1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <stdlib.h>
13
14 #include "internal/nelem.h"
15
16 #include <openssl/pkcs12.h>
17 #include <openssl/x509.h>
18 #include <openssl/x509v3.h>
19 #include <openssl/pem.h>
20
21 #include "../testutil.h"
22 #include "pkcs12.h" /* from the same directory */
23
24 /* Set this to > 0 write test data to file */
25 static int write_files = 0;
26
27 static int legacy = 0;
28
29 static OSSL_LIB_CTX *test_ctx = NULL;
30 static const char *test_propq = NULL;
31
32 /* -------------------------------------------------------------------------
33 * Local function declarations
34 */
35
36 static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attrs);
37
38 static void generate_p12(PKCS12_BUILDER *pb, const PKCS12_ENC *mac);
39 static int write_p12(PKCS12 *p12, const char *outfile);
40
41 static PKCS12 *from_bio_p12(BIO *bio, const PKCS12_ENC *mac);
42 static PKCS12 *read_p12(const char *infile, const PKCS12_ENC *mac);
43 static int check_p12_mac(PKCS12 *p12, const PKCS12_ENC *mac);
44 static int check_asn1_string(const ASN1_TYPE *av, const char *txt);
45 static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_ATTR *attrs);
46
47
48 /* --------------------------------------------------------------------------
49 * Global settings
50 */
51
PKCS12_helper_set_write_files(int enable)52 void PKCS12_helper_set_write_files(int enable)
53 {
54 write_files = enable;
55 }
56
PKCS12_helper_set_legacy(int enable)57 void PKCS12_helper_set_legacy(int enable)
58 {
59 legacy = enable;
60 }
61
PKCS12_helper_set_libctx(OSSL_LIB_CTX * libctx)62 void PKCS12_helper_set_libctx(OSSL_LIB_CTX *libctx)
63 {
64 test_ctx = libctx;
65 }
66
PKCS12_helper_set_propq(const char * propq)67 void PKCS12_helper_set_propq(const char *propq)
68 {
69 test_propq = propq;
70 }
71
72
73 /* --------------------------------------------------------------------------
74 * Test data load functions
75 */
76
load_cert_asn1(const unsigned char * bytes,int len)77 static X509 *load_cert_asn1(const unsigned char *bytes, int len)
78 {
79 X509 *cert = NULL;
80
81 cert = d2i_X509(NULL, &bytes, len);
82 if (!TEST_ptr(cert))
83 goto err;
84 err:
85 return cert;
86 }
87
load_pkey_asn1(const unsigned char * bytes,int len)88 static EVP_PKEY *load_pkey_asn1(const unsigned char *bytes, int len)
89 {
90 EVP_PKEY *pkey = NULL;
91
92 pkey = d2i_AutoPrivateKey(NULL, &bytes, len);
93 if (!TEST_ptr(pkey))
94 goto err;
95 err:
96 return pkey;
97 }
98
99 /* -------------------------------------------------------------------------
100 * PKCS12 builder
101 */
102
new_pkcs12_builder(const char * filename)103 PKCS12_BUILDER *new_pkcs12_builder(const char *filename)
104 {
105 PKCS12_BUILDER *pb = OPENSSL_malloc(sizeof(PKCS12_BUILDER));
106 if (!TEST_ptr(pb))
107 return NULL;
108
109 pb->filename = filename;
110 pb->success = 1;
111 return pb;
112 }
113
end_pkcs12_builder(PKCS12_BUILDER * pb)114 int end_pkcs12_builder(PKCS12_BUILDER *pb)
115 {
116 int result = pb->success;
