1 /* 2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <string.h> 12 #include <stdlib.h> 13 14 #include "internal/nelem.h" 15 16 #include <openssl/pkcs12.h> 17 #include <openssl/x509.h> 18 #include <openssl/x509v3.h> 19 #include <openssl/pem.h> 20 21 #include "../testutil.h" 22 #include "pkcs12.h" /* from the same directory */ 23 24 /* Set this to > 0 write test data to file */ 25 static int write_files = 0; 26 27 static int legacy = 0; 28 29 static OSSL_LIB_CTX *test_ctx = NULL; 30 static const char *test_propq = NULL; 31 32 /* ------------------------------------------------------------------------- 33 * Local function declarations 34 */ 35 36 static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attrs); 37 38 static void generate_p12(PKCS12_BUILDER *pb, const PKCS12_ENC *mac); 39 static int write_p12(PKCS12 *p12, const char *outfile); 40 41 static PKCS12 *from_bio_p12(BIO *bio, const PKCS12_ENC *mac); 42 static PKCS12 *read_p12(const char *infile, const PKCS12_ENC *mac); 43 static int check_p12_mac(PKCS12 *p12, const PKCS12_ENC *mac); 44 static int check_asn1_string(const ASN1_TYPE *av, const char *txt); 45 static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_ATTR *attrs); 46 47 48 /* -------------------------------------------------------------------------- 49 * Global settings 50 */ 51 52 void PKCS12_helper_set_write_files(int enable) 53 { 54 write_files = enable; 55 } 56 57 void PKCS12_helper_set_legacy(int enable) 58 { 59 legacy = enable; 60 } 61 62 void PKCS12_helper_set_libctx(OSSL_LIB_CTX *libctx) 63 { 64 test_ctx = libctx; 65 } 66 67 void PKCS12_helper_set_propq(const char *propq) 68 { 69 test_propq = propq; 70 } 71 72 73 /* -------------------------------------------------------------------------- 74 * Test data load functions 75 */ 76 77 static X509 *load_cert_asn1(const unsigned char *bytes, int len) 78 { 79 X509 *cert = NULL; 80 81 cert = d2i_X509(NULL, &bytes, len); 82 if (!TEST_ptr(cert)) 83 goto err; 84 err: 85 return cert; 86 } 87 88 static EVP_PKEY *load_pkey_asn1(const unsigned char *bytes, int len) 89 { 90 EVP_PKEY *pkey = NULL; 91 92 pkey = d2i_AutoPrivateKey(NULL, &bytes, len); 93 if (!TEST_ptr(pkey)) 94 goto err; 95 err: 96 return pkey; 97 } 98 99 /* ------------------------------------------------------------------------- 100 * PKCS12 builder 101 */ 102 103 PKCS12_BUILDER *new_pkcs12_builder(const char *filename) 104 { 105 PKCS12_BUILDER *pb = OPENSSL_malloc(sizeof(PKCS12_BUILDER)); 106 if (!TEST_ptr(pb)) 107 return NULL; 108 109 pb->filename = filename; 110 pb->success = 1; 111 return pb; 112 } 113 114 int end_pkcs12_builder(PKCS12_BUILDER *pb) 115 { 116 int result = pb->success; 117 118 OPENSSL_free(pb); 119 return result; 120 } 121 122 123 void start_pkcs12(PKCS12_BUILDER *pb) 124 { 125 pb->safes = NULL; 126 } 127 128 129 void end_pkcs12(PKCS12_BUILDER *pb) 130 { 131 if (!pb->success) 132 return; 133 generate_p12(pb, NULL); 134 } 135 136 137 void end_pkcs12_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac) 138 { 139 if (!pb->success) 140 return; 141 generate_p12(pb, mac); 142 } 143 144 145 /* Generate the PKCS12 