Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	lib/libcrypto/pkcs12/p12_decr.c	Lines:	40	62	64.5 %
Date:	2017-11-07	Branches:	13	26	50.0 %


/* $OpenBSD: p12_decr.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include <string.h>

#include <openssl/err.h>
#include <openssl/pkcs12.h>

/* Encrypt/Decrypt a buffer based on password and algor, result in a
 * malloc'ed buffer
 */

unsigned char *
PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
    unsigned char *in, int inlen, unsigned char **data, int *datalen, int en_de)
{
	unsigned char *out;
	int outlen, i;
	EVP_CIPHER_CTX ctx;

	EVP_CIPHER_CTX_init(&ctx);
	/* Decrypt data */
	if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
	    algor->parameter, &ctx, en_de)) {
		out = NULL;
		PKCS12error(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
		goto err;
	}

	if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
		free(out);
		out = NULL;
		PKCS12error(ERR_R_EVP_LIB);
		goto err;
	}

	outlen = i;
	if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
		free(out);
		out = NULL;
		PKCS12error(PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
		goto err;
	}
	outlen += i;
	if (datalen)
		*datalen = outlen;
	if (data)
		*data = out;

err:
	EVP_CIPHER_CTX_cleanup(&ctx);
	return out;

}

/* Decrypt an OCTET STRING and decode ASN1 structure
 * if zbuf set zero buffer after use.
 */

void *
PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
    const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
{
	unsigned char *out;
	const unsigned char *p;
	void *ret;
	int outlen;

	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
	    &out, &outlen, 0)) {
		PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
		return NULL;
	}
	p = out;
	ret = ASN1_item_d2i(NULL, &p, outlen, it);
	if (zbuf)
		explicit_bzero(out, outlen);
	if (!ret)
		PKCS12error(PKCS12_R_DECODE_ERROR);
	free(out);
	return ret;
}

/* Encode ASN1 structure and encrypt, return OCTET STRING
 * if zbuf set zero encoding.
 */

ASN1_OCTET_STRING *
PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
    const char *pass, int passlen,
    void *obj, int zbuf)
{
	ASN1_OCTET_STRING *oct;
	unsigned char *in = NULL;
	int inlen;

	if (!(oct = ASN1_OCTET_STRING_new ())) {
		PKCS12error(ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	inlen = ASN1_item_i2d(obj, &in, it);
	if (!in) {
		PKCS12error(PKCS12_R_ENCODE_ERROR);
		goto err;
	}
	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
	    &oct->length, 1)) {
		PKCS12error(PKCS12_R_ENCRYPT_ERROR);
		goto err;
	}
	if (zbuf)
		explicit_bzero(in, inlen);
	free(in);
	return oct;

err:
	free(in);
	ASN1_OCTET_STRING_free(oct);
	return NULL;
}

IMPLEMENT_PKCS12_STACK_OF(PKCS7)


