1 /* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 1999. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/err.h> 62 #include <openssl/pkcs12.h> 63 64 /* Simplified PKCS#12 routines */ 65 66 static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, 67 EVP_PKEY **pkey, STACK_OF(X509) *ocerts); 68 69 static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, 70 int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); 71 72 static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, 73 EVP_PKEY **pkey, STACK_OF(X509) *ocerts); 74 75 /* Parse and decrypt a PKCS#12 structure returning user key, user cert 76 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, 77 * or it should point to a valid STACK structure. pkey and cert can be 78 * passed unitialised. 79 */ 80 81 int 82 PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 83 STACK_OF(X509) **ca) 84 { 85 STACK_OF(X509) *ocerts = NULL; 86 X509 *x = NULL; 87 /* Check for NULL PKCS12 structure */ 88 89 if (!p12) { 90 PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); 91 return 0; 92 } 93 94 if (pkey) 95 *pkey = NULL; 96 if (cert) 97 *cert = NULL; 98 99 /* Check the mac */ 100 101 /* If password is zero length or NULL then try verifying both cases 102 * to determine which password is correct. The reason for this is that 103 * under PKCS#12 password based encryption no password and a zero length 104 * password are two different things... 105 */ 106 107 if (!pass || !*pass) { 108 if (PKCS12_verify_mac(p12, NULL, 0)) 109 pass = NULL; 110 else if (PKCS12_verify_mac(p12, "", 0)) 111 pass = ""; 112 else { 113 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); 114 goto err; 115 } 116 } else if (!PKCS12_verify_mac(p12, pass, -1)) { 117 PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); 118 goto err; 119 } 120 121 /* Allocate stack for other certificates */ 122 ocerts = sk_X509_new_null(); 123 if (!ocerts) { 124 PKCS12error(ERR_R_MALLOC_FAILURE); 125 return 0; 126 } 127 128 if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) { 129 PKCS12error(PKCS12_R_PARSE_ERROR); 130 goto err; 131 } 132 133 while ((x = sk_X509_pop(ocerts))) { 134 if (pkey && *pkey && cert && !*cert) { 135 if (X509_check_private_key(x, *pkey)) { 136 *cert = x; 137 x = NULL; 138 } 139 } 140 141 if (ca && x) { 142 if (!*ca) 143 *ca = sk_X509_new_null(); 144 if (!*ca) 145 goto err; 146 if (!sk_X509_push(*ca, x)) 147 goto err; 148 x = NULL; 149 } 150 X509_free(x); 151 } 152 153 if (ocerts) 154 sk_X509_pop_free(ocerts, X509_free); 155 156 return 1; 157 158 err: 159 if (pkey && *pkey) 160 EVP_PKEY_free(*pkey); 161 if (cert) 162 X509_free(*cert); 163 X509_free(x); 164 if (ocerts) 165 sk_X509_pop_free(ocerts, X509_free); 166 return 0; 167 } 168 169 /* Parse the outer PKCS#12 structure */ 170 171 static int 172 parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, 173 STACK_OF(X509) *ocerts) 174 { 175 STACK_OF(PKCS7) *asafes; 176 STACK_OF(PKCS12_SAFEBAG) *bags; 177 int i, bagnid; 178 PKCS7 *p7; 179 180 if (!(asafes = PKCS12_unpack_authsafes (p12))) 181 return 0; 182 for (i = 0; i < sk_PKCS7_num (asafes); i++) { 183 p7 = sk_PKCS7_value (asafes, i); 184 bagnid = OBJ_obj2nid (p7->type); 185 if (bagnid == NID_pkcs7_data) { 186 bags = PKCS12_unpack_p7data(p7); 187 } else if (bagnid == NID_pkcs7_encrypted) { 188 bags = PKCS12_unpack_p7encdata(p7, pass, passlen); 189 } else 190 continue; 191 if (!bags) { 192 sk_PKCS7_pop_free(asafes, PKCS7_free); 193 return 0; 194 } 195 if (!parse_bags(bags, pass, passlen, pkey, ocerts)) { 196 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); 197 sk_PKCS7_pop_free(asafes, PKCS7_free); 198 return 0; 199 } 200 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); 201 } 202 sk_PKCS7_pop_free(asafes, PKCS7_free); 203 return 1; 204 } 205 206 static int 207 parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen, 208 EVP_PKEY **pkey, STACK_OF(X509) *ocerts) 209 { 210 int i; 211 212 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { 213 if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), pass, passlen, 214 pkey, ocerts)) 215 return 0; 216 } 217 return 1; 218 } 219 220 static int 221 parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, 222 STACK_OF(X509) *ocerts) 223 { 224 PKCS8_PRIV_KEY_INFO *p8; 225 X509 *x509; 226 ASN1_TYPE *attrib; 227 ASN1_BMPSTRING *fname = NULL; 228 ASN1_OCTET_STRING *lkid = NULL; 229 230 if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) 231 fname = attrib->value.bmpstring; 232 233 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) 234 lkid = attrib->value.octet_string; 235 236 switch (OBJ_obj2nid(bag->type)) { 237 case NID_keyBag: 238 if (!pkey || *pkey) 239 return 1; 240 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) 241 return 0; 242 break; 243 244 case NID_pkcs8ShroudedKeyBag: 245 if (!pkey || *pkey) 246 return 1; 247 if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) 248 return 0; 249 *pkey = EVP_PKCS82PKEY(p8); 250 PKCS8_PRIV_KEY_INFO_free(p8); 251 if (!(*pkey)) 252 return 0; 253 break; 254 255 case NID_certBag: 256 if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate ) 257 return 1; 258 if (!(x509 = PKCS12_certbag2x509(bag))) 259 return 0; 260 if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { 261 X509_free(x509); 262 return 0; 263 } 264 if (fname) { 265 int len, r; 266 unsigned char *data; 267 len = ASN1_STRING_to_UTF8(&data, fname); 268 if (len >= 0) { 269 r = X509_alias_set1(x509, data, len); 270 free(data); 271 if (!r) { 272 X509_free(x509); 273 return 0; 274 } 275 } 276 } 277 278 if (!sk_X509_push(ocerts, x509)) { 279 X509_free(x509); 280 return 0; 281 } 282 283 break; 284 285 case NID_safeContentsBag: 286 return parse_bags(bag->value.safes, pass, passlen, 287 pkey, ocerts); 288 break; 289 290 default: 291 return 1; 292 break; 293 } 294 return 1; 295 } 296