encoding and write to memory bio */ 146 static void generate_p12(PKCS12_BUILDER *pb, const PKCS12_ENC *mac) 147 { 148 PKCS12 *p12; 149 EVP_MD *md = NULL; 150 151 if (!pb->success) 152 return; 153 154 pb->p12bio = BIO_new(BIO_s_mem()); 155 if (!TEST_ptr(pb->p12bio)) { 156 pb->success = 0; 157 return; 158 } 159 if (legacy) 160 p12 = PKCS12_add_safes(pb->safes, 0); 161 else 162 p12 = PKCS12_add_safes_ex(pb->safes, 0, test_ctx, test_propq); 163 if (!TEST_ptr(p12)) { 164 pb->success = 0; 165 goto err; 166 } 167 sk_PKCS7_pop_free(pb->safes, PKCS7_free); 168 169 if (mac != NULL) { 170 if (legacy) 171 md = (EVP_MD *)EVP_get_digestbynid(mac->nid); 172 else 173 md = EVP_MD_fetch(test_ctx, OBJ_nid2sn(mac->nid), test_propq); 174 175 if (!TEST_true(PKCS12_set_mac(p12, mac->pass, strlen(mac->pass), 176 NULL, 0, mac->iter, md))) { 177 pb->success = 0; 178 goto err; 179 } 180 } 181 i2d_PKCS12_bio(pb->p12bio, p12); 182 183 /* Can write to file here for debug */ 184 if (write_files) 185 write_p12(p12, pb->filename); 186 err: 187 if (!legacy && md != NULL) 188 EVP_MD_free(md); 189 PKCS12_free(p12); 190 } 191 192 193 static int write_p12(PKCS12 *p12, const char *outfile) 194 { 195 int ret = 0; 196 BIO *out = BIO_new_file(outfile, "w"); 197 198 if (out == NULL) 199 goto err; 200 201 if (!TEST_int_eq(i2d_PKCS12_bio(out, p12), 1)) 202 goto err; 203 ret = 1; 204 err: 205 BIO_free(out); 206 return ret; 207 } 208 209 static PKCS12 *from_bio_p12(BIO *bio, const PKCS12_ENC *mac) 210 { 211 PKCS12 *p12 = NULL; 212 213 /* Supply a p12 with library context/propq to the d2i decoder*/ 214 if (!legacy) { 215 p12 = PKCS12_init_ex(NID_pkcs7_data, test_ctx, test_propq); 216 if (!TEST_ptr(p12)) 217 goto err; 218 } 219 p12 = d2i_PKCS12_bio(bio, &p12); 220 BIO_free(bio); 221 if (!TEST_ptr(p12)) 222 goto err; 223 if (mac == NULL) { 224 if (!TEST_false(PKCS12_mac_present(p12))) 225 goto err; 226 } else { 227 if (!check_p12_mac(p12, mac)) 228 goto err; 229 } 230 return p12; 231 err: 232 PKCS12_free(p12); 233 return NULL; 234 } 235 236 237 /* For use with existing files */ 238 static PKCS12 *read_p12(const char *infile, const PKCS12_ENC *mac) 239 { 240 PKCS12 *p12 = NULL; 241 BIO *in = BIO_new_file(infile, "r"); 242 243 if (in == NULL) 244 goto err; 245 p12 = d2i_PKCS12_bio(in, NULL); 246 BIO_free(in); 247 if (!TEST_ptr(p12)) 248 goto err; 249 if (mac == NULL) { 250 if (!TEST_false(PKCS12_mac_present(p12))) 251 goto err; 252 } else { 253 if (!check_p12_mac(p12, mac)) 254 goto err; 255 } 256 return p12; 257 err: 258 PKCS12_free(p12); 259 return NULL; 260 } 261 262 static int check_p12_mac(PKCS12 *p12, const PKCS12_ENC *mac) 263 { 264 return TEST_true(PKCS12_mac_present(p12)) 265 && TEST_true(PKCS12_verify_mac(p12, mac->pass, strlen(mac->pass))); 266 } 267 268 269 /* ------------------------------------------------------------------------- 270 * PKCS7 content info builder 271 */ 272 273 void start_contentinfo(PKCS12_BUILDER *pb) 274 { 275 pb->bags = NULL; 276 } 277 278 279 void end_contentinfo(PKCS12_BUILDER *pb) 280 { 281 if (pb->success && pb->bags != NULL) { 282 if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, -1, 