1 /* Written by Dr Stephen N Henson (steve (at) openssl.org) for the OpenSSL 2 * project 1999. 3 */ 4 /* ==================================================================== 5 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * 3. All advertising materials mentioning features or use of this 20 * software must display the following acknowledgment: 21 * "This product includes software developed by the OpenSSL Project 22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 23 * 24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 25 * endorse or promote products derived from this software without 26 * prior written permission. For written permission, please contact 27 * licensing (at) OpenSSL.org. 28 * 29 * 5. Products derived from this software may not be called "OpenSSL" 30 * nor may "OpenSSL" appear in their names without prior written 31 * permission of the OpenSSL Project. 32 * 33 * 6. Redistributions of any form whatsoever must retain the following 34 * acknowledgment: 35 * "This product includes software developed by the OpenSSL Project 36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 37 * 38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49 * OF THE POSSIBILITY OF SUCH DAMAGE. 50 * ==================================================================== 51 * 52 * This product includes cryptographic software written by Eric Young 53 * (eay (at) cryptsoft.com). This product includes software written by Tim 54 * Hudson (tjh (at) cryptsoft.com). */ 55 56 #include <openssl/pkcs8.h> 57 58 #include <assert.h> 59 #include <limits.h> 60 #include <string.h> 61 62 #include <openssl/asn1.h> 63 #include <openssl/bn.h> 64 #include <openssl/buf.h> 65 #include <openssl/cipher.h> 66 #include <openssl/digest.h> 67 #include <openssl/err.h> 68 #include <openssl/hmac.h> 69 #include <openssl/mem.h> 70 #include <openssl/x509.h> 71 72 #include "internal.h" 73 #include "../bytestring/internal.h" 74 #include "../evp/internal.h" 75 76 77 #define PKCS12_KEY_ID 1 78 #define PKCS12_IV_ID 2 79 #define PKCS12_MAC_ID 3 80 81 static int ascii_to_ucs2(const char *ascii, size_t ascii_len, 82 uint8_t **out, size_t *out_len) { 83 uint8_t *unitmp; 84 size_t ulen, i; 85 86 ulen = ascii_len * 2 + 2; 87 if (ulen < ascii_len) { 88 return 0; 89 } 90 unitmp = OPENSSL_malloc(ulen); 91 if (unitmp == NULL) { 92 return 0; 93 } 94 for (i = 0; i < ulen - 2; i += 2) { 95 unitmp[i] = 0; 96 unitmp[i + 1] = ascii[i >> 1]; 97 } 98 99 /* Make result double null terminated */ 100 unitmp[ulen - 2] = 0; 101 unitmp[ulen - 1] = 0; 102 *out_len = ulen; 103 *out = unitmp; 104 return 1; 105 } 106 107 static int pkcs12_key_gen_raw(const uint8_t *pass_raw, size_t pass_raw_len, 108 const uint8_t *salt, size_t salt_len, 109 int id, int iterations, 110 size_t out_len, uint8_t *out, 111 const EVP_MD *md_type) { 112 uint8_t *B, *D, *I, *p, *Ai; 113 int Slen, Plen, Ilen, Ijlen; 114 int i, j, v; 115 size_t u; 116 int ret = 0; 117 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ 118 EVP_MD_CTX ctx; 119 120 EVP_MD_CTX_init(&ctx); 121 v = EVP_MD_block_size(md_type); 122 u = EVP_MD_size(md_type); 123 D = OPENSSL_malloc(v); 124 Ai = OPENSSL_malloc(u); 125 B = OPENSSL_malloc(v + 1); 126 Slen = v * ((salt_len + v - 1) / v); 127 if (pass_raw_len) { 128 Plen = v * ((pass_raw_len + v - 1) / v); 129 } else { 130 Plen = 0; 131 } 132 Ilen = Slen + Plen; 133 I = OPENSSL_malloc(Ilen); 134 Ij = BN_new(); 135 Bpl1 = BN_new(); 136 if (!D || !Ai || !B || !I || !Ij || !Bpl1) { 137 goto err; 138 } 139 for (i = 0; i < v; i++) { 140 D[i] = id; 141 } 142 p = I; 143 for (i = 0; i < Slen; i++) { 144 *p++ = salt[i % salt_len]; 145 } 146 for (i = 0; i < Plen; i++) { 147 *p++ = pass_raw[i % pass_raw_len]; 148 } 149 for (;;) { 150 if (!EVP_DigestInit_ex(&ctx, md_type, NULL) || 151 !EVP_DigestUpdate(&ctx, D, v) || 152 !EVP_DigestUpdate(&ctx, I, Ilen) || 153 !EVP_DigestFinal_ex(&ctx, Ai, NULL)) { 154 goto err; 155 } 156 for (j = 1; j < iterations; j++) { 157 if (!EVP_DigestInit_ex(&ctx, md_type, NULL) || 158 !EVP_DigestUpdate(&ctx, Ai, u) || 159 !EVP_DigestFinal_ex(&ctx, Ai, NULL)) { 160 goto err; 161 } 162 } 163 memcpy(out, Ai, out_len < u ? out_len : u); 164 if (u >= out_len) { 165 ret = 1; 166 goto end; 167 } 168 out_len -= u; 169 out += u; 170 for (j = 0; j < v; j++) { 171 B[j] = Ai[j % u]; 172 } 173 /* Work out B + 1 first then can use B as tmp space */ 174 if (!BN_bin2bn(B, v, Bpl1) || 175 !BN_add_word(Bpl1, 1)) { 176 goto err; 177 } 178 for (j = 0; j < Ilen; j += v) { 179 if (!BN_bin2bn(I + j, v, Ij) || 180 !BN_add(Ij, Ij, Bpl1) || 181 !BN_bn2bin(Ij, B)) { 182 goto err; 183 } 184 Ijlen = BN_num_bytes(Ij); 185 /* If more than 2^(v*8) - 1 cut off MSB */ 186 if (Ijlen > v) { 187 if (!BN_bn2bin(Ij, B)) { 188 goto err; 189 } 190 memcpy(I + j, B + 1, v); 191 /* If less than v bytes pad with zeroes */ 192 } else if (Ijlen < v) { 193 memset(I + j, 0, v - Ijlen); 194 if (!BN_bn2bin(Ij, I + j + v - Ijlen)) { 195 goto err; 196 } 197 } else if (!BN_bn2bin(Ij, I + j)) { 198 goto err; 199 } 200 } 201 } 202 203 err: 204 OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); 205 206 end: 207 OPENSSL_free(Ai); 208 OPENSSL_free(B); 209 OPENSSL_free(D); 210 OPENSSL_free(I); 211 BN_free(Ij); 212 BN_free(Bpl1); 213 EVP_MD_CTX_cleanup(&ctx); 214 215 return ret; 216 } 217 218 static int pkcs12_pbe_keyivgen(EVP_CIPHER_CTX *ctx, const uint8_t *pass_raw, 219 size_t pass_raw_len, ASN1_TYPE *param, 220 const EVP_CIPHER *cipher, const EVP_MD *md, 221 int is_encrypt) { 222 PBEPARAM *pbe; 223 int salt_len, iterations, ret; 224 uint8_t *salt; 225 const uint8_t *pbuf; 226 uint8_t key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; 227 228 /* Extract useful info from parameter */ 229 if (param == NULL || param->type != V_ASN1_SEQUENCE || 230 param->value.sequence == NULL) { 231 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); 232 return 0; 233 } 234 235 pbuf = param->value.sequence->data; 236 pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length); 237 if (pbe == NULL) { 238 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); 239 return 0; 240 } 241 242 if (!pbe->iter) { 243 iterations = 1; 244 } else { 245 iterations = ASN1_INTEGER_get(pbe->iter); 246 } 247 salt = pbe->salt->data; 248 salt_len = pbe->salt->length; 249 if (!pkcs12_key_gen_raw(pass_raw, pass_raw_len, salt, salt_len, PKCS12_KEY_ID, 250 iterations, EVP_CIPHER_key_length(cipher), key, md)) { 251 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_KEY_GEN_ERROR); 252 PBEPARAM_free(pbe); 253 return 0; 254 } 255 if (!pkcs12_key_gen_raw(pass_raw, pass_raw_len, salt, salt_len, PKCS12_IV_ID, 256 iterations, EVP_CIPHER_iv_length(cipher), iv, md)) { 257 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_KEY_GEN_ERROR); 258 PBEPARAM_free(pbe); 259 return 0; 260 } 261 PBEPARAM_free(pbe); 262 ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, is_encrypt); 263 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); 264 OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); 265 return ret; 266 } 267 268 typedef int (*keygen_func)(EVP_CIPHER_CTX *ctx, const uint8_t *pass_raw, 269 size_t pass_raw_len, ASN1_TYPE *param, 270 const EVP_CIPHER *cipher, const EVP_MD *md, 271 int is_encrypt); 272 273 struct pbe_suite { 274 int pbe_nid; 275 const EVP_CIPHER* (*cipher_func)(void); 276 const EVP_MD* (*md_func)(void); 277 keygen_func keygen; 278 int flags; 279 }; 280 281 #define PBE_UCS2_CONVERT_PASSWORD 0x1 282 283 static const struct pbe_suite kBuiltinPBE[] = { 284 { 285 NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc, EVP_sha1, 286 pkcs12_pbe_keyivgen, PBE_UCS2_CONVERT_PASSWORD 287 }, 288 { 289 NID_pbe_WithSHA1And128BitRC4, EVP_rc4, EVP_sha1, pkcs12_pbe_keyivgen, 290 PBE_UCS2_CONVERT_PASSWORD 291 }, 292 { 293 NID_pbe_WithSHA1And3_Key_TripleDES_CBC, EVP_des_ede3_cbc, EVP_sha1, 294 pkcs12_pbe_keyivgen, PBE_UCS2_CONVERT_PASSWORD 295 }, 296 { 297 NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen, 0 298 }, 299 }; 300 301 static const struct pbe_suite *get_pbe_suite(int pbe_nid) { 302 unsigned i; 303 for (i = 0; i < sizeof(kBuiltinPBE) / sizeof(kBuiltinPBE[0]); i++) { 304 if (kBuiltinPBE[i].pbe_nid == pbe_nid) { 305 return &kBuiltinPBE[i]; 306 } 307 } 308 309 return NULL; 310 } 311 312 /* pass_to_pass_raw performs a password conversion (possibly a no-op) 313 * appropriate to the supplied |pbe_nid|. The input |pass| is treated as a 314 * NUL-terminated string if |pass_len| is -1, otherwise it is treated as a 315 * buffer of the specified length. If the supplied PBE NID sets the 316 * |PBE_UCS2_CONVERT_PASSWORD| flag, the supplied |pass| will be converted to 317 * UCS-2. 