-# $OpenBSD: Makefile,v 1.77 2022/07/24 08:16:47 tb Exp $
+# $OpenBSD: Makefile,v 1.78 2022/08/03 20:16:06 tb Exp $
LIB= crypto
LIBREBUILD=y
# pkcs12/
SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c
-SRCS+= p12_init.c p12_key.c p12_kiss.c p12_mutl.c
+SRCS+= p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_sbag.c
SRCS+= p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
# pkcs7/
-/* $OpenBSD: p12_add.c,v 1.17 2018/05/13 14:24:07 tb Exp $ */
+/* $OpenBSD: p12_add.c,v 1.18 2022/08/03 20:16:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
return safebag;
}
+#if !defined(LIBRESSL_NEXT_API)
+#undef PKCS12_MAKE_KEYBAG
+#undef PKCS12_MAKE_SHKEYBAG
/* Turn PKCS8 object into a keybag */
PKCS12_SAFEBAG *
return bag;
}
+#endif
/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *
-/* $OpenBSD: p12_attr.c,v 1.15 2022/05/09 19:19:33 jsing Exp $ */
+/* $OpenBSD: p12_attr.c,v 1.16 2022/08/03 20:16:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
char *
PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
{
- ASN1_TYPE *atype;
+ const ASN1_TYPE *atype;
- if (!(atype = PKCS12_get_attr(bag, NID_friendlyName)))
+ if (!(atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
return NULL;
if (atype->type != V_ASN1_BMPSTRING)
return NULL;
return OPENSSL_uni2asc(atype->value.bmpstring->data,
atype->value.bmpstring->length);
}
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
+{
+ return bag->attrib;
+}
-/* $OpenBSD: p12_crt.c,v 1.18 2018/05/13 13:46:55 tb Exp $ */
+/* $OpenBSD: p12_crt.c,v 1.19 2022/08/03 20:16:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
goto err;
if (nid_key != -1) {
- bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0,
- iter, p8);
+ bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1,
+ NULL, 0, iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
p8 = NULL;
} else {
- bag = PKCS12_MAKE_KEYBAG(p8);
+ bag = PKCS12_SAFEBAG_create0_p8inf(p8);
if (bag != NULL)
p8 = NULL;
}
-/* $OpenBSD: p12_kiss.c,v 1.23 2022/07/24 18:51:16 tb Exp $ */
+/* $OpenBSD: p12_kiss.c,v 1.24 2022/08/03 20:16:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
{
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
- ASN1_TYPE *attrib;
+ const ASN1_TYPE *attrib;
ASN1_BMPSTRING *fname = NULL;
ASN1_OCTET_STRING *lkid = NULL;
- if ((attrib = PKCS12_get_attr(bag, NID_friendlyName)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
fname = attrib->value.bmpstring;
- if ((attrib = PKCS12_get_attr(bag, NID_localKeyID)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
lkid = attrib->value.octet_string;
switch (OBJ_obj2nid(bag->type)) {
-/* $OpenBSD: p12_mutl.c,v 1.30 2022/07/25 05:06:06 tb Exp $ */
+/* $OpenBSD: p12_mutl.c,v 1.31 2022/08/03 20:16:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
#include "hmac_local.h"
#include "x509_lcl.h"
+int
+PKCS12_mac_present(const PKCS12 *p12)
+{
+ return p12->mac != NULL;
+}
+
+void
+PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg,
+ const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter,
+ const PKCS12 *p12)
+{
+ if (p12->mac == NULL) {
+ if (pmac != NULL)
+ *pmac = NULL;
+ if (pmacalg != NULL)
+ *pmacalg = NULL;
+ if (psalt != NULL)
+ *psalt = NULL;
+ if (piter != NULL)
+ *piter = NULL;
+ return;
+ }
+
+ if (pmac != NULL)
+ *pmac = p12->mac->dinfo->digest;
+ if (pmacalg != NULL)
+ *pmacalg = p12->mac->dinfo->algor;
+ if (psalt != NULL)
+ *psalt = p12->mac->salt;
+ if (piter != NULL)
+ *piter = p12->mac->iter;
+}
+
/* Generate a MAC */
int
PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
--- /dev/null
+/* $OpenBSD: p12_sbag.c,v 1.4 2022/08/03 20:16:06 tb Exp $ */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999-2018.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "x509_lcl.h"
+
+const ASN1_TYPE *
+PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
+{
+ return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+
+ASN1_TYPE *
+PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
+{
+ return PKCS12_get_attr_gen(p8->attributes, attr_nid);
+}
+
+const PKCS8_PRIV_KEY_INFO *
+PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
+{
+ if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
+ return NULL;
+
+ return bag->value.keybag;
+}
+
+const X509_SIG *
+PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
+{
+ if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
+ return NULL;
+
+ return bag->value.shkeybag;
+}
+
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
+{
+ if (PKCS12_SAFEBAG_get_nid(bag) != NID_safeContentsBag)
+ return NULL;
+
+ return bag->value.safes;
+}
+
+const ASN1_OBJECT *
+PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
+{
+ return bag->type;
+}
+
+int
+PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
+{
+ return OBJ_obj2nid(bag->type);
+}
+
+int
+PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
+{
+ int bag_type;
+
+ bag_type = PKCS12_SAFEBAG_get_nid(bag);
+
