示例#1
0
ASN1_OCTET_STRING *
PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
    const char *pass, int passlen,
    void *obj, int zbuf)
{
	ASN1_OCTET_STRING *oct;
	unsigned char *in = NULL;
	int inlen;

	if (!(oct = ASN1_OCTET_STRING_new ())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	inlen = ASN1_item_i2d(obj, &in, it);
	if (!in) {
		PKCS12error(PKCS12_R_ENCODE_ERROR);
		goto err;
	}
	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
	    &oct->length, 1)) {
		PKCS12error(PKCS12_R_ENCRYPT_ERROR);
		goto err;
	}
	if (zbuf)
		explicit_bzero(in, inlen);
	free(in);
	return oct;

err:
	free(in);
	ASN1_OCTET_STRING_free(oct);
	return NULL;
}
示例#2
0
ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
        const ASN1_ITEM *it,
        const char *pass, int passlen,
        void *obj, int zbuf)
{
    ASN1_OCTET_STRING *oct;
    unsigned char *in = NULL;
    int inlen;
    if (!(oct = M_ASN1_OCTET_STRING_new())) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    inlen = ASN1_item_i2d(obj, &in, it);
    if (!in) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);
        return NULL;
    }
    if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
                          &oct->length, 1)) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
        OPENSSL_free(in);
        return NULL;
    }
    if (zbuf)
        OPENSSL_cleanse(in, inlen);
    OPENSSL_free(in);
    return oct;
}
示例#3
0
文件: p12_decr.c 项目: 0b10011/node 
void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
{
	unsigned char *out;
	const unsigned char *p;
	void *ret;
	int outlen;

	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
			       &out, &outlen, 0)) {
		PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
		return NULL;
	}
	p = out;
#ifdef DEBUG_DECRYPT
	{
		FILE *op;

		char fname[30];
		static int fnm = 1;
		sprintf(fname, "DER%d", fnm++);
		op = fopen(fname, "wb");
		fwrite (p, 1, outlen, op);
		fclose(op);
	}
#endif
	ret = ASN1_item_d2i(NULL, &p, outlen, it);
	if (zbuf) OPENSSL_cleanse(out, outlen);
	if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
	OPENSSL_free(out);
	return ret;
}
示例#4
0
void *
PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
    const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
{
	unsigned char *out;
	const unsigned char *p;
	void *ret;
	int outlen;

	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
	    &out, &outlen, 0)) {
		PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
		return NULL;
	}
	p = out;
	ret = ASN1_item_d2i(NULL, &p, outlen, it);
	if (zbuf)
		explicit_bzero(out, outlen);
	if (!ret)
		PKCS12error(PKCS12_R_DECODE_ERROR);
	free(out);
	return ret;
}
示例#5
0
/*
 * Encrypted PKCS#8 decoder.  It operates by just decrypting the given blob
 * into a new blob, which is returned as an EMBEDDED STORE_INFO.  The whole
 * decoding process will then start over with the new blob.
 */
static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
                                                  const char *pem_header,
                                                  const unsigned char *blob,
                                                  size_t len, void **pctx,
                                                  int *matchcount,
                                                  const UI_METHOD *ui_method,
                                                  void *ui_data)
{
    X509_SIG *p8 = NULL;
    char kbuf[PEM_BUFSIZE];
    char *pass = NULL;
    const X509_ALGOR *dalg = NULL;
    const ASN1_OCTET_STRING *doct = NULL;
    OSSL_STORE_INFO *store_info = NULL;
    BUF_MEM *mem = NULL;
    unsigned char *new_data = NULL;
    int new_data_len;

    if (pem_name != NULL) {
        if (strcmp(pem_name, PEM_STRING_PKCS8) != 0)
            return NULL;
        *matchcount = 1;
    }

    if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL)
        return NULL;

    *matchcount = 1;

    if ((mem = BUF_MEM_new()) == NULL) {
        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
                      ERR_R_MALLOC_FAILURE);
        goto nop8;
    }

    if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE,
                              "PKCS8 decrypt password", ui_data)) == NULL) {
        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
                      OSSL_STORE_R_BAD_PASSWORD_READ);
        goto nop8;
    }

    X509_SIG_get0(p8, &dalg, &doct);
    if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length,
                          &new_data, &new_data_len, 0))
        goto nop8;

    mem->data = (char *)new_data;
    mem->max = mem->length = (size_t)new_data_len;
    X509_SIG_free(p8);

    store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
    if (store_info == NULL) {
        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
                      ERR_R_MALLOC_FAILURE);
        goto nop8;
    }

    return store_info;
 nop8:
    X509_SIG_free(p8);
    BUF_MEM_free(mem);
    return NULL;
}