wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

PKCS12 : visibility, check on key match, sanity check on malloc

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-11-03 11:14:29 -06:00
parent b686deecbe
commit 0839925797
4 changed files with 147 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
src/ssl.c
View File

@@ -11379,14 +11379,14 @@ int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
WOLFSSL_STACK* node; WOLFSSL_STACK* node;
if (sk == NULL || x509 == NULL) { if (sk == NULL || x509 == NULL) {
return 0; return SSL_FAILURE;
} }
/* no previous values in stack */ /* no previous values in stack */
if (sk->data.x509 == NULL) { if (sk->data.x509 == NULL) {
sk->data.x509 = x509; sk->data.x509 = x509;
sk->num += 1; sk->num += 1;
return 1; return SSL_SUCCESS;
} }
/* stack already has value(s) create a new node and add more */ /* stack already has value(s) create a new node and add more */
@@ -11394,7 +11394,7 @@ int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
DYNAMIC_TYPE_X509); DYNAMIC_TYPE_X509);
if (node == NULL) { if (node == NULL) {
WOLFSSL_MSG("Memory error"); WOLFSSL_MSG("Memory error");
return 0; return SSL_FAILURE;
} }
XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
@@ -11405,7 +11405,7 @@ int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
sk->data.x509 = x509; sk->data.x509 = x509;
sk->num += 1; sk->num += 1;
return 1; return SSL_SUCCESS;
} }
@@ -12560,12 +12560,13 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, STACK_OF(WOLFSSL_X509)** ca) WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, STACK_OF(WOLFSSL_X509)** ca)
{ {
DecodedCert DeCert; DecodedCert DeCert;
void* heap = NULL;
int ret; int ret;
byte* certData = NULL; byte* certData = NULL;
word32 certDataSz; word32 certDataSz;
byte* pk = NULL; byte* pk = NULL;
word32 pkSz; word32 pkSz;
DerCertList* certList = NULL; WC_DerCertList* certList = NULL;
WOLFSSL_ENTER("wolfSSL_PKCS12_parse"); WOLFSSL_ENTER("wolfSSL_PKCS12_parse");
@@ -12574,6 +12575,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
return 0; return 0;
} }
heap = wc_PKCS12_GetHeap(pkcs12);
*pkey = NULL; *pkey = NULL;
*cert = NULL; *cert = NULL;
@@ -12593,23 +12595,23 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
/* Decode cert and place in X509 stack struct */ /* Decode cert and place in X509 stack struct */
if (certList != NULL) { if (certList != NULL) {
DerCertList* current = certList; WC_DerCertList* current = certList;
*ca = (STACK_OF(WOLFSSL_X509)*)XMALLOC(sizeof(STACK_OF(WOLFSSL_X509)), *ca = (STACK_OF(WOLFSSL_X509)*)XMALLOC(sizeof(STACK_OF(WOLFSSL_X509)),
pkcs12->heap, DYNAMIC_TYPE_PKCS); heap, DYNAMIC_TYPE_PKCS);
if (*ca == NULL) { if (*ca == NULL) {
if (pk != NULL) { if (pk != NULL) {
XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
} }
if (certData != NULL) { if (certData != NULL) {
XFREE(*cert, pkcs12->heap, DYNAMIC_TYPE_PKCS); *cert = NULL; XFREE(*cert, heap, DYNAMIC_TYPE_PKCS); *cert = NULL;
} }
/* Free up DerCertList and move on */ /* Free up WC_DerCertList and move on */
while (current != NULL) { while (current != NULL) {
DerCertList* next = current->next; WC_DerCertList* next = current->next;
XFREE(current->buffer, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
XFREE(current, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(current, heap, DYNAMIC_TYPE_PKCS);
current = next; current = next;
} }
return 0; return 0;
@@ -12618,14 +12620,13 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
/* add list of DER certs as X509's to stack */ /* add list of DER certs as X509's to stack */
while (current != NULL) { while (current != NULL) {
DerCertList* toFree = current; WC_DerCertList* toFree = current;
WOLFSSL_X509* x509; WOLFSSL_X509* x509;
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), pkcs12->heap, x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
DYNAMIC_TYPE_PKCS); DYNAMIC_TYPE_PKCS);
InitX509(x509, 1, pkcs12->heap); InitX509(x509, 1, heap);
InitDecodedCert(&DeCert, current->buffer, current->bufferSz, InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap);
pkcs12->heap);
if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
WOLFSSL_MSG("Issue with parsing certificate"); WOLFSSL_MSG("Issue with parsing certificate");
FreeDecodedCert(&DeCert); FreeDecodedCert(&DeCert);
@@ -12638,17 +12639,17 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL_X509_free(x509); wolfSSL_X509_free(x509);
wolfSSL_sk_X509_free(*ca); *ca = NULL; wolfSSL_sk_X509_free(*ca); *ca = NULL;
if (pk != NULL) { if (pk != NULL) {
XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
} }
if (certData != NULL) { if (certData != NULL) {
XFREE(certData, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
} }
/* Free up DerCertList */ /* Free up WC_DerCertList */
while (current != NULL) { while (current != NULL) {
DerCertList* next = current->next; WC_DerCertList* next = current->next;
XFREE(current->buffer, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
XFREE(current, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(current, heap, DYNAMIC_TYPE_PKCS);
current = next; current = next;
