1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <stdlib.h>
13
14 #include "internal/nelem.h"
15
16 #include <openssl/pkcs12.h>
17 #include <openssl/x509.h>
18 #include <openssl/x509v3.h>
19 #include <openssl/pem.h>
20
21 #include "../testutil.h"
22 #include "pkcs12.h" /* from the same directory */
23
24 /* Set this to > 0 write test data to file */
25 static int write_files = 0;
26
27 static int legacy = 0;
28
29 static OSSL_LIB_CTX *test_ctx = NULL;
30 static const char *test_propq = NULL;
31
32 /* -------------------------------------------------------------------------
33 * Local function declarations
34 */
35
36 static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attrs);
37
38 static void generate_p12(PKCS12_BUILDER *pb, const PKCS12_ENC *mac);
39 static int write_p12(PKCS12 *p12, const char *outfile);
40
41 static PKCS12 *from_bio_p12(BIO *bio, const PKCS12_ENC *mac);
42 static PKCS12 *read_p12(const char *infile, const PKCS12_ENC *mac);
43 static int check_p12_mac(PKCS12 *p12, const PKCS12_ENC *mac);
44 static int check_asn1_string(const ASN1_TYPE *av, const char *txt);
45 static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_ATTR *attrs);
46
47 /* --------------------------------------------------------------------------
48 * Global settings
49 */
50
PKCS12_helper_set_write_files(int enable)51 void PKCS12_helper_set_write_files(int enable)
52 {
53 write_files = enable;
54 }
55
PKCS12_helper_set_legacy(int enable)56 void PKCS12_helper_set_legacy(int enable)
57 {
58 legacy = enable;
59 }
60
PKCS12_helper_set_libctx(OSSL_LIB_CTX * libctx)61 void PKCS12_helper_set_libctx(OSSL_LIB_CTX *libctx)
62 {
63 test_ctx = libctx;
64 }
65
PKCS12_helper_set_propq(const char * propq)66 void PKCS12_helper_set_propq(const char *propq)
67 {
68 test_propq = propq;
69 }
70
71 /* --------------------------------------------------------------------------
72 * Test data load functions
73 */
74
load_cert_asn1(const unsigned char * bytes,int len)75 static X509 *load_cert_asn1(const unsigned char *bytes, int len)
76 {
77 X509 *cert = NULL;
78
79 cert = d2i_X509(NULL, &bytes, len);
80 if (!TEST_ptr(cert))
81 goto err;
82 err:
83 return cert;
84 }
85
load_pkey_asn1(const unsigned char * bytes,int len)86 static EVP_PKEY *load_pkey_asn1(const unsigned char *bytes, int len)
87 {
88 EVP_PKEY *pkey = NULL;
89
90 pkey = d2i_AutoPrivateKey(NULL, &bytes, len);
91 if (!TEST_ptr(pkey))
92 goto err;
93 err:
94 return pkey;
95 }
96
97 /* -------------------------------------------------------------------------
98 * PKCS12 builder
99 */
100
new_pkcs12_builder(const char * filename)101 PKCS12_BUILDER *new_pkcs12_builder(const char *filename)
102 {
103 PKCS12_BUILDER *pb = OPENSSL_malloc(sizeof(PKCS12_BUILDER));
104 if (!TEST_ptr(pb))
105 return NULL;
106
107 pb->filename = filename;
108 pb->success = 1;
109 return pb;
110 }
111
end_pkcs12_builder(PKCS12_BUILDER * pb)112 int end_pkcs12_builder(PKCS12_BUILDER *pb)
113 {
114 int result = pb->success;
115