318 * 319 * It sets |*out_pass_raw| to a new buffer that must be freed by the caller. It 320 * returns one on success and zero on error. */ 321 static int pass_to_pass_raw(int pbe_nid, const char *pass, int pass_len, 322 uint8_t **out_pass_raw, size_t *out_pass_raw_len) { 323 if (pass == NULL) { 324 *out_pass_raw = NULL; 325 *out_pass_raw_len = 0; 326 return 1; 327 } 328 329 if (pass_len == -1) { 330 pass_len = strlen(pass); 331 } else if (pass_len < 0 || pass_len > 2000000000) { 332 OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); 333 return 0; 334 } 335 336 const struct pbe_suite *suite = get_pbe_suite(pbe_nid); 337 if (suite != NULL && (suite->flags & PBE_UCS2_CONVERT_PASSWORD)) { 338 if (!ascii_to_ucs2(pass, pass_len, out_pass_raw, out_pass_raw_len)) { 339 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); 340 return 0; 341 } 342 } else { 343 *out_pass_raw = BUF_memdup(pass, pass_len); 344 if (*out_pass_raw == NULL) { 345 OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); 346 return 0; 347 } 348 *out_pass_raw_len = (size_t)pass_len; 349 } 350 351 return 1; 352 } 353 354 static int pbe_cipher_init(ASN1_OBJECT *pbe_obj, 355 const uint8_t *pass_raw, size_t pass_raw_len, 356 ASN1_TYPE *param, 357 EVP_CIPHER_CTX *ctx, int is_encrypt) { 358 const EVP_CIPHER *cipher; 359 const EVP_MD *md; 360 361 const struct pbe_suite *suite = get_pbe_suite(OBJ_obj2nid(pbe_obj)); 362 if (suite == NULL) { 363 char obj_str[80]; 364 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_ALGORITHM); 365 if (!pbe_obj) { 366 strncpy(obj_str, "NULL", sizeof(obj_str)); 367 } else { 368 i2t_ASN1_OBJECT(obj_str, sizeof(obj_str), pbe_obj); 369 } 370 ERR_add_error_data(2, "TYPE=", obj_str); 371 return 0; 372 } 373 374 if (suite->cipher_func == NULL) { 375 cipher = NULL; 376 } else { 377 cipher = suite->cipher_func(); 378 if (!cipher) { 379 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_CIPHER); 380 return 0; 381 } 382 } 383 384 if (suite->md_func == NULL) { 385 md = NULL; 386 } else { 387 md = suite->md_func(); 388 if (!md) { 389 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_DIGEST); 390 return 0; 391 } 392 } 393 394 if (!suite->keygen(ctx, pass_raw, pass_raw_len, param, cipher, md, 395 is_encrypt)) { 396 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_KEYGEN_FAILURE); 397 return 0; 398 } 399 400 return 1; 401 } 402 403 static int pbe_crypt(const X509_ALGOR *algor, 404 const uint8_t *pass_raw, size_t pass_raw_len, 405 const uint8_t *in, size_t in_len, 406 uint8_t **out, size_t *out_len, 407 int is_encrypt) { 408 uint8_t *buf; 409 int n, ret = 0; 410 EVP_CIPHER_CTX ctx; 411 unsigned block_size; 412 413 EVP_CIPHER_CTX_init(&ctx); 414 415 if (!pbe_cipher_init(algor->algorithm, pass_raw, pass_raw_len, 416 algor->parameter, &ctx, is_encrypt)) { 417 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_CIPHER_ALGORITHM); 418 return 0; 419 } 420 block_size = EVP_CIPHER_CTX_block_size(&ctx); 421 422 if (in_len + block_size < in_len) { 423 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); 424 goto err; 425 } 426 427 buf = OPENSSL_malloc(in_len + block_size); 428 if (buf == NULL) { 429 OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); 430 goto err; 431 } 432 433 if (!EVP_CipherUpdate(&ctx, buf, &n, in, in_len)) { 434 OPENSSL_free(buf); 435 OPENSSL_PUT_ERROR(PKCS8, ERR_R_EVP_LIB); 436 goto err; 437 } 438 *out_len = n; 439 440 if (!EVP_CipherFinal_ex(&ctx, buf + n, &n)) { 441 OPENSSL_free(buf); 442 OPENSSL_PUT_ERROR(PKCS8, ERR_R_EVP_LIB); 443 goto err; 444 } 445 *out_len += n; 446 *out = buf; 447 ret = 1; 448 449 err: 450 EVP_CIPHER_CTX_cleanup(&ctx); 451 return ret; 452 } 453 454 static void *pkcs12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, 455 const uint8_t *pass_raw, 456 size_t pass_raw_len, 457 ASN1_OCTET_STRING *oct) { 458 uint8_t *out; 459 const uint8_t *p; 460 void *ret; 461 size_t out_len; 462 463 if (!pbe_crypt(algor, pass_raw, pass_raw_len, oct->data, oct->length, 464 &out, &out_len, 0 /* decrypt */)) { 465 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_CRYPT_ERROR); 466 return NULL; 467 } 468 p = out; 469 ret = ASN1_item_d2i(NULL, &p, out_len, it); 