0, NULL))) 283 pb->success = 0; 284 } 285 sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free); 286 pb->bags = NULL; 287 } 288 289 290 void end_contentinfo_encrypted(PKCS12_BUILDER *pb, const PKCS12_ENC *enc) 291 { 292 if (pb->success && pb->bags != NULL) { 293 if (legacy) { 294 if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, enc->nid, 295 enc->iter, enc->pass))) 296 pb->success = 0; 297 } else { 298 if (!TEST_true(PKCS12_add_safe_ex(&pb->safes, pb->bags, enc->nid, 299 enc->iter, enc->pass, test_ctx, 300 test_propq))) 301 pb->success = 0; 302 } 303 } 304 sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free); 305 pb->bags = NULL; 306 } 307 308 309 static STACK_OF(PKCS12_SAFEBAG) *decode_contentinfo(STACK_OF(PKCS7) *safes, int idx, const PKCS12_ENC *enc) 310 { 311 STACK_OF(PKCS12_SAFEBAG) *bags = NULL; 312 int bagnid; 313 PKCS7 *p7 = sk_PKCS7_value(safes, idx); 314 315 if (!TEST_ptr(p7)) 316 goto err; 317 318 bagnid = OBJ_obj2nid(p7->type); 319 if (enc) { 320 if (!TEST_int_eq(bagnid, NID_pkcs7_encrypted)) 321 goto err; 322 bags = PKCS12_unpack_p7encdata(p7, enc->pass, strlen(enc->pass)); 323 } else { 324 if (!TEST_int_eq(bagnid, NID_pkcs7_data)) 325 goto err; 326 bags = PKCS12_unpack_p7data(p7); 327 } 328 if (!TEST_ptr(bags)) 329 goto err; 330 331 return bags; 332 err: 333 return NULL; 334 } 335 336 337 /* ------------------------------------------------------------------------- 338 * PKCS12 safeBag/attribute builder 339 */ 340 341 static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attr) 342 { 343 int ret = 0; 344 int attr_nid; 345 const PKCS12_ATTR *p_attr = attr; 346 STACK_OF(X509_ATTRIBUTE)* attrs = NULL; 347 X509_ATTRIBUTE *x509_attr = NULL; 348 349 if (attr == NULL) 350 return 1; 351 352 while (p_attr->oid != NULL) { 353 TEST_info("Adding attribute %s = %s", p_attr->oid, p_attr->value); 354 attr_nid = OBJ_txt2nid(p_attr->oid); 355 356 if (attr_nid == NID_friendlyName) { 357 if (!TEST_true(PKCS12_add_friendlyname(bag, p_attr->value, -1))) 358 goto err; 359 } else if (attr_nid == NID_localKeyID) { 360 if (!TEST_true(PKCS12_add_localkeyid(bag, (unsigned char *)p_attr->value, 361 strlen(p_attr->value)))) 362 goto err; 363 } else if (attr_nid == NID_oracle_jdk_trustedkeyusage) { 364 attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag); 365 x509_attr = X509_ATTRIBUTE_create(attr_nid, V_ASN1_OBJECT, OBJ_txt2obj(p_attr->value, 0)); 366 X509at_add1_attr(&attrs, x509_attr); 367 PKCS12_SAFEBAG_set0_attrs(bag, attrs); 368 X509_ATTRIBUTE_free(x509_attr); 369 } else { 370 /* Custom attribute values limited to ASCII in these tests */ 371 if (!TEST_true(PKCS12_add1_attr_by_txt(bag, p_attr->oid, MBSTRING_ASC, 372 (unsigned char *)p_attr->value, 373 strlen(p_attr->value)))) 374 goto err; 375 } 376 p_attr++; 377 } 378 ret = 1; 379 err: 380 return ret; 381 } 382 383 void add_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, 384 const PKCS12_ATTR *attrs) 385 { 386 PKCS12_SAFEBAG *bag = NULL; 387 X509 *cert = NULL; 388 char *name; 389 390 if (!pb->success) 391 return; 392 393 cert = load_cert_asn1(bytes, len); 394 if (!TEST_ptr(cert)) { 395 pb->success = 0; 396 return; 397 } 398 399 name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); 400 TEST_info("Adding certificate <%s>", name); 401 OPENSSL_free(name); 402 403 bag = PKCS12_add_cert(&pb->bags, cert); 404 if (!TEST_ptr(bag)) { 405 pb->success = 0; 406 goto err; 407 } 408 409 if (!TEST_true(add_attributes(bag, attrs))) { 410 pb->success = 0; 411 goto err; 412 } 413 err: 414 X509_free(cert); 415 } 416 417 void add_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, 418 const PKCS12_ATTR *attrs, const PKCS12_ENC *enc) 419 { 420 PKCS12_SAFEBAG *bag = NULL; 421 EVP_PKEY *pkey = NULL; 422 423 if (!pb->success) 424 return; 425 426 TEST_info("Adding key"); 427 428 pkey = load_pkey_asn1(bytes, len); 429 if (!TEST_ptr(pkey)) { 430 pb->success = 0; 431 return; 432 } 433 434 if (legacy) 435 bag = PKCS12_add_key(&pb->bags, pkey, 0 /*keytype*/, enc->iter, enc->nid, enc->pass); 436 else 437 bag = PKCS12_add_key_ex(&pb->bags, pkey, 0 /*keytype*/, enc->iter, enc->nid, enc->pass, 438 test_ctx, test_propq); 439 if (!TEST_ptr(bag)) { 440 pb->success = 0; 441 goto err; 442 } 443 if (!add_attributes(bag, attrs)) 444 pb->success = 0; 445 err: 446 EVP_PKEY_free(pkey); 447 } 448 449 void add_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret, 450 const PKCS12_ATTR *attrs) 451 { 452 PKCS12_SAFEBAG *bag = NULL; 453 454 if (!pb->success) 455 return; 456 457 TEST_info("Adding secret <%s>", secret); 458 459 bag = PKCS12_add_secret(&pb->bags, secret_nid, (const unsigned char *)secret, strlen(secret)); 460 if (!TEST_ptr(bag)) { 461 pb->success = 0; 462 return; 463 } 464 if (!add_attributes(bag, attrs)) 465 pb->success = 0; 466 } 467 468 469 /* ------------------------------------------------------------------------- 470 * PKCS12 structure checking 471 */ 472 473 static int check_asn1_string(const ASN1_TYPE *av, const char *txt) 474 { 475 int ret = 0; 476 char *value = NULL; 477 478 if (!TEST_ptr(av)) 479 goto err; 480 481 switch (av->type) { 482 case V_ASN1_BMPSTRING: 483 value = OPENSSL_uni2asc(av->value.bmpstring->data, 484 av->value.bmpstring->length); 485 if (!TEST_str_eq(txt, (char *)value)) 486 goto err; 487 break; 488 489 case V_ASN1_UTF8STRING: 490 if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data, 491 av->value.utf8string->length)) 492 goto err; 493 break; 494 495 case V_ASN1_OCTET_STRING: 496 if (!TEST_mem_eq(txt, strlen(txt), 497 (char *)av->value.octet_string->data, 498 av->value.octet_string->length)) 499 goto err; 500 break; 501 502 default: 503 /* Tests do not support other attribute types currently */ 504 goto err; 505 } 506 ret = 1; 507 err: 508 OPENSSL_free(value); 509 return ret; 510 } 511 512 static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_ATTR *attrs) 513 { 514 int ret = 0; 515 X509_ATTRIBUTE *attr; 516 ASN1_TYPE *av; 517 int i, j; 518 char attr_txt[100]; 519 520 for (i = 0; i < sk_X509_ATTRIBUTE_num(bag_attrs); i++) { 521 const PKCS12_ATTR *p_attr = attrs; 522 ASN1_OBJECT *attr_obj; 523 524 attr = sk_X509_ATTRIBUTE_value(bag_attrs, i); 525 attr_obj = X509_ATTRIBUTE_get0_object(attr); 526 