/src/openssl30/crypto/pkcs12/p12_sbag.c

Source
/*
 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
#include "p12_local.h"

#ifndef OPENSSL_NO_DEPRECATED_1_1_0
ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
{
    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
}
#endif

const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
    int attr_nid)
{
    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
}

ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
{
    return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
}

const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
{
    if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
        return NULL;
    return bag->value.keybag;
}

const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
{
    if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
        return NULL;
    return bag->value.shkeybag;
}

const STACK_OF(PKCS12_SAFEBAG) *
PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
{
    if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
        return NULL;
    return bag->value.safes;
}

const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
{
    return bag->type;
}

int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
{
    return OBJ_obj2nid(bag->type);
}

int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
{
    int btype = PKCS12_SAFEBAG_get_nid(bag);

    if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
        return -1;
    return OBJ_obj2nid(bag->value.bag->type);
}

const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag)
{
    int btype = PKCS12_SAFEBAG_get_nid(bag);

    if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
        return NULL;
    return bag->value.bag->type;
}

const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag)
{
    int vtype = PKCS12_SAFEBAG_get_bag_nid(bag);

    if (vtype == -1 || vtype == NID_x509Certificate || vtype == NID_x509Crl
        || vtype == NID_sdsiCertificate)
        return NULL;
    return bag->value.bag->value.other;
}

X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
{
    if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
        return NULL;
    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
        return NULL;
    return ASN1_item_unpack(bag->value.bag->value.octet,
        ASN1_ITEM_rptr(X509));
}

X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
{
    if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
        return NULL;
    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
        return NULL;
    return ASN1_item_unpack(bag->value.bag->value.octet,
        ASN1_ITEM_rptr(X509_CRL));
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
{
    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
        NID_x509Certificate, NID_certBag);
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
{
    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
        NID_x509Crl, NID_crlBag);
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_secret(int type, int vtype, const unsigned char *value, int len)
{
    PKCS12_BAGS *bag;
    PKCS12_SAFEBAG *safebag;

    if ((bag = PKCS12_BAGS_new()) == NULL) {
        ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    bag->type = OBJ_nid2obj(type);

    switch (vtype) {
    case V_ASN1_OCTET_STRING: {
        ASN1_OCTET_STRING *strtmp = ASN1_OCTET_STRING_new();

        if (strtmp == NULL) {
            ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
            goto err;
        }
        /* Pack data into an octet string */
        if (!ASN1_OCTET_STRING_set(strtmp, value, len)) {
            ASN1_OCTET_STRING_free(strtmp);
            ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR);
            goto err;
        }
        bag->value.other = ASN1_TYPE_new();
        if (bag->value.other == NULL) {
            ASN1_OCTET_STRING_free(strtmp);
            ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
            goto err;
        }
        ASN1_TYPE_set(bag->value.other, vtype, strtmp);
    } break;

    default:
        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_TYPE);
        goto err;
    }

    if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
        ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    safebag->value.bag = bag;
    safebag->type = OBJ_nid2obj(NID_secretBag);
    return safebag;

err:
    PKCS12_BAGS_free(bag);
    return NULL;
}

/* Turn PKCS8 object into a keybag */

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
{
    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();

    if (bag == NULL) {
        ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    bag->type = OBJ_nid2obj(NID_keyBag);
    bag->value.keybag = p8;
    return bag;
}

/* Turn PKCS8 object into a shrouded keybag */

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
{
    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();

    /* Set up the safe bag */
    if (bag == NULL) {
        ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
    bag->value.shkeybag = p8;
    return bag;
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid,
    const char *pass,
    int passlen,
    unsigned char *salt,
    int saltlen, int iter,
    PKCS8_PRIV_KEY_INFO *p8inf,
    OSSL_LIB_CTX *ctx,
    const char *propq)
{
    PKCS12_SAFEBAG *bag = NULL;
    const EVP_CIPHER *pbe_ciph = NULL;
    EVP_CIPHER *pbe_ciph_fetch = NULL;
    X509_SIG *p8;