470 OPENSSL_cleanse(out, out_len); 471 if (!ret) { 472 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); 473 } 474 OPENSSL_free(out); 475 return ret; 476 } 477 478 PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *pkcs8, const char *pass, 479 int pass_len) { 480 uint8_t *pass_raw = NULL; 481 size_t pass_raw_len = 0; 482 if (!pass_to_pass_raw(OBJ_obj2nid(pkcs8->algor->algorithm), pass, pass_len, 483 &pass_raw, &pass_raw_len)) { 484 return NULL; 485 } 486 487 PKCS8_PRIV_KEY_INFO *ret = PKCS8_decrypt_pbe(pkcs8, pass_raw, pass_raw_len); 488 489 if (pass_raw) { 490 OPENSSL_cleanse(pass_raw, pass_raw_len); 491 OPENSSL_free(pass_raw); 492 } 493 return ret; 494 } 495 496 PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_pbe(X509_SIG *pkcs8, const uint8_t *pass_raw, 497 size_t pass_raw_len) { 498 return pkcs12_item_decrypt_d2i(pkcs8->algor, 499 ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass_raw, 500 pass_raw_len, pkcs8->digest); 501 } 502 503 static ASN1_OCTET_STRING *pkcs12_item_i2d_encrypt(X509_ALGOR *algor, 504 const ASN1_ITEM *it, 505 const uint8_t *pass_raw, 506 size_t pass_raw_len, void *obj) { 507 ASN1_OCTET_STRING *oct; 508 uint8_t *in = NULL; 509 int in_len; 510 size_t crypt_len; 511 512 oct = M_ASN1_OCTET_STRING_new(); 513 if (oct == NULL) { 514 OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); 515 return NULL; 516 } 517 in_len = ASN1_item_i2d(obj, &in, it); 518 if (!in) { 519 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ENCODE_ERROR); 520 return NULL; 521 } 522 if (!pbe_crypt(algor, pass_raw, pass_raw_len, in, in_len, &oct->data, &crypt_len, 523 1 /* encrypt */)) { 524 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ENCRYPT_ERROR); 525 OPENSSL_free(in); 526 return NULL; 527 } 528 oct->length = crypt_len; 529 OPENSSL_cleanse(in, in_len); 530 OPENSSL_free(in); 531 return oct; 532 } 533 534 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, 535 int pass_len, uint8_t *salt, size_t salt_len, 536 int iterations, PKCS8_PRIV_KEY_INFO *p8inf) { 537 uint8_t *pass_raw = NULL; 538 size_t pass_raw_len = 0; 539 if (!pass_to_pass_raw(pbe_nid, pass, pass_len, &pass_raw, &pass_raw_len)) { 540 return NULL; 541 } 542 543 X509_SIG *ret = PKCS8_encrypt_pbe(pbe_nid, cipher, pass_raw, pass_raw_len, 544 salt, salt_len, iterations, p8inf); 545 546 if (pass_raw) { 547 OPENSSL_cleanse(pass_raw, pass_raw_len); 548 OPENSSL_free(pass_raw); 549 } 550 return ret; 551 } 552 553 X509_SIG *PKCS8_encrypt_pbe(int pbe_nid, const EVP_CIPHER *cipher, 554 const uint8_t *pass_raw, size_t pass_raw_len, 555 uint8_t *salt, size_t salt_len, 556 int iterations, PKCS8_PRIV_KEY_INFO *p8inf) { 557 X509_SIG *pkcs8 = NULL; 558 X509_ALGOR *pbe; 559 560 pkcs8 = X509_SIG_new(); 561 if (pkcs8 == NULL) { 562 OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); 563 goto err; 564 } 565 566 if (pbe_nid == -1) { 567 pbe = PKCS5_pbe2_set(cipher, iterations, salt, salt_len); 568 } else { 569 pbe = PKCS5_pbe_set(pbe_nid, iterations, salt, salt_len); 570 } 571 if (!pbe) { 572 OPENSSL_PUT_ERROR(PKCS8, ERR_R_ASN1_LIB); 573 goto err; 574 } 575 576 X509_ALGOR_free(pkcs8->algor); 577 pkcs8->algor = pbe; 578 M_ASN1_OCTET_STRING_free(pkcs8->digest); 579 pkcs8->digest = pkcs12_item_i2d_encrypt( 580 pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass_raw, pass_raw_len, p8inf); 581 if (!pkcs8->digest) { 582 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ENCRYPT_ERROR); 583 goto err; 584 } 585 586 return pkcs8; 587 588 err: 589 X509_SIG_free(pkcs8); 590 return NULL; 591 } 592 593 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { 594 EVP_PKEY *pkey = NULL; 595 ASN1_OBJECT *algoid; 596 char obj_tmp[80]; 597 598 if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) { 599 return NULL; 600 } 601 602 pkey = EVP_PKEY_new(); 603 if (pkey == NULL) { 604 OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); 605 return NULL; 606 } 607 608 if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) { 609 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 610 i2t_ASN1_OBJECT(obj_tmp, 80, algoid); 611 ERR_add_error_data(2, "TYPE=", obj_tmp); 612 goto error; 613 } 614 615 if (pkey->ameth->priv_decode) { 616 if (!pkey->ameth->priv_decode(pkey, p8)) { 617 