116 OPENSSL_free(pb);
117 return result;
118 }
119
start_pkcs12(PKCS12_BUILDER * pb)120 void start_pkcs12(PKCS12_BUILDER *pb)
121 {
122 pb->safes = NULL;
123 }
124
end_pkcs12(PKCS12_BUILDER * pb)125 void end_pkcs12(PKCS12_BUILDER *pb)
126 {
127 if (!pb->success)
128 return;
129 generate_p12(pb, NULL);
130 }
131
end_pkcs12_with_mac(PKCS12_BUILDER * pb,const PKCS12_ENC * mac)132 void end_pkcs12_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac)
133 {
134 if (!pb->success)
135 return;
136 generate_p12(pb, mac);
137 }
138
139 /* Generate the PKCS12 encoding and write to memory bio */
generate_p12(PKCS12_BUILDER * pb,const PKCS12_ENC * mac)140 static void generate_p12(PKCS12_BUILDER *pb, const PKCS12_ENC *mac)
141 {
142 PKCS12 *p12;
143 EVP_MD *md = NULL;
144
145 if (!pb->success)
146 return;
147
148 pb->p12bio = BIO_new(BIO_s_mem());
149 if (!TEST_ptr(pb->p12bio)) {
150 pb->success = 0;
151 return;
152 }
153 if (legacy)
154 p12 = PKCS12_add_safes(pb->safes, 0);
155 else
156 p12 = PKCS12_add_safes_ex(pb->safes, 0, test_ctx, test_propq);
157 if (!TEST_ptr(p12)) {
158 pb->success = 0;
159 goto err;
160 }
161 sk_PKCS7_pop_free(pb->safes, PKCS7_free);
162
163 if (mac != NULL) {
164 if (legacy)
165 md = (EVP_MD *)EVP_get_digestbynid(mac->nid);
166 else
167 md = EVP_MD_fetch(test_ctx, OBJ_nid2sn(mac->nid), test_propq);
168
169 if (!TEST_true(PKCS12_set_mac(p12, mac->pass, strlen(mac->pass),
170 NULL, 0, mac->iter, md))) {
171 pb->success = 0;
172 goto err;
173 }
174 }
175 i2d_PKCS12_bio(pb->p12bio, p12);
176
177 /* Can write to file here for debug */
178 if (write_files)
179 write_p12(p12, pb->filename);
180 err:
181 if (!legacy && md != NULL)
182 EVP_MD_free(md);
183 PKCS12_free(p12);
184 }
185
write_p12(PKCS12 * p12,const char * outfile)186 static int write_p12(PKCS12 *p12, const char *outfile)
187 {
188 int ret = 0;
189 BIO *out = BIO_new_file(outfile, "w");
190
191 if (out == NULL)
192 goto err;
193
194 if (!TEST_int_eq(i2d_PKCS12_bio(out, p12), 1))
195 goto err;
196 ret = 1;
197 err:
198 BIO_free(out);
199 return ret;
200 }
201
from_bio_p12(BIO * bio,const PKCS12_ENC * mac)202 static PKCS12 *from_bio_p12(BIO *bio, const PKCS12_ENC *mac)
203 {
204 PKCS12 *p12 = NULL;
205
206 /* Supply a p12 with library context/propq to the d2i decoder*/
207 if (!legacy) {
208 p12 = PKCS12_init_ex(NID_pkcs7_data, test_ctx, test_propq);
209 if (!TEST_ptr(p12))
210 goto err;
211 }
212 p12 = d2i_PKCS12_bio(bio, &p12);
213 BIO_free(bio);
214 if (!TEST_ptr(p12))
215 goto err;
216 if (mac == NULL) {
217 if (!TEST_false(PKCS12_mac_present(p12)))
218 goto err;
219 } else {
220 if (!check_p12_mac(p12, mac))
221 goto err;
222 }
223 return p12;
224 err:
225 PKCS12_free(p12);
226 return NULL;
227 }
228
229 /* For use with existing files */
read_p12(const char * infile,const PKCS12_ENC * mac)230 static PKCS12 *read_p12(const char *infile, const PKCS12_ENC *mac)
231 {
232 PKCS12 *p12 = NULL;
233 BIO *in = BIO_new_file(infile, "r");
234
235 if (in == NULL)
236 goto err;