117
118 OPENSSL_free(pb);
119 return result;
120 }
121
122
start_pkcs12(PKCS12_BUILDER * pb)123 void start_pkcs12(PKCS12_BUILDER *pb)
124 {
125 pb->safes = NULL;
126 }
127
128
end_pkcs12(PKCS12_BUILDER * pb)129 void end_pkcs12(PKCS12_BUILDER *pb)
130 {
131 if (!pb->success)
132 return;
133 generate_p12(pb, NULL);
134 }
135
136
end_pkcs12_with_mac(PKCS12_BUILDER * pb,const PKCS12_ENC * mac)137 void end_pkcs12_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac)
138 {
139 if (!pb->success)
140 return;
141 generate_p12(pb, mac);
142 }
143
144
145 /* Generate the PKCS12 encoding and write to memory bio */
generate_p12(PKCS12_BUILDER * pb,const PKCS12_ENC * mac)146 static void generate_p12(PKCS12_BUILDER *pb, const PKCS12_ENC *mac)
147 {
148 PKCS12 *p12;
149 EVP_MD *md = NULL;
150
151 if (!pb->success)
152 return;
153
154 pb->p12bio = BIO_new(BIO_s_mem());
155 if (!TEST_ptr(pb->p12bio)) {
156 pb->success = 0;
157 return;
158 }
159 if (legacy)
160 p12 = PKCS12_add_safes(pb->safes, 0);
161 else
162 p12 = PKCS12_add_safes_ex(pb->safes, 0, test_ctx, test_propq);
163 if (!TEST_ptr(p12)) {
164 pb->success = 0;
165 goto err;
166 }
167 sk_PKCS7_pop_free(pb->safes, PKCS7_free);
168
169 if (mac != NULL) {
170 if (legacy)
171 md = (EVP_MD *)EVP_get_digestbynid(mac->nid);
172 else
173 md = EVP_MD_fetch(test_ctx, OBJ_nid2sn(mac->nid), test_propq);
174
175 if (!TEST_true(PKCS12_set_mac(p12, mac->pass, (int)strlen(mac->pass),
176 NULL, 0, mac->iter, md))) {
177 pb->success = 0;
178 goto err;
179 }
180 }
181 i2d_PKCS12_bio(pb->p12bio, p12);
182
183 /* Can write to file here for debug */
184 if (write_files)
185 write_p12(p12, pb->filename);
186 err:
187 if (!legacy && md != NULL)
188 EVP_MD_free(md);
189 PKCS12_free(p12);
190 }
191
192
write_p12(PKCS12 * p12,const char * outfile)193 static int write_p12(PKCS12 *p12, const char *outfile)
194 {
195 int ret = 0;
196 BIO *out = BIO_new_file(outfile, "w");
197
198 if (out == NULL)
199 goto err;
200
201 if (!TEST_int_eq(i2d_PKCS12_bio(out, p12), 1))
202 goto err;
203 ret = 1;
204 err:
205 BIO_free(out);
206 return ret;
207 }
208
from_bio_p12(BIO * bio,const PKCS12_ENC * mac)209 static PKCS12 *from_bio_p12(BIO *bio, const PKCS12_ENC *mac)
210 {
211 PKCS12 *p12 = NULL;
212
213 /* Supply a p12 with library context/propq to the d2i decoder*/
214 if (!legacy) {
215 p12 = PKCS12_init_ex(NID_pkcs7_data, test_ctx, test_propq);
216 if (!TEST_ptr(p12))
217 goto err;
218 }
219 p12 = d2i_PKCS12_bio(bio, &p12);
220 BIO_free(bio);
221 if (!TEST_ptr(p12))
222 goto err;
223 if (mac == NULL) {
224 if (!TEST_false(PKCS12_mac_present(p12)))
225 goto err;
226 } else {
227 if (!check_p12_mac(p12, mac))
228 goto err;
229 }
230 return p12;
231 err:
232 PKCS12_free(p12);
233 return NULL;
234 }
235
236
237 /* For use with existing files */
read_p12(const char * infile,const PKCS12_ENC * mac)238 static PKCS12 *read_p12(const char *infile, const PKCS12_ENC *mac)
239 {
240 PKCS12 *p12 = NULL;
241 BIO *in = BIO_new_file(infile, "r");
