/src/openssl32/crypto/pkcs12/p12_sbag.c

Source (jump to first uncovered line)
/*
 * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
#include "p12_local.h"
#include "crypto/x509.h"

#ifndef OPENSSL_NO_DEPRECATED_1_1_0
ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
{
    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
}
#endif

const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
                                          int attr_nid)
{
    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
}

ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
{
    return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
}

const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
{
    if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
        return NULL;
    return bag->value.keybag;
}

const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
{
    if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
        return NULL;
    return bag->value.shkeybag;
}

const STACK_OF(PKCS12_SAFEBAG) *
PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
{
    if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
        return NULL;
    return bag->value.safes;
}

const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
{
    return bag->type;
}

int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
{
    return OBJ_obj2nid(bag->type);
}

int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
{
    int btype = PKCS12_SAFEBAG_get_nid(bag);

    if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
        return -1;
    return OBJ_obj2nid(bag->value.bag->type);
}

const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag)
{
    return bag->value.bag->type;
}

const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag)
{
    return bag->value.bag->value.other;
}

X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
{
    if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
        return NULL;
    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
        return NULL;
    return ASN1_item_unpack(bag->value.bag->value.octet,
                            ASN1_ITEM_rptr(X509));
}

X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
{
    if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
        return NULL;
    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
        return NULL;
    return ASN1_item_unpack(bag->value.bag->value.octet,
                            ASN1_ITEM_rptr(X509_CRL));
}

X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag,
                                  OSSL_LIB_CTX *libctx, const char *propq)
{
    X509 *ret = NULL;

    if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
        return NULL;
    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
        return NULL;
    ret = ASN1_item_unpack_ex(bag->value.bag->value.octet,
                              ASN1_ITEM_rptr(X509), libctx, propq);
    if (!ossl_x509_set0_libctx(ret, libctx, propq)) {
        X509_free(ret);
        return NULL;
    }
    return ret;
}

X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag,
                                     OSSL_LIB_CTX *libctx, const char *propq)
{
    X509_CRL *ret = NULL;

    if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
        return NULL;
    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
        return NULL;
    ret = ASN1_item_unpack_ex(bag->value.bag->value.octet,
                              ASN1_ITEM_rptr(X509_CRL), libctx, propq);
    if (!ossl_x509_crl_set0_libctx(ret, libctx, propq)) {
        X509_CRL_free(ret);
        return NULL;
    }
    return ret;
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
{
    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
                                    NID_x509Certificate, NID_certBag);
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
{
    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
                                    NID_x509Crl, NID_crlBag);
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_secret(int type, int vtype, const unsigned char *value, int len)
{
    PKCS12_BAGS *bag;
    PKCS12_SAFEBAG *safebag;

    if ((bag = PKCS12_BAGS_new()) == NULL) {
        ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
        return NULL;
    }
    bag->type = OBJ_nid2obj(type);

    switch (vtype) {
    case V_ASN1_OCTET_STRING:
        {
            ASN1_OCTET_STRING *strtmp = ASN1_OCTET_STRING_new();

            if (strtmp == NULL) {
                ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
                goto err;
            }
            /* Pack data into an octet string */
            if (!ASN1_OCTET_STRING_set(strtmp, value, len)) {
                ASN1_OCTET_STRING_free(strtmp);
                ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR);
                goto err;
            }
            bag->value.other = ASN1_TYPE_new();
            if (bag->value.other == NULL) {
                ASN1_OCTET_STRING_free(strtmp);
                ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
                goto err;
            }
            ASN1_TYPE_set(bag->value.other, vtype, strtmp);
        }
        break;

    default:
        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_TYPE);
        goto err;
    }

    if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
        ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
        goto err;
    }
    safebag->value.bag = bag;
    safebag->type = OBJ_nid2obj(NID_secretBag);
    return safebag;

 err:
    PKCS12_BAGS_free(bag);
    return NULL;
}

/* Turn PKCS8 object into a keybag */

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
{
    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();

    if (bag == NULL) {
        ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
        return NULL;
    }
    bag->type = OBJ_nid2obj(NID_keyBag);
    bag->value.keybag = p8;
    return bag;
}

/* Turn PKCS8 object into a shrouded keybag */

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
{
    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();

    /* Set up the safe bag */
    if (bag == NULL) {
        ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
        return NULL;
    }
    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
    bag->value.shkeybag = p8;
    return bag;
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid,
                                                       const char *pass,
                                                       int passlen,
                                                       unsigned char *salt,
                                                       int saltlen, int iter,
                                                       PKCS8_PRIV_KEY_INFO *p8inf,
                                                       OSSL_LIB_CTX *ctx,
                                                       const char *propq)
{
    PKCS12_SAFEBAG *bag = NULL;
    const EVP_CIPHER *pbe_ciph = NULL;
    EVP_CIPHER *pbe_ciph_fetch = NULL;
    X509_SIG *p8;

