diff options
Diffstat (limited to 'src/crypto/pkcs8/pkcs8_x509.c')
-rw-r--r-- | src/crypto/pkcs8/pkcs8_x509.c | 92 |
1 files changed, 46 insertions, 46 deletions
diff --git a/src/crypto/pkcs8/pkcs8_x509.c b/src/crypto/pkcs8/pkcs8_x509.c index 875b4ca6..ace5f33b 100644 --- a/src/crypto/pkcs8/pkcs8_x509.c +++ b/src/crypto/pkcs8/pkcs8_x509.c @@ -75,10 +75,10 @@ #include "../internal.h" -/* Minor tweak to operation: zero private key data */ +// Minor tweak to operation: zero private key data static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ + // Since the structure must still be valid use ASN1_OP_FREE_PRE if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING && @@ -162,7 +162,7 @@ PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *pkcs8, const char *pass, EVP_PKEY *pkey = NULL; uint8_t *in = NULL; - /* Convert the legacy ASN.1 object to a byte string. */ + // Convert the legacy ASN.1 object to a byte string. int in_len = i2d_X509_SIG(pkcs8, &in); if (in_len < 0) { goto err; @@ -193,7 +193,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, pass_len = (size_t)pass_len_in; } - /* Parse out the private key. */ + // Parse out the private key. EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf); if (pkey == NULL) { return NULL; @@ -212,7 +212,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, goto err; } - /* Convert back to legacy ASN.1 objects. */ + // Convert back to legacy ASN.1 objects. const uint8_t *ptr = der; ret = d2i_X509_SIG(NULL, &ptr, der_len); if (ret == NULL || ptr != der + der_len) { @@ -234,8 +234,8 @@ struct pkcs12_context { size_t password_len; }; -/* PKCS12_handle_sequence parses a BER-encoded SEQUENCE of elements in a PKCS#12 - * structure. */ +// PKCS12_handle_sequence parses a BER-encoded SEQUENCE of elements in a PKCS#12 +// structure. static int PKCS12_handle_sequence( CBS *sequence, struct pkcs12_context *ctx, int (*handle_element)(CBS *cbs, struct pkcs12_context *ctx)) { @@ -244,10 +244,10 @@ static int PKCS12_handle_sequence( CBS in; int ret = 0; - /* Although a BER->DER conversion is done at the beginning of |PKCS12_parse|, - * the ASN.1 data gets wrapped in OCTETSTRINGs and/or encrypted and the - * conversion cannot see through those wrappings. So each time we step - * through one we need to convert to DER again. */ + // Although a BER->DER conversion is done at the beginning of |PKCS12_parse|, + // the ASN.1 data gets wrapped in OCTETSTRINGs and/or encrypted and the + // conversion cannot see through those wrappings. So each time we step + // through one we need to convert to DER again. if (!CBS_asn1_ber_to_der(sequence, &der_bytes, &der_len)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); return 0; @@ -285,20 +285,20 @@ err: return ret; } -/* 1.2.840.113549.1.12.10.1.2 */ +// 1.2.840.113549.1.12.10.1.2 static const uint8_t kPKCS8ShroudedKeyBag[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02}; -/* 1.2.840.113549.1.12.10.1.3 */ +// 1.2.840.113549.1.12.10.1.3 static const uint8_t kCertBag[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x03}; -/* 1.2.840.113549.1.9.22.1 */ +// 1.2.840.113549.1.9.22.1 static const uint8_t kX509Certificate[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x16, 0x01}; -/* PKCS12_handle_safe_bag parses a single SafeBag element in a PKCS#12 - * structure. */ +// PKCS12_handle_safe_bag parses a single SafeBag element in a PKCS#12 +// structure. static int PKCS12_handle_safe_bag(CBS *safe_bag, struct pkcs12_context *ctx) { CBS bag_id, wrapped_value; if (!CBS_get_asn1(safe_bag, &bag_id, CBS_ASN1_OBJECT) || @@ -311,7 +311,7 @@ static int PKCS12_handle_safe_bag(CBS *safe_bag, struct pkcs12_context *ctx) { if (CBS_mem_equal(&bag_id, kPKCS8ShroudedKeyBag, sizeof(kPKCS8ShroudedKeyBag))) { - /* See RFC 7292, section 4.2.2. */ + // See RFC 7292, section 4.2.2. if (*ctx->out_key) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12); return 0; @@ -334,7 +334,7 @@ static int PKCS12_handle_safe_bag(CBS *safe_bag, struct pkcs12_context *ctx) { } if (CBS_mem_equal(&bag_id, kCertBag, sizeof(kCertBag))) { - /* See RFC 7292, section 4.2.3. */ + // See RFC 7292, section 4.2.3. CBS cert_bag, cert_type, wrapped_cert, cert; if (!CBS_get_asn1(&wrapped_value, &cert_bag, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&cert_bag, &cert_type, CBS_ASN1_OBJECT) || @@ -345,7 +345,7 @@ static int PKCS12_handle_safe_bag(CBS *safe_bag, struct pkcs12_context *ctx) { return 0; } - /* Skip unknown certificate types. */ + // Skip unknown certificate types. if (!CBS_mem_equal(&cert_type, kX509Certificate, sizeof(kX509Certificate))) { return 1; @@ -377,20 +377,20 @@ static int PKCS12_handle_safe_bag(CBS *safe_bag, struct pkcs12_context *ctx) { return 1; } - /* Unknown element type - ignore it. */ + // Unknown element type - ignore it. return 1; } -/* 1.2.840.113549.1.7.1 */ +// 1.2.840.113549.1.7.1 static const uint8_t kPKCS7Data[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01}; -/* 1.2.840.113549.1.7.6 */ +// 1.2.840.113549.1.7.6 static const