openssl/crypto/pkcs12/p12_decr.c

/* p12_decr.c */
/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include "cryptlib.h"
#include <openssl/pkcs12.h>

/* Define this to dump decrypted output to files called DERnnn */
/*
 * #define DEBUG_DECRYPT
 */

/*
 * Encrypt/Decrypt a buffer based on password and algor, result in a
 * OPENSSL_malloc'ed buffer
 */

unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
                                int passlen, unsigned char *in, int inlen,
                                unsigned char **data, int *datalen, int en_de)
{
    unsigned char *out;
    int outlen, i;
    EVP_CIPHER_CTX ctx;

    EVP_CIPHER_CTX_init(&ctx);
    /* Decrypt data */
    if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
                            algor->parameter, &ctx, en_de)) {
        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
                  PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
        return NULL;
    }

    if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
        OPENSSL_free(out);
        out = NULL;
        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
        goto err;
    }

    outlen = i;
    if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
        OPENSSL_free(out);
        out = NULL;
        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
                  PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
        goto err;
    }
    outlen += i;
    if (datalen)
        *datalen = outlen;
    if (data)
        *data = out;
 err:
    EVP_CIPHER_CTX_cleanup(&ctx);
    return out;

}

/*
 * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
 * after use.
 */

void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
                              const char *pass, int passlen,
                              ASN1_OCTET_STRING *oct, int zbuf)
{
    unsigned char *out;
    const unsigned char *p;
    void *ret;
    int outlen;

    if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
                          &out, &outlen, 0)) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
                  PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
        return NULL;
    }
    p = out;
#ifdef DEBUG_DECRYPT
    {
        FILE *op;

        char fname[30];
        static int fnm = 1;
        sprintf(fname, "DER%d", fnm++);
        op = fopen(fname, "wb");
        fwrite(p, 1, outlen, op);
        fclose(op);
    }
#endif
    ret = ASN1_item_d2i(NULL, &p, outlen, it);
    if (zbuf)
        OPENSSL_cleanse(out, outlen);
    if (!ret)
        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);
    OPENSSL_free(out);
    return ret;
}

/*
 * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
 * encoding.
 */

ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
                                           const ASN1_ITEM *it,
                                           const char *pass, int passlen,
                                           void *obj, int zbuf)
{
    ASN1_OCTET_STRING *oct = NULL;
    unsigned char *in = NULL;
    int inlen;
    if (!(oct = ASN1_OCTET_STRING_new())) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    inlen = ASN1_item_i2d(obj, &in, it);
    if (!in) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);
        goto err;
    }
    if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
                          &oct->length, 1)) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
        OPENSSL_free(in);
        goto err;
    }
    if (zbuf)
        OPENSSL_cleanse(in, inlen);
    OPENSSL_free(in);
    return oct;
 err:
    ASN1_OCTET_STRING_free(oct);
    return NULL;
}
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`/* p12_decr.c */`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`/*`
			`* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project`
			`* 1999.`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`*/`
			`/* ====================================================================`
			`* Copyright (c) 1999 The OpenSSL Project. All rights reserved.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`*`
			`* 1. Redistributions of source code must retain the above copyright`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`* notice, this list of conditions and the following disclaimer.`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`*`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in`
			`* the documentation and/or other materials provided with the`
			`* distribution.`
			`*`
			`* 3. All advertising materials mentioning features or use of this`
			`* software must display the following acknowledgment:`
			`* "This product includes software developed by the OpenSSL Project`
			`* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"`
			`*`
			`* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to`
			`* endorse or promote products derived from this software without`
			`* prior written permission. For written permission, please contact`
			`* licensing@OpenSSL.org.`
			`*`
			`* 5. Products derived from this software may not be called "OpenSSL"`
			`* nor may "OpenSSL" appear in their names without prior written`
			`* permission of the OpenSSL Project.`
			`*`
			`* 6. Redistributions of any form whatsoever must retain the following`
			`* acknowledgment:`
			`* "This product includes software developed by the OpenSSL Project`
			`* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"`
			`*`
			* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
			`* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR`
			`* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR`
			`* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,`
			`* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT`
			`* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;`
			`* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
			`* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,`
			`* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)`
			`* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED`
			`* OF THE POSSIBILITY OF SUCH DAMAGE.`
			`* ====================================================================`
			`*`
			`* This product includes cryptographic software written by Eric Young`
			`* (eay@cryptsoft.com). This product includes software written by Tim`
			`* Hudson (tjh@cryptsoft.com).`
			`*`
			`*/`

