summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c6
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c16
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c336
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c13
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c2
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c2
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c20
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c20
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c37
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c18
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h22
11 files changed, 341 insertions, 151 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 27015dd8c3..41bdc00551 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -68,16 +68,16 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid
68 PKCS12_BAGS *bag; 68 PKCS12_BAGS *bag;
69 PKCS12_SAFEBAG *safebag; 69 PKCS12_SAFEBAG *safebag;
70 if (!(bag = PKCS12_BAGS_new())) { 70 if (!(bag = PKCS12_BAGS_new())) {
71 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 71 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
72 return NULL; 72 return NULL;
73 } 73 }
74 bag->type = OBJ_nid2obj(nid1); 74 bag->type = OBJ_nid2obj(nid1);
75 if (!ASN1_item_pack(obj, it, &bag->value.octet)) { 75 if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
76 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 76 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
77 return NULL; 77 return NULL;
78 } 78 }
79 if (!(safebag = PKCS12_SAFEBAG_new())) { 79 if (!(safebag = PKCS12_SAFEBAG_new())) {
80 PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); 80 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
81 return NULL; 81 return NULL;
82 } 82 }
83 safebag->value.bag = bag; 83 safebag->value.bag = bag;
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index 003ec7a33e..3ad33c49d8 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -84,19 +84,25 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
84#endif 84#endif
85} 85}
86 86
87int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 87int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
88 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) 88 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
89{ 89{
90 PBEPARAM *pbe; 90 PBEPARAM *pbe;
91 int saltlen, iter, ret; 91 int saltlen, iter, ret;
92 unsigned char *salt, *pbuf; 92 unsigned char *salt;
93 const unsigned char *pbuf;
93 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; 94 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
94 95
95 /* Extract useful info from parameter */ 96 /* Extract useful info from parameter */
97 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
98 param->value.sequence == NULL) {
99 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
100 return 0;
101 }
102
96 pbuf = param->value.sequence->data; 103 pbuf = param->value.sequence->data;
97 if (!param || (param->type != V_ASN1_SEQUENCE) || 104 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
98 !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { 105 PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
99 EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
100 return 0; 106 return 0;
101 } 107 }
102 108
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index 40340a7bef..dbafda17b6 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -1,9 +1,9 @@
1/* p12_crt.c */ 1/* p12_crt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999. 3 * project.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -60,113 +60,289 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/pkcs12.h> 61#include <openssl/pkcs12.h>
62 62
63
64static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
65
63PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 66PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
64 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, 67 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
65 int keytype) 68 int keytype)
66{ 69{
67 PKCS12 *p12; 70 PKCS12 *p12 = NULL;
68 STACK_OF(PKCS12_SAFEBAG) *bags; 71 STACK_OF(PKCS7) *safes = NULL;
69 STACK_OF(PKCS7) *safes; 72 STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
70 PKCS12_SAFEBAG *bag; 73 PKCS12_SAFEBAG *bag = NULL;
71 PKCS8_PRIV_KEY_INFO *p8;
72 PKCS7 *authsafe;
73 X509 *tcert;
74 int i; 74 int i;
75 unsigned char keyid[EVP_MAX_MD_SIZE]; 75 unsigned char keyid[EVP_MAX_MD_SIZE];
76 unsigned int keyidlen; 76 unsigned int keyidlen = 0;
77 77
78 /* Set defaults */ 78 /* Set defaults */
79 if(!nid_cert) 79 if (!nid_cert)
80 { 80 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
81#ifdef OPENSSL_FIPS 81 if (!nid_key)
82 if (FIPS_mode()) 82 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
83 nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 83 if (!iter)
84 else 84 iter = PKCS12_DEFAULT_ITER;
85#endif 85 if (!mac_iter)
86 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; 86 mac_iter = 1;
87 }
88 if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
89 if(!iter) iter = PKCS12_DEFAULT_ITER;
90 if(!mac_iter) mac_iter = 1;
91 87
92 if(!pkey || !cert) { 88 if(!pkey && !cert && !ca)
89 {
93 PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); 90 PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
94 return NULL; 91 return NULL;
95 } 92 }
96
97 if(!X509_check_private_key(cert, pkey)) return NULL;
98 93
99 if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) { 94 if (pkey && cert)
