summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c97
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c155
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c10
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c37
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c77
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c12
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c96
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c175
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c35
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c47
-rw-r--r--src/lib/libcrypto/pkcs12/p12_utl.c58
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c9
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h153
13 files changed, 476 insertions, 485 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index ae3d9de3b4..1909f28506 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -62,21 +62,21 @@
62 62
63/* Pack an object into an OCTET STRING and turn into a safebag */ 63/* Pack an object into an OCTET STRING and turn into a safebag */
64 64
65PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1, 65PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
66 int nid2) 66 int nid2)
67{ 67{
68 PKCS12_BAGS *bag; 68 PKCS12_BAGS *bag;
69 PKCS12_SAFEBAG *safebag; 69 PKCS12_SAFEBAG *safebag;
70 if (!(bag = PKCS12_BAGS_new ())) { 70 if (!(bag = PKCS12_BAGS_new())) {
71 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 71 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
72 return NULL; 72 return NULL;
73 } 73 }
74 bag->type = OBJ_nid2obj(nid1); 74 bag->type = OBJ_nid2obj(nid1);
75 if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) { 75 if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
76 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 76 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
77 return NULL; 77 return NULL;
78 } 78 }
79 if (!(safebag = PKCS12_SAFEBAG_new ())) { 79 if (!(safebag = PKCS12_SAFEBAG_new())) {
80 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 80 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
81 return NULL; 81 return NULL;
82 } 82 }
@@ -87,7 +87,7 @@ PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
87 87
88/* Turn PKCS8 object into a keybag */ 88/* Turn PKCS8 object into a keybag */
89 89
90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8) 90PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
91{ 91{
92 PKCS12_SAFEBAG *bag; 92 PKCS12_SAFEBAG *bag;
93 if (!(bag = PKCS12_SAFEBAG_new())) { 93 if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -101,14 +101,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
101 101
102/* Turn PKCS8 object into a shrouded keybag */ 102/* Turn PKCS8 object into a shrouded keybag */
103 103
104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass, 104PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
105 int passlen, unsigned char *salt, int saltlen, int iter, 105 int passlen, unsigned char *salt, int saltlen, int iter,
106 PKCS8_PRIV_KEY_INFO *p8) 106 PKCS8_PRIV_KEY_INFO *p8)
107{ 107{
108 PKCS12_SAFEBAG *bag; 108 PKCS12_SAFEBAG *bag;
109 109
110 /* Set up the safe bag */ 110 /* Set up the safe bag */
111 if (!(bag = PKCS12_SAFEBAG_new ())) { 111 if (!(bag = PKCS12_SAFEBAG_new())) {
112 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); 112 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
113 return NULL; 113 return NULL;
114 } 114 }
@@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
125} 125}
126 126
127/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ 127/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
128PKCS7 *PKCS12_pack_p7data (STACK *sk) 128PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
129{ 129{
130 PKCS7 *p7; 130 PKCS7 *p7;
131 if (!(p7 = PKCS7_new())) { 131 if (!(p7 = PKCS7_new())) {
@@ -133,23 +133,30 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
133 return NULL; 133 return NULL;
134 } 134 }
135 p7->type = OBJ_nid2obj(NID_pkcs7_data); 135 p7->type = OBJ_nid2obj(NID_pkcs7_data);
136 if (!(p7->d.data = ASN1_OCTET_STRING_new())) { 136 if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); 137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
138 return NULL; 138 return NULL;
139 } 139 }
140 140
141 if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data, 141 if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
142 &p7->d.data->length)) {
143 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); 142 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
144 return NULL; 143 return NULL;
145 } 144 }
146 return p7; 145 return p7;
147} 146}
148 147
148/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
149STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
150{
151 if(!PKCS7_type_is_data(p7)) return NULL;
152 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
153}
154
149/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ 155/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
150 156
151PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen, 157PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
152 unsigned char *salt, int saltlen, int iter, STACK *bags) 158 unsigned char *salt, int saltlen, int iter,
159 STACK_OF(PKCS12_SAFEBAG) *bags)
153{ 160{
154 PKCS7 *p7; 161 PKCS7 *p7;
155 X509_ALGOR *pbe; 162 X509_ALGOR *pbe;
@@ -157,23 +164,21 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
157 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 164 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
158 return NULL; 165 return NULL;
159 } 166 }
160 p7->type = OBJ_nid2obj(NID_pkcs7_encrypted); 167 if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
161 if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) { 168 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
162 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 169 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
163 return NULL; 170 return NULL;
164 } 171 }
165 ASN1_INTEGER_set (p7->d.encrypted->version, 0); 172 if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
166 p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
167 if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
168 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 173 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
169 return NULL; 174 return NULL;
170 } 175 }
171 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); 176 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
172 p7->d.encrypted->enc_data->algorithm = pbe; 177 p7->d.encrypted->enc_data->algorithm = pbe;
173 ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); 178 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
174 if (!(p7->d.encrypted->enc_data->enc_data = 179 if (!(p7->d.encrypted->enc_data->enc_data =
175 PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen, 180 PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
176 (char *)bags, 1))) { 181 bags, 1))) {
177 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); 182 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
178 return NULL; 183 return NULL;
179 } 184 }
@@ -181,34 +186,30 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
181 return p7; 186 return p7;
182} 187}
183 188
184X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 189STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
185 const char *pass, int passlen,
186 unsigned char *salt, int saltlen, int iter,
187 PKCS8_PRIV_KEY_INFO *p8inf)
188{ 190{
189 X509_SIG *p8; 191 if(!PKCS7_type_is_encrypted(p7)) return NULL;
190 X509_ALGOR *pbe; 192 return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
193 ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
194 pass, passlen,
195 p7->d.encrypted->enc_data->enc_data, 1);
196}
191 197
192 if (!(p8 = X509_SIG_new())) { 198PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
193 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); 199 int passlen)
194 return NULL; 200{
195 } 201 return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
202}
196 203
197 if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); 204int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
198 else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); 205{
199 if(!pbe) { 206 if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
200 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); 207 &p12->authsafes->d.data))
201 return NULL; 208 return 1;
202 } 209 return 0;
203 X509_ALGOR_free(p8->algor); 210}
204 p8->algor = pbe;
205 ASN1_OCTET_STRING_free(p8->digest);
206 if (!(p8->digest =
207 PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
208 (char *)p8inf, 0))) {
209 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
210 return NULL;
211 }
212 211
213 return p8; 212STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
213{
214 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
214} 215}
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
index 31c9782b77..026cf3826a 100644
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ b/src/lib/libcrypto/pkcs12/p12_attr.c
@@ -62,156 +62,63 @@
62 62
63/* Add a local keyid to a safebag */ 63/* Add a local keyid to a safebag */
64 64
65int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name, 65int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
66 int namelen) 66 int namelen)
67{ 67{
68 X509_ATTRIBUTE *attrib; 68 if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
69 ASN1_BMPSTRING *oct; 69 V_ASN1_OCTET_STRING, name, namelen))
70 ASN1_TYPE *keyid; 70 return 1;
71 if (!(keyid = ASN1_TYPE_new ())) { 71 else
72 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
73 return 0;
74 }
75 keyid->type = V_ASN1_OCTET_STRING;
76 if (!(oct = ASN1_OCTET_STRING_new())) {
77 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
78 return 0;
79 }
80 if (!ASN1_OCTET_STRING_set(oct, name, namelen)) {
81 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
82 return 0;
83 }
84 keyid->value.octet_string = oct;
85 if (!(attrib = X509_ATTRIBUTE_new ())) {
