, 10 Jun 2014 14:32:02 +0200
changeset 1 260cb5ec6c19
permissions -rw-r--r--
Update contrib. 
     1 /* p12_decr.c */

     2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL

     3  * project 1999.

     4  */

     5 /* ====================================================================

     6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

     7  *

     8  * Redistribution and use in source and binary forms, with or without

     9  * modification, are permitted provided that the following conditions

    10  * are met:

    11  *

    12  * 1. Redistributions of source code must retain the above copyright

    13  *    notice, this list of conditions and the following disclaimer. 

    14  *

    15  * 2. Redistributions in binary form must reproduce the above copyright

    16  *    notice, this list of conditions and the following disclaimer in

    17  *    the documentation and/or other materials provided with the

    18  *    distribution.

    19  *

    20  * 3. All advertising materials mentioning features or use of this

    21  *    software must display the following acknowledgment:

    22  *    "This product includes software developed by the OpenSSL Project

    23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

    24  *

    25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

    26  *    endorse or promote products derived from this software without

    27  *    prior written permission. For written permission, please contact

    28  *    licensing@OpenSSL.org.

    29  *

    30  * 5. Products derived from this software may not be called "OpenSSL"

    31  *    nor may "OpenSSL" appear in their names without prior written

    32  *    permission of the OpenSSL Project.

    33  *

    34  * 6. Redistributions of any form whatsoever must retain the following

    35  *    acknowledgment:

    36  *    "This product includes software developed by the OpenSSL Project

    37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

    38  *

    39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

    40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

    41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

    42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

    43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

    44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

    45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

    46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

    48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

    49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

    50  * OF THE POSSIBILITY OF SUCH DAMAGE.

    51  * ====================================================================

    52  *

    53  * This product includes cryptographic software written by Eric Young

    54  * (eay@cryptsoft.com).  This product includes software written by Tim

    55  * Hudson (tjh@cryptsoft.com).

    56  *

    57  */

    58 

    59 #include <stdio.h>

    60 #include "cryptlib.h"

    61 #include <openssl/pkcs12.h>

    62 

    63 /* Define this to dump decrypted output to files called DERnnn */

    64 /*#define DEBUG_DECRYPT*/

    65 

    66 

    67 /* Encrypt/Decrypt a buffer based on password and algor, result in a

    68  * OPENSSL_malloc'ed buffer

    69  */

    70 

    71 EXPORT_C unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,

    72 	     int passlen, unsigned char *in, int inlen, unsigned char **data,

    73 	     int *datalen, int en_de)

    74 {

    75 	unsigned char *out;

    76 	int outlen, i;

    77 	EVP_CIPHER_CTX ctx;

    78 

    79 	EVP_CIPHER_CTX_init(&ctx);

    80 	/* Decrypt data */

    81         if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,

    82 					 algor->parameter, &ctx, en_de)) {

    83 		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);

    84 		return NULL;

    85 	}

    86 

    87 	if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {

    88 		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);

    89 		goto err;

    90 	}

    91 

    92 	EVP_CipherUpdate(&ctx, out, &i, in, inlen);

    93 	outlen = i;

    94 	if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {

    95 		OPENSSL_free(out);

    96 		out = NULL;

    97 		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);

    98 		goto err;

    99 	}

   100 	outlen += i;

   101 	if (datalen) *datalen = outlen;

   102 	if (data) *data = out;

   103 	err:

   104 	EVP_CIPHER_CTX_cleanup(&ctx);

   105 	return out;

   106 

   107 }

   108 

   109 /* Decrypt an OCTET STRING and decode ASN1 structure 

   110  * if zbuf set zero buffer after use.

   111  */

   112 

   113 EXPORT_C void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,

   114 	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)

   115 {

   116 	unsigned char *out;

   117 	const unsigned char *p;

   118 	void *ret;

   119 	int outlen;

   120 

   121 	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,

   122 			       &out, &outlen, 0)) {

   123 		PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);

   124 		return NULL;

   125 	}

   126 	p = out;

   127 #ifdef DEBUG_DECRYPT

   128 	{

   129 		FILE *op;

   130 

   131 		char fname[30];

   132 		static int fnm = 1;

   133 		sprintf(fname, "DER%d", fnm++);

   134 		op = fopen(fname, "wb");

   135 		fwrite (p, 1, outlen, op);

   136 		fclose(op);

   137 	}

   138 #endif

   139 	ret = ASN1_item_d2i(NULL, &p, outlen, it);

   140 	if (zbuf) OPENSSL_cleanse(out, outlen);

   141 	if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);

   142 	OPENSSL_free(out);

   143 	return ret;

   144 }

   145 

   146 /* Encode ASN1 structure and encrypt, return OCTET STRING 

   147  * if zbuf set zero encoding.

   148  */

   149 

   150 EXPORT_C ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,

   151 				       const char *pass, int passlen,

   152 				       void *obj, int zbuf)

   153 {

   154 	ASN1_OCTET_STRING *oct;

   155 	unsigned char *in = NULL;

   156 	int inlen;

   157 	if (!(oct = M_ASN1_OCTET_STRING_new ())) {

   158 		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);

   159 		return NULL;

   160 	}

   161 	inlen = ASN1_item_i2d(obj, &in, it);

   162 	if (!in) {

   163 		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);

   164 		return NULL;

   165 	}

   166 	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,

   167 				 &oct->length, 1)) {

   168 		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);

   169 		OPENSSL_free(in);

   170 		return NULL;

   171 	}

   172 	if (zbuf) OPENSSL_cleanse(in, inlen);

   173 	OPENSSL_free(in);

   174 	return oct;

   175 }

   176 

   177 IMPLEMENT_PKCS12_STACK_OF(PKCS7)
Symaptic