237 p12 = d2i_PKCS12_bio(in, NULL);
238 BIO_free(in);
239 if (!TEST_ptr(p12))
240 goto err;
241 if (mac == NULL) {
242 if (!TEST_false(PKCS12_mac_present(p12)))
243 goto err;
244 } else {
245 if (!check_p12_mac(p12, mac))
246 goto err;
247 }
248 return p12;
249 err:
250 PKCS12_free(p12);
251 return NULL;
252 }
253
check_p12_mac(PKCS12 * p12,const PKCS12_ENC * mac)254 static int check_p12_mac(PKCS12 *p12, const PKCS12_ENC *mac)
255 {
256 return TEST_true(PKCS12_mac_present(p12))
257 && TEST_true(PKCS12_verify_mac(p12, mac->pass, strlen(mac->pass)));
258 }
259
260 /* -------------------------------------------------------------------------
261 * PKCS7 content info builder
262 */
263
start_contentinfo(PKCS12_BUILDER * pb)264 void start_contentinfo(PKCS12_BUILDER *pb)
265 {
266 pb->bags = NULL;
267 }
268
end_contentinfo(PKCS12_BUILDER * pb)269 void end_contentinfo(PKCS12_BUILDER *pb)
270 {
271 if (pb->success && pb->bags != NULL) {
272 if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, -1, 0, NULL)))
273 pb->success = 0;
274 }
275 sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free);
276 pb->bags = NULL;
277 }
278
end_contentinfo_encrypted(PKCS12_BUILDER * pb,const PKCS12_ENC * enc)279 void end_contentinfo_encrypted(PKCS12_BUILDER *pb, const PKCS12_ENC *enc)
280 {
281 if (pb->success && pb->bags != NULL) {
282 if (legacy) {
283 if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, enc->nid,
284 enc->iter, enc->pass)))
285 pb->success = 0;
286 } else {
287 if (!TEST_true(PKCS12_add_safe_ex(&pb->safes, pb->bags, enc->nid,
288 enc->iter, enc->pass, test_ctx,
289 test_propq)))
290 pb->success = 0;
291 }
292 }
293 sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free);
294 pb->bags = NULL;
295 }
296
STACK_OF(PKCS12_SAFEBAG)297 static STACK_OF(PKCS12_SAFEBAG) *decode_contentinfo(STACK_OF(PKCS7) *safes, int idx, const PKCS12_ENC *enc)
298 {
299 STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
300 int bagnid;
301 PKCS7 *p7 = sk_PKCS7_value(safes, idx);
302
303 if (!TEST_ptr(p7))
304 goto err;
305
306 bagnid = OBJ_obj2nid(p7->type);
307 if (enc) {
308 if (!TEST_int_eq(bagnid, NID_pkcs7_encrypted))
309 goto err;
310 bags = PKCS12_unpack_p7encdata(p7, enc->pass, strlen(enc->pass));
311 } else {
312 if (!TEST_int_eq(bagnid, NID_pkcs7_data))
313 goto err;
314 bags = PKCS12_unpack_p7data(p7);
315 }
316 if (!TEST_ptr(bags))
317 goto err;
318
319 return bags;
320 err:
321 return NULL;
322 }
323
324 /* -------------------------------------------------------------------------
325 * PKCS12 safeBag/attribute builder
326 */
327
add_attributes(PKCS12_SAFEBAG * bag,const PKCS12_ATTR * attr)328 static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attr)
329 {
330 int ret = 0;
331 int attr_nid;
332 const PKCS12_ATTR *p_attr = attr;
333 STACK_OF(X509_ATTRIBUTE) *attrs = NULL;
334 X509_ATTRIBUTE *x509_attr = NULL;
335
336 if (attr == NULL)
337 return 1;
338
339 while (p_attr->oid != NULL) {
340 TEST_info("Adding attribute %s = %s", p_attr->oid, p_attr->value);