86 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
87 return 0;
88 }
89 attrib->object = OBJ_nid2obj(NID_localKeyID);
90 if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
91 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
92 return 0;
93 }
94 sk_ASN1_TYPE_push (attrib->value.set,keyid);
95 attrib->set = 1;
96 if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
97 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
98 return 0; 72 return 0;
99 }
100 sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
101 return 1;
102} 73}
103 74
104/* Add key usage to PKCS#8 structure */ 75/* Add key usage to PKCS#8 structure */
105 76
106int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage) 77int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
107{ 78{
108 X509_ATTRIBUTE *attrib;
109 ASN1_BIT_STRING *bstr;
110 ASN1_TYPE *keyid;
111 unsigned char us_val; 79 unsigned char us_val;
112 us_val = (unsigned char) usage; 80 us_val = (unsigned char) usage;
113 if (!(keyid = ASN1_TYPE_new ())) { 81 if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
114 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE); 82 V_ASN1_BIT_STRING, &us_val, 1))
115 return 0; 83 return 1;
116 } 84 else
117 keyid->type = V_ASN1_BIT_STRING;
118 if (!(bstr = ASN1_BIT_STRING_new())) {
119 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
120 return 0;
121 }
122 if (!ASN1_BIT_STRING_set(bstr, &us_val, 1)) {
123 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
124 return 0;
125 }
126 keyid->value.bit_string = bstr;
127 if (!(attrib = X509_ATTRIBUTE_new ())) {
128 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
129 return 0;
130 }
131 attrib->object = OBJ_nid2obj(NID_key_usage);
132 if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
133 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
134 return 0; 85 return 0;
135 }
136 sk_ASN1_TYPE_push (attrib->value.set,keyid);
137 attrib->set = 1;
138 if (!p8->attributes
139 && !(p8->attributes = sk_X509_ATTRIBUTE_new (NULL))) {
140 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
141 return 0;
142 }
143 sk_X509_ATTRIBUTE_push (p8->attributes, attrib);
144 return 1;
145} 86}
146 87
147/* Add a friendlyname to a safebag */ 88/* Add a friendlyname to a safebag */
148 89
149int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name, 90int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
150 int namelen) 91 int namelen)
151{ 92{
152 unsigned char *uniname; 93 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
153 int ret, unilen; 94 MBSTRING_ASC, (unsigned char *)name, namelen))
154 if (!asc2uni(name, &uniname, &unilen)) { 95 return 1;
155 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC, 96 else
156 ERR_R_MALLOC_FAILURE);
157 return 0; 97 return 0;
158 }
159 ret = PKCS12_add_friendlyname_uni (bag, uniname, unilen);
160 Free(uniname);
161 return ret;
162} 98}
163
164 99
165int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag, 100
101int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
166 const unsigned char *name, int namelen) 102 const unsigned char *name, int namelen)
167{ 103{
168 X509_ATTRIBUTE *attrib; 104 if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
169 ASN1_BMPSTRING *bmp; 105 MBSTRING_BMP, name, namelen))
170 ASN1_TYPE *fname; 106 return 1;
171 /* Zap ending double null if included */ 107 else
172 if(!name[namelen - 1] && !name[namelen - 2]) namelen -= 2;
173 if (!(fname = ASN1_TYPE_new ())) {
174 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
175 ERR_R_MALLOC_FAILURE);
176 return 0;
177 }
178 fname->type = V_ASN1_BMPSTRING;
179 if (!(bmp = ASN1_BMPSTRING_new())) {
180 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
181 ERR_R_MALLOC_FAILURE);
182 return 0;
183 }
184 if (!(bmp->data = Malloc (namelen))) {
185 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
186 ERR_R_MALLOC_FAILURE);
187 return 0; 108 return 0;
188 } 109}
189 memcpy (bmp->data, name, namelen); 110
190 bmp->length = namelen; 111int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
191 fname->value.bmpstring = bmp; 112 int namelen)
192 if (!(attrib = X509_ATTRIBUTE_new ())) { 113{
193 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI, 114 if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
194 ERR_R_MALLOC_FAILURE); 115 MBSTRING_ASC, (unsigned char *)name, namelen))
195 return 0; 116 return 1;
196 } 117 else
197 attrib->object = OBJ_nid2obj(NID_friendlyName);
198 if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
199 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME,
200 ERR_R_MALLOC_FAILURE);
201 return 0;
202 }
203 sk_ASN1_TYPE_push (attrib->value.set,fname);
204 attrib->set = 1;
205 if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
206 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
207 ERR_R_MALLOC_FAILURE);
208 return 0; 118 return 0;
209 }
210 sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
211 return PKCS12_OK;
212} 119}
213 120
214ASN1_TYPE *PKCS12_get_attr_gen (STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) 121ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
215{ 122{
216 X509_ATTRIBUTE *attrib; 123 X509_ATTRIBUTE *attrib;
217 int i; 124 int i;
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index 6de6f8128f..97be6a5fb5 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -64,17 +64,19 @@
64 64
65void PKCS12_PBE_add(void) 65void PKCS12_PBE_add(void)
66{ 66{
67#ifndef NO_RC4 67#ifndef OPENSSL_NO_RC4
68EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), 68EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
69 PKCS12_PBE_keyivgen); 69 PKCS12_PBE_keyivgen);
70EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), 70EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
71 PKCS12_PBE_keyivgen); 71 PKCS12_PBE_keyivgen);
72#endif 72#endif
73#ifndef OPENSSL_NO_DES
73EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 74EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
74 EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); 75 EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
75EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 76EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
76 EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); 77 EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
77#ifndef NO_RC2 78#endif
79#ifndef OPENSSL_NO_RC2
78EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), 80EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
79 EVP_sha1(), PKCS12_PBE_keyivgen); 81 EVP_sha1(), PKCS12_PBE_keyivgen);
80EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), 82EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
@@ -83,7 +85,7 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
83} 85}
84 86
85int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 87int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
86 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de) 88 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
87{ 89{
88 PBEPARAM *pbe; 90 PBEPARAM *pbe;
89 int saltlen, iter; 91 int saltlen, iter;
@@ -115,7 +117,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
115 return 0; 117 return 0;
116 } 118 }
117 PBEPARAM_free(pbe); 119 PBEPARAM_free(pbe);
118 EVP_CipherInit(ctx, cipher, key, iv, en_de); 120 EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
119 memset(key, 0, EVP_MAX_KEY_LENGTH); 121 memset(key, 0, EVP_MAX_KEY_LENGTH);
120 memset(iv, 0, EVP_MAX_IV_LENGTH); 122 memset(iv, 0, EVP_MAX_IV_LENGTH);
121 return 1; 123 return 1;
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index 56d88b0759..4c36c643ce 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -61,11 +61,12 @@
61#include <openssl/pkcs12.h> 61#include <openssl/pkcs12.h>
62 62
63PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 63PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
64 STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter, 64 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
65 int keytype) 65 int keytype)
66{ 66{
67 PKCS12 *p12; 67 PKCS12 *p12;
68 STACK *bags, *safes; 68 STACK_OF(PKCS12_SAFEBAG) *bags;
69 STACK_OF(PKCS7) *safes;
69 PKCS12_SAFEBAG *bag; 70 PKCS12_SAFEBAG *bag;
70 PKCS8_PRIV_KEY_INFO *p8; 71 PKCS8_PRIV_KEY_INFO *p8;
71 PKCS7 *authsafe; 72 PKCS7 *authsafe;
@@ -85,28 +86,30 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
85 return NULL; 86 return NULL;
86 } 87 }
87 88
88 if(!(bags = sk_new (NULL))) { 89 if(!X509_check_private_key(cert, pkey)) return NULL;
90
91 if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
89 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 92 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
90 return NULL; 93 return NULL;
91 } 94 }
92 95
93 /* Add user certificate */ 96 /* Add user certificate */
94 if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL; 97 if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
95 if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL; 98 if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
96 X509_digest(cert, EVP_sha1(), keyid, &keyidlen); 99 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
97 if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; 100 if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
98 101
99 if(!sk_push(bags, (char *)bag)) { 102 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
100 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 103 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
101 return NULL; 104 return NULL;
102 } 105 }
103 106
104 /* Add all other certificates */ 107 /* Add all other certificates */
105 if(ca) { 108 if(ca) {
106 for(i = 0; i < sk_num(ca); i++) { 109 for(i = 0; i < sk_X509_num(ca); i++) {
107 tcert = (X509 *)sk_value(ca, i); 110 tcert = sk_X509_value(ca, i);
108 if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL; 111 if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
109 if(!sk_push(bags, (char *)bag)) { 112 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
