crypto/pkcs12/p12_p8e.c

   1 /*
   2  * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include "internal/cryptlib.h"
  12 #include <openssl/pkcs12.h>
  13 #include "crypto/x509.h"
  14
  15 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
  16                         const char *pass, int passlen,
  17                         unsigned char *salt, int saltlen, int iter,
  18                         PKCS8_PRIV_KEY_INFO *p8inf)
  19 {
  20     X509_SIG *p8 = NULL;
  21     X509_ALGOR *pbe;
  22
  23     if (pbe_nid == -1)
  24         pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
  25     else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
  26         pbe = PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, pbe_nid);
  27     else {
  28         ERR_clear_error();
  29         pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
  30     }
  31     if (!pbe) {
  32         PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
  33         return NULL;
  34     }
  35     p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe);
  36     if (p8 == NULL) {
  37         X509_ALGOR_free(pbe);
  38         return NULL;
  39     }
  40
  41     return p8;
  42 }
  43
  44 X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
  45                          PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe)
  46 {
  47     X509_SIG *p8;
  48     ASN1_OCTET_STRING *enckey;
  49
  50     enckey =
  51         PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
  52                                 pass, passlen, p8inf, 1);
  53     if (!enckey) {
  54         PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR);
  55         return NULL;
  56     }
  57
  58     p8 = OPENSSL_zalloc(sizeof(*p8));
  59
  60     if (p8 == NULL) {
  61         PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE);
  62         ASN1_OCTET_STRING_free(enckey);
  63         return NULL;
  64     }
  65     p8->algor = pbe;
  66     p8->digest = enckey;
  67
  68     return p8;
  69 }