100 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 95 {
101 return NULL; 96 if(!X509_check_private_key(cert, pkey))
102 } 97 return NULL;
98 X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
99 }
103 100
104 /* Add user certificate */ 101 if (cert)
105 if(!(bag = PKCS12_x5092certbag(cert))) return NULL; 102 {
106 if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL; 103 bag = PKCS12_add_cert(&bags, cert);
107 X509_digest(cert, EVP_sha1(), keyid, &keyidlen); 104 if(name && !PKCS12_add_friendlyname(bag, name, -1))
108 if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; 105 goto err;
106 if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
107 goto err;
108 }
109 109
110 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
111 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
112 return NULL;
113 }
114
115 /* Add all other certificates */ 110 /* Add all other certificates */
116 if(ca) { 111 for(i = 0; i < sk_X509_num(ca); i++)
117 for(i = 0; i < sk_X509_num(ca); i++) { 112 {
118 tcert = sk_X509_value(ca, i); 113 if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
119 if(!(bag = PKCS12_x5092certbag(tcert))) return NULL; 114 goto err;
120 if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { 115 }
121 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 116
122 return NULL; 117 if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
118 goto err;
119
120 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
121 bags = NULL;
122
123 if (pkey)
124 {
125 int cspidx;
126 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
127
128 if (!bag)
129 goto err;
130
131 cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);
132 if (cspidx >= 0)
133 {
134 X509_ATTRIBUTE *cspattr;
135 cspattr = EVP_PKEY_get_attr(pkey, cspidx);
136 if (!X509at_add1_attr(&bag->attrib, cspattr))
137 goto err;
123 } 138 }
139
140 if(name && !PKCS12_add_friendlyname(bag, name, -1))
141 goto err;
142 if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
143 goto err;
124 } 144 }
125 }
126 145
127 /* Turn certbags into encrypted authsafe */ 146 if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
128 authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, 147 goto err;
129 iter, bags); 148
130 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); 149 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
150 bags = NULL;
131 151
132 if (!authsafe) return NULL; 152 p12 = PKCS12_add_safes(safes, 0);
153
154 sk_PKCS7_pop_free(safes, PKCS7_free);
155
156 safes = NULL;
157
158 if ((mac_iter != -1) &&
159 !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
160 goto err;
161
162 return p12;
163
164 err:
165
166 if (p12)
167 PKCS12_free(p12);
168 if (safes)
169 sk_PKCS7_pop_free(safes, PKCS7_free);
170 if (bags)
171 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
172 return NULL;
173
174}
175
176PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
177 {
178 PKCS12_SAFEBAG *bag = NULL;
179 char *name;
180 int namelen = -1;
181 unsigned char *keyid;
182 int keyidlen = -1;
183
184 /* Add user certificate */
185 if(!(bag = PKCS12_x5092certbag(cert)))
186 goto err;
187
188 /* Use friendlyName and localKeyID in certificate.
189 * (if present)
190 */
191
192 name = (char *)X509_alias_get0(cert, &namelen);
193
194 if(name && !PKCS12_add_friendlyname(bag, name, namelen))
195 goto err;
196
197 keyid = X509_keyid_get0(cert, &keyidlen);
198
199 if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
200 goto err;
201
202 if (!pkcs12_add_bag(pbags, bag))
203 goto err;
204
205 return bag;
206
207 err:
208
209 if (bag)
210 PKCS12_SAFEBAG_free(bag);
211
212 return NULL;
133 213
134 if(!(safes = sk_PKCS7_new_null ())
135 || !sk_PKCS7_push(safes, authsafe)) {
136 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
137 return NULL;
138 } 214 }
139 215
140 /* Make a shrouded key bag */ 216PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
141 if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL; 217 int key_usage, int iter,
142 if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL; 218 int nid_key, char *pass)
143 bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8); 219 {
144 if(!bag) return NULL; 220
145 PKCS8_PRIV_KEY_INFO_free(p8); 221 PKCS12_SAFEBAG *bag = NULL;
146 if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; 222 PKCS8_PRIV_KEY_INFO *p8 = NULL;
147 if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; 223
148 if(!(bags = sk_PKCS12_SAFEBAG_new_null()) 224 /* Make a PKCS#8 structure */
149 || !sk_PKCS12_SAFEBAG_push (bags, bag)) { 225 if(!(p8 = EVP_PKEY2PKCS8(key)))
150 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 226 goto err;
151 return NULL; 227 if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
228 goto err;
229 if (nid_key != -1)
230 {
231 bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
232 PKCS8_PRIV_KEY_INFO_free(p8);
233 }
234 else
235 bag = PKCS12_MAKE_KEYBAG(p8);
236
237 if(!bag)
238 goto err;
239
240 if (!pkcs12_add_bag(pbags, bag))
241 goto err;
242
243 return bag;
244
245 err:
246
247 if (bag)
248 PKCS12_SAFEBAG_free(bag);
249
250 return NULL;
251
152 } 252 }
153 /* Turn it into unencrypted safe bag */ 253
154 if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; 254int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
155 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); 255 int nid_safe, int iter, char *pass)
156 if(!sk_PKCS7_push(safes, authsafe)) { 256 {
