summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12/p12_crt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12/p12_crt.c')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c37
1 files changed, 21 insertions, 16 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index 56d88b0759..4c36c643ce 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -61,11 +61,12 @@
61#include <openssl/pkcs12.h> 61#include <openssl/pkcs12.h>
62 62
63PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 63PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
64 STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter, 64 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
65 int keytype) 65 int keytype)
66{ 66{
67 PKCS12 *p12; 67 PKCS12 *p12;
68 STACK *bags, *safes; 68 STACK_OF(PKCS12_SAFEBAG) *bags;
69 STACK_OF(PKCS7) *safes;
69 PKCS12_SAFEBAG *bag; 70 PKCS12_SAFEBAG *bag;
70 PKCS8_PRIV_KEY_INFO *p8; 71 PKCS8_PRIV_KEY_INFO *p8;
71 PKCS7 *authsafe; 72 PKCS7 *authsafe;
@@ -85,28 +86,30 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
85 return NULL; 86 return NULL;
86 } 87 }
87 88
88 if(!(bags = sk_new (NULL))) { 89 if(!X509_check_private_key(cert, pkey)) return NULL;
90
91 if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
89 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 92 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
90 return NULL; 93 return NULL;
91 } 94 }
92 95
93 /* Add user certificate */ 96 /* Add user certificate */
94 if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL; 97 if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
95 if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL; 98 if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
96 X509_digest(cert, EVP_sha1(), keyid, &keyidlen); 99 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
97 if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; 100 if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
98 101
99 if(!sk_push(bags, (char *)bag)) { 102 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
100 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 103 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
101 return NULL; 104 return NULL;
102 } 105 }
103 106
104 /* Add all other certificates */ 107 /* Add all other certificates */
105 if(ca) { 108 if(ca) {
106 for(i = 0; i < sk_num(ca); i++) { 109 for(i = 0; i < sk_X509_num(ca); i++) {
107 tcert = (X509 *)sk_value(ca, i); 110 tcert = sk_X509_value(ca, i);
108 if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL; 111 if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
109 if(!sk_push(bags, (char *)bag)) { 112 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
110 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 113 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
111 return NULL; 114 return NULL;
112 } 115 }
@@ -116,11 +119,12 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
116 /* Turn certbags into encrypted authsafe */ 119 /* Turn certbags into encrypted authsafe */
117 authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, 120 authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
118 iter, bags); 121 iter, bags);
119 sk_pop_free(bags, PKCS12_SAFEBAG_free); 122 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
120 123
121 if (!authsafe) return NULL; 124 if (!authsafe) return NULL;
122 125
123 if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) { 126 if(!(safes = sk_PKCS7_new_null ())
127 || !sk_PKCS7_push(safes, authsafe)) {
124 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 128 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
125 return NULL; 129 return NULL;
126 } 130 }
@@ -133,23 +137,24 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
133 PKCS8_PRIV_KEY_INFO_free(p8); 137 PKCS8_PRIV_KEY_INFO_free(p8);
134 if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; 138 if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
135 if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; 139 if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
136 if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) { 140 if(!(bags = sk_PKCS12_SAFEBAG_new_null())
141 || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
137 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 142 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
138 return NULL; 143 return NULL;
139 } 144 }
140 /* Turn it into unencrypted safe bag */ 145 /* Turn it into unencrypted safe bag */
141 if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; 146 if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
142 sk_pop_free(bags, PKCS12_SAFEBAG_free); 147 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
143 if(!sk_push(safes, (char *)authsafe)) { 148 if(!sk_PKCS7_push(safes, authsafe)) {
144 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 149 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
145 return NULL; 150 return NULL;
146 } 151 }
147 152
148 if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL; 153 if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
149 154
150 if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL; 155 if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
151 156
152 sk_pop_free(safes, PKCS7_free); 157 sk_PKCS7_pop_free(safes, PKCS7_free);
153 158
154 if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL)) 159 if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
155 return NULL; 160 return NULL;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-19 17:11:40 +0000