OBJ_obj2txt(attr_txt, 100, attr_obj, 0); 527 528 while (p_attr->oid != NULL) { 529 /* Find a matching attribute type */ 530 if (strcmp(p_attr->oid, attr_txt) == 0) { 531 if (!TEST_int_eq(X509_ATTRIBUTE_count(attr), 1)) 532 goto err; 533 534 for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) { 535 av = X509_ATTRIBUTE_get0_type(attr, j); 536 if (!TEST_true(check_asn1_string(av, p_attr->value))) 537 goto err; 538 } 539 break; 540 } 541 p_attr++; 542 } 543 } 544 ret = 1; 545 err: 546 return ret; 547 } 548 549 void check_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, 550 const PKCS12_ATTR *attrs) 551 { 552 X509 *x509 = NULL; 553 X509 *ref_x509 = NULL; 554 const PKCS12_SAFEBAG *bag; 555 556 if (!pb->success) 557 return; 558 559 bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++); 560 if (!TEST_ptr(bag)) { 561 pb->success = 0; 562 return; 563 } 564 if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs) 565 || !TEST_int_eq(PKCS12_SAFEBAG_get_nid(bag), NID_certBag) 566 || !TEST_int_eq(PKCS12_SAFEBAG_get_bag_nid(bag), NID_x509Certificate)) { 567 pb->success = 0; 568 return; 569 } 570 x509 = PKCS12_SAFEBAG_get1_cert(bag); 571 if (!TEST_ptr(x509)) { 572 pb->success = 0; 573 goto err; 574 } 575 ref_x509 = load_cert_asn1(bytes, len); 576 if (!TEST_false(X509_cmp(x509, ref_x509))) 577 pb->success = 0; 578 err: 579 X509_free(x509); 580 X509_free(ref_x509); 581 } 582 583 void check_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, 584 const PKCS12_ATTR *attrs, const PKCS12_ENC *enc) 585 { 586 EVP_PKEY *pkey = NULL; 587 EVP_PKEY *ref_pkey = NULL; 588 PKCS8_PRIV_KEY_INFO *p8; 589 const PKCS8_PRIV_KEY_INFO *p8c; 590 const PKCS12_SAFEBAG *bag; 591 592 if (!pb->success) 593 return; 594 595 bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++); 596 if (!TEST_ptr(bag)) { 597 pb->success = 0; 598 return; 599 } 600 601 if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs)) { 602 pb->success = 0; 603 return; 604 } 605 606 switch (PKCS12_SAFEBAG_get_nid(bag)) { 607 case NID_keyBag: 608 p8c = PKCS12_SAFEBAG_get0_p8inf(bag); 609 if (!TEST_ptr(pkey = EVP_PKCS82PKEY(p8c))) { 610 pb->success = 0; 611 goto err; 612 } 613 break; 614 615 case NID_pkcs8ShroudedKeyBag: 616 if (legacy) 617 p8 = PKCS12_decrypt_skey(bag, enc->pass, strlen(enc->pass)); 618 else 619 p8 = PKCS12_decrypt_skey_ex(bag, enc->pass, strlen(enc->pass), test_ctx, test_propq); 620 if (!TEST_ptr(p8)) { 621 pb->success = 0; 622 goto err; 623 } 624 if (!TEST_ptr(pkey = EVP_PKCS82PKEY(p8))) { 625 PKCS8_PRIV_KEY_INFO_free(p8); 626 pb->success = 0; 627 goto err; 628 } 629 PKCS8_PRIV_KEY_INFO_free(p8); 630 break; 631 632 default: 633 pb->success = 0; 634 goto err; 635 } 636 637 /* PKEY compare returns 1 for match */ 638 ref_pkey = load_pkey_asn1(bytes, len); 639 if (!TEST_true(EVP_PKEY_eq(pkey, ref_pkey))) 640 pb->success = 0; 641 err: 642 EVP_PKEY_free(pkey); 643 EVP_PKEY_free(ref_pkey); 644 } 645 646 void check_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret, const PKCS12_ATTR *attrs) 647 { 648 const PKCS12_SAFEBAG *bag; 649 650 if (!pb->success) 651 return; 652 653 bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++); 