+ if (bag_type == NID_certBag || bag_type == NID_crlBag ||
+ bag_type == NID_secretBag)
+ return OBJ_obj2nid(bag->value.bag->type);
+
+ return -1;
+}
+
+X509 *
+PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
+{
+ if (OBJ_obj2nid(bag->type) != NID_certBag)
+ return NULL;
+ if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
+ return NULL;
+ return ASN1_item_unpack(bag->value.bag->value.octet, &X509_it);
+}
+
+X509_CRL *
+PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
+{
+ if (OBJ_obj2nid(bag->type) != NID_crlBag)
+ return NULL;
+ if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
+ return NULL;
+ return ASN1_item_unpack(bag->value.bag->value.octet, &X509_CRL_it);
+}
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create_cert(X509 *x509)
+{
+ return PKCS12_item_pack_safebag(x509, &X509_it,
+ NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
+{
+ return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
+ NID_x509Crl, NID_crlBag);
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
+{
+ PKCS12_SAFEBAG *bag;
+
+ if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
+ PKCS12error(ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ bag->type = OBJ_nid2obj(NID_keyBag);
+ bag->value.keybag = p8;
+
+ return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
+{
+ PKCS12_SAFEBAG *bag;
+
+ /* Set up the safe bag */
+ if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
+ PKCS12error(ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+ bag->value.shkeybag = p8;
+
+ return bag;
+}
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8info)
+{
+ const EVP_CIPHER *pbe_ciph;
+ X509_SIG *p8;
+ PKCS12_SAFEBAG *bag;
+
+ if ((pbe_ciph = EVP_get_cipherbynid(pbe_nid)) != NULL)
+ pbe_nid = -1;
+
+ if ((p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen,
+ iter, p8info)) == NULL)
+ return NULL;
+
+ if ((bag = PKCS12_SAFEBAG_create0_pkcs8(p8)) == NULL) {
+ X509_SIG_free(p8);
+ return NULL;
+ }
+
+ return bag;
+}
-/* $OpenBSD: p12_utl.c,v 1.16 2018/05/30 15:32:11 tb Exp $ */
+/* $OpenBSD: p12_utl.c,v 1.17 2022/08/03 20:16:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);
}
+#if !defined(LIBRESSL_NEXT_API)
+#undef PKCS12_x5092certbag
+#undef PKCS12_x509crl2certbag
+#undef PKCS12_certbag2x509
+#undef PKCS12_certbag2x509crl
+
PKCS12_SAFEBAG *
PKCS12_x5092certbag(X509 *x509)
{
return ASN1_item_unpack(bag->value.bag->value.octet,
&X509_CRL_it);
}
+#endif
-/* $OpenBSD: pkcs12.h,v 1.25 2022/07/12 14:42:50 kn Exp $ */
+/* $OpenBSD: pkcs12.h,v 1.26 2022/08/03 20:16:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
#define M_PKCS8_decrypt PKCS8_decrypt
+#if !defined(LIBRESSL_NEXT_API)
#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+#endif
#endif /* !LIBRESSL_INTERNAL */
+#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
+
+#define M_PKCS12_bag_type PKCS12_bag_type
+#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
+#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
+
+#define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
+#define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
+
+#define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert
+#define PKCS12_certbag2x509crl PKCS12_SAFEBAG_get1_crl
+
+#define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
+#define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl
+#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf
+#define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+ int attr_nid);
+const STACK_OF(X509_ATTRIBUTE) *
+ PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
+
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
+int PKCS12_mac_present(const PKCS12 *p12);
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg,
+ const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter,
+ const PKCS12 *p12);
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+ const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,
+ PKCS8_PRIV_KEY_INFO *p8);
+
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag);
+const STACK_OF(PKCS12_SAFEBAG) *
+ PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
+
+#else /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL*/
+
#define PKCS12_get_attr(bag, attr_nid) \
PKCS12_get_attr_gen(bag->attrib, attr_nid)
#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
-
PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+ int passlen, unsigned char *salt, int saltlen, int iter,
+ PKCS8_PRIV_KEY_INFO *p8);
+
+#endif /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL */
+
PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
int nid1, int nid2);
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
int passlen);
PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
- int passlen, unsigned char *salt, int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8);
PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
projects / openbsd / commitdiff