1 files changed, 356 insertions, 0 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
new file mode 100644
index 0000000000..9748256b6f
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -0,0 +1,356 @@
+/* p12_crt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
+static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
+        {
+        int idx;
+        X509_ATTRIBUTE *attr;
+        idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
+        if (idx < 0)
+                return 1;
+        attr = EVP_PKEY_get_attr(pkey, idx);
+        if (!X509at_add1_attr(&bag->attrib, attr))
+                return 0;
+        return 1;
+        }
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+             STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
+             int keytype)
+{
+        PKCS12 *p12 = NULL;
+        STACK_OF(PKCS7) *safes = NULL;
+        STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+        PKCS12_SAFEBAG *bag = NULL;
+        int i;
+        unsigned char keyid[EVP_MAX_MD_SIZE];
+        unsigned int keyidlen = 0;
+        /* Set defaults */
+        if (!nid_cert)
+                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+        if (!nid_key)
+                nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+        if (!iter)
+                iter = PKCS12_DEFAULT_ITER;
+        if (!mac_iter)
+                mac_iter = 1;
+        if(!pkey && !cert && !ca)
+                {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
+                return NULL;
+                }
+        if (pkey && cert)
+                {
+                if(!X509_check_private_key(cert, pkey))
+                        return NULL;
+                X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+                }
+        if (cert)
+                {
+                bag = PKCS12_add_cert(&bags, cert);
+                if(name && !PKCS12_add_friendlyname(bag, name, -1))
+                        goto err;
+                if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+                        goto err;
+                }
+        /* Add all other certificates */
+        for(i = 0; i < sk_X509_num(ca); i++)
+                {
+                if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+                        goto err;
+                }
+        if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+                        goto err;
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+        if (pkey)
+                {
+                bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+                if (!bag)
+                        goto err;
+                if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
+                        goto err;
+                if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
+                        goto err;
+                if(name && !PKCS12_add_friendlyname(bag, name, -1))
+                        goto err;
+                if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+                        goto err;
+                }
+        if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+                        goto err;
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+        p12 = PKCS12_add_safes(safes, 0);
+        sk_PKCS7_pop_free(safes, PKCS7_free);
+        safes = NULL;
+        if ((mac_iter != -1) &&
+                !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
+            goto err;
+        return p12;
+        err:
+        if (p12)
+                PKCS12_free(p12);
+        if (safes)
+                sk_PKCS7_pop_free(safes, PKCS7_free);
+        if (bags)
+                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        return NULL;
+}
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+        {
+        PKCS12_SAFEBAG *bag = NULL;
+        char *name;
+        int namelen = -1;
+        unsigned char *keyid;
+        int keyidlen = -1;
+        /* Add user certificate */
+        if(!(bag = PKCS12_x5092certbag(cert)))
+                goto err;
+        /* Use friendlyName and localKeyID in certificate.
+         * (if present)
+         */
+        name = (char *)X509_alias_get0(cert, &namelen);
+        if(name && !PKCS12_add_friendlyname(bag, name, namelen))
+                goto err;
+        keyid = X509_keyid_get0(cert, &keyidlen);
+        if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+                goto err;
+        if (!pkcs12_add_bag(pbags, bag))
+                goto err;
+        return bag;
+        err:
+        if (bag)
+                PKCS12_SAFEBAG_free(bag);
+        return NULL;
+        }
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
+                                                int key_usage, int iter,
+                                                int nid_key, char *pass)
+        {
+        PKCS12_SAFEBAG *bag = NULL;
+        PKCS8_PRIV_KEY_INFO *p8 = NULL;
+        /* Make a PKCS#8 structure */
+        if(!(p8 = EVP_PKEY2PKCS8(key)))
+                goto err;
+        if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
+                goto err;
+        if (nid_key != -1)
+                {
+                bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
+                PKCS8_PRIV_KEY_INFO_free(p8);
+                }
+        else
+                bag = PKCS12_MAKE_KEYBAG(p8);
+        if(!bag)
+                goto err;
+        if (!pkcs12_add_bag(pbags, bag))
+                goto err;
+        return bag;
+        err:
+        if (bag)
+                PKCS12_SAFEBAG_free(bag);
+        return NULL;
+        }
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+                                                int nid_safe, int iter, char *pass)
+        {
+        PKCS7 *p7 = NULL;
+        int free_safes = 0;
+        if (!*psafes)