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PRIVATE_KEY_DECODE_ERROR); 618 goto error; 619 } 620 } else { 621 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_METHOD_NOT_SUPPORTED); 622 goto error; 623 } 624 625 return pkey; 626 627 error: 628 EVP_PKEY_free(pkey); 629 return NULL; 630 } 631 632 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) { 633 PKCS8_PRIV_KEY_INFO *p8; 634 635 p8 = PKCS8_PRIV_KEY_INFO_new(); 636 if (p8 == NULL) { 637 OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); 638 return NULL; 639 } 640 p8->broken = PKCS8_OK; 641 642 if (pkey->ameth) { 643 if (pkey->ameth->priv_encode) { 644 if (!pkey->ameth->priv_encode(p8, pkey)) { 645 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PRIVATE_KEY_ENCODE_ERROR); 646 goto error; 647 } 648 } else { 649 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_METHOD_NOT_SUPPORTED); 650 goto error; 651 } 652 } else { 653 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 654 goto error; 655 } 656 return p8; 657 658 error: 659 PKCS8_PRIV_KEY_INFO_free(p8); 660 return NULL; 661 } 662 663 struct pkcs12_context { 664 EVP_PKEY **out_key; 665 STACK_OF(X509) *out_certs; 666 uint8_t *password; 667 size_t password_len; 668 }; 669 670 static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, 671 struct pkcs12_context *ctx); 672 673 /* PKCS12_handle_content_infos parses a series of PKCS#7 ContentInfos in a 674 * SEQUENCE. */ 675 static int PKCS12_handle_content_infos(CBS *content_infos, 676 unsigned depth, 677 struct pkcs12_context *ctx) { 678 uint8_t *der_bytes = NULL; 679 size_t der_len; 680 CBS in; 681 int ret = 0; 682 683 /* Generally we only expect depths 0 (the top level, with a 684 * pkcs7-encryptedData and a pkcs7-data) and depth 1 (the various PKCS#12 685 * bags). */ 686 if (depth > 3) { 687 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PKCS12_TOO_DEEPLY_NESTED); 688 return 0; 689 } 690 691 /* Although a BER->DER conversion is done at the beginning of |PKCS12_parse|, 692 * the ASN.1 data gets wrapped in OCTETSTRINGs and/or encrypted and the 693 * conversion cannot see through those wrappings. So each time we step 694 * through one we need to convert to DER again. */ 695 if (!CBS_asn1_ber_to_der(content_infos, &der_bytes, &der_len)) { 696 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 697 return 0; 698 } 699 700 if (der_bytes != NULL) { 701 CBS_init(&in, der_bytes, der_len); 702 } else { 703 CBS_init(&in, CBS_data(content_infos), CBS_len(content_infos)); 704 } 705 706 if (!CBS_get_asn1(&in, &in, CBS_ASN1_SEQUENCE)) { 707 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 708 goto err; 709 } 710 711 while (CBS_len(&in) > 0) { 712 CBS content_info; 713 if (!CBS_get_asn1(&in, &content_info, CBS_ASN1_SEQUENCE)) { 714 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 715 goto err; 716 } 717 718 if (!PKCS12_handle_content_info(&content_info, depth + 1, ctx)) { 719 goto err; 720 } 721 } 722 723 /* NSS includes additional data after the SEQUENCE, but it's an (unwrapped) 724 * copy of the same encrypted private key (with the same IV and 725 * ciphertext)! */ 726 727 ret = 1; 728 729 err: 730 OPENSSL_free(der_bytes); 731 return ret; 732 } 733 734 /* PKCS12_handle_content_info parses a single PKCS#7 ContentInfo element in a 735 * PKCS#12 structure. */ 736 static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, 737 struct pkcs12_context *ctx) { 738 CBS content_type, wrapped_contents, contents, content_infos; 739 int nid, ret = 0; 740 741 if (!CBS_get_asn1(content_info, &content_type, CBS_ASN1_OBJECT) || 742 !CBS_get_asn1(content_info, &wrapped_contents, 743 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { 744 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 745 goto err; 746 } 747 748 nid = OBJ_cbs2nid(&content_type); 749 if (nid == NID_pkcs7_encrypted) { 750 /* See https://tools.ietf.org/html/rfc2315#section-13. 