110 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 113 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
111 return NULL; 114 return NULL;
112 } 115 }
@@ -116,11 +119,12 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
116 /* Turn certbags into encrypted authsafe */ 119 /* Turn certbags into encrypted authsafe */
117 authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, 120 authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
118 iter, bags); 121 iter, bags);
119 sk_pop_free(bags, PKCS12_SAFEBAG_free); 122 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
120 123
121 if (!authsafe) return NULL; 124 if (!authsafe) return NULL;
122 125
123 if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) { 126 if(!(safes = sk_PKCS7_new_null ())
127 || !sk_PKCS7_push(safes, authsafe)) {
124 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 128 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
125 return NULL; 129 return NULL;
126 } 130 }
@@ -133,23 +137,24 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
133 PKCS8_PRIV_KEY_INFO_free(p8); 137 PKCS8_PRIV_KEY_INFO_free(p8);
134 if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; 138 if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
135 if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; 139 if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
136 if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) { 140 if(!(bags = sk_PKCS12_SAFEBAG_new_null())
141 || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
137 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 142 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
138 return NULL; 143 return NULL;
139 } 144 }
140 /* Turn it into unencrypted safe bag */ 145 /* Turn it into unencrypted safe bag */
141 if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; 146 if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
142 sk_pop_free(bags, PKCS12_SAFEBAG_free); 147 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
143 if(!sk_push(safes, (char *)authsafe)) { 148 if(!sk_PKCS7_push(safes, authsafe)) {
144 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 149 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
145 return NULL; 150 return NULL;
146 } 151 }
147 152
148 if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL; 153 if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
149 154
150 if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL; 155 if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
151 156
152 sk_pop_free(safes, PKCS7_free); 157 sk_PKCS7_pop_free(safes, PKCS7_free);
153 158
154 if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL)) 159 if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
155 return NULL; 160 return NULL;
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index d3d288e187..394af368f4 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -65,10 +65,10 @@
65 65
66 66
67/* Encrypt/Decrypt a buffer based on password and algor, result in a 67/* Encrypt/Decrypt a buffer based on password and algor, result in a
68 * Malloc'ed buffer 68 * OPENSSL_malloc'ed buffer
69 */ 69 */
70 70
71unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass, 71unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
72 int passlen, unsigned char *in, int inlen, unsigned char **data, 72 int passlen, unsigned char *in, int inlen, unsigned char **data,
73 int *datalen, int en_de) 73 int *datalen, int en_de)
74{ 74{
@@ -76,47 +76,48 @@ unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
76 int outlen, i; 76 int outlen, i;
77 EVP_CIPHER_CTX ctx; 77 EVP_CIPHER_CTX ctx;
78 78
79 EVP_CIPHER_CTX_init(&ctx);
79 /* Decrypt data */ 80 /* Decrypt data */
80 if (!EVP_PBE_CipherInit (algor->algorithm, pass, passlen, 81 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
81 algor->parameter, &ctx, en_de)) { 82 algor->parameter, &ctx, en_de)) {
82 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); 83 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
83 return NULL; 84 return NULL;
84 } 85 }
85 86
86 if(!(out = Malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { 87 if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
87 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE); 88 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
88 return NULL; 89 goto err;
89 } 90 }
90 91
91 EVP_CipherUpdate (&ctx, out, &i, in, inlen); 92 EVP_CipherUpdate(&ctx, out, &i, in, inlen);
92 outlen = i; 93 outlen = i;
93 if(!EVP_CipherFinal (&ctx, out + i, &i)) { 94 if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
94 Free (out); 95 OPENSSL_free(out);
96 out = NULL;
95 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR); 97 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
96 return NULL; 98 goto err;
97 } 99 }
98 outlen += i; 100 outlen += i;
99 if (datalen) *datalen = outlen; 101 if (datalen) *datalen = outlen;
100 if (data) *data = out; 102 if (data) *data = out;
103 err:
104 EVP_CIPHER_CTX_cleanup(&ctx);
101 return out; 105 return out;
102 106
103} 107}
104 108
105/* Decrypt an OCTET STRING and decode ASN1 structure 109/* Decrypt an OCTET STRING and decode ASN1 structure
106 * if seq & 1 'obj' is a stack of structures to be encoded 110 * if zbuf set zero buffer after use.
107 * if seq & 2 zero buffer after use
108 * as a sequence.
109 */ 111 */
110 112
111char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(), 113void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
112 void (*free_func)(), const char *pass, int passlen, 114 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
113 ASN1_OCTET_STRING *oct, int seq)
114{ 115{
115 unsigned char *out, *p; 116 unsigned char *out, *p;
116 char *ret; 117 void *ret;
117 int outlen; 118 int outlen;
118 119
119 if (!PKCS12_pbe_crypt (algor, pass, passlen, oct->data, oct->length, 120 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
120 &out, &outlen, 0)) { 121 &out, &outlen, 0)) {
121 PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); 122 PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
122 return NULL; 123 return NULL;
@@ -134,52 +135,42 @@ char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
134 fclose(op); 135 fclose(op);
135 } 136 }
136#endif 137#endif
137 if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i, 138 ret = ASN1_item_d2i(NULL, &p, outlen, it);
138 free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); 139 if (zbuf) memset(out, 0, outlen);
139 else ret = d2i(NULL, &p, outlen);
140 if (seq & 2) memset(out, 0, outlen);
141 if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); 140 if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
142 Free (out); 141 OPENSSL_free(out);
143 return ret; 142 return ret;
144} 143}
145 144
146/* Encode ASN1 structure and encrypt, return OCTET STRING 145/* Encode ASN1 structure and encrypt, return OCTET STRING
147 * if 'seq' is non-zero 'obj' is a stack of structures to be encoded 146 * if zbuf set zero encoding.
148 * as a sequence
149 */ 147 */
150 148
151ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(), 149ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
152 const char *pass, int passlen, 150 const char *pass, int passlen,
153 char *obj, int seq) 151 void *obj, int zbuf)
154{ 152{
155 ASN1_OCTET_STRING *oct; 153 ASN1_OCTET_STRING *oct;
156 unsigned char *in, *p; 154 unsigned char *in = NULL;
157 int inlen; 155 int inlen;
158 if (!(oct = ASN1_OCTET_STRING_new ())) { 156 if (!(oct = M_ASN1_OCTET_STRING_new ())) {
159 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); 157 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
160 return NULL; 158 return NULL;
161 } 159 }
162 if (seq) inlen = i2d_ASN1_SET((STACK *)obj, NULL, i2d, V_ASN1_SEQUENCE, 160 inlen = ASN1_item_i2d(obj, &in, it);
163 V_ASN1_UNIVERSAL, IS_SEQUENCE); 161 if (!in) {
164 else inlen = i2d (obj, NULL);
165 if (!inlen) {
166 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); 162 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
167 return NULL; 163 return NULL;
168 } 164 }
169 if (!(in = Malloc (inlen))) { 165 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
170 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
171 return NULL;
172 }
173 p = in;
174 if (seq) i2d_ASN1_SET((STACK *)obj, &p, i2d, V_ASN1_SEQUENCE,
175 V_ASN1_UNIVERSAL, IS_SEQUENCE);
176 else i2d (obj, &p);
177 if (!PKCS12_pbe_crypt (algor, pass, passlen, in, inlen, &oct->data,
178 &oct->length, 1)) { 166 &oct->length, 1)) {
179 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); 167 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
180 Free(in); 168 OPENSSL_free(in);
181 return NULL; 169 return NULL;
182 } 170 }
183 Free (in); 171 if (zbuf) memset(in, 0, inlen);
172 OPENSSL_free(in);
184 return oct; 173 return oct;
185} 174}
175
176IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
index dc6ab41db8..eb837a78cf 100644
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ b/src/lib/libcrypto/pkcs12/p12_init.c
@@ -69,20 +69,12 @@ PKCS12 *PKCS12_init (int mode)
69 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); 69 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
70 return NULL; 70 return NULL;
71 } 71 }
72 if (!(pkcs12->version = ASN1_INTEGER_new ())) { 72 ASN1_INTEGER_set(pkcs12->version, 3);
73 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
74 return NULL;
75 }
76 ASN1_INTEGER_set (pkcs12->version, 3);
77 if (!(pkcs12->authsafes = PKCS7_new())) {
78 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
79 return NULL;
80 }
81 pkcs12->authsafes->type = OBJ_nid2obj(mode); 73 pkcs12->authsafes->type = OBJ_nid2obj(mode);
82 switch (mode) { 74 switch (mode) {
83 case NID_pkcs7_data: 75 case NID_pkcs7_data:
84 if (!(pkcs12->authsafes->d.data = 76 if (!(pkcs12->authsafes->d.data =
85 ASN1_OCTET_STRING_new())) { 77 M_ASN1_OCTET_STRING_new())) {
86 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); 78 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
87 return NULL; 79 return NULL;
88 } 80 }
