2
0

p12_decr.c 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. /*
  2. * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/pkcs12.h>
  12. /* Define this to dump decrypted output to files called DERnnn */
  13. /*
  14. * #define OPENSSL_DEBUG_DECRYPT
  15. */
  16. /*
  17. * Encrypt/Decrypt a buffer based on password and algor, result in a
  18. * OPENSSL_malloc'ed buffer
  19. */
  20. unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
  21. const char *pass, int passlen,
  22. const unsigned char *in, int inlen,
  23. unsigned char **data, int *datalen, int en_de)
  24. {
  25. unsigned char *out = NULL;
  26. int outlen, i;
  27. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  28. if (ctx == NULL) {
  29. PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
  30. goto err;
  31. }
  32. /* Decrypt data */
  33. if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
  34. algor->parameter, ctx, en_de)) {
  35. PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
  36. PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
  37. goto err;
  38. }
  39. if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
  40. == NULL) {
  41. PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
  42. goto err;
  43. }
  44. if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
  45. OPENSSL_free(out);
  46. out = NULL;
  47. PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
  48. goto err;
  49. }
  50. outlen = i;
  51. if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
  52. OPENSSL_free(out);
  53. out = NULL;
  54. PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
  55. PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
  56. goto err;
  57. }
  58. outlen += i;
  59. if (datalen)
  60. *datalen = outlen;
  61. if (data)
  62. *data = out;
  63. err:
  64. EVP_CIPHER_CTX_free(ctx);
  65. return out;
  66. }
  67. /*
  68. * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
  69. * after use.
  70. */
  71. void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
  72. const char *pass, int passlen,
  73. const ASN1_OCTET_STRING *oct, int zbuf)
  74. {
  75. unsigned char *out;
  76. const unsigned char *p;
  77. void *ret;
  78. int outlen;
  79. if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
  80. &out, &outlen, 0)) {
  81. PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
  82. PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
  83. return NULL;
  84. }
  85. p = out;
  86. #ifdef OPENSSL_DEBUG_DECRYPT
  87. {
  88. FILE *op;
  89. char fname[30];
  90. static int fnm = 1;
  91. sprintf(fname, "DER%d", fnm++);
  92. op = fopen(fname, "wb");
  93. fwrite(p, 1, outlen, op);
  94. fclose(op);
  95. }
  96. #endif
  97. ret = ASN1_item_d2i(NULL, &p, outlen, it);
  98. if (zbuf)
  99. OPENSSL_cleanse(out, outlen);
  100. if (!ret)
  101. PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);
  102. OPENSSL_free(out);
  103. return ret;
  104. }
  105. /*
  106. * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
  107. * encoding.
  108. */
  109. ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
  110. const ASN1_ITEM *it,
  111. const char *pass, int passlen,
  112. void *obj, int zbuf)
  113. {
  114. ASN1_OCTET_STRING *oct = NULL;
  115. unsigned char *in = NULL;
  116. int inlen;
  117. if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
  118. PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
  119. goto err;
  120. }
  121. inlen = ASN1_item_i2d(obj, &in, it);
  122. if (!in) {
  123. PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);
  124. goto err;
  125. }
  126. if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
  127. &oct->length, 1)) {
  128. PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
  129. OPENSSL_free(in);
  130. goto err;
  131. }
  132. if (zbuf)
  133. OPENSSL_cleanse(in, inlen);
  134. OPENSSL_free(in);
  135. return oct;
  136. err:
  137. ASN1_OCTET_STRING_free(oct);
  138. return NULL;
  139. }