157 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 257 PKCS7 *p7 = NULL;
158 return NULL; 258 int free_safes = 0;
259
260 if (!*psafes)
261 {
262 *psafes = sk_PKCS7_new_null();
263 if (!*psafes)
264 return 0;
265 free_safes = 1;
266 }
267 else
268 free_safes = 0;
269
270 if (nid_safe == 0)
271 nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
272
273 if (nid_safe == -1)
274 p7 = PKCS12_pack_p7data(bags);
275 else
276 p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
277 iter, bags);
278 if (!p7)
279 goto err;
280
281 if (!sk_PKCS7_push(*psafes, p7))
282 goto err;
283
284 return 1;
285
286 err:
287 if (free_safes)
288 {
289 sk_PKCS7_free(*psafes);
290 *psafes = NULL;
291 }
292
293 if (p7)
294 PKCS7_free(p7);
295
296 return 0;
297
159 } 298 }
160 299
161 if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL; 300static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
301 {
302 int free_bags;
303 if (!pbags)
304 return 1;
305 if (!*pbags)
306 {
307 *pbags = sk_PKCS12_SAFEBAG_new_null();
308 if (!*pbags)
309 return 0;
310 free_bags = 1;
311 }
312 else
313 free_bags = 0;
162 314
163 if(!PKCS12_pack_authsafes (p12, safes)) return NULL; 315 if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
316 {
317 if (free_bags)
318 {
319 sk_PKCS12_SAFEBAG_free(*pbags);
320 *pbags = NULL;
321 }
322 return 0;
323 }
164 324
165 sk_PKCS7_pop_free(safes, PKCS7_free); 325 return 1;
326
327 }
328
329
330PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
331 {
332 PKCS12 *p12;
333 if (nid_p7 <= 0)
334 nid_p7 = NID_pkcs7_data;
335 p12 = PKCS12_init(nid_p7);
336
337 if (!p12)
338 return NULL;
166 339
167 if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL)) 340 if(!PKCS12_pack_authsafes(p12, safes))
168 return NULL; 341 {
342 PKCS12_free(p12);
343 return NULL;
344 }
169 345
170 return p12; 346 return p12;
171 347
172} 348 }
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index b5684a83ba..74c961a92b 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -113,13 +113,14 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
113void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, 113void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
114 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) 114 const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
115{ 115{
116 unsigned char *out, *p; 116 unsigned char *out;
117 const unsigned char *p;
117 void *ret; 118 void *ret;
118 int outlen; 119 int outlen;
119 120
120 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, 121 if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
121 &out, &outlen, 0)) { 122 &out, &outlen, 0)) {
122 PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); 123 PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
123 return NULL; 124 return NULL;
124 } 125 }
125 p = out; 126 p = out;
@@ -137,7 +138,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
137#endif 138#endif
138 ret = ASN1_item_d2i(NULL, &p, outlen, it); 139 ret = ASN1_item_d2i(NULL, &p, outlen, it);
139 if (zbuf) OPENSSL_cleanse(out, outlen); 140 if (zbuf) OPENSSL_cleanse(out, outlen);
140 if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); 141 if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
141 OPENSSL_free(out); 142 OPENSSL_free(out);
142 return ret; 143 return ret;
143} 144}
@@ -154,17 +155,17 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i
154 unsigned char *in = NULL; 155 unsigned char *in = NULL;
155 int inlen; 156 int inlen;
156 if (!(oct = M_ASN1_OCTET_STRING_new ())) { 157 if (!(oct = M_ASN1_OCTET_STRING_new ())) {
157 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); 158 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
158 return NULL; 159 return NULL;
159 } 160 }
160 inlen = ASN1_item_i2d(obj, &in, it); 161 inlen = ASN1_item_i2d(obj, &in, it);
161 if (!in) { 162 if (!in) {
162 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); 163 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
163 return NULL; 164 return NULL;
164 } 165 }
165 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, 166 if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
166 &oct->length, 1)) { 167 &oct->length, 1)) {
167 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); 168 PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
168 OPENSSL_free(in); 169 OPENSSL_free(in);
169 return NULL; 170 return NULL;
170 } 171 }
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
index 5276b12669..6bdc132631 100644
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ b/src/lib/libcrypto/pkcs12/p12_init.c
@@ -62,7 +62,7 @@
62 62
63/* Initialise a PKCS12 structure to take data */ 63/* Initialise a PKCS12 structure to take data */
64 64
65PKCS12 *PKCS12_init (int mode) 65PKCS12 *PKCS12_init(int mode)
66{ 66{
67 PKCS12 *pkcs12; 67 PKCS12 *pkcs12;
68 if (!(pkcs12 = PKCS12_new())) { 68 if (!(pkcs12 = PKCS12_new())) {
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 9196a34b4a..18e72d0a1b 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -59,7 +59,7 @@
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/pkcs12.h> 61#include <openssl/pkcs12.h>
62 62#include <openssl/bn.h>
63 63
64/* Uncomment out this line to get debugging info about key generation */ 64/* Uncomment out this line to get debugging info about key generation */
65/*#define DEBUG_KEYGEN*/ 65/*#define DEBUG_KEYGEN*/
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index 2b31999e11..c2ee2cc6f3 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -80,7 +80,7 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