+                {
+                *psafes = sk_PKCS7_new_null();
+                if (!*psafes)
+                        return 0;
+                free_safes = 1;
+                }
+        else
+                free_safes = 0;
+        if (nid_safe == 0)
+                nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+        if (nid_safe == -1)
+                p7 = PKCS12_pack_p7data(bags);
+        else
+                p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
+                                          iter, bags);
+        if (!p7)
+                goto err;
+        if (!sk_PKCS7_push(*psafes, p7))
+                goto err;
+        return 1;
+        err:
+        if (free_safes)
+                {
+                sk_PKCS7_free(*psafes);
+                *psafes = NULL;
+                }
+        if (p7)
+                PKCS7_free(p7);
+        return 0;
+        }
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
+        {
+        int free_bags;
+        if (!pbags)
+                return 1;
+        if (!*pbags)
+                {
+                *pbags = sk_PKCS12_SAFEBAG_new_null();
+                if (!*pbags)
+                        return 0;
+                free_bags = 1;
+                }
+        else 
+                free_bags = 0;
+        if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
+                {
+                if (free_bags)
+                        {
+                        sk_PKCS12_SAFEBAG_free(*pbags);
+                        *pbags = NULL;
+                        }
+                return 0;
+                }
+        return 1;
+        }
+                
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
+        {
+        PKCS12 *p12;
+        if (nid_p7 <= 0)
+                nid_p7 = NID_pkcs7_data;
+        p12 = PKCS12_init(nid_p7);
+        if (!p12)
+                return NULL;
+        if(!PKCS12_pack_authsafes(p12, safes))
+                {
+                PKCS12_free(p12);
+                return NULL;
+                }
+        return p12;
+        }

diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c new file mode 100644 index 0000000000..9748256b6f --- /dev/null +++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -0,0 +1,356 @@
	1	/* p12_crt.c */
	2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
	3	* project.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
	59	#include <stdio.h>
	60	#include "cryptlib.h"
	61	#include <openssl/pkcs12.h>
	62
	63
	64	static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) *pbags, PKCS12_SAFEBAG bag);
	65
	66	static int copy_bag_attr(PKCS12_SAFEBAG bag, EVP_PKEY pkey, int nid)
	67	{
	68	int idx;
	69	X509_ATTRIBUTE *attr;
	70	idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
	71	if (idx < 0)
	72	return 1;
	73	attr = EVP_PKEY_get_attr(pkey, idx);
	74	if (!X509at_add1_attr(&bag->attrib, attr))
	75	return 0;
	76	return 1;
	77	}
	78
	79	PKCS12 PKCS12_create(char pass, char name, EVP_PKEY pkey, X509 *cert,
	80	STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
	81	int keytype)
	82	{
	83	PKCS12 *p12 = NULL;
	84	STACK_OF(PKCS7) *safes = NULL;
	85	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
	86	PKCS12_SAFEBAG *bag = NULL;
	87	int i;
	88	unsigned char keyid[EVP_MAX_MD_SIZE];
	89	unsigned int keyidlen = 0;
	90
	91	/* Set defaults */
	92	if (!nid_cert)
	93	nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
	94	if (!nid_key)
	95	nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
	96	if (!iter)
	97	iter = PKCS12_DEFAULT_ITER;
	98	if (!mac_iter)
	99	mac_iter = 1;
	100
	101	if(!pkey && !cert && !ca)
	102	{
	103	PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
	104	return NULL;
	105	}
	106
	107	if (pkey && cert)
	108	{
	109	if(!X509_check_private_key(cert, pkey))
	110	return NULL;
	111	X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
	112	}
	113
	114	if (cert)
	115	{
	116	bag = PKCS12_add_cert(&bags, cert);
	117	if(name && !PKCS12_add_friendlyname(bag, name, -1))
	118	goto err;
	119	if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
	120	goto err;
	121	}
	122
	123	/* Add all other certificates */
	124	for(i = 0; i < sk_X509_num(ca); i++)
	125	{
	126	if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
	127	goto err;
	128	}
	129
	130	if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
	131	goto err;
	132
	133	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
	134	bags = NULL;
	135
	136	if (pkey)
	137	{
	138	bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
	139
	140	if (!bag)
	141	goto err;
	142
	143	if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
	144	goto err;
	145	if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
	146	goto err;
	147
	148	if(name && !PKCS12_add_friendlyname(bag, name, -1))
	149	goto err;
	150	if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
	151	goto err;
	152	}
	153
	154	if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
	155	goto err;
	156
	157	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
	158	bags = NULL;
	159
	160	p12 = PKCS12_add_safes(safes, 0);
	161
	162	sk_PKCS7_pop_free(safes, PKCS7_free);
	163
	164	safes = NULL;
	165
	166	if ((mac_iter != -1) &&
	167	!PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
	168	goto err;
	169
	170	return p12;
	171
	172	err:
	173
	174	if (p12)
	175	PKCS12_free(p12);
	176	if (safes)
	177	sk_PKCS7_pop_free(safes, PKCS7_free);
	178	if (bags)
	179	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
	180	return NULL;
	181
	182	}
	183
	184	PKCS12_SAFEBAG PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) pbags, X509 cert)
	185	{
	186	PKCS12_SAFEBAG *bag = NULL;
	187	char *name;
	188	int namelen = -1;
	189	unsigned char *keyid;
	190	int keyidlen = -1;
	191
	192	/* Add user certificate */
	193	if(!(bag = PKCS12_x5092certbag(cert)))
	194	goto err;
	195
	196	/* Use friendlyName and localKeyID in certificate.