} }
return 0; return 0;
@@ -12660,46 +12661,46 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL_X509_free(x509); wolfSSL_X509_free(x509);
wolfSSL_sk_X509_free(*ca); *ca = NULL; wolfSSL_sk_X509_free(*ca); *ca = NULL;
if (pk != NULL) { if (pk != NULL) {
XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
} }
if (certData != NULL) { if (certData != NULL) {
XFREE(certData, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
} }
/* Free up DerCertList */ /* Free up WC_DerCertList */
while (current != NULL) { while (current != NULL) {
DerCertList* next = current->next; WC_DerCertList* next = current->next;
XFREE(current->buffer, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
XFREE(current, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(current, heap, DYNAMIC_TYPE_PKCS);
current = next; current = next;
} }
return 0; return 0;
} }
} }
current = current->next; current = current->next;
XFREE(toFree->buffer, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(toFree->buffer, heap, DYNAMIC_TYPE_PKCS);
XFREE(toFree, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(toFree, heap, DYNAMIC_TYPE_PKCS);
} }
} }
/* Decode cert and place in X509 struct */ /* Decode cert and place in X509 struct */
if (certData != NULL) { if (certData != NULL) {
*cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), pkcs12->heap, *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
DYNAMIC_TYPE_PKCS); DYNAMIC_TYPE_PKCS);
if (*cert == NULL) { if (*cert == NULL) {
if (pk != NULL) { if (pk != NULL) {
XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
} }
if (ca != NULL) { if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL; wolfSSL_sk_X509_free(*ca); *ca = NULL;
} }
XFREE(certData, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
return 0; return 0;
} }
InitX509(*cert, 1, pkcs12->heap); InitX509(*cert, 1, heap);
InitDecodedCert(&DeCert, certData, certDataSz, pkcs12->heap); InitDecodedCert(&DeCert, certData, certDataSz, heap);
if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
WOLFSSL_MSG("Issue with parsing certificate"); WOLFSSL_MSG("Issue with parsing certificate");
} }
@@ -12707,7 +12708,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_MSG("Failed to copy decoded cert"); WOLFSSL_MSG("Failed to copy decoded cert");
FreeDecodedCert(&DeCert); FreeDecodedCert(&DeCert);
if (pk != NULL) { if (pk != NULL) {
XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
} }
if (ca != NULL) { if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL; wolfSSL_sk_X509_free(*ca); *ca = NULL;
@@ -12716,7 +12717,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
return 0; return 0;
} }
FreeDecodedCert(&DeCert); FreeDecodedCert(&DeCert);
XFREE(certData, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
} }
@@ -12724,13 +12725,13 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
ret = BAD_STATE_E; ret = BAD_STATE_E;
if (pk != NULL) { /* decode key if present */ if (pk != NULL) { /* decode key if present */
*pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), *pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY),
pkcs12->heap, DYNAMIC_TYPE_PKCS); heap, DYNAMIC_TYPE_PKCS);
if (*pkey == NULL) { if (*pkey == NULL) {
wolfSSL_X509_free(*cert); *cert = NULL; wolfSSL_X509_free(*cert); *cert = NULL;
if (ca != NULL) { if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL; wolfSSL_sk_X509_free(*ca); *ca = NULL;
} }
XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
return 0; return 0;
} }
#ifndef NO_RSA #ifndef NO_RSA
@@ -12738,7 +12739,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
word32 keyIdx = 0; word32 keyIdx = 0;
RsaKey key; RsaKey key;
if (wc_InitRsaKey(&key, pkcs12->heap) != 0) { if (wc_InitRsaKey(&key, heap) != 0) {
ret = BAD_STATE_E; ret = BAD_STATE_E;
} }
else { else {
@@ -12763,8 +12764,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
if (ca != NULL) { if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL; wolfSSL_sk_X509_free(*ca); *ca = NULL;
} }
XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; XFREE(*pkey, heap, DYNAMIC_TYPE_PKCS); *pkey = NULL;
XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
return 0; return 0;
} }
@@ -12774,8 +12775,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
if (ca != NULL) { if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL; wolfSSL_sk_X509_free(*ca); *ca = NULL;
} }
XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; XFREE(*pkey, heap, DYNAMIC_TYPE_PKCS); *pkey = NULL;
XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
WOLFSSL_MSG("Bad PKCS12 key format"); WOLFSSL_MSG("Bad PKCS12 key format");
return 0; return 0;
} }
@@ -12791,8 +12792,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
if (ca != NULL) { if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL; wolfSSL_sk_X509_free(*ca); *ca = NULL;
} }
XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; XFREE(*pkey, heap, DYNAMIC_TYPE_PKCS); *pkey = NULL;
XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
WOLFSSL_MSG("Bad PKCS12 key format"); WOLFSSL_MSG("Bad PKCS12 key format");
return 0; return 0;
} }