341 attr_nid = OBJ_txt2nid(p_attr->oid);
342
343 if (attr_nid == NID_friendlyName) {
344 if (!TEST_true(PKCS12_add_friendlyname(bag, p_attr->value, -1)))
345 goto err;
346 } else if (attr_nid == NID_localKeyID) {
347 if (!TEST_true(PKCS12_add_localkeyid(bag, (unsigned char *)p_attr->value,
348 strlen(p_attr->value))))
349 goto err;
350 } else if (attr_nid == NID_oracle_jdk_trustedkeyusage) {
351 attrs = (STACK_OF(X509_ATTRIBUTE) *)PKCS12_SAFEBAG_get0_attrs(bag);
352 x509_attr = X509_ATTRIBUTE_create(attr_nid, V_ASN1_OBJECT, OBJ_txt2obj(p_attr->value, 0));
353 X509at_add1_attr(&attrs, x509_attr);
354 PKCS12_SAFEBAG_set0_attrs(bag, attrs);
355 X509_ATTRIBUTE_free(x509_attr);
356 } else {
357 /* Custom attribute values limited to ASCII in these tests */
358 if (!TEST_true(PKCS12_add1_attr_by_txt(bag, p_attr->oid, MBSTRING_ASC,
359 (unsigned char *)p_attr->value,
360 strlen(p_attr->value))))
361 goto err;
362 }
363 p_attr++;
364 }
365 ret = 1;
366 err:
367 return ret;
368 }
369
add_certbag(PKCS12_BUILDER * pb,const unsigned char * bytes,int len,const PKCS12_ATTR * attrs)370 void add_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
371 const PKCS12_ATTR *attrs)
372 {
373 PKCS12_SAFEBAG *bag = NULL;
374 X509 *cert = NULL;
375 char *name;
376
377 if (!pb->success)
378 return;
379
380 cert = load_cert_asn1(bytes, len);
381 if (!TEST_ptr(cert)) {
382 pb->success = 0;
383 return;
384 }
385
386 name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
387 TEST_info("Adding certificate <%s>", name);
388 OPENSSL_free(name);
389
390 bag = PKCS12_add_cert(&pb->bags, cert);
391 if (!TEST_ptr(bag)) {
392 pb->success = 0;
393 goto err;
394 }
395
396 if (!TEST_true(add_attributes(bag, attrs))) {
397 pb->success = 0;
398 goto err;
399 }
400 err:
401 X509_free(cert);
402 }
403
add_keybag(PKCS12_BUILDER * pb,const unsigned char * bytes,int len,const PKCS12_ATTR * attrs,const PKCS12_ENC * enc)404 void add_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
405 const PKCS12_ATTR *attrs, const PKCS12_ENC *enc)
406 {
407 PKCS12_SAFEBAG *bag = NULL;
408 EVP_PKEY *pkey = NULL;
409
410 if (!pb->success)
411 return;
412
413 TEST_info("Adding key");
414
415 pkey = load_pkey_asn1(bytes, len);
416 if (!TEST_ptr(pkey)) {
417 pb->success = 0;
418 return;
419 }
420
421 if (legacy)
422 bag = PKCS12_add_key(&pb->bags, pkey, 0 /*keytype*/, enc->iter, enc->nid, enc->pass);
423 else
424 bag = PKCS12_add_key_ex(&pb->bags, pkey, 0 /*keytype*/, enc->iter, enc->nid, enc->pass,
425 test_ctx, test_propq);
426 if (!TEST_ptr(bag)) {
427 pb->success = 0;
428 goto err;
429 }
430 if (!add_attributes(bag, attrs))
431 pb->success = 0;
432 err:
433 EVP_PKEY_free(pkey);
434 }
435
add_secretbag(PKCS12_BUILDER * pb,int secret_nid,const char * secret,const PKCS12_ATTR * attrs)436 void add_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret,
437 const PKCS12_ATTR *attrs)
438 {
439 PKCS12_SAFEBAG *bag = NULL;
440
441 if (!pb->success)
442 return;
443
444 TEST_info("Adding secret <%s>", secret);