242
243 if (in == NULL)
244 goto err;
245 p12 = d2i_PKCS12_bio(in, NULL);
246 BIO_free(in);
247 if (!TEST_ptr(p12))
248 goto err;
249 if (mac == NULL) {
250 if (!TEST_false(PKCS12_mac_present(p12)))
251 goto err;
252 } else {
253 if (!check_p12_mac(p12, mac))
254 goto err;
255 }
256 return p12;
257 err:
258 PKCS12_free(p12);
259 return NULL;
260 }
261
check_p12_mac(PKCS12 * p12,const PKCS12_ENC * mac)262 static int check_p12_mac(PKCS12 *p12, const PKCS12_ENC *mac)
263 {
264 return TEST_true(PKCS12_mac_present(p12))
265 && TEST_true(PKCS12_verify_mac(p12, mac->pass, (int)strlen(mac->pass)));
266 }
267
268
269 /* -------------------------------------------------------------------------
270 * PKCS7 content info builder
271 */
272
start_contentinfo(PKCS12_BUILDER * pb)273 void start_contentinfo(PKCS12_BUILDER *pb)
274 {
275 pb->bags = NULL;
276 }
277
278
end_contentinfo(PKCS12_BUILDER * pb)279 void end_contentinfo(PKCS12_BUILDER *pb)
280 {
281 if (pb->success && pb->bags != NULL) {
282 if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, -1, 0, NULL)))
283 pb->success = 0;
284 }
285 sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free);
286 pb->bags = NULL;
287 }
288
289
end_contentinfo_encrypted(PKCS12_BUILDER * pb,const PKCS12_ENC * enc)290 void end_contentinfo_encrypted(PKCS12_BUILDER *pb, const PKCS12_ENC *enc)
291 {
292 if (pb->success && pb->bags != NULL) {
293 if (legacy) {
294 if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, enc->nid,
295 enc->iter, enc->pass)))
296 pb->success = 0;
297 } else {
298 if (!TEST_true(PKCS12_add_safe_ex(&pb->safes, pb->bags, enc->nid,
299 enc->iter, enc->pass, test_ctx,
300 test_propq)))
301 pb->success = 0;
302 }
303 }
304 sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free);
305 pb->bags = NULL;
306 }
307
308
STACK_OF(PKCS12_SAFEBAG)309 static STACK_OF(PKCS12_SAFEBAG) *decode_contentinfo(STACK_OF(PKCS7) *safes, int idx, const PKCS12_ENC *enc)
310 {
311 STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
312 int bagnid;
313 PKCS7 *p7 = sk_PKCS7_value(safes, idx);
314
315 if (!TEST_ptr(p7))
316 goto err;
317
318 bagnid = OBJ_obj2nid(p7->type);
319 if (enc) {
320 if (!TEST_int_eq(bagnid, NID_pkcs7_encrypted))
321 goto err;
322 bags = PKCS12_unpack_p7encdata(p7, enc->pass, (int)strlen(enc->pass));
323 } else {
324 if (!TEST_int_eq(bagnid, NID_pkcs7_data))
325 goto err;
326 bags = PKCS12_unpack_p7data(p7);
327 }
328 if (!TEST_ptr(bags))
329 goto err;
330
331 return bags;
332 err:
333 return NULL;
334 }
335
336
337 /* -------------------------------------------------------------------------
338 * PKCS12 safeBag/attribute builder
339 */
340
add_attributes(PKCS12_SAFEBAG * bag,const PKCS12_ATTR * attr)341 static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attr)
342 {
343 int ret = 0;
344 int attr_nid;
345 const PKCS12_ATTR *p_attr = attr;
346 STACK_OF(X509_ATTRIBUTE)* attrs = NULL;
347 X509_ATTRIBUTE *x509_attr = NULL;
348
349 if (attr == NULL)