    ERR_set_mark();
    pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
    if (pbe_ciph == NULL)
        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
    ERR_pop_to_mark();

    if (pbe_ciph != NULL)
        pbe_nid = -1;

    p8 = PKCS8_encrypt_ex(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
        p8inf, ctx, propq);
    if (p8 == NULL)
        goto err;

    bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
    if (bag == NULL)
        X509_SIG_free(p8);

err:
    EVP_CIPHER_free(pbe_ciph_fetch);
    return bag;
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
    const char *pass,
    int passlen,
    unsigned char *salt,
    int saltlen, int iter,
    PKCS8_PRIV_KEY_INFO *p8inf)
{
    return PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(pbe_nid, pass, passlen,
        salt, saltlen, iter, p8inf,
        NULL, NULL);
}

Coverage Report

Created: 2025-12-31 06:58

Line	Count	Source
1		/*
2		* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include "internal/cryptlib.h"
12		#include <openssl/pkcs12.h>
13		#include "p12_local.h"
14
15		#ifndef OPENSSL_NO_DEPRECATED_1_1_0
16		ASN1_TYPE PKCS12_get_attr(const PKCS12_SAFEBAG bag, int attr_nid)
17	0	{
18	0	return PKCS12_get_attr_gen(bag->attrib, attr_nid);
19	0	}
20		#endif
21
22		const ASN1_TYPE PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG bag,
23		int attr_nid)
24	0	{
25	0	return PKCS12_get_attr_gen(bag->attrib, attr_nid);
26	0	}
27
28		ASN1_TYPE PKCS8_get_attr(PKCS8_PRIV_KEY_INFO p8, int attr_nid)
29	0	{
30	0	return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
31	0	}
32
33		const PKCS8_PRIV_KEY_INFO PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG bag)
34	0	{
35	0	if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
36	0	return NULL;
37	0	return bag->value.keybag;
38	0	}
39
40		const X509_SIG PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG bag)
41	0	{
42	0	if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
43	0	return NULL;
44	0	return bag->value.shkeybag;
45	0	}
46
47		const STACK_OF(PKCS12_SAFEBAG) *
48		PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
49	0	{
50	0	if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
51	0	return NULL;
52	0	return bag->value.safes;
53	0	}
54
55		const ASN1_OBJECT PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG bag)
56	0	{
57	0	return bag->type;
58	0	}
59
60		int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
61	0	{
62	0	return OBJ_obj2nid(bag->type);
63	0	}
64
65		int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
66	0	{
67	0	int btype = PKCS12_SAFEBAG_get_nid(bag);
68
69	0	if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
70	0	return -1;
71	0	return OBJ_obj2nid(bag->value.bag->type);
72	0	}
73
74		const ASN1_OBJECT PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG bag)
75	0	{
76	0	int btype = PKCS12_SAFEBAG_get_nid(bag);
77
78	0	if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
79	0	return NULL;
80	0	return bag->value.bag->type;
81	0	}
82
83		const ASN1_TYPE PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG bag)
84	0	{
85	0	int vtype = PKCS12_SAFEBAG_get_bag_nid(bag);
86
87	0	if (vtype == -1 \|\| vtype == NID_x509Certificate \|\| vtype == NID_x509Crl
88	0	\|\| vtype == NID_sdsiCertificate)
89	0	return NULL;
90	0	return bag->value.bag->value.other;
91	0	}
92
93		X509 PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG bag)
94	0	{
95	0	if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
96	0	return NULL;
97	0	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
98	0	return NULL;
99	0	return ASN1_item_unpack(bag->value.bag->value.octet,
100	0	ASN1_ITEM_rptr(X509));
101	0	}
102
103		X509_CRL PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG bag)
104	0	{
105	0	if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
106	0	return NULL;
107	0	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
108	0	return NULL;
109	0	return ASN1_item_unpack(bag->value.bag->value.octet,
110	0	ASN1_ITEM_rptr(X509_CRL));
111	0	}
112