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: p12_decr.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
2			/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3			* project 1999.
4			*/
5			/* ====================================================================
6			* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7			*
8			* Redistribution and use in source and binary forms, with or without
9			* modification, are permitted provided that the following conditions
10			* are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright
13			* notice, this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this
21			* software must display the following acknowledgment:
22			* "This product includes software developed by the OpenSSL Project
23			* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24			*
25			* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* licensing@OpenSSL.org.
29			*
30			* 5. Products derived from this software may not be called "OpenSSL"
31			* nor may "OpenSSL" appear in their names without prior written
32			* permission of the OpenSSL Project.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			* "This product includes software developed by the OpenSSL Project
37			* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38			*
39			* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50			* OF THE POSSIBILITY OF SUCH DAMAGE.
51			* ====================================================================
52			*
53			* This product includes cryptographic software written by Eric Young
54			* (eay@cryptsoft.com). This product includes software written by Tim
55			* Hudson (tjh@cryptsoft.com).
56			*
57			*/
58
59			#include <stdio.h>
60			#include <string.h>
61
62			#include <openssl/err.h>
63			#include <openssl/pkcs12.h>
64
65			/* Encrypt/Decrypt a buffer based on password and algor, result in a
66			* malloc'ed buffer
67			*/
68
69			unsigned char *
70			PKCS12_pbe_crypt(X509_ALGOR algor, const char pass, int passlen,
71			unsigned char in, int inlen, unsigned char data, int datalen, int en_de)
72			{
73			unsigned char *out;
74		100	int outlen, i;
75		50	EVP_CIPHER_CTX ctx;
76
77		50	EVP_CIPHER_CTX_init(&ctx);
78			/* Decrypt data */
79	✗✓	100	if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
80		50	algor->parameter, &ctx, en_de)) {
81			out = NULL;
82			PKCS12error(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
83			goto err;
84			}
85
86	✗✓	50	if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
87			PKCS12error(ERR_R_MALLOC_FAILURE);
88			goto err;
89			}
90
91	✗✓	50	if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
92			free(out);
93			out = NULL;
94			PKCS12error(ERR_R_EVP_LIB);
95			goto err;
96			}
97
98		50	outlen = i;
99	✗✓	50	if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
100			free(out);
101			out = NULL;
102			PKCS12error(PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
103			goto err;
104			}
105		50	outlen += i;
106	✓✗	50	if (datalen)
107		50	*datalen = outlen;
108	✓✗	50	if (data)
109		50	*data = out;
110
111			err:
112		50	EVP_CIPHER_CTX_cleanup(&ctx);
113		50	return out;
114
115		50	}
116
117			/* Decrypt an OCTET STRING and decode ASN1 structure
118			* if zbuf set zero buffer after use.
119			*/
120
121			void *
122			PKCS12_item_decrypt_d2i(X509_ALGOR algor, const ASN1_ITEM it,
123			const char pass, int passlen, ASN1_OCTET_STRING oct, int zbuf)
124			{
125		64	unsigned char *out;
126		32	const unsigned char *p;
127			void *ret;
128		32	int outlen;
129
130	✗✓	32	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
131			&out, &outlen, 0)) {
132			PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
133			return NULL;
134			}
135		32	p = out;
136		32	ret = ASN1_item_d2i(NULL, &p, outlen, it);
137	✓✗	32	if (zbuf)
138		32	explicit_bzero(out, outlen);
139	✗✓	32	if (!ret)
140			PKCS12error(PKCS12_R_DECODE_ERROR);
141		32	free(out);
142		32	return ret;
143		32	}
144
145			/* Encode ASN1 structure and encrypt, return OCTET STRING
146			* if zbuf set zero encoding.
147			*/
148
149			ASN1_OCTET_STRING *
150			PKCS12_item_i2d_encrypt(X509_ALGOR algor, const ASN1_ITEM it,
151			const char *pass, int passlen,
152			void *obj, int zbuf)
153			{
154			ASN1_OCTET_STRING *oct;
155		36	unsigned char *in = NULL;
156			int inlen;
157
158	✗✓	18	if (!(oct = ASN1_OCTET_STRING_new ())) {
159			PKCS12error(ERR_R_MALLOC_FAILURE);
160			return NULL;
161			}
162		18	inlen = ASN1_item_i2d(obj, &in, it);
163	✗✓	18	if (!in) {
164			PKCS12error(PKCS12_R_ENCODE_ERROR);
165			goto err;
166			}
167	✗✓	36	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
168		18	&oct->length, 1)) {
169			PKCS12error(PKCS12_R_ENCRYPT_ERROR);
170			goto err;
171			}
172	✓✗	18	if (zbuf)
173		18	explicit_bzero(in, inlen);
174		18	free(in);
175		18	return oct;
176
177			err:
178			free(in);
179			ASN1_OCTET_STRING_free(oct);
180			return NULL;
181		18	}
182
183			IMPLEMENT_PKCS12_STACK_OF(PKCS7)