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 25d8cdae57..0d39ebde8c 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -64,7 +64,7 @@
64/* Uncomment out this line to get debugging info about key generation */ 64/* Uncomment out this line to get debugging info about key generation */
65/*#define DEBUG_KEYGEN*/ 65/*#define DEBUG_KEYGEN*/
66#ifdef DEBUG_KEYGEN 66#ifdef DEBUG_KEYGEN
67#include <bio.h> 67#include <openssl/bio.h>
68extern BIO *bio_err; 68extern BIO *bio_err;
69void h__dump (unsigned char *p, int len); 69void h__dump (unsigned char *p, int len);
70#endif 70#endif
@@ -74,53 +74,69 @@ void h__dump (unsigned char *p, int len);
74#define min(a,b) ((a) < (b) ? (a) : (b)) 74#define min(a,b) ((a) < (b) ? (a) : (b))
75#endif 75#endif
76 76
77int PKCS12_key_gen_asc (const char *pass, int passlen, unsigned char *salt, 77int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
78 int saltlen, int id, int iter, int n, unsigned char *out, 78 int saltlen, int id, int iter, int n, unsigned char *out,
79 const EVP_MD *md_type) 79 const EVP_MD *md_type)
80{ 80{
81 int ret; 81 int ret;
82 unsigned char *unipass; 82 unsigned char *unipass;
83 int uniplen; 83 int uniplen;
84 if (!asc2uni (pass, &unipass, &uniplen)) { 84 if(!pass) {
85 unipass = NULL;
86 uniplen = 0;
87 } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
85 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); 88 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
86 return 0; 89 return 0;
87 } 90 }
88 ret = PKCS12_key_gen_uni (unipass, uniplen, salt, saltlen, 91 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
89 id, iter, n, out, md_type); 92 id, iter, n, out, md_type);
90 memset(unipass, 0, uniplen); /* Clear password from memory */ 93 if(unipass) {
91 Free(unipass); 94 memset(unipass, 0, uniplen); /* Clear password from memory */
95 OPENSSL_free(unipass);
96 }
92 return ret; 97 return ret;
93} 98}
94 99
95int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt, 100int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
96 int saltlen, int id, int iter, int n, unsigned char *out, 101 int saltlen, int id, int iter, int n, unsigned char *out,
97 const EVP_MD *md_type) 102 const EVP_MD *md_type)
98{ 103{
99 unsigned char *B, *D, *I, *p, *Ai; 104 unsigned char *B, *D, *I, *p, *Ai;
100 int Slen, Plen, Ilen; 105 int Slen, Plen, Ilen, Ijlen;
101 int i, j, u, v; 106 int i, j, u, v;
102 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ 107 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
103 EVP_MD_CTX ctx; 108 EVP_MD_CTX ctx;
104#ifdef DEBUG_KEYGEN 109#ifdef DEBUG_KEYGEN
105 unsigned char *tmpout = out; 110 unsigned char *tmpout = out;
106 int tmpn = n; 111 int tmpn = n;
107 BIO_printf (bio_err, "KEYGEN DEBUG\n"); 112#endif
108 BIO_printf (bio_err, "ID %d, ITER %d\n", id, iter); 113
109 BIO_printf (bio_err, "Password (length %d):\n", passlen); 114#if 0
110 h__dump (pass, passlen); 115 if (!pass) {
111 BIO_printf (bio_err, "Salt (length %d):\n", saltlen); 116 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
112 h__dump (salt, saltlen); 117 return 0;
113 BIO_printf (bio_err, "ID %d, ITER %d\n\n", id, iter); 118 }
119#endif
120
121 EVP_MD_CTX_init(&ctx);
122#ifdef DEBUG_KEYGEN
123 fprintf(stderr, "KEYGEN DEBUG\n");
124 fprintf(stderr, "ID %d, ITER %d\n", id, iter);
125 fprintf(stderr, "Password (length %d):\n", passlen);
126 h__dump(pass, passlen);
127 fprintf(stderr, "Salt (length %d):\n", saltlen);
128 h__dump(salt, saltlen);
114#endif 129#endif
115 v = EVP_MD_block_size (md_type); 130 v = EVP_MD_block_size (md_type);
116 u = EVP_MD_size (md_type); 131 u = EVP_MD_size (md_type);
117 D = Malloc (v); 132 D = OPENSSL_malloc (v);
118 Ai = Malloc (u); 133 Ai = OPENSSL_malloc (u);
119 B = Malloc (v + 1); 134 B = OPENSSL_malloc (v + 1);
120 Slen = v * ((saltlen+v-1)/v); 135 Slen = v * ((saltlen+v-1)/v);
121 Plen = v * ((passlen+v-1)/v); 136 if(passlen) Plen = v * ((passlen+v-1)/v);
137 else Plen = 0;
122 Ilen = Slen + Plen; 138 Ilen = Slen + Plen;
123 I = Malloc (Ilen); 139 I = OPENSSL_malloc (Ilen);
124 Ij = BN_new(); 140 Ij = BN_new();
125 Bpl1 = BN_new(); 141 Bpl1 = BN_new();
126 if (!D || !Ai || !B || !I || !Ij || !Bpl1) { 142 if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
@@ -132,26 +148,27 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
132 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; 148 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
133 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; 149 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
134 for (;;) { 150 for (;;) {
135 EVP_DigestInit (&ctx, md_type); 151 EVP_DigestInit_ex(&ctx, md_type, NULL);
136 EVP_DigestUpdate (&ctx, D, v); 152 EVP_DigestUpdate(&ctx, D, v);
137 EVP_DigestUpdate (&ctx, I, Ilen); 153 EVP_DigestUpdate(&ctx, I, Ilen);
138 EVP_DigestFinal (&ctx, Ai, NULL); 154 EVP_DigestFinal_ex(&ctx, Ai, NULL);
139 for (j = 1; j < iter; j++) { 155 for (j = 1; j < iter; j++) {
140 EVP_DigestInit (&ctx, md_type); 156 EVP_DigestInit_ex(&ctx, md_type, NULL);
141 EVP_DigestUpdate (&ctx, Ai, u); 157 EVP_DigestUpdate(&ctx, Ai, u);
142 EVP_DigestFinal (&ctx, Ai, NULL); 158 EVP_DigestFinal_ex(&ctx, Ai, NULL);
143 } 159 }
144 memcpy (out, Ai, min (n, u)); 160 memcpy (out, Ai, min (n, u));
145 if (u >= n) { 161 if (u >= n) {
146 Free (Ai); 162 OPENSSL_free (Ai);
147 Free (B); 163 OPENSSL_free (B);
148 Free (D); 164 OPENSSL_free (D);
149 Free (I); 165 OPENSSL_free (I);
150 BN_free (Ij); 166 BN_free (Ij);
151 BN_free (Bpl1); 167 BN_free (Bpl1);
168 EVP_MD_CTX_cleanup(&ctx);
152#ifdef DEBUG_KEYGEN 169#ifdef DEBUG_KEYGEN
153 BIO_printf (bio_err, "Output KEY (length %d)\n", tmpn); 170 fprintf(stderr, "Output KEY (length %d)\n", tmpn);
154 h__dump (tmpout, tmpn); 171 h__dump(tmpout, tmpn);
155#endif 172#endif
156 return 1; 173 return 1;
157 } 174 }
@@ -165,10 +182,17 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
165 BN_bin2bn (I + j, v, Ij); 182 BN_bin2bn (I + j, v, Ij);
166 BN_add (Ij, Ij, Bpl1); 183 BN_add (Ij, Ij, Bpl1);
167 BN_bn2bin (Ij, B); 184 BN_bn2bin (Ij, B);
185 Ijlen = BN_num_bytes (Ij);
168 /* If more than 2^(v*8) - 1 cut off MSB */ 186 /* If more than 2^(v*8) - 1 cut off MSB */
169 if (BN_num_bytes (Ij) > v) { 187 if (Ijlen > v) {
170 BN_bn2bin (Ij, B); 188 BN_bn2bin (Ij, B);
171 memcpy (I + j, B + 1, v); 189 memcpy (I + j, B + 1, v);
190#ifndef PKCS12_BROKEN_KEYGEN
191 /* If less than v bytes pad with zeroes */
192 } else if (Ijlen < v) {
193 memset(I + j, 0, v - Ijlen);
194 BN_bn2bin(Ij, I + j + v - Ijlen);
195#endif
172 } else BN_bn2bin (Ij, I + j); 196 } else BN_bn2bin (Ij, I + j);
173 } 197 }
174 } 198 }
@@ -176,7 +200,7 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
176#ifdef DEBUG_KEYGEN 200#ifdef DEBUG_KEYGEN
177void h__dump (unsigned char *p, int len) 201void h__dump (unsigned char *p, int len)
178{ 202{
179 for (; len --; p++) BIO_printf (bio_err, "%02X", *p); 203 for (; len --; p++) fprintf(stderr, "%02X", *p);
180 BIO_printf (bio_err, "\n"); 204 fprintf(stderr, "\n");
181} 205}
182#endif 206#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index 767e1303da..885087ad00 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -62,9 +62,18 @@
62 62
63/* Simplified PKCS#12 routines */ 63/* Simplified PKCS#12 routines */
64 64
65static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca); 65static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
66static int parse_bags( STACK *bags, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch); 66 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
67static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch); 67
68static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
69 int passlen, EVP_PKEY **pkey, X509 **cert,
70 STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
71 char *keymatch);
72
73static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
74 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
75 ASN1_OCTET_STRING **keyid, char *keymatch);
76
68/* Parse and decrypt a PKCS#12 structure returning user key, user cert 77/* Parse and decrypt a PKCS#12 structure returning user key, user cert
69 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, 78 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
70 * or it should point to a valid STACK structure. pkey and cert can be 79 * or it should point to a valid STACK structure. pkey and cert can be
@@ -72,94 +81,111 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PK
72 */ 81 */
73 82
74int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 83int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
75 STACK **ca) 84 STACK_OF(X509) **ca)
76{ 85{
77 86
78/* Check for NULL PKCS12 structure */ 87 /* Check for NULL PKCS12 structure */
79 88
80if(!p12) { 89 if(!p12) {
81 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); 90 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
82 return 0;
83}
84
85/* Allocate stack for ca certificates if needed */
86if ((ca != NULL) && (*ca == NULL)) {
87 if (!(*ca = sk_new(NULL))) {
88 PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
89 return 0; 91 return 0;
90 } 92 }
91}
92 93
93if(pkey) *pkey = NULL; 94 /* Allocate stack for ca certificates if needed */
94if(cert) *cert = NULL; 95 if ((ca != NULL) && (*ca == NULL)) {
96 if (!(*ca = sk_X509_new_null())) {
97 PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
98 return 0;
99 }
100 }
95 101
96/* Check the mac */ 102 if(pkey) *pkey = NULL;
103 if(cert) *cert = NULL;
97 104
98if (!PKCS12_verify_mac (p12, pass, -1)) { 105 /* Check the mac */
99 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
100 goto err;
101}
102 106
103if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) { 107 /* If password is zero length or NULL then try verifying both cases
104 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); 108 * to determine which password is correct. The reason for this is that
105 goto err; 109 * under PKCS#12 password based encryption no password and a zero length
106} 110 * password are two different things...