			`#include <stdio.h>`
Include pkcs12 program as part of openssl. This completes most of the PKCS#12 integration. 1999-03-30 01:50:26 +08:00			`#include "cryptlib.h"`
Change #include filenames from <foo.h> to <openssl.h>. Submitted by: Reviewed by: PR: 1999-04-24 06:13:45 +08:00			`#include <openssl/pkcs12.h>`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00
			`/* Define this to dump decrypted output to files called DERnnn */`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`/*`
			`* #define DEBUG_DECRYPT`
			`*/`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`/*`
			`* Encrypt/Decrypt a buffer based on password and algor, result in a`
There have been a number of complaints from a number of sources that names like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files. 2000-06-02 06:19:21 +08:00			`* OPENSSL_malloc'ed buffer`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`*/`

Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`unsigned char PKCS12_pbe_crypt(X509_ALGOR algor, const char *pass,`
			`int passlen, unsigned char *in, int inlen,`
			`unsigned char *data, int datalen, int en_de)`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`{`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`unsigned char *out;`
			`int outlen, i;`
			`EVP_CIPHER_CTX ctx;`

			`EVP_CIPHER_CTX_init(&ctx);`
			`/* Decrypt data */`
			`if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,`
			`algor->parameter, &ctx, en_de)) {`
			`PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,`
			`PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);`
			`return NULL;`
			`}`

			`if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {`
			`PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);`
			`goto err;`
			`}`

			`if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {`
			`OPENSSL_free(out);`
			`out = NULL;`
			`PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);`
			`goto err;`
			`}`

			`outlen = i;`
			`if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {`
			`OPENSSL_free(out);`
			`out = NULL;`
			`PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,`
			`PKCS12_R_PKCS12_CIPHERFINAL_ERROR);`
			`goto err;`
			`}`
			`outlen += i;`
			`if (datalen)`
			`*datalen = outlen;`
			`if (data)`
			`*data = out;`
			`err:`
			`EVP_CIPHER_CTX_cleanup(&ctx);`
			`return out;`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00
			`}`

Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`/*`
			`* Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer`
			`* after use.`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`*/`

Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`void PKCS12_item_decrypt_d2i(X509_ALGOR algor, const ASN1_ITEM *it,`
			`const char *pass, int passlen,`
			`ASN1_OCTET_STRING *oct, int zbuf)`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`{`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`unsigned char *out;`
			`const unsigned char *p;`
			`void *ret;`
			`int outlen;`

			`if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,`
			`&out, &outlen, 0)) {`
			`PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,`
			`PKCS12_R_PKCS12_PBE_CRYPT_ERROR);`
			`return NULL;`
			`}`
			`p = out;`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`#ifdef DEBUG_DECRYPT`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`{`
			`FILE *op;`

			`char fname[30];`
			`static int fnm = 1;`
			`sprintf(fname, "DER%d", fnm++);`
			`op = fopen(fname, "wb");`
			`fwrite(p, 1, outlen, op);`
			`fclose(op);`
			`}`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`#endif`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`ret = ASN1_item_d2i(NULL, &p, outlen, it);`
			`if (zbuf)`
			`OPENSSL_cleanse(out, outlen);`
			`if (!ret)`
			`PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);`
			`OPENSSL_free(out);`
			`return ret;`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`}`

Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`/*`
			`* Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero`
			`* encoding.`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`*/`

Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`ASN1_OCTET_STRING PKCS12_item_i2d_encrypt(X509_ALGOR algor,`
			`const ASN1_ITEM *it,`
			`const char *pass, int passlen,`
			`void *obj, int zbuf)`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`{`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`ASN1_OCTET_STRING *oct = NULL;`
			`unsigned char *in = NULL;`
			`int inlen;`
Remove old ASN.1 code. Remove old M_ASN1_ macros and replace any occurences with the corresponding function. Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-03-14 12:16:42 +08:00			`if (!(oct = ASN1_OCTET_STRING_new())) {`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);`
			`goto err;`
			`}`
			`inlen = ASN1_item_i2d(obj, &in, it);`
			`if (!in) {`
			`PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);`
			`goto err;`
			`}`
			`if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,`
			`&oct->length, 1)) {`
			`PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);`
			`OPENSSL_free(in);`
			`goto err;`
			`}`
			`if (zbuf)`
			`OPENSSL_cleanse(in, inlen);`
			`OPENSSL_free(in);`
			`return oct;`
			`err:`
free NULL cleanup 8 Do not check for NULL before calling a free routine. This addresses: ASN1_BIT_STRING_free ASN1_GENERALIZEDTIME_free ASN1_INTEGER_free ASN1_OBJECT_free ASN1_OCTET_STRING_free ASN1_PCTX_free ASN1_SCTX_free ASN1_STRING_clear_free ASN1_STRING_free ASN1_TYPE_free ASN1_UTCTIME_free M_ASN1_free_of Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-04-30 23:30:03 +08:00			`ASN1_OCTET_STRING_free(oct);`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`return NULL;`
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. 1999-03-29 07:17:34 +08:00			`}`