445
446 bag = PKCS12_add_secret(&pb->bags, secret_nid, (const unsigned char *)secret, strlen(secret));
447 if (!TEST_ptr(bag)) {
448 pb->success = 0;
449 return;
450 }
451 if (!add_attributes(bag, attrs))
452 pb->success = 0;
453 }
454
455 /* -------------------------------------------------------------------------
456 * PKCS12 structure checking
457 */
458
check_asn1_string(const ASN1_TYPE * av,const char * txt)459 static int check_asn1_string(const ASN1_TYPE *av, const char *txt)
460 {
461 int ret = 0;
462 char *value = NULL;
463
464 if (!TEST_ptr(av))
465 goto err;
466
467 switch (av->type) {
468 case V_ASN1_BMPSTRING:
469 value = OPENSSL_uni2asc(av->value.bmpstring->data,
470 av->value.bmpstring->length);
471 if (!TEST_str_eq(txt, (char *)value))
472 goto err;
473 break;
474
475 case V_ASN1_UTF8STRING:
476 if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data,
477 av->value.utf8string->length))
478 goto err;
479 break;
480
481 case V_ASN1_OCTET_STRING:
482 if (!TEST_mem_eq(txt, strlen(txt),
483 (char *)av->value.octet_string->data,
484 av->value.octet_string->length))
485 goto err;
486 break;
487
488 default:
489 /* Tests do not support other attribute types currently */
490 goto err;
491 }
492 ret = 1;
493 err:
494 OPENSSL_free(value);
495 return ret;
496 }
497
check_attrs(const STACK_OF (X509_ATTRIBUTE)* bag_attrs,const PKCS12_ATTR * attrs)498 static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_ATTR *attrs)
499 {
500 int ret = 0;
501 X509_ATTRIBUTE *attr;
502 ASN1_TYPE *av;
503 int i, j;
504 char attr_txt[100];
505
506 for (i = 0; i < sk_X509_ATTRIBUTE_num(bag_attrs); i++) {
507 const PKCS12_ATTR *p_attr = attrs;
508 ASN1_OBJECT *attr_obj;
509
510 attr = sk_X509_ATTRIBUTE_value(bag_attrs, i);
511 attr_obj = X509_ATTRIBUTE_get0_object(attr);
512 OBJ_obj2txt(attr_txt, 100, attr_obj, 0);
513
514 while (p_attr->oid != NULL) {
515 /* Find a matching attribute type */
516 if (strcmp(p_attr->oid, attr_txt) == 0) {
517 if (!TEST_int_eq(X509_ATTRIBUTE_count(attr), 1))
518 goto err;
519
520 for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) {
521 av = X509_ATTRIBUTE_get0_type(attr, j);
522 if (!TEST_true(check_asn1_string(av, p_attr->value)))
523 goto err;
524 }
525 break;
526 }
527 p_attr++;
528 }
529 }
530 ret = 1;
531 err:
532 return ret;
533 }
534
check_certbag(PKCS12_BUILDER * pb,const unsigned char * bytes,int len,const PKCS12_ATTR * attrs)535 void check_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
536 const PKCS12_ATTR *attrs)
537 {
538 X509 *x509 = NULL;
539 X509 *ref_x509 = NULL;
540 const PKCS12_SAFEBAG *bag;
541
542 if (!pb->success)
543 return;
544
545 bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++);
546 if (!TEST_ptr(bag)) {
547 pb->success = 0;
548 return;
549 }
550 if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs)
551 || !TEST_int_eq(PKCS12_SAFEBAG_get_nid(bag), NID_certBag)
552 || !TEST_int_eq(PKCS12_SAFEBAG_get_bag_nid(bag), NID_x509Certificate)) {
553 pb->success = 0;