751 * 752 * PKCS#7 encrypted data inside a PKCS#12 structure is generally an 753 * encrypted certificate bag and it's generally encrypted with 40-bit 754 * RC2-CBC. */ 755 CBS version_bytes, eci, contents_type, ai, encrypted_contents; 756 X509_ALGOR *algor = NULL; 757 const uint8_t *inp; 758 uint8_t *out; 759 size_t out_len; 760 761 if (!CBS_get_asn1(&wrapped_contents, &contents, CBS_ASN1_SEQUENCE) || 762 !CBS_get_asn1(&contents, &version_bytes, CBS_ASN1_INTEGER) || 763 /* EncryptedContentInfo, see 764 * https://tools.ietf.org/html/rfc2315#section-10.1 */ 765 !CBS_get_asn1(&contents, &eci, CBS_ASN1_SEQUENCE) || 766 !CBS_get_asn1(&eci, &contents_type, CBS_ASN1_OBJECT) || 767 /* AlgorithmIdentifier, see 768 * https://tools.ietf.org/html/rfc5280#section-4.1.1.2 */ 769 !CBS_get_asn1_element(&eci, &ai, CBS_ASN1_SEQUENCE) || 770 !CBS_get_asn1(&eci, &encrypted_contents, 771 CBS_ASN1_CONTEXT_SPECIFIC | 0)) { 772 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 773 goto err; 774 } 775 776 if (OBJ_cbs2nid(&contents_type) != NID_pkcs7_data || 777 CBS_len(&ai) > LONG_MAX) { 778 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 779 goto err; 780 } 781 782 inp = CBS_data(&ai); 783 algor = d2i_X509_ALGOR(NULL, &inp, (long)CBS_len(&ai)); 784 if (algor == NULL) { 785 goto err; 786 } 787 if (inp != CBS_data(&ai) + CBS_len(&ai)) { 788 X509_ALGOR_free(algor); 789 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 790 goto err; 791 } 792 793 if (!pbe_crypt(algor, ctx->password, ctx->password_len, 794 CBS_data(&encrypted_contents), CBS_len(&encrypted_contents), 795 &out, &out_len, 0 /* decrypt */)) { 796 X509_ALGOR_free(algor); 797 goto err; 798 } 799 X509_ALGOR_free(algor); 800 801 CBS_init(&content_infos, out, out_len); 802 ret = PKCS12_handle_content_infos(&content_infos, depth + 1, ctx); 803 OPENSSL_free(out); 804 } else if (nid == NID_pkcs7_data) { 805 CBS octet_string_contents; 806 807 if (!CBS_get_asn1(&wrapped_contents, &octet_string_contents, 808 CBS_ASN1_OCTETSTRING)) { 809 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 810 goto err; 811 } 812 813 ret = PKCS12_handle_content_infos(&octet_string_contents, depth + 1, ctx); 814 } else if (nid == NID_pkcs8ShroudedKeyBag) { 815 /* See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section 816 * 4.2.2. */ 817 const uint8_t *inp = CBS_data(&wrapped_contents); 818 PKCS8_PRIV_KEY_INFO *pki = NULL; 819 X509_SIG *encrypted = NULL; 820 821 if (*ctx->out_key) { 822 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12); 823 goto err; 824 } 825 826 if (CBS_len(&wrapped_contents) > LONG_MAX) { 827 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 828 goto err; 829 } 830 831 /* encrypted isn't actually an X.509 signature, but it has the same 832 * structure as one and so |X509_SIG| is reused to store it. */ 833 encrypted = d2i_X509_SIG(NULL, &inp, (long)CBS_len(&wrapped_contents)); 834 if (encrypted == NULL) { 835 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 836 goto err; 837 } 838 if (inp != CBS_data(&wrapped_contents) + CBS_len(&wrapped_contents)) { 839 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 840 X509_SIG_free(encrypted); 841 goto err; 842 } 843 844 pki = PKCS8_decrypt_pbe(encrypted, ctx->password, ctx->password_len); 845 X509_SIG_free(encrypted); 846 if (pki == NULL) { 847 goto err; 848 } 849 850 *ctx->out_key = EVP_PKCS82PKEY(pki); 851 PKCS8_PRIV_KEY_INFO_free(pki); 852 853 if (ctx->out_key == NULL) { 854 goto err; 855 } 856 ret = 1; 857 } else if (nid == NID_certBag) { 858 CBS cert_bag, cert_type, wrapped_cert, cert; 859 860 if (!CBS_get_asn1(&wrapped_contents, &cert_bag, CBS_ASN1_SEQUENCE) || 861 !CBS_get_asn1(&cert_bag, &cert_type, CBS_ASN1_OBJECT) || 862 !CBS_get_asn1(&cert_bag, &wrapped_cert, 863 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) || 864 !CBS_get_asn1(&wrapped_cert, &cert, CBS_ASN1_OCTETSTRING)) { 865 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 866 goto err; 867 } 868 869 if (OBJ_cbs2nid(&cert_type) == NID_x509Certificate) { 870 if (CBS_len(&cert) > LONG_MAX) { 871 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 872 goto err; 873 } 874 const uint8_t *inp = CBS_data(&cert); 875 X509 *x509 = d2i_X509(NULL, &inp, (long)CBS_len(&cert)); 876 if (!x509) { 877 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 878 goto err; 879 } 880 if (inp != CBS_data(&cert) + CBS_len(&cert)) { 881 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 882 X509_free(x509); 883 goto err; 884 } 885 886 if (0 == sk_X509_push(ctx->out_certs, x509)) { 887 X509_free(x509); 888 goto err; 889 } 890 } 891 ret = 1; 892 } else { 893 /* Unknown element