12
wolfcrypt/src/asn.c
View File

@@ -1449,9 +1449,9 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
int ret = 0; int ret = 0;
/* test if RSA key */ /* test if RSA key */
if (wc_InitRsaKey(&a, NULL) == 0) { if (der->keyOID == RSAk) {
if (wc_RsaPrivateKeyDecode(key, &keyIdx, &a, keySz) == 0 && if (wc_InitRsaKey(&a, NULL) == 0 &&
der->keyOID == RSAk) { wc_RsaPrivateKeyDecode(key, &keyIdx, &a, keySz) == 0) {
WOLFSSL_MSG("Checking RSA key pair"); WOLFSSL_MSG("Checking RSA key pair");
keyIdx = 0; /* reset to 0 for parsing public key */ keyIdx = 0; /* reset to 0 for parsing public key */
@@ -1499,9 +1499,9 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
word32 keyIdx = 0; word32 keyIdx = 0;
ecc_key key_pair; ecc_key key_pair;
if ((ret = wc_ecc_init(&key_pair)) == 0) { if (der->keyOID == ECDSAk) {
if (wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair, keySz) == 0 && if ((ret = wc_ecc_init(&key_pair)) == 0 &&
der->keyOID == ECDSAk) { wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair, keySz) == 0) {
WOLFSSL_MSG("Checking ECC key pair"); WOLFSSL_MSG("Checking ECC key pair");
keyIdx = 0; keyIdx = 0;
if ((ret = wc_ecc_import_x963(der->publicKey, der->pubKeySize, if ((ret = wc_ecc_import_x963(der->publicKey, der->pubKeySize,