654 if (!TEST_ptr(bag)) { 655 pb->success = 0; 656 return; 657 } 658 659 if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs) 660 || !TEST_int_eq(PKCS12_SAFEBAG_get_nid(bag), NID_secretBag) 661 || !TEST_int_eq(PKCS12_SAFEBAG_get_bag_nid(bag), secret_nid) 662 || !TEST_true(check_asn1_string(PKCS12_SAFEBAG_get0_bag_obj(bag), secret))) 663 pb->success = 0; 664 } 665 666 667 void start_check_pkcs12(PKCS12_BUILDER *pb) 668 { 669 PKCS12 *p12; 670 671 if (!pb->success) 672 return; 673 674 p12 = from_bio_p12(pb->p12bio, NULL); 675 if (!TEST_ptr(p12)) { 676 pb->success = 0; 677 return; 678 } 679 pb->safes = PKCS12_unpack_authsafes(p12); 680 if (!TEST_ptr(pb->safes)) 681 pb->success = 0; 682 683 pb->safe_idx = 0; 684 PKCS12_free(p12); 685 } 686 687 void start_check_pkcs12_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac) 688 { 689 PKCS12 *p12; 690 691 if (!pb->success) 692 return; 693 694 p12 = from_bio_p12(pb->p12bio, mac); 695 if (!TEST_ptr(p12)) { 696 pb->success = 0; 697 return; 698 } 699 pb->safes = PKCS12_unpack_authsafes(p12); 700 if (!TEST_ptr(pb->safes)) 701 pb->success = 0; 702 703 pb->safe_idx = 0; 704 PKCS12_free(p12); 705 } 706 707 void start_check_pkcs12_file(PKCS12_BUILDER *pb) 708 { 709 PKCS12 *p12; 710 711 if (!pb->success) 712 return; 713 714 p12 = read_p12(pb->filename, NULL); 715 if (!TEST_ptr(p12)) { 716 pb->success = 0; 717 return; 718 } 719 pb->safes = PKCS12_unpack_authsafes(p12); 720 if (!TEST_ptr(pb->safes)) 721 pb->success = 0; 722 723 pb->safe_idx = 0; 724 PKCS12_free(p12); 725 } 726 727 void start_check_pkcs12_file_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac) 728 { 729 PKCS12 *p12; 730 731 if (!pb->success) 732 return; 733 734 p12 = read_p12(pb->filename, mac); 735 if (!TEST_ptr(p12)) { 736 pb->success = 0; 737 return; 738 } 739 pb->safes = PKCS12_unpack_authsafes(p12); 740 if (!TEST_ptr(pb->safes)) 741 pb->success = 0; 742 743 pb->safe_idx = 0; 744 PKCS12_free(p12); 745 } 746 747 void end_check_pkcs12(PKCS12_BUILDER *pb) 748 { 749 if (!pb->success) 750 return; 751 752 sk_PKCS7_pop_free(pb->safes, PKCS7_free); 753 } 754 755 756 void start_check_contentinfo(PKCS12_BUILDER *pb) 757 { 758 if (!pb->success) 759 return; 760 761 pb->bag_idx = 0; 762 pb->bags = decode_contentinfo(pb->safes, pb->safe_idx++, NULL); 763 if (!TEST_ptr(pb->bags)) { 764 pb->success = 0; 765 return; 766 } 767 TEST_info("Decoding %d bags", sk_PKCS12_SAFEBAG_num(pb->bags)); 768 } 769 770 void start_check_contentinfo_encrypted(PKCS12_BUILDER *pb, const PKCS12_ENC *enc) 771 { 772 if (!pb->success) 773 return; 774 775 pb->bag_idx = 0; 776 pb->bags = decode_contentinfo(pb->safes, pb->safe_idx++, enc); 777 if (!TEST_ptr(pb->bags)) { 778 pb->success = 0; 779 return; 780 } 781 TEST_info("Decoding %d bags", sk_PKCS12_SAFEBAG_num(pb->bags)); 782 } 783 784 785 void end_check_contentinfo(PKCS12_BUILDER *pb) 786 { 787 if (!pb->success) 788 return; 789 790 if (!TEST_int_eq(sk_PKCS12_SAFEBAG_num(pb->bags), pb->bag_idx)) 791 pb->success = 0; 792 sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free); 793 pb->bags = NULL; 794 } 795 796 797