80 * passed unitialised. 80 * passed unitialised.
81 */ 81 */
82 82
83int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 83int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
84 STACK_OF(X509) **ca) 84 STACK_OF(X509) **ca)
85{ 85{
86 86
@@ -141,7 +141,7 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
141 141
142/* Parse the outer PKCS#12 structure */ 142/* Parse the outer PKCS#12 structure */
143 143
144static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, 144static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
145 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) 145 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
146{ 146{
147 STACK_OF(PKCS7) *asafes; 147 STACK_OF(PKCS7) *asafes;
@@ -178,10 +178,10 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
178} 178}
179 179
180 180
181static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, 181static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
182 int passlen, EVP_PKEY **pkey, X509 **cert, 182 int passlen, EVP_PKEY **pkey, X509 **cert,
183 STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, 183 STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
184 char *keymatch) 184 char *keymatch)
185{ 185{
186 int i; 186 int i;
187 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { 187 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
@@ -197,9 +197,9 @@ static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
197#define MATCH_ALL 0x3 197#define MATCH_ALL 0x3
198 198
199static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, 199static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
200 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, 200 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
201 ASN1_OCTET_STRING **keyid, 201 ASN1_OCTET_STRING **keyid,
202 char *keymatch) 202 char *keymatch)
203{ 203{
204 PKCS8_PRIV_KEY_INFO *p8; 204 PKCS8_PRIV_KEY_INFO *p8;
205 X509 *x509; 205 X509 *x509;
@@ -221,7 +221,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
221 if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; 221 if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
222 } else { 222 } else {
223 if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { 223 if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
224 PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE); 224 PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE);
225 return 0; 225 return 0;
226 } 226 }
227 } 227 }
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index 140d21155e..c408cc8ab8 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -64,12 +64,12 @@
64#include <openssl/pkcs12.h> 64#include <openssl/pkcs12.h>
65 65
66/* Generate a MAC */ 66/* Generate a MAC */
67int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, 67int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
68 unsigned char *mac, unsigned int *maclen) 68 unsigned char *mac, unsigned int *maclen)
69{ 69{
70 const EVP_MD *md_type; 70 const EVP_MD *md_type;
71 HMAC_CTX hmac; 71 HMAC_CTX hmac;
72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; 72 unsigned char key[EVP_MAX_MD_SIZE], *salt;
73 int saltlen, iter; 73 int saltlen, iter;
74 74
75 if (!PKCS7_type_is_data(p12->authsafes)) 75 if (!PKCS7_type_is_data(p12->authsafes))
@@ -88,12 +88,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
88 return 0; 88 return 0;
89 } 89 }
90 if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, 90 if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
91 PKCS12_MAC_KEY_LENGTH, key, md_type)) { 91 EVP_MD_size(md_type), key, md_type)) {
92 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); 92 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
93 return 0; 93 return 0;
94 } 94 }
95 HMAC_CTX_init(&hmac); 95 HMAC_CTX_init(&hmac);
96 HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL); 96 HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
97 HMAC_Update(&hmac, p12->authsafes->d.data->data, 97 HMAC_Update(&hmac, p12->authsafes->d.data->data,
98 p12->authsafes->d.data->length); 98 p12->authsafes->d.data->length);
99 HMAC_Final(&hmac, mac, maclen); 99 HMAC_Final(&hmac, mac, maclen);
@@ -102,16 +102,16 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
102} 102}
103 103
104/* Verify the mac */ 104/* Verify the mac */
105int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen) 105int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
106{ 106{
107 unsigned char mac[EVP_MAX_MD_SIZE]; 107 unsigned char mac[EVP_MAX_MD_SIZE];
108 unsigned int maclen; 108 unsigned int maclen;
109 if(p12->mac == NULL) { 109 if(p12->mac == NULL) {
110 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT); 110 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
111 return 0; 111 return 0;
112 } 112 }
113 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { 113 if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
114 PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); 114 PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
115 return 0; 115 return 0;
116 } 116 }
117 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) 117 if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
@@ -121,7 +121,7 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
121 121
122/* Set a mac */ 122/* Set a mac */
123 123
124int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, 124int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