96
wolfcrypt/src/pkcs12.c
View File

@@ -42,10 +42,73 @@
#include <wolfssl/wolfcrypt/pkcs12.h> #include <wolfssl/wolfcrypt/pkcs12.h>
#include <wolfssl/wolfcrypt/pwdbased.h> #include <wolfssl/wolfcrypt/pwdbased.h>
enum {
WC_PKCS12_KeyBag = 667,
WC_PKCS12_ShroudedKeyBag = 668,
WC_PKCS12_CertBag = 669,
WC_PKCS12_CertBag_Type1 = 675,
WC_PKCS12_CrlBag = 670,
WC_PKCS12_SecretBag = 671,
WC_PKCS12_SafeContentsBag = 672,
WC_PKCS12_DATA = 651,
WC_PKCS12_ENCRYPTED_DATA = 656,
};
typedef struct ContentInfo ContentInfo;
typedef struct ContentInfo {
byte* data;
ContentInfo* next;
word32 encC; /* encryptedContent */
word32 dataSz;
int type; /* DATA / encrypted / envelpoed */
} ContentInfo;
typedef struct AuthenticatedSafe {
ContentInfo* CI;
byte* data; /* T contents.... */
word32 oid; /* encrypted or not */
word32 numCI; /* number of Content Info structs */
word32 dataSz;
} AuthenticatedSafe;
typedef struct MacData {
byte* digest;
byte* salt;
word32 oid;
word32 digestSz;
word32 saltSz;
int itt; /* number of itterations when creating HMAC key */
} MacData;
typedef struct WC_PKCS12 {
void* heap;
AuthenticatedSafe* safe;
MacData* signData;
word32 oid; /* DATA / Enveloped DATA ... */
} WC_PKCS12;
/* for friendlyName, localKeyId .... */
typedef struct WC_PKCS12_ATTRIBUTE {
byte* data;
word32 oid;
word32 dataSz;
} WC_PKCS12_ATTRIBUTE;
WC_PKCS12* wc_PKCS12_new(void) WC_PKCS12* wc_PKCS12_new(void)
{ {
WC_PKCS12* pkcs12 = (WC_PKCS12*)XMALLOC(sizeof(WC_PKCS12), WC_PKCS12* pkcs12 = (WC_PKCS12*)XMALLOC(sizeof(WC_PKCS12),
NULL, DYNAMIC_TYPE_PKCS); NULL, DYNAMIC_TYPE_PKCS);
if (pkcs12 == NULL) {
WOLFSSL_MSG("Memory issue when creating WC_PKCS12 struct");
return NULL;
}
XMEMSET(pkcs12, 0, sizeof(WC_PKCS12)); XMEMSET(pkcs12, 0, sizeof(WC_PKCS12));
return pkcs12; return pkcs12;
@@ -567,9 +630,9 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
} }
/* helper function to free DerCertList */ /* helper function to free WC_DerCertList */
static void freeCertList(DerCertList* list, void* heap) { static void freeCertList(WC_DerCertList* list, void* heap) {
DerCertList* current; WC_DerCertList* current;
if (list == NULL) { if (list == NULL) {
return; return;
@@ -577,7 +640,7 @@ static void freeCertList(DerCertList* list, void* heap) {
current = list; current = list;
while(current != NULL) { while(current != NULL) {
DerCertList* next = current->next; WC_DerCertList* next = current->next;
if (current->buffer != NULL) { if (current->buffer != NULL) {
XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
} }
@@ -616,10 +679,10 @@ static void freeBuffers(byte* a, byte* b, void* heap)
*/ */
int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
byte** pkey, word32* pkeySz, byte** cert, word32* certSz, byte** pkey, word32* pkeySz, byte** cert, word32* certSz,
DerCertList** ca) WC_DerCertList** ca)
{ {
ContentInfo* ci = NULL; ContentInfo* ci = NULL;
DerCertList* certList = NULL; WC_DerCertList* certList = NULL;
byte* buf = NULL; byte* buf = NULL;
word32 i, oid; word32 i, oid;
int ret, pswSz; int ret, pswSz;
@@ -885,7 +948,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
case WC_PKCS12_CertBag: /* 669 */ case WC_PKCS12_CertBag: /* 669 */
{ {
DerCertList* node; WC_DerCertList* node;
WOLFSSL_MSG("PKCS12 Cert Bag found"); WOLFSSL_MSG("PKCS12 Cert Bag found");
if (data[idx++] != if (data[idx++] !=
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
@@ -952,14 +1015,14 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
} }
/* list to hold all certs found */ /* list to hold all certs found */
node = (DerCertList*)XMALLOC(sizeof(DerCertList), node = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList),
pkcs12->heap, DYNAMIC_TYPE_PKCS); pkcs12->heap, DYNAMIC_TYPE_PKCS);
if (node == NULL) { if (node == NULL) {
freeBuffers(*pkey, buf, pkcs12->heap); freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap); freeCertList(certList, pkcs12->heap);
return MEMORY_E; return MEMORY_E;
} }
XMEMSET(node, 0, sizeof(DerCertList)); XMEMSET(node, 0, sizeof(WC_DerCertList));
node->buffer = (byte*)XMALLOC(size, pkcs12->heap, node->buffer = (byte*)XMALLOC(size, pkcs12->heap,
DYNAMIC_TYPE_PKCS); DYNAMIC_TYPE_PKCS);
@@ -1020,8 +1083,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
/* check if key pair, remove from list */ /* check if key pair, remove from list */
{ {
DerCertList* current = certList; WC_DerCertList* current = certList;
DerCertList* previous = NULL; WC_DerCertList* previous = NULL;
if (*pkey != NULL) { if (*pkey != NULL) {
@@ -1078,5 +1141,16 @@ int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap)
return 0; return 0;
} }
/* getter for heap */
void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12)
{
if (pkcs12 == NULL) {
return NULL;
}
return pkcs12->heap;
}
#endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */ #endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */

70
wolfssl/wolfcrypt/pkcs12.h
View File

@@ -29,81 +29,25 @@
extern "C" { extern "C" {
#endif #endif
typedef struct WC_PKCS12 WC_PKCS12;
enum { typedef struct WC_DerCertList WC_DerCertList;
WC_PKCS12_KeyBag = 667, typedef struct WC_DerCertList { /* dereferenced in ssl.c */
WC_PKCS12_ShroudedKeyBag = 668,
WC_PKCS12_CertBag = 669,
WC_PKCS12_CertBag_Type1 = 675,
WC_PKCS12_CrlBag = 670,
WC_PKCS12_SecretBag = 671,
WC_PKCS12_SafeContentsBag = 672,
WC_PKCS12_DATA = 651,
WC_PKCS12_ENCRYPTED_DATA = 656,
};
typedef struct DerCertList DerCertList;
typedef struct DerCertList {
byte* buffer; byte* buffer;
word32 bufferSz; word32 bufferSz;
DerCertList* next; WC_DerCertList* next;
} DerCertList; } WC_DerCertList;
typedef struct ContentInfo ContentInfo;
typedef struct ContentInfo {
byte* data;
ContentInfo* next;
word32 encC; /* encryptedContent */
word32 dataSz;
int type; /* DATA / encrypted / envelpoed */
} ContentInfo;
typedef struct AuthenticatedSafe {
ContentInfo* CI;
byte* data; /* T contents.... */
word32 oid; /* encrypted or not */
word32 numCI; /* number of Content Info structs */
word32 dataSz;
} AuthenticatedSafe;
typedef struct MacData {
byte* digest;
byte* salt;
word32 oid;
word32 digestSz;
word32 saltSz;
int itt; /* number of itterations when creating HMAC key */
} MacData;
/* for friendlyName, localKeyId .... */
typedef struct WC_PKCS12_ATTRIBUTE {
byte* data;
word32 oid;
word32 dataSz;
} WC_PKCS12_ATTRIBUTE;
typedef struct WC_PKCS12 {
void* heap;
AuthenticatedSafe* safe;
MacData* signData;
word32 oid; /* DATA / Enveloped DATA ... */
} WC_PKCS12;
WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void); WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void);
WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12); WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12);
WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12); WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12);
WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
byte** pkey, word32* pkeySz, byte** cert, word32* certSz, byte** pkey, word32* pkeySz, byte** cert, word32* certSz,
DerCertList** ca); WC_DerCertList** ca);
WOLFSSL_LOCAL int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap); WOLFSSL_LOCAL int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap);
WOLFSSL_LOCAL void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12);
#ifdef __cplusplus #ifdef __cplusplus