111 */
112
113 if(!pass || !*pass) {
114 if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
115 else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
116 else {
117 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
118 goto err;
119 }
120 } else if (!PKCS12_verify_mac(p12, pass, -1)) {
121 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
122 goto err;
123 }
107 124
108return 1; 125 if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
126 {
127 PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
128 goto err;
129 }
109 130
110err: 131 return 1;
111 132
112if (pkey && *pkey) EVP_PKEY_free (*pkey); 133 err:
113if (cert && *cert) X509_free (*cert); 134
114if (ca) sk_pop_free (*ca, X509_free); 135 if (pkey && *pkey) EVP_PKEY_free(*pkey);
115return 0; 136 if (cert && *cert) X509_free(*cert);
137 if (ca) sk_X509_pop_free(*ca, X509_free);
138 return 0;
116 139
117} 140}
118 141
119/* Parse the outer PKCS#12 structure */ 142/* Parse the outer PKCS#12 structure */
120 143
121static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, 144static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
122 EVP_PKEY **pkey, X509 **cert, STACK **ca) 145 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
123{ 146{
124 STACK *asafes, *bags; 147 STACK_OF(PKCS7) *asafes;
148 STACK_OF(PKCS12_SAFEBAG) *bags;
125 int i, bagnid; 149 int i, bagnid;
126 PKCS7 *p7; 150 PKCS7 *p7;
127 ASN1_OCTET_STRING *keyid = NULL; 151 ASN1_OCTET_STRING *keyid = NULL;
152
128 char keymatch = 0; 153 char keymatch = 0;
129 if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0; 154 if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
130 for (i = 0; i < sk_num (asafes); i++) { 155 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
131 p7 = (PKCS7 *) sk_value (asafes, i); 156 p7 = sk_PKCS7_value (asafes, i);
132 bagnid = OBJ_obj2nid (p7->type); 157 bagnid = OBJ_obj2nid (p7->type);
133 if (bagnid == NID_pkcs7_data) { 158 if (bagnid == NID_pkcs7_data) {
134 bags = M_PKCS12_unpack_p7data (p7); 159 bags = PKCS12_unpack_p7data(p7);
135 } else if (bagnid == NID_pkcs7_encrypted) { 160 } else if (bagnid == NID_pkcs7_encrypted) {
136 bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen); 161 bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
137 } else continue; 162 } else continue;
138 if (!bags) { 163 if (!bags) {
139 sk_pop_free (asafes, PKCS7_free); 164 sk_PKCS7_pop_free(asafes, PKCS7_free);
140 return 0; 165 return 0;
141 } 166 }
142 if (!parse_bags (bags, pass, passlen, pkey, cert, ca, 167 if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
143 &keyid, &keymatch)) { 168 &keyid, &keymatch)) {
144 sk_pop_free (bags, PKCS12_SAFEBAG_free); 169 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
145 sk_pop_free (asafes, PKCS7_free); 170 sk_PKCS7_pop_free(asafes, PKCS7_free);
146 return 0; 171 return 0;
147 } 172 }
148 sk_pop_free (bags, PKCS12_SAFEBAG_free); 173 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
149 } 174 }
150 sk_pop_free (asafes, PKCS7_free); 175 sk_PKCS7_pop_free(asafes, PKCS7_free);
151 if (keyid) ASN1_OCTET_STRING_free (keyid); 176 if (keyid) M_ASN1_OCTET_STRING_free(keyid);
152 return 1; 177 return 1;
153} 178}
154 179
155 180
156static int parse_bags (STACK *bags, const char *pass, int passlen, 181static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
157 EVP_PKEY **pkey, X509 **cert, STACK **ca, 182 int passlen, EVP_PKEY **pkey, X509 **cert,
158 ASN1_OCTET_STRING **keyid, char *keymatch) 183 STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
184 char *keymatch)
159{ 185{
160 int i; 186 int i;
161 for (i = 0; i < sk_num (bags); i++) { 187 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
162 if (!parse_bag ((PKCS12_SAFEBAG *)sk_value (bags, i), 188 if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
163 pass, passlen, pkey, cert, ca, keyid, 189 pass, passlen, pkey, cert, ca, keyid,
164 keymatch)) return 0; 190 keymatch)) return 0;
165 } 191 }
@@ -170,26 +196,31 @@ static int parse_bags (STACK *bags, const char *pass, int passlen,
170#define MATCH_CERT 0x2 196#define MATCH_CERT 0x2
171#define MATCH_ALL 0x3 197#define MATCH_ALL 0x3
172 198
173static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen, 199static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
174 EVP_PKEY **pkey, X509 **cert, STACK **ca, 200 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
175 ASN1_OCTET_STRING **keyid, 201 ASN1_OCTET_STRING **keyid,
176 char *keymatch) 202 char *keymatch)
177{ 203{
178 PKCS8_PRIV_KEY_INFO *p8; 204 PKCS8_PRIV_KEY_INFO *p8;
179 X509 *x509; 205 X509 *x509;
180 ASN1_OCTET_STRING *lkey = NULL; 206 ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
181 ASN1_TYPE *attrib; 207 ASN1_TYPE *attrib;
208 ASN1_BMPSTRING *fname = NULL;
182 209
210 if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
211 fname = attrib->value.bmpstring;
183 212
184 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) 213 if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
185 lkey = attrib->value.octet_string; 214 lkey = attrib->value.octet_string;
215 ckid = lkey;
216 }
186 217
187 /* Check for any local key id matching (if needed) */ 218 /* Check for any local key id matching (if needed) */
188 if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { 219 if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
189 if (*keyid) { 220 if (*keyid) {
190 if (ASN1_OCTET_STRING_cmp (*keyid, lkey)) lkey = NULL; 221 if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
191 } else { 222 } else {
192 if (!(*keyid = ASN1_OCTET_STRING_dup (lkey))) { 223 if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
193 PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE); 224 PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
194 return 0; 225 return 0;
195 } 226 }
@@ -200,16 +231,16 @@ static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen,
200 { 231 {
201 case NID_keyBag: 232 case NID_keyBag:
202 if (!lkey || !pkey) return 1; 233 if (!lkey || !pkey) return 1;
203 if (!(*pkey = EVP_PKCS82PKEY (bag->value.keybag))) return 0; 234 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
204 *keymatch |= MATCH_KEY; 235 *keymatch |= MATCH_KEY;
205 break; 236 break;
206 237
207 case NID_pkcs8ShroudedKeyBag: 238 case NID_pkcs8ShroudedKeyBag:
208 if (!lkey || !pkey) return 1; 239 if (!lkey || !pkey) return 1;
209 if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen))) 240 if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
210 return 0; 241 return 0;
211 *pkey = EVP_PKCS82PKEY (p8); 242 *pkey = EVP_PKCS82PKEY(p8);
212 PKCS8_PRIV_KEY_INFO_free (p8); 243 PKCS8_PRIV_KEY_INFO_free(p8);
213 if (!(*pkey)) return 0; 244 if (!(*pkey)) return 0;
214 *keymatch |= MATCH_KEY; 245 *keymatch |= MATCH_KEY;
215 break; 246 break;
@@ -217,11 +248,27 @@ static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen,
217 case NID_certBag: 248 case NID_certBag:
218 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) 249 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
219 return 1; 250 return 1;
220 if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0; 251 if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
252 if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
253 if(fname) {
254 int len;
255 unsigned char *data;
256 len = ASN1_STRING_to_UTF8(&data, fname);
257 if(len > 0) {
258 X509_alias_set1(x509, data, len);
259 OPENSSL_free(data);
260 }
261 }
262
263
221 if (lkey) { 264 if (lkey) {
222 *keymatch |= MATCH_CERT; 265 *keymatch |= MATCH_CERT;
223 if (cert) *cert = x509; 266 if (cert) *cert = x509;
224 } else if (ca) sk_push (*ca, (char *)x509); 267 else X509_free(x509);
268 } else {
269 if(ca) sk_X509_push (*ca, x509);
270 else X509_free(x509);
271 }
225 break; 272 break;
226 273
227 case NID_safeContentsBag: 274 case NID_safeContentsBag:
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index bac558d6b9..0fb67f74b8 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -56,7 +56,7 @@
56 * 56 *
57 */ 57 */
58 58
59#ifndef NO_HMAC 59#ifndef OPENSSL_NO_HMAC
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/hmac.h> 62#include <openssl/hmac.h>
@@ -71,6 +71,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
71 HMAC_CTX hmac; 71 HMAC_CTX hmac;
72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; 72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
73 int saltlen, iter; 73 int saltlen, iter;
74
74 salt = p12->mac->salt->data; 75 salt = p12->mac->salt->data;
75 saltlen = p12->mac->salt->length; 76 saltlen = p12->mac->salt->length;
76 if (!p12->mac->iter) iter = 1; 77 if (!p12->mac->iter) iter = 1;
@@ -85,10 +86,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
85 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); 86 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
86 return 0; 87 return 0;
87 } 88 }
88 HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type); 89 HMAC_CTX_init(&hmac);
89 HMAC_Update (&hmac, p12->authsafes->d.data->data, 90 HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
91 HMAC_Update(&hmac, p12->authsafes->d.data->data,
90 p12->authsafes->d.data->length); 92 p12->authsafes->d.data->length);
91 HMAC_Final (&hmac, mac, maclen); 93 HMAC_Final(&hmac, mac, maclen);
94 HMAC_CTX_cleanup(&hmac);
92 return 1; 95 return 1;
93} 96}
94 97
@@ -106,17 +109,14 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
106 return 0; 109 return 0;
107 } 110 }
108 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) 111 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
109 || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) { 112 || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
110 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_VERIFY_ERROR);
111 return 0;
112 }
113 return 1; 113 return 1;
114} 114}
115 115
116/* Set a mac */ 116/* Set a mac */
117 117
118int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, 118int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