type - ignore it. */ 894 ret = 1; 895 } 896 897 err: 898 return ret; 899 } 900 901 int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, 902 CBS *ber_in, const char *password) { 903 uint8_t *der_bytes = NULL; 904 size_t der_len; 905 CBS in, pfx, mac_data, authsafe, content_type, wrapped_authsafes, authsafes; 906 uint64_t version; 907 int ret = 0; 908 struct pkcs12_context ctx; 909 const size_t original_out_certs_len = sk_X509_num(out_certs); 910 911 /* The input may be in BER format. */ 912 if (!CBS_asn1_ber_to_der(ber_in, &der_bytes, &der_len)) { 913 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 914 return 0; 915 } 916 if (der_bytes != NULL) { 917 CBS_init(&in, der_bytes, der_len); 918 } else { 919 CBS_init(&in, CBS_data(ber_in), CBS_len(ber_in)); 920 } 921 922 *out_key = NULL; 923 memset(&ctx, 0, sizeof(ctx)); 924 925 /* See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section 926 * four. */ 927 if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) || 928 CBS_len(&in) != 0 || 929 !CBS_get_asn1_uint64(&pfx, &version)) { 930 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 931 goto err; 932 } 933 934 if (version < 3) { 935 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_VERSION); 936 goto err; 937 } 938 939 if (!CBS_get_asn1(&pfx, &authsafe, CBS_ASN1_SEQUENCE)) { 940 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 941 goto err; 942 } 943 944 if (CBS_len(&pfx) == 0) { 945 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_MISSING_MAC); 946 goto err; 947 } 948 949 if (!CBS_get_asn1(&pfx, &mac_data, CBS_ASN1_SEQUENCE)) { 950 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 951 goto err; 952 } 953 954 /* authsafe is a PKCS#7 ContentInfo. See 955 * https://tools.ietf.org/html/rfc2315#section-7. */ 956 if (!CBS_get_asn1(&authsafe, &content_type, CBS_ASN1_OBJECT) || 957 !CBS_get_asn1(&authsafe, &wrapped_authsafes, 958 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { 959 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 960 goto err; 961 } 962 963 /* The content type can either be |NID_pkcs7_data| or |NID_pkcs7_signed|. The 964 * latter indicates that it's signed by a public key, which isn't 965 * supported. */ 966 if (OBJ_cbs2nid(&content_type) != NID_pkcs7_data) { 967 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED); 968 goto err; 969 } 970 971 if (!CBS_get_asn1(&wrapped_authsafes, &authsafes, CBS_ASN1_OCTETSTRING)) { 972 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 973 goto err; 974 } 975 976 ctx.out_key = out_key; 977 ctx.out_certs = out_certs; 978 if (!ascii_to_ucs2(password, strlen(password), &ctx.password, 979 &ctx.password_len)) { 980 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); 981 goto err; 982 } 983 984 /* Verify the MAC. */ 985 { 986 CBS mac, hash_type_seq, hash_oid, salt, expected_mac; 987 uint64_t iterations; 988 int hash_nid; 989 const EVP_MD *md; 990 uint8_t hmac_key[EVP_MAX_MD_SIZE]; 991 uint8_t hmac[EVP_MAX_MD_SIZE]; 992 unsigned hmac_len; 993 994 if (!CBS_get_asn1(&mac_data, &mac, CBS_ASN1_SEQUENCE) || 995 !CBS_get_asn1(&mac, &hash_type_seq, CBS_ASN1_SEQUENCE) || 996 !CBS_get_asn1(&hash_type_seq, &hash_oid, CBS_ASN1_OBJECT) || 997 !CBS_get_asn1(&mac, &expected_mac, CBS_ASN1_OCTETSTRING) || 998 !CBS_get_asn1(&mac_data, &salt, CBS_ASN1_OCTETSTRING)) { 999 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 1000 goto err; 1001 } 1002 1003 /* The iteration count is optional and the default is one. */ 1004 iterations = 1; 1005 if (CBS_len(&mac_data) > 0) { 1006 if (!CBS_get_asn1_uint64(&mac_data, &iterations) || 1007 iterations > INT_MAX) { 1008 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); 1009 goto err; 1010 } 1011 } 1012 1013 hash_nid = OBJ_cbs2nid(&hash_oid); 1014 if (hash_nid == NID_undef || 1015 (md = EVP_get_digestbynid(hash_nid)) == NULL) { 1016 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_HASH); 1017 goto err; 1018 } 1019 1020 if (!pkcs12_key_gen_raw(ctx.password, ctx.password_len, CBS_data(&salt), 1021 CBS_len(&salt), PKCS12_MAC_ID, iterations, 1022 EVP_MD_size(md), hmac_key, md)) { 1023 goto err; 1024 } 1025 1026 if (NULL == HMAC(md, hmac_key, EVP_MD_size(md), CBS_data(&authsafes), 1027 CBS_len(&authsafes), hmac, &hmac_len)) { 1028 goto err; 1029 } 1030 