350 return 1;
351
352 while (p_attr->oid != NULL) {
353 TEST_info("Adding attribute %s = %s", p_attr->oid, p_attr->value);
354 attr_nid = OBJ_txt2nid(p_attr->oid);
355
356 if (attr_nid == NID_friendlyName) {
357 if (!TEST_true(PKCS12_add_friendlyname(bag, p_attr->value, -1)))
358 goto err;
359 } else if (attr_nid == NID_localKeyID) {
360 if (!TEST_true(PKCS12_add_localkeyid(bag, (unsigned char *)p_attr->value,
361 (int)strlen(p_attr->value))))
362 goto err;
363 } else if (attr_nid == NID_oracle_jdk_trustedkeyusage) {
364 attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag);
365 x509_attr = X509_ATTRIBUTE_create(attr_nid, V_ASN1_OBJECT, OBJ_txt2obj(p_attr->value, 0));
366 X509at_add1_attr(&attrs, x509_attr);
367 PKCS12_SAFEBAG_set0_attrs(bag, attrs);
368 X509_ATTRIBUTE_free(x509_attr);
369 } else {
370 /* Custom attribute values limited to ASCII in these tests */
371 if (!TEST_true(PKCS12_add1_attr_by_txt(bag, p_attr->oid, MBSTRING_ASC,
372 (unsigned char *)p_attr->value,
373 (int)strlen(p_attr->value))))
374 goto err;
375 }
376 p_attr++;
377 }
378 ret = 1;
379 err:
380 return ret;
381 }
382
add_certbag(PKCS12_BUILDER * pb,const unsigned char * bytes,int len,const PKCS12_ATTR * attrs)383 void add_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
384 const PKCS12_ATTR *attrs)
385 {
386 PKCS12_SAFEBAG *bag = NULL;
387 X509 *cert = NULL;
388 char *name;
389
390 if (!pb->success)
391 return;
392
393 cert = load_cert_asn1(bytes, len);
394 if (!TEST_ptr(cert)) {
395 pb->success = 0;
396 return;
397 }
398
399 name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
400 TEST_info("Adding certificate <%s>", name);
401 OPENSSL_free(name);
402
403 bag = PKCS12_add_cert(&pb->bags, cert);
404 if (!TEST_ptr(bag)) {
405 pb->success = 0;
406 goto err;
407 }
408
409 if (!TEST_true(add_attributes(bag, attrs))) {
410 pb->success = 0;
411 goto err;
412 }
413 err:
414 X509_free(cert);
415 }
416
add_keybag(PKCS12_BUILDER * pb,const unsigned char * bytes,int len,const PKCS12_ATTR * attrs,const PKCS12_ENC * enc)417 void add_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
418 const PKCS12_ATTR *attrs, const PKCS12_ENC *enc)
419 {
420 PKCS12_SAFEBAG *bag = NULL;
421 EVP_PKEY *pkey = NULL;
422
423 if (!pb->success)
424 return;
425
426 TEST_info("Adding key");
427
428 pkey = load_pkey_asn1(bytes, len);
429 if (!TEST_ptr(pkey)) {
430 pb->success = 0;
431 return;
432 }
433
434 if (legacy)
435 bag = PKCS12_add_key(&pb->bags, pkey, 0 /*keytype*/, enc->iter, enc->nid, enc->pass);
436 else
437 bag = PKCS12_add_key_ex(&pb->bags, pkey, 0 /*keytype*/, enc->iter, enc->nid, enc->pass,
438 test_ctx, test_propq);
439 if (!TEST_ptr(bag)) {
440 pb->success = 0;
441 goto err;
442 }
443 if (!add_attributes(bag, attrs))
444 pb->success = 0;
445 err:
446 EVP_PKEY_free(pkey);
447 }
448
add_secretbag(PKCS12_BUILDER * pb,int secret_nid,const char * secret,const PKCS12_ATTR * attrs)449 void add_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret,
450 const PKCS12_ATTR *attrs)