113		PKCS12_SAFEBAG PKCS12_SAFEBAG_create_cert(X509 x509)
114	0	{
115	0	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
116	0	NID_x509Certificate, NID_certBag);
117	0	}
118
119		PKCS12_SAFEBAG PKCS12_SAFEBAG_create_crl(X509_CRL crl)
120	0	{
121	0	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
122	0	NID_x509Crl, NID_crlBag);
123	0	}
124
125		PKCS12_SAFEBAG PKCS12_SAFEBAG_create_secret(int type, int vtype, const unsigned char value, int len)
126	0	{
127	0	PKCS12_BAGS *bag;
128	0	PKCS12_SAFEBAG *safebag;
129
130	0	if ((bag = PKCS12_BAGS_new()) == NULL) {
131	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
132	0	return NULL;
133	0	}
134	0	bag->type = OBJ_nid2obj(type);
135
136	0	switch (vtype) {
137	0	case V_ASN1_OCTET_STRING: {
138	0	ASN1_OCTET_STRING *strtmp = ASN1_OCTET_STRING_new();
139
140	0	if (strtmp == NULL) {
141	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
142	0	goto err;
143	0	}
144		/* Pack data into an octet string */
145	0	if (!ASN1_OCTET_STRING_set(strtmp, value, len)) {
146	0	ASN1_OCTET_STRING_free(strtmp);
147	0	ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR);
148	0	goto err;
149	0	}
150	0	bag->value.other = ASN1_TYPE_new();
151	0	if (bag->value.other == NULL) {
152	0	ASN1_OCTET_STRING_free(strtmp);
153	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
154	0	goto err;
155	0	}
156	0	ASN1_TYPE_set(bag->value.other, vtype, strtmp);
157	0	} break;
158
159	0	default:
160	0	ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_TYPE);
161	0	goto err;
162	0	}
163
164	0	if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
165	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
166	0	goto err;
167	0	}
168	0	safebag->value.bag = bag;
169	0	safebag->type = OBJ_nid2obj(NID_secretBag);
170	0	return safebag;
171
172	0	err:
173	0	PKCS12_BAGS_free(bag);
174	0	return NULL;
175	0	}
176
177		/* Turn PKCS8 object into a keybag */
178
179		PKCS12_SAFEBAG PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO p8)
180	0	{
181	0	PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
182
183	0	if (bag == NULL) {
184	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
185	0	return NULL;
186	0	}
187	0	bag->type = OBJ_nid2obj(NID_keyBag);
188	0	bag->value.keybag = p8;
189	0	return bag;
190	0	}
191
192		/* Turn PKCS8 object into a shrouded keybag */
193
194		PKCS12_SAFEBAG PKCS12_SAFEBAG_create0_pkcs8(X509_SIG p8)
195	0	{
196	0	PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
197
198		/* Set up the safe bag */
199	0	if (bag == NULL) {
200	0	ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
201	0	return NULL;
202	0	}
203	0	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
204	0	bag->value.shkeybag = p8;
205	0	return bag;
206	0	}
207
208		PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid,
209		const char *pass,
210		int passlen,
211		unsigned char *salt,
212		int saltlen, int iter,
213		PKCS8_PRIV_KEY_INFO *p8inf,
214		OSSL_LIB_CTX *ctx,
215		const char *propq)
216	0	{
217	0	PKCS12_SAFEBAG *bag = NULL;
218	0	const EVP_CIPHER *pbe_ciph = NULL;
219	0	EVP_CIPHER *pbe_ciph_fetch = NULL;
220	0	X509_SIG *p8;
221
222	0	ERR_set_mark();
223	0	pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
224	0	if (pbe_ciph == NULL)
225	0	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
226	0	ERR_pop_to_mark();
227
228	0	if (pbe_ciph != NULL)
229	0	pbe_nid = -1;
230
231	0	p8 = PKCS8_encrypt_ex(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
232	0	p8inf, ctx, propq);
233	0	if (p8 == NULL)
234	0	goto err;
235
236	0	bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
237	0	if (bag == NULL)
238	0	X509_SIG_free(p8);
239
240	0	err:
241	0	EVP_CIPHER_free(pbe_ciph_fetch);
242	0	return bag;
243	0	}
244
245		PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
246		const char *pass,
247		int passlen,
248		unsigned char *salt,
249		int saltlen, int iter,
250		PKCS8_PRIV_KEY_INFO *p8inf)
251	0	{
252	0	return PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(pbe_nid, pass, passlen,
253	0	salt, saltlen, iter, p8inf,
254	0	NULL, NULL);
255	0	}