    ERR_set_mark();
    pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
    if (pbe_ciph == NULL)
        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
    ERR_pop_to_mark();

    if (pbe_ciph != NULL)
        pbe_nid = -1;

    p8 = PKCS8_encrypt_ex(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
                          p8inf, ctx, propq);
    if (p8 == NULL)
        goto err;

    bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
    if (bag == NULL)
        X509_SIG_free(p8);

err:
    EVP_CIPHER_free(pbe_ciph_fetch);
    return bag;
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
                                                    const char *pass,
                                                    int passlen,
                                                    unsigned char *salt,
                                                    int saltlen, int iter,
                                                    PKCS8_PRIV_KEY_INFO *p8inf)
{
    return PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(pbe_nid, pass, passlen,
                                                  salt, saltlen, iter, p8inf,
                                                  NULL, NULL);
}

Coverage Report

Created: 2025-06-13 06:58

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include "internal/cryptlib.h"
12		#include <openssl/pkcs12.h>
13		#include "p12_local.h"
14		#include "crypto/x509.h"
15
16		#ifndef OPENSSL_NO_DEPRECATED_1_1_0
17		ASN1_TYPE PKCS12_get_attr(const PKCS12_SAFEBAG bag, int attr_nid)
18	0	{
19	0	return PKCS12_get_attr_gen(bag->attrib, attr_nid);
20	0	}
21		#endif
22
23		const ASN1_TYPE PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG bag,
24		int attr_nid)
25	0	{
26	0	return PKCS12_get_attr_gen(bag->attrib, attr_nid);
27	0	}
28
29		ASN1_TYPE PKCS8_get_attr(PKCS8_PRIV_KEY_INFO p8, int attr_nid)
30	0	{
31	0	return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
32	0	}
33
34		const PKCS8_PRIV_KEY_INFO PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG bag)
35	0	{
36	0	if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
37	0	return NULL;
38	0	return bag->value.keybag;
39	0	}
40
41		const X509_SIG PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG bag)
42	0	{
43	0	if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
44	0	return NULL;
45	0	return bag->value.shkeybag;
46	0	}
47
48		const STACK_OF(PKCS12_SAFEBAG) *
49		PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
50	0	{
51	0	if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
52	0	return NULL;
53	0	return bag->value.safes;
54	0	}
55
56		const ASN1_OBJECT PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG bag)
57	0	{
58	0	return bag->type;
59	0	}
60
61		int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
62	0	{
63	0	return OBJ_obj2nid(bag->type);
64	0	}
65
66		int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
67	0	{
68	0	int btype = PKCS12_SAFEBAG_get_nid(bag);
69
70	0	if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
71	0	return -1;
72	0	return OBJ_obj2nid(bag->value.bag->type);
73	0	}
74
75		const ASN1_OBJECT PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG bag)
76	0	{
77	0	return bag->value.bag->type;
78	0	}
79
80		const ASN1_TYPE PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG bag)
81	0	{
82	0	return bag->value.bag->value.other;
83	0	}
84
85		X509 PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG bag)
86	0	{
87	0	if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
88	0	return NULL;
89	0	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
90	0	return NULL;
91	0	return ASN1_item_unpack(bag->value.bag->value.octet,
92	0	ASN1_ITEM_rptr(X509));
93	0	}
94
95		X509_CRL PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG bag)
96	0	{
97	0	if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
98	0	return NULL;
99	0	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
100	0	return NULL;
101	0	return ASN1_item_unpack(bag->value.bag->value.octet,
102	0	ASN1_ITEM_rptr(X509_CRL));
103	0	}
104
105		X509 PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG bag,
106		OSSL_LIB_CTX libctx, const char propq)
107	0	{
108	0	X509 *ret = NULL;
109
110	0	if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
111	0	return NULL;
112	0	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
113	0	return NULL;
114	0	ret = ASN1_item_unpack_ex(bag->value.bag->value.octet,
115	0	ASN1_ITEM_rptr(X509), libctx, propq);
116	0	if (!ossl_x509_set0_libctx(ret, libctx, propq)) {
117	0	X509_free(ret);
118	0	return NULL;
119	0	}
120	0	return ret;
121	0	}
122