451 {
452 PKCS12_SAFEBAG *bag = NULL;
453
454 if (!pb->success)
455 return;
456
457 TEST_info("Adding secret <%s>", secret);
458
459 bag = PKCS12_add_secret(&pb->bags, secret_nid,
460 (const unsigned char *)secret, (int)strlen(secret));
461 if (!TEST_ptr(bag)) {
462 pb->success = 0;
463 return;
464 }
465 if (!add_attributes(bag, attrs))
466 pb->success = 0;
467 }
468
469
470 /* -------------------------------------------------------------------------
471 * PKCS12 structure checking
472 */
473
check_asn1_string(const ASN1_TYPE * av,const char * txt)474 static int check_asn1_string(const ASN1_TYPE *av, const char *txt)
475 {
476 int ret = 0;
477 char *value = NULL;
478
479 if (!TEST_ptr(av))
480 goto err;
481
482 switch (av->type) {
483 case V_ASN1_BMPSTRING:
484 value = OPENSSL_uni2asc(av->value.bmpstring->data,
485 av->value.bmpstring->length);
486 if (!TEST_str_eq(txt, (char *)value))
487 goto err;
488 break;
489
490 case V_ASN1_UTF8STRING:
491 if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data,
492 av->value.utf8string->length))
493 goto err;
494 break;
495
496 case V_ASN1_OCTET_STRING:
497 if (!TEST_mem_eq(txt, strlen(txt),
498 (char *)av->value.octet_string->data,
499 av->value.octet_string->length))
500 goto err;
501 break;
502
503 default:
504 /* Tests do not support other attribute types currently */
505 goto err;
506 }
507 ret = 1;
508 err:
509 OPENSSL_free(value);
510 return ret;
511 }
512
check_attrs(const STACK_OF (X509_ATTRIBUTE)* bag_attrs,const PKCS12_ATTR * attrs)513 static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_ATTR *attrs)
514 {
515 int ret = 0;
516 X509_ATTRIBUTE *attr;
517 ASN1_TYPE *av;
518 int i, j;
519 char attr_txt[100];
520
521 for (i = 0; i < sk_X509_ATTRIBUTE_num(bag_attrs); i++) {
522 const PKCS12_ATTR *p_attr = attrs;
523 ASN1_OBJECT *attr_obj;
524
525 attr = sk_X509_ATTRIBUTE_value(bag_attrs, i);
526 attr_obj = X509_ATTRIBUTE_get0_object(attr);
527 OBJ_obj2txt(attr_txt, 100, attr_obj, 0);
528
529 while (p_attr->oid != NULL) {
530 /* Find a matching attribute type */
531 if (strcmp(p_attr->oid, attr_txt) == 0) {
532 if (!TEST_int_eq(X509_ATTRIBUTE_count(attr), 1))
533 goto err;
534
535 for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) {
536 av = X509_ATTRIBUTE_get0_type(attr, j);
537 if (!TEST_true(check_asn1_string(av, p_attr->value)))
538 goto err;
539 }
540 break;
541 }
542 p_attr++;
543 }
544 }
545 ret = 1;
546 err:
547 return ret;
548 }
549
check_certbag(PKCS12_BUILDER * pb,const unsigned char * bytes,int len,const PKCS12_ATTR * attrs)550 void check_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
551 const PKCS12_ATTR *attrs)
552 {
553 X509 *x509 = NULL;
554 X509 *ref_x509 = NULL;
555 const PKCS12_SAFEBAG *bag;
556
557 if (!pb->success)
558 return;
559
560 bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++);
561 if (!TEST_ptr(bag)) {
562 pb->success = 0;
563 return;
564 }
565 if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs)