119 unsigned char *salt, int saltlen, int iter, EVP_MD *md_type) 119 unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
120{ 120{
121 unsigned char mac[EVP_MAX_MD_SIZE]; 121 unsigned char mac[EVP_MAX_MD_SIZE];
122 unsigned int maclen; 122 unsigned int maclen;
@@ -131,7 +131,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
131 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR); 131 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
132 return 0; 132 return 0;
133 } 133 }
134 if (!(ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { 134 if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
135 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); 135 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
136 return 0; 136 return 0;
137 } 137 }
@@ -140,23 +140,26 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
140 140
141/* Set up a mac structure */ 141/* Set up a mac structure */
142int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, 142int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
143 EVP_MD *md_type) 143 const EVP_MD *md_type)
144{ 144{
145 if (!(p12->mac = PKCS12_MAC_DATA_new ())) return PKCS12_ERROR; 145 if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
146 if (iter > 1) { 146 if (iter > 1) {
147 if(!(p12->mac->iter = ASN1_INTEGER_new())) { 147 if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
148 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); 148 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
149 return 0; 149 return 0;
150 } 150 }
151 ASN1_INTEGER_set (p12->mac->iter, iter); 151 ASN1_INTEGER_set(p12->mac->iter, iter);
152 } 152 }
153 if (!saltlen) saltlen = PKCS12_SALT_LEN; 153 if (!saltlen) saltlen = PKCS12_SALT_LEN;
154 p12->mac->salt->length = saltlen; 154 p12->mac->salt->length = saltlen;
155 if (!(p12->mac->salt->data = Malloc (saltlen))) { 155 if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
156 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); 156 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
157 return 0; 157 return 0;
158 } 158 }
159 if (!salt) RAND_bytes (p12->mac->salt->data, saltlen); 159 if (!salt) {
160 if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
161 return 0;
162 }
160 else memcpy (p12->mac->salt->data, salt, saltlen); 163 else memcpy (p12->mac->salt->data, salt, saltlen);
161 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); 164 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
162 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { 165 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index ee71707e2c..a549433eeb 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -66,7 +66,8 @@
66/* PKCS#12 password change routine */ 66/* PKCS#12 password change routine */
67 67
68static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); 68static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
69static int newpass_bags(STACK *bags, char *oldpass, char *newpass); 69static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
70 char *newpass);
70static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); 71static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
71static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); 72static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
72 73
@@ -104,51 +105,53 @@ return 1;
104 105
105static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) 106static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
106{ 107{
107 STACK *asafes, *newsafes, *bags; 108 STACK_OF(PKCS7) *asafes, *newsafes;
109 STACK_OF(PKCS12_SAFEBAG) *bags;
108 int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; 110 int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
109 PKCS7 *p7, *p7new; 111 PKCS7 *p7, *p7new;
110 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; 112 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
111 unsigned char mac[EVP_MAX_MD_SIZE]; 113 unsigned char mac[EVP_MAX_MD_SIZE];
112 unsigned int maclen; 114 unsigned int maclen;
113 if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0; 115
114 if(!(newsafes = sk_new(NULL))) return 0; 116 if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
115 for (i = 0; i < sk_num (asafes); i++) { 117 if(!(newsafes = sk_PKCS7_new_null())) return 0;
116 p7 = (PKCS7 *) sk_value(asafes, i); 118 for (i = 0; i < sk_PKCS7_num (asafes); i++) {
119 p7 = sk_PKCS7_value(asafes, i);
117 bagnid = OBJ_obj2nid(p7->type); 120 bagnid = OBJ_obj2nid(p7->type);
118 if (bagnid == NID_pkcs7_data) { 121 if (bagnid == NID_pkcs7_data) {
119 bags = M_PKCS12_unpack_p7data(p7); 122 bags = PKCS12_unpack_p7data(p7);
120 } else if (bagnid == NID_pkcs7_encrypted) { 123 } else if (bagnid == NID_pkcs7_encrypted) {
121 bags = M_PKCS12_unpack_p7encdata(p7, oldpass, -1); 124 bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
122 alg_get(p7->d.encrypted->enc_data->algorithm, 125 alg_get(p7->d.encrypted->enc_data->algorithm,
123 &pbe_nid, &pbe_iter, &pbe_saltlen); 126 &pbe_nid, &pbe_iter, &pbe_saltlen);
124 } else continue; 127 } else continue;
125 if (!bags) { 128 if (!bags) {
126 sk_pop_free(asafes, PKCS7_free); 129 sk_PKCS7_pop_free(asafes, PKCS7_free);
127 return 0; 130 return 0;
128 } 131 }
129 if (!newpass_bags(bags, oldpass, newpass)) { 132 if (!newpass_bags(bags, oldpass, newpass)) {
130 sk_pop_free(bags, PKCS12_SAFEBAG_free); 133 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
131 sk_pop_free(asafes, PKCS7_free); 134 sk_PKCS7_pop_free(asafes, PKCS7_free);
132 return 0; 135 return 0;
133 } 136 }
134 /* Repack bag in same form with new password */ 137 /* Repack bag in same form with new password */
135 if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); 138 if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
136 else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, 139 else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
137 pbe_saltlen, pbe_iter, bags); 140 pbe_saltlen, pbe_iter, bags);
138 sk_pop_free(bags, PKCS12_SAFEBAG_free); 141 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
139 if(!p7new) { 142 if(!p7new) {
140 sk_pop_free(asafes, PKCS7_free); 143 sk_PKCS7_pop_free(asafes, PKCS7_free);
141 return 0; 144 return 0;
142 } 145 }
143 sk_push(newsafes, (char *)p7new); 146 sk_PKCS7_push(newsafes, p7new);
144 } 147 }
145 sk_pop_free(asafes, PKCS7_free); 148 sk_PKCS7_pop_free(asafes, PKCS7_free);
146 149
147 /* Repack safe: save old safe in case of error */ 150 /* Repack safe: save old safe in case of error */
148 151
149 p12_data_tmp = p12->authsafes->d.data; 152 p12_data_tmp = p12->authsafes->d.data;
150 if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr; 153 if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
151 if(!M_PKCS12_pack_authsafes(p12, newsafes)) goto saferr; 154 if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
152 155
153 if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; 156 if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
154 if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr; 157 if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
@@ -169,12 +172,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
169} 172}
170 173
171 174
172static int newpass_bags(STACK *bags, char *oldpass, char *newpass) 175static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
176 char *newpass)
173{ 177{
174 int i; 178 int i;
175 for (i = 0; i < sk_num(bags); i++) { 179 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
176 if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i), 180 if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
177 oldpass, newpass)) return 0; 181 oldpass, newpass))
182 return 0;
178 } 183 }
179 return 1; 184 return 1;
180} 185}
@@ -189,7 +194,7 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
189 194
190 if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1; 195 if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
191 196
192 if (!(p8 = M_PKCS12_decrypt_skey(bag, oldpass, -1))) return 0; 197 if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
193 alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen); 198 alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
194 if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, 199 if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
195 p8_iter, p8))) return 0; 200 p8_iter, p8))) return 0;
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
index 2adcbc95e1..243ec76be9 100644
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ b/src/lib/libcrypto/pkcs12/p12_utl.c
@@ -62,30 +62,34 @@
62 62
63/* Cheap and nasty Unicode stuff */ 63/* Cheap and nasty Unicode stuff */
64 64
65unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen) 65unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
66{ 66{
67 int ulen, i; 67 int ulen, i;
68 unsigned char *unitmp; 68 unsigned char *unitmp;
69 ulen = strlen(asc)*2 + 2; 69 if (asclen == -1) asclen = strlen(asc);
70 if (!(unitmp = Malloc (ulen))) return NULL; 70 ulen = asclen*2 + 2;
71 for (i = 0; i < ulen; i+=2) { 71 if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
72 for (i = 0; i < ulen - 2; i+=2) {
72 unitmp[i] = 0; 73 unitmp[i] = 0;
73 unitmp[i + 1] = asc[i>>1]; 74 unitmp[i + 1] = asc[i>>1];
74 } 75 }
76 /* Make result double null terminated */
77 unitmp[ulen - 2] = 0;
78 unitmp[ulen - 1] = 0;
75 if (unilen) *unilen = ulen; 79 if (unilen) *unilen = ulen;
76 if (uni) *uni = unitmp; 80 if (uni) *uni = unitmp;
77 return unitmp; 81 return unitmp;
78} 82}
79 83
80char *uni2asc (unsigned char *uni, int unilen) 84char *uni2asc(unsigned char *uni, int unilen)
81{ 85{
82 int asclen, i; 86 int asclen, i;
83 char *asctmp; 87 char *asctmp;
84 asclen = unilen / 2; 88 asclen = unilen / 2;
85 /* If no terminating zero allow for one */ 89 /* If no terminating zero allow for one */
86 if (uni[unilen - 1]) asclen++; 90 if (!unilen || uni[unilen - 1]) asclen++;
87 uni++; 91 uni++;
88 if (!(asctmp = Malloc (asclen))) return NULL; 92 if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
