1 files changed, 214 insertions, 0 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
new file mode 100644
index 0000000000..ae3d9de3b4
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -0,0 +1,214 @@
+/* p12_add.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+/* Pack an object into an OCTET STRING and turn into a safebag */
+PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
+             int nid2)
+{
+        PKCS12_BAGS *bag;
+        PKCS12_SAFEBAG *safebag;
+        if (!(bag = PKCS12_BAGS_new ())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        bag->type = OBJ_nid2obj(nid1);
+        if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        if (!(safebag = PKCS12_SAFEBAG_new ())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        safebag->value.bag = bag;
+        safebag->type = OBJ_nid2obj(nid2);
+        return safebag;
+}
+/* Turn PKCS8 object into a keybag */
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
+{
+        PKCS12_SAFEBAG *bag;
+        if (!(bag = PKCS12_SAFEBAG_new())) {
+                PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        bag->type = OBJ_nid2obj(NID_keyBag);
+        bag->value.keybag = p8;
+        return bag;
+}
+/* Turn PKCS8 object into a shrouded keybag */
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
+             int passlen, unsigned char *salt, int saltlen, int iter,
+             PKCS8_PRIV_KEY_INFO *p8)
+{
+        PKCS12_SAFEBAG *bag;
+        /* Set up the safe bag */
+        if (!(bag = PKCS12_SAFEBAG_new ())) {
+                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+        if (!(bag->value.shkeybag = 
+          PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+                                                                         p8))) {
+                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        return bag;
+}
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *PKCS12_pack_p7data (STACK *sk)
+{
+        PKCS7 *p7;
+        if (!(p7 = PKCS7_new())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        p7->type = OBJ_nid2obj(NID_pkcs7_data);
+        if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        
+        if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data,
+                                        &p7->d.data->length)) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+                return NULL;
+        }
+        return p7;
+}
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
+             unsigned char *salt, int saltlen, int iter, STACK *bags)
+{
+        PKCS7 *p7;
+        X509_ALGOR *pbe;
+        if (!(p7 = PKCS7_new())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        p7->type = OBJ_nid2obj(NID_pkcs7_encrypted);
+        if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        ASN1_INTEGER_set (p7->d.encrypted->version, 0);
+        p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+        if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+        p7->d.encrypted->enc_data->algorithm = pbe;
+        ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+        if (!(p7->d.encrypted->enc_data->enc_data =
+        PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
+                                 (char *)bags, 1))) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+                return NULL;
+        }
+        return p7;
+}
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                         const char *pass, int passlen,
+                         unsigned char *salt, int saltlen, int iter,
+                                                PKCS8_PRIV_KEY_INFO *p8inf)
+{
+        X509_SIG *p8;
+        X509_ALGOR *pbe;
+        if (!(p8 = X509_SIG_new())) {
+                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+        else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+        if(!pbe) {
+                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        X509_ALGOR_free(p8->algor);
+        p8->algor = pbe;
+        ASN1_OCTET_STRING_free(p8->digest);
+        if (!(p8->digest = 
+        PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
+                                                 (char *)p8inf, 0))) {
+                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+                return NULL;
+        }
+        return p8;
+}

diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c new file mode 100644 index 0000000000..ae3d9de3b4 --- /dev/null +++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -0,0 +1,214 @@
	1	/* p12_add.c */
	2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
	3	* project 1999.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
