]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/pkcs12/p12_crt.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
[thirdparty/openssl.git] / crypto / pkcs12 / p12_crt.c
1 /*
2 * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/pkcs12.h>
13 #include "p12_local.h"
14
15 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
16 PKCS12_SAFEBAG *bag);
17
18 static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
19 {
20 int idx;
21 X509_ATTRIBUTE *attr;
22 idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
23 if (idx < 0)
24 return 1;
25 attr = EVP_PKEY_get_attr(pkey, idx);
26 if (!X509at_add1_attr(&bag->attrib, attr))
27 return 0;
28 return 1;
29 }
30
31 PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
32 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
33 int mac_iter, int keytype)
34 {
35 PKCS12 *p12 = NULL;
36 STACK_OF(PKCS7) *safes = NULL;
37 STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
38 PKCS12_SAFEBAG *bag = NULL;
39 int i;
40 unsigned char keyid[EVP_MAX_MD_SIZE];
41 unsigned int keyidlen = 0;
42
43 /* Set defaults */
44 if (!nid_cert)
45 #ifdef OPENSSL_NO_RC2
46 nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
47 #else
48 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
49 #endif
50 if (!nid_key)
51 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
52 if (!iter)
53 iter = PKCS12_DEFAULT_ITER;
54 if (!mac_iter)
55 mac_iter = 1;
56
57 if (pkey == NULL && cert == NULL && ca == NULL) {
58 ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_ARGUMENT);
59 return NULL;
60 }
61
62 if (pkey && cert) {
63 if (!X509_check_private_key(cert, pkey))
64 return NULL;
65 if (!X509_digest(cert, EVP_sha1(), keyid, &keyidlen))
66 return NULL;
67 }
68
69 if (cert) {
70 bag = PKCS12_add_cert(&bags, cert);
71 if (name && !PKCS12_add_friendlyname(bag, name, -1))
72 goto err;
73 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
74 goto err;
75 }
76
77 /* Add all other certificates */
78 for (i = 0; i < sk_X509_num(ca); i++) {
79 if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
80 goto err;
81 }
82
83 if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
84 goto err;
85
86 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
87 bags = NULL;
88
89 if (pkey) {
90 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
91
92 if (!bag)
93 goto err;
94
95 if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
96 goto err;
97 if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
98 goto err;
99
100 if (name && !PKCS12_add_friendlyname(bag, name, -1))
101 goto err;
102 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
103 goto err;
104 }
105
106 if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
107 goto err;
108
109 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
110 bags = NULL;
111
112 p12 = PKCS12_add_safes(safes, 0);
113
114 if (p12 == NULL)
115 goto err;
116
117 sk_PKCS7_pop_free(safes, PKCS7_free);
118
119 safes = NULL;
120
121 if ((mac_iter != -1) &&
122 !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
123 goto err;
124
125 return p12;
126
127 err:
128 PKCS12_free(p12);
129 sk_PKCS7_pop_free(safes, PKCS7_free);
130 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
131 return NULL;
132
133 }
134
135 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
136 {
137 PKCS12_SAFEBAG *bag = NULL;
138 char *name;
139 int namelen = -1;
140 unsigned char *keyid;
141 int keyidlen = -1;
142
143 /* Add user certificate */
144 if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
145 goto err;
146
147 /*
148 * Use friendlyName and localKeyID in certificate. (if present)
149 */
150
151 name = (char *)X509_alias_get0(cert, &namelen);
152
153 if (name && !PKCS12_add_friendlyname(bag, name, namelen))
154 goto err;
155
156 keyid = X509_keyid_get0(cert, &keyidlen);
157
158 if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
159 goto err;
160
161 if (!pkcs12_add_bag(pbags, bag))
162 goto err;
163
164 return bag;
165
166 err:
167 PKCS12_SAFEBAG_free(bag);
168 return NULL;
169
170 }
171
172 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
173 EVP_PKEY *key, int key_usage, int iter,
174 int nid_key, const char *pass)
175 {
176
177 PKCS12_SAFEBAG *bag = NULL;
178 PKCS8_PRIV_KEY_INFO *p8 = NULL;
179
180 /* Make a PKCS#8 structure */
181 if ((p8 = EVP_PKEY2PKCS8(key)) == NULL)
182 goto err;
183 if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
184 goto err;
185 if (nid_key != -1) {
186 bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0,
187 iter, p8);
188 PKCS8_PRIV_KEY_INFO_free(p8);
189 } else
190 bag = PKCS12_SAFEBAG_create0_p8inf(p8);
191
192 if (!bag)
193 goto err;
194
195 if (!pkcs12_add_bag(pbags, bag))
196 goto err;
197
198 return bag;
199
200 err:
201 PKCS12_SAFEBAG_free(bag);
202 return NULL;
203
204 }
205
206 PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags,
207 int nid_type, const unsigned char *value, int len)
208 {
209 PKCS12_SAFEBAG *bag = NULL;
210
211 /* Add secret, storing the value as an octet string */
212 if ((bag = PKCS12_SAFEBAG_create_secret(nid_type, V_ASN1_OCTET_STRING, value, len)) == NULL)
213 goto err;
214
215 if (!pkcs12_add_bag(pbags, bag))
216 goto err;
217
218 return bag;
219 err:
220 PKCS12_SAFEBAG_free(bag);
221 return NULL;
222 }
223
224 int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
225 int nid_safe, int iter, const char *pass)
226 {
227 PKCS7 *p7 = NULL;
228 int free_safes = 0;
229
230 if (*psafes == NULL) {
231 *psafes = sk_PKCS7_new_null();
232 if (*psafes == NULL)
233 return 0;
234 free_safes = 1;
235 }
236
237 if (nid_safe == 0)
238 #ifdef OPENSSL_NO_RC2
239 nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
240 #else
241 nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
242 #endif
243
244 if (nid_safe == -1)
245 p7 = PKCS12_pack_p7data(bags);
246 else
247 p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, iter, bags);
248 if (p7 == NULL)
249 goto err;
250
251 if (!sk_PKCS7_push(*psafes, p7))
252 goto err;
253
254 return 1;
255
256 err:
257 if (free_safes) {
258 sk_PKCS7_free(*psafes);
259 *psafes = NULL;
260 }
261 PKCS7_free(p7);
262 return 0;
263
264 }
265
266 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
267 PKCS12_SAFEBAG *bag)
268 {
269 int free_bags = 0;
270
271 if (pbags == NULL)
272 return 1;
273 if (*pbags == NULL) {
274 *pbags = sk_PKCS12_SAFEBAG_new_null();
275 if (*pbags == NULL)
276 return 0;
277 free_bags = 1;
278 }
279
280 if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
281 if (free_bags) {
282 sk_PKCS12_SAFEBAG_free(*pbags);
283 *pbags = NULL;
284 }
285 return 0;
286 }
287
288 return 1;
289
290 }
291
292 PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
293 {
294 PKCS12 *p12;
295
296 if (nid_p7 <= 0)
297 nid_p7 = NID_pkcs7_data;
298 p12 = PKCS12_init(nid_p7);
299 if (p12 == NULL)
300 return NULL;
301
302 if (!PKCS12_pack_authsafes(p12, safes)) {
303 PKCS12_free(p12);
304 return NULL;
305 }
306
307 return p12;
308
309 }
A mirror of the official openssl repository