89 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; 93 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
90 asctmp[asclen - 1] = 0; 94 asctmp[asclen - 1] = 0;
91 return asctmp; 95 return asctmp;
@@ -93,26 +97,50 @@ char *uni2asc (unsigned char *uni, int unilen)
93 97
94int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) 98int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
95{ 99{
96 return ASN1_i2d_bio((int(*)())i2d_PKCS12, bp, (unsigned char *)p12); 100 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
97} 101}
98 102
99#ifndef NO_FP_API 103#ifndef OPENSSL_NO_FP_API
100int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) 104int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
101{ 105{
102 return ASN1_i2d_fp((int(*)())i2d_PKCS12, fp, (unsigned char *)p12); 106 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
103} 107}
104#endif 108#endif
105 109
106PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) 110PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
107{ 111{
108 return (PKCS12 *)ASN1_d2i_bio((char *(*)())PKCS12_new, 112 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
109 (char *(*)())d2i_PKCS12, bp, (unsigned char **)p12);
110} 113}
111#ifndef NO_FP_API 114#ifndef OPENSSL_NO_FP_API
112PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) 115PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
113{ 116{
114 return (PKCS12 *)ASN1_d2i_fp((char *(*)())PKCS12_new, 117 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
115 (char *(*)())d2i_PKCS12, fp, (unsigned char **)(p12));
116} 118}
117#endif 119#endif
118 120
121PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
122{
123 return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
124 NID_x509Certificate, NID_certBag);
125}
126
127PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
128{
129 return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
130 NID_x509Crl, NID_crlBag);
131}
132
133X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
134{
135 if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
136 if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
137 return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
138}
139
140X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
141{
142 if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
143 if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
144 return ASN1_item_unpack(bag->value.bag->value.octet,
145 ASN1_ITEM_rptr(X509_CRL));
146}
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
index 38d7be7675..10ab80502c 100644
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ b/src/lib/libcrypto/pkcs12/pk12err.c
@@ -54,7 +54,8 @@
54 */ 54 */
55 55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes 56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file. 57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
58 */ 59 */
59 60
60#include <stdio.h> 61#include <stdio.h>
@@ -62,7 +63,7 @@
62#include <openssl/pkcs12.h> 63#include <openssl/pkcs12.h>
63 64
64/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
65#ifndef NO_ERR 66#ifndef OPENSSL_NO_ERR
66static ERR_STRING_DATA PKCS12_str_functs[]= 67static ERR_STRING_DATA PKCS12_str_functs[]=
67 { 68 {
68{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"}, 69{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"},
@@ -79,6 +80,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
79{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, 80{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
80{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, 81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, 82{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
83{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
82{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, 84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
83{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, 85{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, 86{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
@@ -99,6 +101,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[]=
99{PKCS12_R_DECODE_ERROR ,"decode error"}, 101{PKCS12_R_DECODE_ERROR ,"decode error"},
100{PKCS12_R_ENCODE_ERROR ,"encode error"}, 102{PKCS12_R_ENCODE_ERROR ,"encode error"},
101{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"}, 103{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"},
104{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
102{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, 105{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
103{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"}, 106{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"},
104{PKCS12_R_IV_GEN_ERROR ,"iv gen error"}, 107{PKCS12_R_IV_GEN_ERROR ,"iv gen error"},
@@ -127,7 +130,7 @@ void ERR_load_PKCS12_strings(void)
127 if (init) 130 if (init)
128 { 131 {
129 init=0; 132 init=0;
130#ifndef NO_ERR 133#ifndef OPENSSL_NO_ERR
131 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs); 134 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
132 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons); 135 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
133#endif 136#endif
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index 4cfba5e6c6..1786b6d4f3 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -59,13 +59,13 @@
59#ifndef HEADER_PKCS12_H 59#ifndef HEADER_PKCS12_H
60#define HEADER_PKCS12_H 60#define HEADER_PKCS12_H
61 61
62#include <openssl/bio.h>
63#include <openssl/x509.h>
64
62#ifdef __cplusplus 65#ifdef __cplusplus
63extern "C" { 66extern "C" {
64#endif 67#endif
65 68
66#include <openssl/bio.h>
67#include <openssl/x509.h>
68
69#define PKCS12_KEY_ID 1 69#define PKCS12_KEY_ID 1
70#define PKCS12_IV_ID 2 70#define PKCS12_IV_ID 2
71#define PKCS12_MAC_ID 3 71#define PKCS12_MAC_ID 3
@@ -108,19 +108,24 @@ PKCS12_MAC_DATA *mac;
108PKCS7 *authsafes; 108PKCS7 *authsafes;
109} PKCS12; 109} PKCS12;
110 110
111PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
112
111typedef struct { 113typedef struct {
112ASN1_OBJECT *type; 114ASN1_OBJECT *type;
113union { 115union {
114 struct pkcs12_bag_st *bag; /* secret, crl and certbag */ 116 struct pkcs12_bag_st *bag; /* secret, crl and certbag */
115 struct pkcs8_priv_key_info_st *keybag; /* keybag */ 117 struct pkcs8_priv_key_info_st *keybag; /* keybag */
116 X509_SIG *shkeybag; /* shrouded key bag */ 118 X509_SIG *shkeybag; /* shrouded key bag */
117 STACK /* PKCS12_SAFEBAG */ *safes; 119 STACK_OF(PKCS12_SAFEBAG) *safes;
118 ASN1_TYPE *other; 120 ASN1_TYPE *other;
119}value; 121}value;
120STACK_OF(X509_ATTRIBUTE) *attrib; 122STACK_OF(X509_ATTRIBUTE) *attrib;
121ASN1_TYPE *rest;
122} PKCS12_SAFEBAG; 123} PKCS12_SAFEBAG;
123 124
125DECLARE_STACK_OF(PKCS12_SAFEBAG)
126DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
127DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
128
124typedef struct pkcs12_bag_st { 129typedef struct pkcs12_bag_st {
125ASN1_OBJECT *type; 130ASN1_OBJECT *type;
126union { 131union {
@@ -135,56 +140,25 @@ union {
135#define PKCS12_ERROR 0 140#define PKCS12_ERROR 0
136#define PKCS12_OK 1 141#define PKCS12_OK 1
137 142
138#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type) 143/* Compatibility macros */
139#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
140#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
141
142#define M_PKCS12_x5092certbag(x509) \
143PKCS12_pack_safebag ((char *)(x509), i2d_X509, NID_x509Certificate, NID_certBag)
144
145#define M_PKCS12_x509crl2certbag(crl) \
146PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
147
148#define M_PKCS12_certbag2x509(bg) \
149(X509 *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
150(char *(*)())d2i_X509)
151
152#define M_PKCS12_certbag2x509crl(bg) \
153(X509CRL *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
154(char *(*)())d2i_X509CRL)
155 144
156/*#define M_PKCS12_pkcs82rsa(p8) \ 145#define M_PKCS12_x5092certbag PKCS12_x5092certbag
157(RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/ 146#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
158 147
159#define M_PKCS12_unpack_p7data(p7) \ 148#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
160ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \ 149#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
161 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
162 150
163#define M_PKCS12_pack_authsafes(p12, safes) \ 151#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
164ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\ 152#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
165 &(p12)->authsafes->d.data->data, &(p12)->authsafes->d.data->length) 153#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
154#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
166 155
167#define M_PKCS12_unpack_authsafes(p12) \ 156#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
168ASN1_seq_unpack((p12)->authsafes->d.data->data, \ 157#define M_PKCS8_decrypt PKCS8_decrypt
169 (p12)->authsafes->d.data->length, (char *(*)())d2i_PKCS7, \
170 PKCS7_free)
171 158
172#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \ 159#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type)
173(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\ 160#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
174 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \ 161#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
175 (pass), (passlen), \
176 (p7)->d.encrypted->enc_data->enc_data, 3)
177
178#define M_PKCS12_decrypt_skey(bag, pass, passlen) \
179(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \
180(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free, \
181 (pass), (passlen), \
182 (bag)->value.shkeybag->digest, 2)
183
184#define M_PKCS8_decrypt(p8, pass, passlen) \
185(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((p8)->algor, \
186(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free,\
187 (pass), (passlen), (p8)->digest, 2)
188 162