566 || !TEST_int_eq(PKCS12_SAFEBAG_get_nid(bag), NID_certBag)
567 || !TEST_int_eq(PKCS12_SAFEBAG_get_bag_nid(bag), NID_x509Certificate)) {
568 pb->success = 0;
569 return;
570 }
571 x509 = PKCS12_SAFEBAG_get1_cert(bag);
572 if (!TEST_ptr(x509)) {
573 pb->success = 0;
574 goto err;
575 }
576 ref_x509 = load_cert_asn1(bytes, len);
577 if (!TEST_false(X509_cmp(x509, ref_x509)))
578 pb->success = 0;
579 err:
580 X509_free(x509);
581 X509_free(ref_x509);
582 }
583
check_keybag(PKCS12_BUILDER * pb,const unsigned char * bytes,int len,const PKCS12_ATTR * attrs,const PKCS12_ENC * enc)584 void check_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
585 const PKCS12_ATTR *attrs, const PKCS12_ENC *enc)
586 {
587 EVP_PKEY *pkey = NULL;
588 EVP_PKEY *ref_pkey = NULL;
589 PKCS8_PRIV_KEY_INFO *p8;
590 const PKCS8_PRIV_KEY_INFO *p8c;
591 const PKCS12_SAFEBAG *bag;
592
593 if (!pb->success)
594 return;
595
596 bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++);
597 if (!TEST_ptr(bag)) {
598 pb->success = 0;
599 return;
600 }
601
602 if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs)) {
603 pb->success = 0;
604 return;
605 }
606
607 switch (PKCS12_SAFEBAG_get_nid(bag)) {
608 case NID_keyBag:
609 p8c = PKCS12_SAFEBAG_get0_p8inf(bag);
610 if (!TEST_ptr(pkey = EVP_PKCS82PKEY(p8c))) {
611 pb->success = 0;
612 goto err;
613 }
614 break;
615
616 case NID_pkcs8ShroudedKeyBag:
617 if (legacy)
618 p8 = PKCS12_decrypt_skey(bag, enc->pass, (int)strlen(enc->pass));
619 else
620 p8 = PKCS12_decrypt_skey_ex(bag, enc->pass, (int)strlen(enc->pass),
621 test_ctx, test_propq);
622 if (!TEST_ptr(p8)) {
623 pb->success = 0;
624 goto err;
625 }
626 if (!TEST_ptr(pkey = EVP_PKCS82PKEY(p8))) {
627 PKCS8_PRIV_KEY_INFO_free(p8);
628 pb->success = 0;
629 goto err;
630 }
631 PKCS8_PRIV_KEY_INFO_free(p8);
632 break;
633
634 default:
635 pb->success = 0;
636 goto err;
637 }
638
639 /* PKEY compare returns 1 for match */
640 ref_pkey = load_pkey_asn1(bytes, len);
641 if (!TEST_true(EVP_PKEY_eq(pkey, ref_pkey)))
642 pb->success = 0;
643 err:
644 EVP_PKEY_free(pkey);
645 EVP_PKEY_free(ref_pkey);
646 }
647
check_secretbag(PKCS12_BUILDER * pb,int secret_nid,const char * secret,const PKCS12_ATTR * attrs)648 void check_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret, const PKCS12_ATTR *attrs)
649 {
650 const PKCS12_SAFEBAG *bag;
651
652 if (!pb->success)
653 return;
654
655 bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++);
656 if (!TEST_ptr(bag)) {
657 pb->success = 0;
658 return;
659 }
660
661 if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs)
662 || !TEST_int_eq(PKCS12_SAFEBAG_get_nid(bag), NID_secretBag)
663 || !TEST_int_eq(PKCS12_SAFEBAG_get_bag_nid(bag), secret_nid)
664 || !TEST_true(check_asn1_string(PKCS12_SAFEBAG_get0_bag_obj(bag), secret)))
665 pb->success = 0;
666 }
667
668
start_check_pkcs12(PKCS12_BUILDER * pb)669 void start_check_pkcs12(PKCS12_BUILDER *pb)
670 {
671 PKCS12 *p12;
672
673 if (!pb->success)
674 return;
675
