1 files changed, 42 insertions, 45 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index b563656895..1909f28506 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -62,21 +62,21 @@
 /* Pack an object into an OCTET STRING and turn into a safebag */
-PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
             int nid2)
 {
        PKCS12_BAGS *bag;
        PKCS12_SAFEBAG *safebag;
-        if (!(bag = PKCS12_BAGS_new ())) {
+        if (!(bag = PKCS12_BAGS_new())) {
                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        bag->type = OBJ_nid2obj(nid1);
-        if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) {
+        if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
-        if (!(safebag = PKCS12_SAFEBAG_new ())) {
+        if (!(safebag = PKCS12_SAFEBAG_new())) {
                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
@@ -87,7 +87,7 @@ PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
 /* Turn PKCS8 object into a keybag */
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
 {
        PKCS12_SAFEBAG *bag;
        if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -101,14 +101,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
 /* Turn PKCS8 object into a shrouded keybag */
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
             int passlen, unsigned char *salt, int saltlen, int iter,
             PKCS8_PRIV_KEY_INFO *p8)
 {
        PKCS12_SAFEBAG *bag;
        /* Set up the safe bag */
-        if (!(bag = PKCS12_SAFEBAG_new ())) {
+        if (!(bag = PKCS12_SAFEBAG_new())) {
                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
@@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
 }
 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
-PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
 {
        PKCS7 *p7;
        if (!(p7 = PKCS7_new())) {
@@ -138,18 +138,23 @@ PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)
                return NULL;
        }
        
-        if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG,
+        if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
-                                          &p7->d.data->data,
-                                          &p7->d.data->length)) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
                return NULL;
        }
        return p7;
 }
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+{
+        if(!PKCS7_type_is_data(p7)) return NULL;
+        return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+}
 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
-PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                              unsigned char *salt, int saltlen, int iter,
                              STACK_OF(PKCS12_SAFEBAG) *bags)
 {
@@ -164,7 +169,7 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
                                PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
                return NULL;
        }
-        if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
+        if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
@@ -172,8 +177,8 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
        p7->d.encrypted->enc_data->algorithm = pbe;
        M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
        if (!(p7->d.encrypted->enc_data->enc_data =
-        PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
+        PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
-                                 (char *)bags, 1))) {
+                                 bags, 1))) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
                return NULL;
        }
@@ -181,38 +186,30 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
        return p7;
 }
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
-                         const char *pass, int passlen,
-                         unsigned char *salt, int saltlen, int iter,
-                                                PKCS8_PRIV_KEY_INFO *p8inf)
 {
-        X509_SIG *p8;
+        if(!PKCS7_type_is_encrypted(p7)) return NULL;
-        X509_ALGOR *pbe;
+        return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+                                   ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
-        if (!(p8 = X509_SIG_new())) {
+                                   pass, passlen,
-                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+                                   p7->d.encrypted->enc_data->enc_data, 1);
-                goto err;
+}
-        }
-        if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
-        else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+                                                                int passlen)
-        if(!pbe) {
+{
-                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+        return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
-                goto err;
+}
-        }
-        X509_ALGOR_free(p8->algor);
-        p8->algor = pbe;
-        M_ASN1_OCTET_STRING_free(p8->digest);
-        if (!(p8->digest = 
-        PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
-                                                 (char *)p8inf, 0))) {
-                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
-                goto err;
-        }
-        return p8;
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 
+{
+        if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+                &p12->authsafes->d.data)) 
+                        return 1;
+        return 0;
+}
-        err:
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
-        X509_SIG_free(p8);
+{
-        return NULL;
+        return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
 }

diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c index b563656895..1909f28506 100644 --- a/src/lib/libcrypto/pkcs12/p12_add.c +++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -62,21 +62,21 @@
62		62
63	/* Pack an object into an OCTET STRING and turn into a safebag */	63	/* Pack an object into an OCTET STRING and turn into a safebag */
64		64
65	PKCS12_SAFEBAG PKCS12_pack_safebag (char obj, int (*i2d)(), int nid1,	65	PKCS12_SAFEBAG PKCS12_item_pack_safebag(void obj, const ASN1_ITEM *it, int nid1,
66	int nid2)	66	int nid2)
67	{	67	{
68	PKCS12_BAGS *bag;	68	PKCS12_BAGS *bag;
69	PKCS12_SAFEBAG *safebag;	69	PKCS12_SAFEBAG *safebag;
70	if (!(bag = PKCS12_BAGS_new ())) {	70	if (!(bag = PKCS12_BAGS_new())) {
71	PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);	71	PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
72	return NULL;	72	return NULL;
73	}	73	}
74	bag->type = OBJ_nid2obj(nid1);	74	bag->type = OBJ_nid2obj(nid1);