189#define PKCS12_get_attr(bag, attr_nid) \ 163#define PKCS12_get_attr(bag, attr_nid) \
190 PKCS12_get_attr_gen(bag->attrib, attr_nid) 164 PKCS12_get_attr_gen(bag->attrib, attr_nid)
@@ -195,8 +169,17 @@ ASN1_seq_unpack((p12)->authsafes->d.data->data, \
195#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) 169#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
196 170
197 171
198PKCS12_SAFEBAG *PKCS12_pack_safebag(char *obj, int (*i2d)(), int nid1, int nid2); 172PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
173PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
174X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
175X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
176
177PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
178 int nid2);
199PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); 179PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
180PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
181PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
182 int passlen);
200X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 183X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
201 const char *pass, int passlen, 184 const char *pass, int passlen,
202 unsigned char *salt, int saltlen, int iter, 185 unsigned char *salt, int saltlen, int iter,
@@ -205,13 +188,21 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
205 int passlen, unsigned char *salt, 188 int passlen, unsigned char *salt,
206 int saltlen, int iter, 189 int saltlen, int iter,
207 PKCS8_PRIV_KEY_INFO *p8); 190 PKCS8_PRIV_KEY_INFO *p8);
208PKCS7 *PKCS12_pack_p7data(STACK *sk); 191PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
192STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
209PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, 193PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
210 unsigned char *salt, int saltlen, int iter, 194 unsigned char *salt, int saltlen, int iter,
211 STACK *bags); 195 STACK_OF(PKCS12_SAFEBAG) *bags);
196STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
197
198int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
199STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
200
212int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); 201int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
213int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, 202int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
214 int namelen); 203 int namelen);
204int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
205 int namelen);
215int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, 206int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
216 int namelen); 207 int namelen);
217int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); 208int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
@@ -220,64 +211,55 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
220unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, 211unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
221 int passlen, unsigned char *in, int inlen, 212 int passlen, unsigned char *in, int inlen,
222 unsigned char **data, int *datalen, int en_de); 213 unsigned char **data, int *datalen, int en_de);
223char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(), 214void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
224 void (*free_func)(), const char *pass, int passlen, 215 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
225 ASN1_STRING *oct, int seq); 216ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
226ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(), 217 const char *pass, int passlen,
227 const char *pass, int passlen, char *obj, 218 void *obj, int zbuf);
228 int seq);
229PKCS12 *PKCS12_init(int mode); 219PKCS12 *PKCS12_init(int mode);
230int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, 220int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
231 int saltlen, int id, int iter, int n, 221 int saltlen, int id, int iter, int n,
232 unsigned char *out, const EVP_MD *md_type); 222 unsigned char *out, const EVP_MD *md_type);
233int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); 223int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
234int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 224int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
235 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type, 225 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
236 int en_de); 226 int en_de);
237int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 227int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
238 unsigned char *mac, unsigned int *maclen); 228 unsigned char *mac, unsigned int *maclen);
239int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); 229int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
240int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, 230int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
241 unsigned char *salt, int saltlen, int iter, 231 unsigned char *salt, int saltlen, int iter,
242 EVP_MD *md_type); 232 const EVP_MD *md_type);
243int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 233int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
244 int saltlen, EVP_MD *md_type); 234 int saltlen, const EVP_MD *md_type);
245unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen); 235unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
246char *uni2asc(unsigned char *uni, int unilen); 236char *uni2asc(unsigned char *uni, int unilen);
247int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp); 237
248PKCS12_BAGS *PKCS12_BAGS_new(void); 238DECLARE_ASN1_FUNCTIONS(PKCS12)
249PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, unsigned char **pp, long length); 239DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
250void PKCS12_BAGS_free(PKCS12_BAGS *a); 240DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
251int i2d_PKCS12(PKCS12 *a, unsigned char **pp); 241DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
252PKCS12 *d2i_PKCS12(PKCS12 **a, unsigned char **pp, long length); 242
253PKCS12 *PKCS12_new(void); 243DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
254void PKCS12_free(PKCS12 *a); 244DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
255int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **pp); 245
256PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);
257PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, unsigned char **pp,
258 long length);
259void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
260int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp);
261PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);
262PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
263 long length);
264void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
265void ERR_load_PKCS12_strings(void);
266void PKCS12_PBE_add(void); 246void PKCS12_PBE_add(void);
267int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 247int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
268 STACK **ca); 248 STACK_OF(X509) **ca);
269PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 249PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
270 STACK *ca, int nid_key, int nid_cert, int iter, 250 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
271 int mac_iter, int keytype); 251 int mac_iter, int keytype);
272int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); 252int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
273int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); 253int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
274PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); 254PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
275PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); 255PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
256int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
276 257
277/* BEGIN ERROR CODES */ 258/* BEGIN ERROR CODES */
278/* The following lines are auto generated by the script mkerr.pl. Any changes 259/* The following lines are auto generated by the script mkerr.pl. Any changes
279 * made after this point may be overwritten when the script is next run. 260 * made after this point may be overwritten when the script is next run.
280 */ 261 */
262void ERR_load_PKCS12_strings(void);
281 263
282/* Error codes for the PKCS12 functions. */ 264/* Error codes for the PKCS12 functions. */
283 265
@@ -296,6 +278,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
296#define PKCS12_F_PKCS12_KEY_GEN_UNI 111 278#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
297#define PKCS12_F_PKCS12_MAKE_KEYBAG 112 279#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
298#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 280#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
281#define PKCS12_F_PKCS12_NEWPASS 128
299#define PKCS12_F_PKCS12_PACK_P7DATA 114 282#define PKCS12_F_PKCS12_PACK_P7DATA 114
300#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 283#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
301#define PKCS12_F_PKCS12_PACK_SAFEBAG 117 284#define PKCS12_F_PKCS12_PACK_SAFEBAG 117
@@ -313,6 +296,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
313#define PKCS12_R_DECODE_ERROR 101 296#define PKCS12_R_DECODE_ERROR 101
314#define PKCS12_R_ENCODE_ERROR 102 297#define PKCS12_R_ENCODE_ERROR 102
315#define PKCS12_R_ENCRYPT_ERROR 103 298#define PKCS12_R_ENCRYPT_ERROR 103
299#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
316#define PKCS12_R_INVALID_NULL_ARGUMENT 104 300#define PKCS12_R_INVALID_NULL_ARGUMENT 104
317#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 301#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
318#define PKCS12_R_IV_GEN_ERROR 106 302#define PKCS12_R_IV_GEN_ERROR 106
@@ -334,4 +318,3 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
334} 318}
335#endif 319#endif
336#endif 320#endif
337
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-22 21:25:21 +0000