123		X509_CRL PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG bag,
124		OSSL_LIB_CTX libctx, const char propq)
125	0	{
126	0	X509_CRL *ret = NULL;
127
128	0	if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
129	0	return NULL;
130	0	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
131	0	return NULL;
132	0	ret = ASN1_item_unpack_ex(bag->value.bag->value.octet,
133	0	ASN1_ITEM_rptr(X509_CRL), libctx, propq);
134	0	if (!ossl_x509_crl_set0_libctx(ret, libctx, propq)) {
135	0	X509_CRL_free(ret);
136	0	return NULL;
137	0	}
138	0	return ret;
139	0	}
140
141		PKCS12_SAFEBAG PKCS12_SAFEBAG_create_cert(X509 x509)
142	0	{
143	0	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
144	0	NID_x509Certificate, NID_certBag);
145	0	}
146
147		PKCS12_SAFEBAG PKCS12_SAFEBAG_create_crl(X509_CRL crl)
148	0	{
149	0	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
150	0	NID_x509Crl, NID_crlBag);
151	0	}
152
153		PKCS12_SAFEBAG PKCS12_SAFEBAG_create_secret(int type, int vtype, const unsigned char value, int len)
154	0	{
155	0	PKCS12_BAGS *bag;
156	0	PKCS12_SAFEBAG *safebag;
157
158	0	if ((bag = PKCS12_BAGS_new()) == NULL) {
159	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
160	0	return NULL;
161	0	}
162	0	bag->type = OBJ_nid2obj(type);
163
164	0	switch (vtype) {
165	0	case V_ASN1_OCTET_STRING:
166	0	{
167	0	ASN1_OCTET_STRING *strtmp = ASN1_OCTET_STRING_new();
168
169	0	if (strtmp == NULL) {
170	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
171	0	goto err;
172	0	}
173		/* Pack data into an octet string */
174	0	if (!ASN1_OCTET_STRING_set(strtmp, value, len)) {
175	0	ASN1_OCTET_STRING_free(strtmp);
176	0	ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR);
177	0	goto err;
178	0	}
179	0	bag->value.other = ASN1_TYPE_new();
180	0	if (bag->value.other == NULL) {
181	0	ASN1_OCTET_STRING_free(strtmp);
182	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
183	0	goto err;
184	0	}
185	0	ASN1_TYPE_set(bag->value.other, vtype, strtmp);
186	0	}
187	0	break;
188
189	0	default:
190	0	ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_TYPE);
191	0	goto err;
192	0	}
193
194	0	if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
195	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
196	0	goto err;
197	0	}
198	0	safebag->value.bag = bag;
199	0	safebag->type = OBJ_nid2obj(NID_secretBag);
200	0	return safebag;
201
202	0	err:
203	0	PKCS12_BAGS_free(bag);
204	0	return NULL;
205	0	}
206
207		/* Turn PKCS8 object into a keybag */
208
209		PKCS12_SAFEBAG PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO p8)
210	0	{
211	0	PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
212
213	0	if (bag == NULL) {
214	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
215	0	return NULL;
216	0	}
217	0	bag->type = OBJ_nid2obj(NID_keyBag);
218	0	bag->value.keybag = p8;
219	0	return bag;
220	0	}
221
222		/* Turn PKCS8 object into a shrouded keybag */
223
224		PKCS12_SAFEBAG PKCS12_SAFEBAG_create0_pkcs8(X509_SIG p8)
225	0	{
226	0	PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
227
228		/* Set up the safe bag */
229	0	if (bag == NULL) {
230	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
231	0	return NULL;
232	0	}
233	0	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
234	0	bag->value.shkeybag = p8;
235	0	return bag;
236	0	}
237
238		PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid,
239		const char *pass,
240		int passlen,
241		unsigned char *salt,
242		int saltlen, int iter,
243		PKCS8_PRIV_KEY_INFO *p8inf,
244		OSSL_LIB_CTX *ctx,
245		const char *propq)
246	0	{
247	0	PKCS12_SAFEBAG *bag = NULL;
248	0	const EVP_CIPHER *pbe_ciph = NULL;
249	0	EVP_CIPHER *pbe_ciph_fetch = NULL;
250	0	X509_SIG *p8;
251
252	0	ERR_set_mark();
253	0	pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
254	0	if (pbe_ciph == NULL)
255	0	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
256	0	ERR_pop_to_mark();
257
258	0	if (pbe_ciph != NULL)
259	0	pbe_nid = -1;
260
261	0	p8 = PKCS8_encrypt_ex(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
262	0	p8inf, ctx, propq);
263	0	if (p8 == NULL)
264	0	goto err;
265
266	0	bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
267	0	if (bag == NULL)
268	0	X509_SIG_free(p8);
269
270	0	err:
271	0	EVP_CIPHER_free(pbe_ciph_fetch);
272	0	return bag;
273	0	}
274
275		PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
276		const char *pass,
277		int passlen,
278		unsigned char *salt,
279		int saltlen, int iter,
280		PKCS8_PRIV_KEY_INFO *p8inf)
281	0	{
282	0	return PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(pbe_nid, pass, passlen,
283	0	salt, saltlen, iter, p8inf,
284	0	NULL, NULL);
285	0	}