1031 if (!CBS_mem_equal(&expected_mac, hmac, hmac_len)) { 1032 OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INCORRECT_PASSWORD); 1033 goto err; 1034 } 1035 } 1036 1037 /* authsafes contains a series of PKCS#7 ContentInfos. */ 1038 if (!PKCS12_handle_content_infos(&authsafes, 0, &ctx)) { 1039 goto err; 1040 } 1041 1042 ret = 1; 1043 1044 err: 1045 OPENSSL_free(ctx.password); 1046 OPENSSL_free(der_bytes); 1047 if (!ret) { 1048 EVP_PKEY_free(*out_key); 1049 *out_key = NULL; 1050 while (sk_X509_num(out_certs) > original_out_certs_len) { 1051 X509 *x509 = sk_X509_pop(out_certs); 1052 X509_free(x509); 1053 } 1054 } 1055 1056 return ret; 1057 } 1058 1059 void PKCS12_PBE_add(void) {} 1060 1061 struct pkcs12_st { 1062 uint8_t *ber_bytes; 1063 size_t ber_len; 1064 }; 1065 1066 PKCS12* d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, size_t ber_len) { 1067 PKCS12 *p12; 1068 1069 /* out_p12 must be NULL because we don't export the PKCS12 structure. */ 1070 assert(out_p12 == NULL); 1071 1072 p12 = OPENSSL_malloc(sizeof(PKCS12)); 1073 if (!p12) { 1074 return NULL; 1075 } 1076 1077 p12->ber_bytes = OPENSSL_malloc(ber_len); 1078 if (!p12->ber_bytes) { 1079 OPENSSL_free(p12); 1080 return NULL; 1081 } 1082 1083 memcpy(p12->ber_bytes, *ber_bytes, ber_len); 1084 p12->ber_len = ber_len; 1085 *ber_bytes += ber_len; 1086 1087 return p12; 1088 } 1089 1090 PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) { 1091 size_t used = 0; 1092 BUF_MEM *buf; 1093 const uint8_t *dummy; 1094 static const size_t kMaxSize = 256 * 1024; 1095 PKCS12 *ret = NULL; 1096 1097 buf = BUF_MEM_new(); 1098 if (buf == NULL) { 1099 return NULL; 1100 } 1101 if (BUF_MEM_grow(buf, 8192) == 0) { 1102 goto out; 1103 } 1104 1105 for (;;) { 1106 int n = BIO_read(bio, &buf->data[used], buf->length - used); 1107 if (n < 0) { 1108 goto out; 1109 } 1110 1111 if (n == 0) { 1112 break; 1113 } 1114 used += n; 1115 1116 if (used < buf->length) { 1117 continue; 1118 } 1119 1120 if (buf->length > kMaxSize || 1121 BUF_MEM_grow(buf, buf->length * 2) == 0) { 1122 goto out; 1123 } 1124 } 1125 1126 dummy = (uint8_t*) buf->data; 1127 ret = d2i_PKCS12(out_p12, &dummy, used); 1128 1129 out: 1130 BUF_MEM_free(buf); 1131 return ret; 1132 } 1133 1134 PKCS12* d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12) { 1135 BIO *bio; 1136 PKCS12 *ret; 1137 1138 bio = BIO_new_fp(fp, 0 /* don't take ownership */); 1139 if (!bio) { 1140 return NULL; 1141 } 1142 1143 ret = d2i_PKCS12_bio(bio, out_p12); 1144 BIO_free(bio); 1145 return ret; 1146 } 1147 1148 int PKCS12_parse(const PKCS12 *p12, const char *password, EVP_PKEY **out_pkey, 1149 X509 **out_cert, STACK_OF(X509) **out_ca_certs) { 1150 CBS ber_bytes; 1151 STACK_OF(X509) *ca_certs = NULL; 1152 char ca_certs_alloced = 0; 1153 1154 if (out_ca_certs != NULL && *out_ca_certs != NULL) { 1155 ca_certs = *out_ca_certs; 1156 } 1157 1158 if (!ca_certs) { 1159 ca_certs = sk_X509_new_null(); 1160 if (ca_certs == NULL) { 1161 OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); 1162 return 0; 1163 } 1164 ca_certs_alloced = 1; 1165 } 1166 1167 CBS_init(&ber_bytes, p12->ber_bytes, p12->ber_len); 1168 if (!PKCS12_get_key_and_certs(out_pkey, ca_certs, &ber_bytes, password)) { 1169 if (ca_certs_alloced) { 1170 sk_X509_free(ca_certs); 1171 } 1172 return 0; 1173 } 1174 1175 *out_cert = NULL; 1176 if (sk_X509_num(ca_certs) > 0) { 1177 *out_cert = sk_X509_shift(ca_certs); 1178 } 1179 1180 if (out_ca_certs) { 1181 *out_ca_certs = ca_certs; 1182 } else { 1183 sk_X509_pop_free(ca_certs, X509_free); 1184 } 1185 1186 return 1; 1187 } 1188 1189 int PKCS12_verify_mac(const PKCS12 *p12, const char *password, 1190 int password_len) { 1191 if (password == NULL) { 1192 if (password_len != 0) { 1193 return 0; 1194 } 1195 } else if (password_len != -1 && 1196 (password[password_len] != 0 || 1197 memchr(password, 0, password_len) != NULL)) { 1198 return 0; 1199 } 1200 1201 EVP_PKEY *pkey = NULL; 1202 X509 *cert = NULL; 1203 if (!PKCS12_parse(p12, password, &pkey, &cert, NULL)) { 1204 ERR_clear_error(); 1205 return 0; 1206 } 1207 1208 EVP_PKEY_free(pkey); 1209 X509_free(cert); 1210 1211 return 1; 1212 } 1213 1214 void PKCS12_free(PKCS12 *p12) { 1215 OPENSSL_free(p12->ber_bytes); 1216 OPENSSL_free(p12); 1217 } 1218