mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Reorganise functions.

Browse Source 
Move all PKCS12_SAFEBAG functions into new file p12_sbag.c.

Move MAC functions into p12_mutl.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-09-27 13:28:26 +01:00
parent 1e1b48d151
commit 293042c9d9
6 changed files with 234 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
crypto/pkcs12/p12_add.c
View File

@ -91,55 +91,6 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
return NULL;
}
/* Turn PKCS8 object into a keybag */
PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
{
PKCS12_SAFEBAG *bag;
if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
return NULL;
}
bag->type = OBJ_nid2obj(NID_keyBag);
bag->value.keybag = p8;
return bag;
}
/* Turn PKCS8 object into a shrouded keybag */
PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
int passlen, unsigned char *salt,
int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8)
{
PKCS12_SAFEBAG *bag;
const EVP_CIPHER *pbe_ciph;
/* Set up the safe bag */
if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
return NULL;
}
bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
pbe_ciph = EVP_get_cipherbynid(pbe_nid);
if (pbe_ciph)
pbe_nid = -1;
if (!(bag->value.shkeybag =
PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
p8))) {
PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
PKCS12_SAFEBAG_free(bag);
return NULL;
}
return bag;
}
/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
{

2
crypto/pkcs12/p12_crt.c
View File

@ -189,7 +189,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
int keyidlen = -1;
/* Add user certificate */
if ((bag = PKCS12_SAFEBAG_new_cert(cert)) == NULL)
if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
goto err;
/*

30
crypto/pkcs12/p12_mutl.c
View File

@ -64,6 +64,36 @@
# include <openssl/pkcs12.h>
# include "p12_lcl.h"
int PKCS12_mac_present(PKCS12 *p12)
{
return p12->mac ? 1 : 0;
}
void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg,
ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter,
PKCS12 *p12)
{
if (p12->mac) {
if (pmac)
*pmac = p12->mac->dinfo->digest;
if (pmacalg)
*pmacalg = p12->mac->dinfo->algor;
if (psalt)
*psalt = p12->mac->salt;
if (piter)
*piter = p12->mac->iter;
} else {
if (pmac)
*pmac = NULL;
if (pmacalg)
*pmacalg = NULL;
if (psalt)
*psalt = NULL;
if (piter)
*piter = NULL;
}
}
# define TK26_MAC_KEY_LEN 32
static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,

192
crypto/pkcs12/p12_sbag.c Normal file
View File

@ -0,0 +1,192 @@
/* p12_sbag.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999-2015.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
#include "p12_lcl.h"
ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid)
{
return PKCS12_get_attr_gen(bag->attrib, attr_nid);
}
ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
{
return PKCS12_get_attr_gen(p8->attributes, attr_nid);
}
PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag)
{
if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
return NULL;
return bag->value.keybag;
}
X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag)
{
if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
return NULL;
return bag->value.shkeybag;
}
STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag)
{
if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
return NULL;
return bag->value.safes;
}
ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag)
{
return bag->type;
}
int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag)
{
return OBJ_obj2nid(bag->type);
}
int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag)
{
int btype = PKCS12_SAFEBAG_get_nid(bag);
if (btype != NID_certBag || btype != NID_crlBag || btype != NID_secretBag)
return -1;
return OBJ_obj2nid(bag->value.bag->type);
}
X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag)
{
if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
return NULL;
if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
return NULL;
return ASN1_item_unpack(bag->value.bag->value.octet,
ASN1_ITEM_rptr(X509));
}
X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag)
{
if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
return NULL;
if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
return NULL;
return ASN1_item_unpack(bag->value.bag->value.octet,
ASN1_ITEM_rptr(X509_CRL));
}
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
{
return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
NID_x509Certificate, NID_certBag);
}
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
{
return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
NID_x509Crl, NID_crlBag);
}
/* Turn PKCS8 object into a keybag */
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8)
{
PKCS12_SAFEBAG *bag;
if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
return NULL;
}
bag->type = OBJ_nid2obj(NID_keyBag);
bag->value.keybag = p8;
return bag;
}
/* Turn PKCS8 object into a shrouded keybag */
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8(int pbe_nid, const char *pass,
int passlen, unsigned char *salt,
int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8)
{
PKCS12_SAFEBAG *bag;
const EVP_CIPHER *pbe_ciph;
/* Set up the safe bag */
if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
return NULL;
}
bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
pbe_ciph = EVP_get_cipherbynid(pbe_nid);
if (pbe_ciph)
pbe_nid = -1;
if (!(bag->value.shkeybag =
PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
p8))) {
PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
return NULL;
}
return bag;
}