uint8_t kPKCS7EncryptedData[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06}; -/* PKCS12_handle_content_info parses a single PKCS#7 ContentInfo element in a - * PKCS#12 structure. */ +// PKCS12_handle_content_info parses a single PKCS#7 ContentInfo element in a +// PKCS#12 structure. static int PKCS12_handle_content_info(CBS *content_info, struct pkcs12_context *ctx) { CBS content_type, wrapped_contents, contents; @@ -407,23 +407,23 @@ static int PKCS12_handle_content_info(CBS *content_info, if (CBS_mem_equal(&content_type, kPKCS7EncryptedData, sizeof(kPKCS7EncryptedData))) { - /* See https://tools.ietf.org/html/rfc2315#section-13. - * - * PKCS#7 encrypted data inside a PKCS#12 structure is generally an - * encrypted certificate bag and it's generally encrypted with 40-bit - * RC2-CBC. */ + // See https://tools.ietf.org/html/rfc2315#section-13. + // + // PKCS#7 encrypted data inside a PKCS#12 structure is generally an + // encrypted certificate bag and it's generally encrypted with 40-bit + // RC2-CBC. CBS version_bytes, eci, contents_type, ai, encrypted_contents; uint8_t *out; size_t out_len; if (!CBS_get_asn1(&wrapped_contents, &contents, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&contents, &version_bytes, CBS_ASN1_INTEGER) || - /* EncryptedContentInfo, see - * https://tools.ietf.org/html/rfc2315#section-10.1 */ + // EncryptedContentInfo, see + // https://tools.ietf.org/html/rfc2315#section-10.1 !CBS_get_asn1(&contents, &eci, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&eci, &contents_type, CBS_ASN1_OBJECT) || - /* AlgorithmIdentifier, see - * https://tools.ietf.org/html/rfc5280#section-4.1.1.2 */ + // AlgorithmIdentifier, see + // https://tools.ietf.org/html/rfc5280#section-4.1.1.2 !CBS_get_asn1(&eci, &ai, CBS_ASN1_SEQUENCE) || !CBS_get_asn1_implicit_string( &eci, &encrypted_contents, &storage, @@ -459,7 +459,7 @@ static int PKCS12_handle_content_info(CBS *content_info, ret = PKCS12_handle_sequence(&octet_string_contents, ctx, PKCS12_handle_safe_bag); } else { - /* Unknown element type - ignore it. */ + // Unknown element type - ignore it. ret = 1; } @@ -478,7 +478,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, struct pkcs12_context ctx; const size_t original_out_certs_len = sk_X509_num(out_certs); - /* The input may be in BER format. */ + // The input may be in BER format. if (!CBS_asn1_ber_to_der(ber_in, &der_bytes, &der_len)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); return 0; @@ -492,8 +492,8 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, *out_key = NULL; OPENSSL_memset(&ctx, 0, sizeof(ctx)); - /* See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section - * four. */ + // See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section + // four. if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) || CBS_len(&in) != 0 || !CBS_get_asn1_uint64(&pfx, &version)) { @@ -521,8 +521,8 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, goto err; } - /* authsafe is a PKCS#7 ContentInfo. See - * https://tools.ietf.org/html/rfc2315#section-7. */ + // authsafe is a PKCS#7 ContentInfo. See + // https://tools.ietf.org/html/rfc2315#section-7. if (!CBS_get_asn1(&authsafe, &content_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(&authsafe, &wrapped_authsafes, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { @@ -530,8 +530,8 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, goto err; } - /* The content type can either be data or signedData. The latter indicates - * that it's signed by a public key, which isn't supported. */ + // The content type can either be data or signedData. The latter indicates + // that it's signed by a public key, which isn't supported. if (!CBS_mem_equal(&content_type, kPKCS7Data, sizeof(kPKCS7Data))) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED); goto err; @@ -547,7 +547,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, ctx.password = password; ctx.password_len = password != NULL ? strlen(password) : 0; - /* Verify the MAC. */ + // Verify the MAC. { CBS mac, salt, expected_mac; if (!CBS_get_asn1(&mac_data, &mac, CBS_ASN1_SEQUENCE)) { @@ -566,7 +566,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, goto err; } - /* The iteration count is optional and the default is one. */ + // The iteration count is optional and the default is one. uint64_t iterations = 1; if (CBS_len(&mac_data) > 0) { if (!CBS_get_asn1_uint64(&mac_data, &iterations) || @@ -596,7 +596,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, } } - /* authsafes contains a series of PKCS#7 ContentInfos. */ + // authsafes contains a series of PKCS#7 ContentInfos. if (!PKCS12_handle_sequence(&authsafes, &ctx, PKCS12_handle_content_info)) { goto err; } @@ -673,8 +673,8 @@ PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) { if (used == 0) { goto out; } - /* Workaround a bug in node.js. It uses a memory BIO for this in the wrong - * mode. */ + // Workaround a bug in node.js. It uses a memory BIO for this in the wrong + // mode. n = 0; } |