125 unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) 125 unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
126{ 126{
127 unsigned char mac[EVP_MAX_MD_SIZE]; 127 unsigned char mac[EVP_MAX_MD_SIZE];
@@ -145,7 +145,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
145} 145}
146 146
147/* Set up a mac structure */ 147/* Set up a mac structure */
148int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, 148int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
149 const EVP_MD *md_type) 149 const EVP_MD *md_type)
150{ 150{
151 if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; 151 if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index af708a2743..48eacc5c49 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -77,28 +77,26 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
77 77
78int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) 78int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
79{ 79{
80 /* Check for NULL PKCS12 structure */
80 81
81/* Check for NULL PKCS12 structure */ 82 if(!p12) {
82 83 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
83if(!p12) { 84 return 0;
84 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER); 85 }
85 return 0;
86}
87
88/* Check the mac */
89
90if (!PKCS12_verify_mac(p12, oldpass, -1)) {
91 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
92 return 0;
93}
94 86
95if (!newpass_p12(p12, oldpass, newpass)) { 87 /* Check the mac */
96 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR); 88
97 return 0; 89 if (!PKCS12_verify_mac(p12, oldpass, -1)) {
98} 90 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
91 return 0;
92 }
99 93
100return 1; 94 if (!newpass_p12(p12, oldpass, newpass)) {
95 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
96 return 0;
97 }
101 98
99 return 1;
102} 100}
103 101
104/* Parse the outer PKCS#12 structure */ 102/* Parse the outer PKCS#12 structure */
@@ -206,7 +204,8 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
206static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) 204static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
207{ 205{
208 PBEPARAM *pbe; 206 PBEPARAM *pbe;
209 unsigned char *p; 207 const unsigned char *p;
208
210 p = alg->parameter->value.sequence->data; 209 p = alg->parameter->value.sequence->data;
211 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); 210 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
212 *pnid = OBJ_obj2nid(alg->algorithm); 211 *pnid = OBJ_obj2nid(alg->algorithm);
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
index a33b37b1c7..07a1fb6907 100644
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ b/src/lib/libcrypto/pkcs12/pk12err.c
@@ -70,16 +70,18 @@
70 70
71static ERR_STRING_DATA PKCS12_str_functs[]= 71static ERR_STRING_DATA PKCS12_str_functs[]=
72 { 72 {
73{ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"},
73{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, 74{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
74{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, 75{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
75{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"}, 76{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"},
76{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"}, 77{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"},
77{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, 78{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
78{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, 79{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
79{ERR_FUNC(PKCS12_F_PKCS12_DECRYPT_D2I), "PKCS12_DECRYPT_D2I"},
80{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, 80{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
81{ERR_FUNC(PKCS12_F_PKCS12_I2D_ENCRYPT), "PKCS12_I2D_ENCRYPT"},
82{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, 81{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
82{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"},
83{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"},
84{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
83{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, 85{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
84{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, 86{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
85{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, 87{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
@@ -87,7 +89,6 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
87{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, 89{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
88{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, 90{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
89{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, 91{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
90{ERR_FUNC(PKCS12_F_PKCS12_PACK_SAFEBAG), "PKCS12_PACK_SAFEBAG"},
91{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, 92{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
92{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, 93{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
93{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, 94{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
@@ -95,9 +96,9 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
95{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, 96{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