112
crypto/pkcs12/p12_utl.c
View File

@ -59,7 +59,6 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
#include "p12_lcl.h"
/* Cheap and nasty Unicode stuff */
@ -129,114 +128,3 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
}
#endif
PKCS12_SAFEBAG *PKCS12_SAFEBAG_new_cert(X509 *x509)
{
return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
NID_x509Certificate, NID_certBag);
}
PKCS12_SAFEBAG *PKCS12_SAFEBAG_new_crl(X509_CRL *crl)
{
return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
NID_x509Crl, NID_crlBag);
}
X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag)
{
if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
return NULL;
if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
return NULL;
return ASN1_item_unpack(bag->value.bag->value.octet,
ASN1_ITEM_rptr(X509));
}
X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag)
{
if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
return NULL;
if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
return NULL;
return ASN1_item_unpack(bag->value.bag->value.octet,
ASN1_ITEM_rptr(X509_CRL));
}
ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid)
{
return PKCS12_get_attr_gen(bag->attrib, attr_nid);
}
ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
{
return PKCS12_get_attr_gen(p8->attributes, attr_nid);
}
int PKCS12_mac_present(PKCS12 *p12)
{
return p12->mac ? 1 : 0;
}
void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg,
ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter,
PKCS12 *p12)
{
if (p12->mac) {
if (pmac)
*pmac = p12->mac->dinfo->digest;
if (pmacalg)
*pmacalg = p12->mac->dinfo->algor;
if (psalt)
*psalt = p12->mac->salt;
if (piter)
*piter = p12->mac->iter;
} else {
if (pmac)
*pmac = NULL;
if (pmacalg)
*pmacalg = NULL;
if (psalt)
*psalt = NULL;
if (piter)
*piter = NULL;
}
}
PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag)
{
if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
return NULL;
return bag->value.keybag;
}
X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag)
{
if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
return NULL;
return bag->value.shkeybag;
}
STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag)
{
if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
return NULL;
return bag->value.safes;
}
ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag)
{
return bag->type;
}
int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag)
{
return OBJ_obj2nid(bag->type);
}
int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag)
{
int btype = PKCS12_SAFEBAG_get_nid(bag);
if (btype != NID_certBag || btype != NID_crlBag || btype != NID_secretBag)
return -1;
return OBJ_obj2nid(bag->value.bag->type);
}

20
include/openssl/pkcs12.h
View File

@ -132,13 +132,15 @@ typedef struct pkcs12_bag_st PKCS12_BAGS;
# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
/* Compatibility macros for pre 1.1.0 function names */
# define PKCS12_x5092certbag PKCS12_SAFEBAG_new_cert
# define PKCS12_crl2certbag PKCS12_SAFEBAG_new_crl
# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert
# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl
# define PKCS12_get_attr PKCS12_SAFEBAG_get0_attr
# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
# define PKCS12_crl2certbag PKCS12_SAFEBAG_create_crl
# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create_p8inf
# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8
ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
int PKCS12_mac_present(PKCS12 *p12);
@ -157,12 +159,16 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag);
PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag);
X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag);
PKCS12_SAFEBAG *PKCS12_SAFEBAG_new_cert(X509 *x509);
PKCS12_SAFEBAG *PKCS12_SAFEBAG_new_crl(X509_CRL *crl);
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8);
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8(int pbe_nid, const char *pass,
int passlen, unsigned char *salt,
int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8);
PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
int nid1, int nid2);
PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
int passlen);
PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
@ -172,10 +178,6 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe);
PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
int passlen, unsigned char *salt,
int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8);
PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,