	59	#include <stdio.h>
	60	#include "cryptlib.h"
	61	#include <openssl/pkcs12.h>
	62
	63	/* Pack an object into an OCTET STRING and turn into a safebag */
	64
	65	PKCS12_SAFEBAG PKCS12_pack_safebag (char obj, int (*i2d)(), int nid1,
	66	int nid2)
	67	{
	68	PKCS12_BAGS *bag;
	69	PKCS12_SAFEBAG *safebag;
	70	if (!(bag = PKCS12_BAGS_new ())) {
	71	PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
	72	return NULL;
	73	}
	74	bag->type = OBJ_nid2obj(nid1);
	75	if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) {
	76	PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
	77	return NULL;
	78	}
	79	if (!(safebag = PKCS12_SAFEBAG_new ())) {
	80	PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
	81	return NULL;
	82	}
	83	safebag->value.bag = bag;
	84	safebag->type = OBJ_nid2obj(nid2);
	85	return safebag;
	86	}
	87
	88	/* Turn PKCS8 object into a keybag */
	89
	90	PKCS12_SAFEBAG PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO p8)
	91	{
	92	PKCS12_SAFEBAG *bag;
	93	if (!(bag = PKCS12_SAFEBAG_new())) {
	94	PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
	95	return NULL;
	96	}
	97	bag->type = OBJ_nid2obj(NID_keyBag);
	98	bag->value.keybag = p8;
	99	return bag;
	100	}
	101
	102	/* Turn PKCS8 object into a shrouded keybag */
	103
	104	PKCS12_SAFEBAG PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char pass,
	105	int passlen, unsigned char *salt, int saltlen, int iter,
	106	PKCS8_PRIV_KEY_INFO *p8)
	107	{
	108	PKCS12_SAFEBAG *bag;
	109
	110	/* Set up the safe bag */
	111	if (!(bag = PKCS12_SAFEBAG_new ())) {
	112	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
	113	return NULL;
	114	}
	115
	116	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
	117	if (!(bag->value.shkeybag =
	118	PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
	119	p8))) {
	120	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
	121	return NULL;
	122	}
	123
	124	return bag;
	125	}
	126
	127	/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
	128	PKCS7 PKCS12_pack_p7data (STACK sk)
	129	{
	130	PKCS7 *p7;
	131	if (!(p7 = PKCS7_new())) {
	132	PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
	133	return NULL;
	134	}
	135	p7->type = OBJ_nid2obj(NID_pkcs7_data);
	136	if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
	137	PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
	138	return NULL;
	139	}
	140
	141	if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data,
	142	&p7->d.data->length)) {
	143	PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
	144	return NULL;
	145	}
	146	return p7;
	147	}
	148
	149	/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
	150
	151	PKCS7 PKCS12_pack_p7encdata (int pbe_nid, const char pass, int passlen,
	152	unsigned char salt, int saltlen, int iter, STACK bags)
	153	{
	154	PKCS7 *p7;
	155	X509_ALGOR *pbe;
	156	if (!(p7 = PKCS7_new())) {
	157	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
	158	return NULL;
	159	}
	160	p7->type = OBJ_nid2obj(NID_pkcs7_encrypted);
	161	if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) {
	162	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
	163	return NULL;
	164	}
	165	ASN1_INTEGER_set (p7->d.encrypted->version, 0);
	166	p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
	167	if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
	168	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
	169	return NULL;
	170	}
	171	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
	172	p7->d.encrypted->enc_data->algorithm = pbe;
	173	ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
	174	if (!(p7->d.encrypted->enc_data->enc_data =
	175	PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
	176	(char *)bags, 1))) {
	177	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
	178	return NULL;
	179	}
	180
	181	return p7;
	182	}
	183
	184	X509_SIG PKCS8_encrypt(int pbe_nid, const EVP_CIPHER cipher,
	185	const char *pass, int passlen,
	186	unsigned char *salt, int saltlen, int iter,
	187	PKCS8_PRIV_KEY_INFO *p8inf)
	188	{
	189	X509_SIG *p8;
	190	X509_ALGOR *pbe;
	191
	192	if (!(p8 = X509_SIG_new())) {
	193	PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
	194	return NULL;
	195	}
	196
	197	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
	198	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
	199	if(!pbe) {
	200	PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
	201	return NULL;
	202	}
	203	X509_ALGOR_free(p8->algor);
	204	p8->algor = pbe;
	205	ASN1_OCTET_STRING_free(p8->digest);
	206	if (!(p8->digest =
	207	PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
	208	(char *)p8inf, 0))) {
	209	PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
	210	return NULL;
	211	}
	212
	213	return p8;
	214	}