75	if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) {	75	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
76	PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);	76	PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
77	return NULL;	77	return NULL;
78	}	78	}
79	if (!(safebag = PKCS12_SAFEBAG_new ())) {	79	if (!(safebag = PKCS12_SAFEBAG_new())) {
80	PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);	80	PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
81	return NULL;	81	return NULL;
82	}	82	}
@@ -87,7 +87,7 @@ PKCS12_SAFEBAG PKCS12_pack_safebag (char obj, int (*i2d)(), int nid1,
87		87
88	/* Turn PKCS8 object into a keybag */	88	/* Turn PKCS8 object into a keybag */
89		89
90	PKCS12_SAFEBAG PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO p8)	90	PKCS12_SAFEBAG PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO p8)
91	{	91	{
92	PKCS12_SAFEBAG *bag;	92	PKCS12_SAFEBAG *bag;
93	if (!(bag = PKCS12_SAFEBAG_new())) {	93	if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -101,14 +101,14 @@ PKCS12_SAFEBAG PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO p8)
101		101
102	/* Turn PKCS8 object into a shrouded keybag */	102	/* Turn PKCS8 object into a shrouded keybag */
103		103
104	PKCS12_SAFEBAG PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char pass,	104	PKCS12_SAFEBAG PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char pass,
105	int passlen, unsigned char *salt, int saltlen, int iter,	105	int passlen, unsigned char *salt, int saltlen, int iter,
106	PKCS8_PRIV_KEY_INFO *p8)	106	PKCS8_PRIV_KEY_INFO *p8)
107	{	107	{
108	PKCS12_SAFEBAG *bag;	108	PKCS12_SAFEBAG *bag;
109		109
110	/* Set up the safe bag */	110	/* Set up the safe bag */
111	if (!(bag = PKCS12_SAFEBAG_new ())) {	111	if (!(bag = PKCS12_SAFEBAG_new())) {
112	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);	112	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
113	return NULL;	113	return NULL;
114	}	114	}
@@ -125,7 +125,7 @@ PKCS12_SAFEBAG PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char pass,
125	}	125	}
126		126
127	/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */	127	/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
128	PKCS7 PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) sk)	128	PKCS7 PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) sk)
129	{	129	{
130	PKCS7 *p7;	130	PKCS7 *p7;
131	if (!(p7 = PKCS7_new())) {	131	if (!(p7 = PKCS7_new())) {
@@ -138,18 +138,23 @@ PKCS7 PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) sk)
138	return NULL;	138	return NULL;
139	}	139	}
140		140
141	if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG,	141	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
142	&p7->d.data->data,
143	&p7->d.data->length)) {
144	PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);	142	PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
145	return NULL;	143	return NULL;
146	}	144	}
147	return p7;	145	return p7;
148	}	146	}
149		147
		148	/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
		149	STACK_OF(PKCS12_SAFEBAG) PKCS12_unpack_p7data(PKCS7 p7)
		150	{
		151	if(!PKCS7_type_is_data(p7)) return NULL;
		152	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
		153	}
		154
150	/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */	155	/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
151		156
152	PKCS7 PKCS12_pack_p7encdata (int pbe_nid, const char pass, int passlen,	157	PKCS7 PKCS12_pack_p7encdata(int pbe_nid, const char pass, int passlen,
153	unsigned char *salt, int saltlen, int iter,	158	unsigned char *salt, int saltlen, int iter,
154	STACK_OF(PKCS12_SAFEBAG) *bags)	159	STACK_OF(PKCS12_SAFEBAG) *bags)
155	{	160	{
@@ -164,7 +169,7 @@ PKCS7 PKCS12_pack_p7encdata (int pbe_nid, const char pass, int passlen,
164	PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);	169	PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
165	return NULL;	170	return NULL;
166	}	171	}
167	if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {	172	if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
168	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);	173	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
169	return NULL;	174	return NULL;
170	}	175	}
@@ -172,8 +177,8 @@ PKCS7 PKCS12_pack_p7encdata (int pbe_nid, const char pass, int passlen,
172	p7->d.encrypted->enc_data->algorithm = pbe;	177	p7->d.encrypted->enc_data->algorithm = pbe;
173	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);	178	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
174	if (!(p7->d.encrypted->enc_data->enc_data =	179	if (!(p7->d.encrypted->enc_data->enc_data =
175	PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,	180	PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
176	(char *)bags, 1))) {	181	bags, 1))) {
177	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);	182	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
178	return NULL;	183	return NULL;
179	}	184	}
@@ -181,38 +186,30 @@ PKCS7 PKCS12_pack_p7encdata (int pbe_nid, const char pass, int passlen,
181	return p7;	186	return p7;
182	}	187	}
183		188
184	X509_SIG PKCS8_encrypt(int pbe_nid, const EVP_CIPHER cipher,	189	STACK_OF(PKCS12_SAFEBAG) PKCS12_unpack_p7encdata(PKCS7 p7, const char *pass, int passlen)
185	const char *pass, int passlen,
186	unsigned char *salt, int saltlen, int iter,
187	PKCS8_PRIV_KEY_INFO *p8inf)
188	{	190	{
189	X509_SIG *p8;	191	if(!PKCS7_type_is_encrypted(p7)) return NULL;
190	X509_ALGOR *pbe;	192	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
191		193	ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
192	if (!(p8 = X509_SIG_new())) {	194	pass, passlen,
193	PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);	195	p7->d.encrypted->enc_data->enc_data, 1);
194	goto err;	196	}
195	}
196		197
197	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);	198	PKCS8_PRIV_KEY_INFO PKCS12_decrypt_skey(PKCS12_SAFEBAG bag, const char *pass,
198	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);	199	int passlen)
199	if(!pbe) {	200	{
200	PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);	201	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
201	goto err;	202	}
202	}
203	X509_ALGOR_free(p8->algor);
204	p8->algor = pbe;
205	M_ASN1_OCTET_STRING_free(p8->digest);
206	if (!(p8->digest =
207	PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
208	(char *)p8inf, 0))) {
209	PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
210	goto err;
211	}
212		203
213	return p8;	204	int PKCS12_pack_authsafes(PKCS12 p12, STACK_OF(PKCS7) safes)
		205	{
		206	if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
		207	&p12->authsafes->d.data))
		208	return 1;
		209	return 0;
		210	}
214		211
215	err:	212	STACK_OF(PKCS7) PKCS12_unpack_authsafes(PKCS12 p12)
216	X509_SIG_free(p8);	213	{
217	return NULL;	214	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
218	}	215	}