554 return;
555 }
556 x509 = PKCS12_SAFEBAG_get1_cert(bag);
557 if (!TEST_ptr(x509)) {
558 pb->success = 0;
559 goto err;
560 }
561 if (!TEST_ptr_null(PKCS12_SAFEBAG_get0_bag_obj(bag))) {
562 pb->success = 0;
563 goto err;
564 }
565
566 ref_x509 = load_cert_asn1(bytes, len);
567 if (!TEST_false(X509_cmp(x509, ref_x509)))
568 pb->success = 0;
569 err:
570 X509_free(x509);
571 X509_free(ref_x509);
572 }
573
check_keybag(PKCS12_BUILDER * pb,const unsigned char * bytes,int len,const PKCS12_ATTR * attrs,const PKCS12_ENC * enc)574 void check_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
575 const PKCS12_ATTR *attrs, const PKCS12_ENC *enc)
576 {
577 EVP_PKEY *pkey = NULL;
578 EVP_PKEY *ref_pkey = NULL;
579 PKCS8_PRIV_KEY_INFO *p8;
580 const PKCS8_PRIV_KEY_INFO *p8c;
581 const PKCS12_SAFEBAG *bag;
582
583 if (!pb->success)
584 return;
585
586 bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++);
587 if (!TEST_ptr(bag)) {
588 pb->success = 0;
589 return;
590 }
591
592 if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs)) {
593 pb->success = 0;
594 return;
595 }
596
597 switch (PKCS12_SAFEBAG_get_nid(bag)) {
598 case NID_keyBag:
599 p8c = PKCS12_SAFEBAG_get0_p8inf(bag);
600 if (!TEST_ptr(pkey = EVP_PKCS82PKEY(p8c))) {
601 pb->success = 0;
602 goto err;
603 }
604 break;
605
606 case NID_pkcs8ShroudedKeyBag:
607 if (legacy)
608 p8 = PKCS12_decrypt_skey(bag, enc->pass, strlen(enc->pass));
609 else
610 p8 = PKCS12_decrypt_skey_ex(bag, enc->pass, strlen(enc->pass), test_ctx, test_propq);
611 if (!TEST_ptr(p8)) {
612 pb->success = 0;
613 goto err;
614 }
615 if (!TEST_ptr(pkey = EVP_PKCS82PKEY(p8))) {
616 PKCS8_PRIV_KEY_INFO_free(p8);
617 pb->success = 0;
618 goto err;
619 }
620 PKCS8_PRIV_KEY_INFO_free(p8);
621 break;
622
623 default:
624 pb->success = 0;
625 goto err;
626 }
627 if (!TEST_ptr_null(PKCS12_SAFEBAG_get0_bag_type(bag))) {
628 pb->success = 0;
629 goto err;
630 }
631
632 /* PKEY compare returns 1 for match */
633 ref_pkey = load_pkey_asn1(bytes, len);
634 if (!TEST_true(EVP_PKEY_eq(pkey, ref_pkey)))
635 pb->success = 0;
636 err:
637 EVP_PKEY_free(pkey);
638 EVP_PKEY_free(ref_pkey);
639 }
640
check_secretbag(PKCS12_BUILDER * pb,int secret_nid,const char * secret,const PKCS12_ATTR * attrs)641 void check_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret, const PKCS12_ATTR *attrs)
642 {
643 const PKCS12_SAFEBAG *bag;
644
645 if (!pb->success)
646 return;
647
648 bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++);
649 if (!TEST_ptr(bag)) {
650 pb->success = 0;
651 return;
652 }
653
654 if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs)
655 || !TEST_int_eq(PKCS12_SAFEBAG_get_nid(bag), NID_secretBag)
656 || !TEST_int_eq(PKCS12_SAFEBAG_get_bag_nid(bag), secret_nid)
657 || !TEST_true(check_asn1_string(PKCS12_SAFEBAG_get0_bag_obj(bag), secret)))
658 pb->success = 0;
659 }
660
start_check_pkcs12(PKCS12_BUILDER * pb)661 void start_check_pkcs12(PKCS12_BUILDER *pb)
662 {
663 PKCS12 *p12;
664
665 if (!pb->success)
