diff options
Diffstat (limited to 'crypto/pkcs12/p12_kiss.c')
-rw-r--r-- | crypto/pkcs12/p12_kiss.c | 104 |
1 files changed, 25 insertions, 79 deletions
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 1841f78f6915..7ab98385a7b0 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -1,64 +1,14 @@ -/* p12_kiss.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/pkcs12.h> /* Simplified PKCS#12 routines */ @@ -66,7 +16,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); -static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, +static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, @@ -76,7 +26,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, * Parse and decrypt a PKCS#12 structure returning user key, user cert and * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it * should point to a valid STACK structure. pkey and cert can be passed - * unitialised. + * uninitialised. */ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, @@ -153,12 +103,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, goto err; x = NULL; } - if (x) - X509_free(x); + X509_free(x); } - if (ocerts) - sk_X509_pop_free(ocerts, X509_free); + sk_X509_pop_free(ocerts, X509_free); return 1; @@ -172,10 +120,8 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, X509_free(*cert); *cert = NULL; } - if (x) - X509_free(x); - if (ocerts) - sk_X509_pop_free(ocerts, X509_free); + X509_free(x); + sk_X509_pop_free(ocerts, X509_free); return 0; } @@ -190,7 +136,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, int i, bagnid; PKCS7 *p7; - if (!(asafes = PKCS12_unpack_authsafes(p12))) + if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) return 0; for (i = 0; i < sk_PKCS7_num(asafes); i++) { p7 = sk_PKCS7_value(asafes, i); @@ -216,7 +162,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, return 1; } -static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, +static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { int i; @@ -233,28 +179,29 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; - ASN1_TYPE *attrib; + const ASN1_TYPE *attrib; ASN1_BMPSTRING *fname = NULL; ASN1_OCTET_STRING *lkid = NULL; - if ((attrib = PKCS12_get_attr(bag, NID_friendlyName))) + if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) fname = attrib->value.bmpstring; - if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) + if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) lkid = attrib->value.octet_string; - switch (M_PKCS12_bag_type(bag)) { + switch (PKCS12_SAFEBAG_get_nid(bag)) { case NID_keyBag: if (!pkey || *pkey) return 1; - if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) + *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag)); + if (*pkey == NULL) return 0; break; case NID_pkcs8ShroudedKeyBag: if (!pkey || *pkey) return 1; - if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) + if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) return 0; *pkey = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); @@ -263,9 +210,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, break; case NID_certBag: - if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) + if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate) return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) + if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL) return 0; if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { X509_free(x509); @@ -293,12 +240,11 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, break; case NID_safeContentsBag: - return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts); - break; + return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey, + ocerts); default: return 1; - break; } return 1; } |