676 p12 = from_bio_p12(pb->p12bio, NULL);
677 if (!TEST_ptr(p12)) {
678 pb->success = 0;
679 return;
680 }
681 pb->safes = PKCS12_unpack_authsafes(p12);
682 if (!TEST_ptr(pb->safes))
683 pb->success = 0;
684
685 pb->safe_idx = 0;
686 PKCS12_free(p12);
687 }
688
start_check_pkcs12_with_mac(PKCS12_BUILDER * pb,const PKCS12_ENC * mac)689 void start_check_pkcs12_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac)
690 {
691 PKCS12 *p12;
692
693 if (!pb->success)
694 return;
695
696 p12 = from_bio_p12(pb->p12bio, mac);
697 if (!TEST_ptr(p12)) {
698 pb->success = 0;
699 return;
700 }
701 pb->safes = PKCS12_unpack_authsafes(p12);
702 if (!TEST_ptr(pb->safes))
703 pb->success = 0;
704
705 pb->safe_idx = 0;
706 PKCS12_free(p12);
707 }
708
start_check_pkcs12_file(PKCS12_BUILDER * pb)709 void start_check_pkcs12_file(PKCS12_BUILDER *pb)
710 {
711 PKCS12 *p12;
712
713 if (!pb->success)
714 return;
715
716 p12 = read_p12(pb->filename, NULL);
717 if (!TEST_ptr(p12)) {
718 pb->success = 0;
719 return;
720 }
721 pb->safes = PKCS12_unpack_authsafes(p12);
722 if (!TEST_ptr(pb->safes))
723 pb->success = 0;
724
725 pb->safe_idx = 0;
726 PKCS12_free(p12);
727 }
728
start_check_pkcs12_file_with_mac(PKCS12_BUILDER * pb,const PKCS12_ENC * mac)729 void start_check_pkcs12_file_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac)
730 {
731 PKCS12 *p12;
732
733 if (!pb->success)
734 return;
735
736 p12 = read_p12(pb->filename, mac);
737 if (!TEST_ptr(p12)) {
738 pb->success = 0;
739 return;
740 }
741 pb->safes = PKCS12_unpack_authsafes(p12);
742 if (!TEST_ptr(pb->safes))
743 pb->success = 0;
744
745 pb->safe_idx = 0;
746 PKCS12_free(p12);
747 }
748
end_check_pkcs12(PKCS12_BUILDER * pb)749 void end_check_pkcs12(PKCS12_BUILDER *pb)
750 {
751 if (!pb->success)
752 return;
753
754 sk_PKCS7_pop_free(pb->safes, PKCS7_free);
755 }
756
757
start_check_contentinfo(PKCS12_BUILDER * pb)758 void start_check_contentinfo(PKCS12_BUILDER *pb)
759 {
760 if (!pb->success)
761 return;
762
763 pb->bag_idx = 0;
764 pb->bags = decode_contentinfo(pb->safes, pb->safe_idx++, NULL);
765 if (!TEST_ptr(pb->bags)) {
766 pb->success = 0;
767 return;
768 }
769 TEST_info("Decoding %d bags", sk_PKCS12_SAFEBAG_num(pb->bags));
770 }
771
start_check_contentinfo_encrypted(PKCS12_BUILDER * pb,const PKCS12_ENC * enc)772 void start_check_contentinfo_encrypted(PKCS12_BUILDER *pb, const PKCS12_ENC *enc)
773 {
774 if (!pb->success)
775 return;
776
777 pb->bag_idx = 0;
778 pb->bags = decode_contentinfo(pb->safes, pb->safe_idx++, enc);
779 if (!TEST_ptr(pb->bags)) {
780 pb->success = 0;
781 return;
782 }
783 TEST_info("Decoding %d bags", sk_PKCS12_SAFEBAG_num(pb->bags));
784 }
785
786
end_check_contentinfo(PKCS12_BUILDER * pb)787 void end_check_contentinfo(PKCS12_BUILDER *pb)
788 {
789 if (!pb->success)
790 return;
791
792 if (!TEST_int_eq(sk_PKCS12_SAFEBAG_num(pb->bags), pb->bag_idx))
793 pb->success = 0;
794 sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free);
795 pb->bags = NULL;
796 }
797
798
799