666 return;
667
668 p12 = from_bio_p12(pb->p12bio, NULL);
669 if (!TEST_ptr(p12)) {
670 pb->success = 0;
671 return;
672 }
673 pb->safes = PKCS12_unpack_authsafes(p12);
674 if (!TEST_ptr(pb->safes))
675 pb->success = 0;
676
677 pb->safe_idx = 0;
678 PKCS12_free(p12);
679 }
680
start_check_pkcs12_with_mac(PKCS12_BUILDER * pb,const PKCS12_ENC * mac)681 void start_check_pkcs12_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac)
682 {
683 PKCS12 *p12;
684
685 if (!pb->success)
686 return;
687
688 p12 = from_bio_p12(pb->p12bio, mac);
689 if (!TEST_ptr(p12)) {
690 pb->success = 0;
691 return;
692 }
693 pb->safes = PKCS12_unpack_authsafes(p12);
694 if (!TEST_ptr(pb->safes))
695 pb->success = 0;
696
697 pb->safe_idx = 0;
698 PKCS12_free(p12);
699 }
700
start_check_pkcs12_file(PKCS12_BUILDER * pb)701 void start_check_pkcs12_file(PKCS12_BUILDER *pb)
702 {
703 PKCS12 *p12;
704
705 if (!pb->success)
706 return;
707
708 p12 = read_p12(pb->filename, NULL);
709 if (!TEST_ptr(p12)) {
710 pb->success = 0;
711 return;
712 }
713 pb->safes = PKCS12_unpack_authsafes(p12);
714 if (!TEST_ptr(pb->safes))
715 pb->success = 0;
716
717 pb->safe_idx = 0;
718 PKCS12_free(p12);
719 }
720
start_check_pkcs12_file_with_mac(PKCS12_BUILDER * pb,const PKCS12_ENC * mac)721 void start_check_pkcs12_file_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac)
722 {
723 PKCS12 *p12;
724
725 if (!pb->success)
726 return;
727
728 p12 = read_p12(pb->filename, mac);
729 if (!TEST_ptr(p12)) {
730 pb->success = 0;
731 return;
732 }
733 pb->safes = PKCS12_unpack_authsafes(p12);
734 if (!TEST_ptr(pb->safes))
735 pb->success = 0;
736
737 pb->safe_idx = 0;
738 PKCS12_free(p12);
739 }
740
end_check_pkcs12(PKCS12_BUILDER * pb)741 void end_check_pkcs12(PKCS12_BUILDER *pb)
742 {
743 if (!pb->success)
744 return;
745
746 sk_PKCS7_pop_free(pb->safes, PKCS7_free);
747 }
748
start_check_contentinfo(PKCS12_BUILDER * pb)749 void start_check_contentinfo(PKCS12_BUILDER *pb)
750 {
751 if (!pb->success)
752 return;
753
754 pb->bag_idx = 0;
755 pb->bags = decode_contentinfo(pb->safes, pb->safe_idx++, NULL);
756 if (!TEST_ptr(pb->bags)) {
757 pb->success = 0;
758 return;
759 }
760 TEST_info("Decoding %d bags", sk_PKCS12_SAFEBAG_num(pb->bags));
761 }
762
start_check_contentinfo_encrypted(PKCS12_BUILDER * pb,const PKCS12_ENC * enc)763 void start_check_contentinfo_encrypted(PKCS12_BUILDER *pb, const PKCS12_ENC *enc)
764 {
765 if (!pb->success)
766 return;
767
768 pb->bag_idx = 0;
769 pb->bags = decode_contentinfo(pb->safes, pb->safe_idx++, enc);
770 if (!TEST_ptr(pb->bags)) {
771 pb->success = 0;
772 return;
773 }
774 TEST_info("Decoding %d bags", sk_PKCS12_SAFEBAG_num(pb->bags));
775 }
776
end_check_contentinfo(PKCS12_BUILDER * pb)777 void end_check_contentinfo(PKCS12_BUILDER *pb)
778 {
779 if (!pb->success)
780 return;
781
782 if (!TEST_int_eq(sk_PKCS12_SAFEBAG_num(pb->bags), pb->bag_idx))
783 pb->success = 0;
784 sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free);
785 pb->bags = NULL;
786 }
787