summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12/p12_add.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12/p12_add.c')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c97
1 files changed, 49 insertions, 48 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index ae3d9de3b4..1909f28506 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -62,21 +62,21 @@
62 62
63/* Pack an object into an OCTET STRING and turn into a safebag */ 63/* Pack an object into an OCTET STRING and turn into a safebag */
64 64
65PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1, 65PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
66 int nid2) 66 int nid2)
67{ 67{
68 PKCS12_BAGS *bag; 68 PKCS12_BAGS *bag;
69 PKCS12_SAFEBAG *safebag; 69 PKCS12_SAFEBAG *safebag;
70 if (!(bag = PKCS12_BAGS_new ())) { 70 if (!(bag = PKCS12_BAGS_new())) {
71 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 71 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
72 return NULL; 72 return NULL;
73 } 73 }
74 bag->type = OBJ_nid2obj(nid1); 74 bag->type = OBJ_nid2obj(nid1);
75 if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) { 75 if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
76 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 76 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
77 return NULL; 77 return NULL;
78 } 78 }
79 if (!(safebag = PKCS12_SAFEBAG_new ())) { 79 if (!(safebag = PKCS12_SAFEBAG_new())) {
80 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 80 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
81 return NULL; 81 return NULL;
82 } 82 }
@@ -87,7 +87,7 @@ PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
87 87
88/* Turn PKCS8 object into a keybag */ 88/* Turn PKCS8 object into a keybag */
89 89
90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8) 90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
91{ 91{
92 PKCS12_SAFEBAG *bag; 92 PKCS12_SAFEBAG *bag;
93 if (!(bag = PKCS12_SAFEBAG_new())) { 93 if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -101,14 +101,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
101 101
102/* Turn PKCS8 object into a shrouded keybag */ 102/* Turn PKCS8 object into a shrouded keybag */
103 103
104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass, 104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
105 int passlen, unsigned char *salt, int saltlen, int iter, 105 int passlen, unsigned char *salt, int saltlen, int iter,
106 PKCS8_PRIV_KEY_INFO *p8) 106 PKCS8_PRIV_KEY_INFO *p8)
107{ 107{
108 PKCS12_SAFEBAG *bag; 108 PKCS12_SAFEBAG *bag;
109 109
110 /* Set up the safe bag */ 110 /* Set up the safe bag */
111 if (!(bag = PKCS12_SAFEBAG_new ())) { 111 if (!(bag = PKCS12_SAFEBAG_new())) {
112 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); 112 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
113 return NULL; 113 return NULL;
114 } 114 }
@@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
125} 125}
126 126
127/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ 127/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
128PKCS7 *PKCS12_pack_p7data (STACK *sk) 128PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
129{ 129{
130 PKCS7 *p7; 130 PKCS7 *p7;
131 if (!(p7 = PKCS7_new())) { 131 if (!(p7 = PKCS7_new())) {
@@ -133,23 +133,30 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
133 return NULL; 133 return NULL;
134 } 134 }
135 p7->type = OBJ_nid2obj(NID_pkcs7_data); 135 p7->type = OBJ_nid2obj(NID_pkcs7_data);
136 if (!(p7->d.data = ASN1_OCTET_STRING_new())) { 136 if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); 137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
138 return NULL; 138 return NULL;
139 } 139 }
140 140
141 if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data, 141 if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
142 &p7->d.data->length)) {
143 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); 142 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
144 return NULL; 143 return NULL;
145 } 144 }
146 return p7; 145 return p7;
147} 146}
148 147
148/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
149STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
150{
151 if(!PKCS7_type_is_data(p7)) return NULL;
152 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
153}
154
149/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ 155/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
150 156
151PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen, 157PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
152 unsigned char *salt, int saltlen, int iter, STACK *bags) 158 unsigned char *salt, int saltlen, int iter,
159 STACK_OF(PKCS12_SAFEBAG) *bags)
153{ 160{
154 PKCS7 *p7; 161 PKCS7 *p7;
155 X509_ALGOR *pbe; 162 X509_ALGOR *pbe;
@@ -157,23 +164,21 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
157 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 164 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
158 return NULL; 165 return NULL;
159 } 166 }
160 p7->type = OBJ_nid2obj(NID_pkcs7_encrypted); 167 if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
161 if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) { 168 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
162 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 169 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
163 return NULL; 170 return NULL;
164 } 171 }
165 ASN1_INTEGER_set (p7->d.encrypted->version, 0); 172 if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
166 p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
167 if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
168 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 173 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
169 return NULL; 174 return NULL;
170 } 175 }
171 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); 176 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
172 p7->d.encrypted->enc_data->algorithm = pbe; 177 p7->d.encrypted->enc_data->algorithm = pbe;
173 ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); 178 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
174 if (!(p7->d.encrypted->enc_data->enc_data = 179 if (!(p7->d.encrypted->enc_data->enc_data =
175 PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen, 180 PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
176 (char *)bags, 1))) { 181 bags, 1))) {
177 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); 182 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
178 return NULL; 183 return NULL;
179 } 184 }
@@ -181,34 +186,30 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
181 return p7; 186 return p7;
182} 187}
183 188
184X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 189STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
185 const char *pass, int passlen,
186 unsigned char *salt, int saltlen, int iter,
187 PKCS8_PRIV_KEY_INFO *p8inf)
188{ 190{
189 X509_SIG *p8; 191 if(!PKCS7_type_is_encrypted(p7)) return NULL;
190 X509_ALGOR *pbe; 192 return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
193 ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
194 pass, passlen,
195 p7->d.encrypted->enc_data->enc_data, 1);
196}
191 197
192 if (!(p8 = X509_SIG_new())) { 198PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
193 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); 199 int passlen)
194 return NULL; 200{
195 } 201 return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
202}
196 203
197 if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); 204int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
198 else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); 205{
199 if(!pbe) { 206 if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
200 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); 207 &p12->authsafes->d.data))
201 return NULL; 208 return 1;
202 } 209 return 0;
203 X509_ALGOR_free(p8->algor); 210}
204 p8->algor = pbe;
205 ASN1_OCTET_STRING_free(p8->digest);
206 if (!(p8->digest =
207 PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
208 (char *)p8inf, 0))) {
209 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
210 return NULL;
211 }
212 211
213 return p8; 212STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
213{
214 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
214} 215}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-17 02:31:52 +0000