96{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, 97{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
97{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, 98{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
99{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
98{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, 100{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
99{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, 101{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
100{ERR_FUNC(PKCS12_F_VERIFY_MAC), "VERIFY_MAC"},
101{0,NULL} 102{0,NULL}
102 }; 103 };
103 104
@@ -132,15 +133,12 @@ static ERR_STRING_DATA PKCS12_str_reasons[]=
132 133
133void ERR_load_PKCS12_strings(void) 134void ERR_load_PKCS12_strings(void)
134 { 135 {
135 static int init=1; 136#ifndef OPENSSL_NO_ERR
136 137
137 if (init) 138 if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL)
138 { 139 {
139 init=0;
140#ifndef OPENSSL_NO_ERR
141 ERR_load_strings(0,PKCS12_str_functs); 140 ERR_load_strings(0,PKCS12_str_functs);
142 ERR_load_strings(0,PKCS12_str_reasons); 141 ERR_load_strings(0,PKCS12_str_reasons);
143#endif
144
145 } 142 }
143#endif
146 } 144 }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index fb8af82d4f..a2d7e359a0 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -249,6 +249,15 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
249PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 249PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
250 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, 250 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
251 int mac_iter, int keytype); 251 int mac_iter, int keytype);
252
253PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
254PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
255 int key_usage, int iter,
256 int key_nid, char *pass);
257int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
258 int safe_nid, int iter, char *pass);
259PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
260
252int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); 261int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
253int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); 262int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
254PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); 263PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
@@ -264,16 +273,18 @@ void ERR_load_PKCS12_strings(void);
264/* Error codes for the PKCS12 functions. */ 273/* Error codes for the PKCS12 functions. */
265 274
266/* Function codes. */ 275/* Function codes. */
276#define PKCS12_F_PARSE_BAG 129
267#define PKCS12_F_PARSE_BAGS 103 277#define PKCS12_F_PARSE_BAGS 103
268#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 278#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
269#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 279#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
270#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 280#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
271#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 281#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
272#define PKCS12_F_PKCS12_CREATE 105 282#define PKCS12_F_PKCS12_CREATE 105
273#define PKCS12_F_PKCS12_DECRYPT_D2I 106
274#define PKCS12_F_PKCS12_GEN_MAC 107 283#define PKCS12_F_PKCS12_GEN_MAC 107
275#define PKCS12_F_PKCS12_I2D_ENCRYPT 108
276#define PKCS12_F_PKCS12_INIT 109 284#define PKCS12_F_PKCS12_INIT 109
285#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106
286#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108
287#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117
277#define PKCS12_F_PKCS12_KEY_GEN_ASC 110 288#define PKCS12_F_PKCS12_KEY_GEN_ASC 110
278#define PKCS12_F_PKCS12_KEY_GEN_UNI 111 289#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
279#define PKCS12_F_PKCS12_MAKE_KEYBAG 112 290#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
@@ -281,17 +292,16 @@ void ERR_load_PKCS12_strings(void);
281#define PKCS12_F_PKCS12_NEWPASS 128 292#define PKCS12_F_PKCS12_NEWPASS 128
282#define PKCS12_F_PKCS12_PACK_P7DATA 114 293#define PKCS12_F_PKCS12_PACK_P7DATA 114
283#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 294#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
284#define PKCS12_F_PKCS12_PACK_SAFEBAG 117
285#define PKCS12_F_PKCS12_PARSE 118 295#define PKCS12_F_PKCS12_PARSE 118
286#define PKCS12_F_PKCS12_PBE_CRYPT 119 296#define PKCS12_F_PKCS12_PBE_CRYPT 119
287#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 297#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
288#define PKCS12_F_PKCS12_SETUP_MAC 122 298#define PKCS12_F_PKCS12_SETUP_MAC 122
289#define PKCS12_F_PKCS12_SET_MAC 123 299#define PKCS12_F_PKCS12_SET_MAC 123
290#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 129 300#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
291#define PKCS12_F_PKCS12_UNPACK_P7DATA 130 301#define PKCS12_F_PKCS12_UNPACK_P7DATA 131
302#define PKCS12_F_PKCS12_VERIFY_MAC 126
292#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 303#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
293#define PKCS12_F_PKCS8_ENCRYPT 125 304#define PKCS12_F_PKCS8_ENCRYPT 125
294#define PKCS12_F_VERIFY_MAC 126
295 305
296/* Reason codes. */ 306/* Reason codes. */
297#define PKCS12_R_CANT_PACK_STRUCTURE 100 307#define PKCS12_R_CANT_PACK_STRUCTURE 100
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 02:11:20 +0000