	197	* (if present)
	198	*/
	199
	200	name = (char *)X509_alias_get0(cert, &namelen);
	201
	202	if(name && !PKCS12_add_friendlyname(bag, name, namelen))
	203	goto err;
	204
	205	keyid = X509_keyid_get0(cert, &keyidlen);
	206
	207	if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
	208	goto err;
	209
	210	if (!pkcs12_add_bag(pbags, bag))
	211	goto err;
	212
	213	return bag;
	214
	215	err:
	216
	217	if (bag)
	218	PKCS12_SAFEBAG_free(bag);
	219
	220	return NULL;
	221
	222	}
	223
	224	PKCS12_SAFEBAG PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) pbags, EVP_PKEY key,
	225	int key_usage, int iter,
	226	int nid_key, char *pass)
	227	{
	228
	229	PKCS12_SAFEBAG *bag = NULL;
	230	PKCS8_PRIV_KEY_INFO *p8 = NULL;
	231
	232	/* Make a PKCS#8 structure */
	233	if(!(p8 = EVP_PKEY2PKCS8(key)))
	234	goto err;
	235	if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
	236	goto err;
	237	if (nid_key != -1)
	238	{
	239	bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
	240	PKCS8_PRIV_KEY_INFO_free(p8);
	241	}
	242	else
	243	bag = PKCS12_MAKE_KEYBAG(p8);
	244
	245	if(!bag)
	246	goto err;
	247
	248	if (!pkcs12_add_bag(pbags, bag))
	249	goto err;
	250
	251	return bag;
	252
	253	err:
	254
	255	if (bag)
	256	PKCS12_SAFEBAG_free(bag);
	257
	258	return NULL;
	259
	260	}
	261
	262	int PKCS12_add_safe(STACK_OF(PKCS7) *psafes, STACK_OF(PKCS12_SAFEBAG) bags,
	263	int nid_safe, int iter, char *pass)
	264	{
	265	PKCS7 *p7 = NULL;
	266	int free_safes = 0;
	267
	268	if (!*psafes)
	269	{
	270	*psafes = sk_PKCS7_new_null();
	271	if (!*psafes)
	272	return 0;
	273	free_safes = 1;
	274	}
	275	else
	276	free_safes = 0;
	277
	278	if (nid_safe == 0)
	279	nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
	280
	281	if (nid_safe == -1)
	282	p7 = PKCS12_pack_p7data(bags);
	283	else
	284	p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
	285	iter, bags);
	286	if (!p7)
	287	goto err;
	288
	289	if (!sk_PKCS7_push(*psafes, p7))
	290	goto err;
	291
	292	return 1;
	293
	294	err:
	295	if (free_safes)
	296	{
	297	sk_PKCS7_free(*psafes);
	298	*psafes = NULL;
	299	}
	300
	301	if (p7)
	302	PKCS7_free(p7);
	303
	304	return 0;
	305
	306	}
	307
	308	static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) *pbags, PKCS12_SAFEBAG bag)
	309	{
	310	int free_bags;
	311	if (!pbags)
	312	return 1;
	313	if (!*pbags)
	314	{
	315	*pbags = sk_PKCS12_SAFEBAG_new_null();
	316	if (!*pbags)
	317	return 0;
	318	free_bags = 1;
	319	}
	320	else
	321	free_bags = 0;
	322
	323	if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
	324	{
	325	if (free_bags)
	326	{
	327	sk_PKCS12_SAFEBAG_free(*pbags);
	328	*pbags = NULL;
	329	}
	330	return 0;
	331	}
	332
	333	return 1;
	334
	335	}
	336
	337
	338	PKCS12 PKCS12_add_safes(STACK_OF(PKCS7) safes, int nid_p7)
	339	{
	340	PKCS12 *p12;
	341	if (nid_p7 <= 0)
	342	nid_p7 = NID_pkcs7_data;
	343	p12 = PKCS12_init(nid_p7);
	344
	345	if (!p12)
	346	return NULL;
	347
	348	if(!PKCS12_pack_authsafes(p12, safes))
	349	{
	350	PKCS12_free(p12);
	351	return NULL;
	352	}
	353
	354	return p12;
	355
	356	}