1 files changed, 80 insertions, 256 deletions
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
index dbafda17b6..40340a7bef 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -1,9 +1,9 @@
 /* p12_crt.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -60,289 +60,113 @@
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
             STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
             int keytype)
 {
-        PKCS12 *p12 = NULL;
+        PKCS12 *p12;
-        STACK_OF(PKCS7) *safes = NULL;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
-        STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+        STACK_OF(PKCS7) *safes;
-        PKCS12_SAFEBAG *bag = NULL;
+        PKCS12_SAFEBAG *bag;
+        PKCS8_PRIV_KEY_INFO *p8;
+        PKCS7 *authsafe;
+        X509 *tcert;
        int i;
        unsigned char keyid[EVP_MAX_MD_SIZE];
-        unsigned int keyidlen = 0;
+        unsigned int keyidlen;
        /* Set defaults */
-        if (!nid_cert)
+        if(!nid_cert)
-                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-        if (!nid_key)
-                nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-        if (!iter)
-                iter = PKCS12_DEFAULT_ITER;
-        if (!mac_iter)
-                mac_iter = 1;
-        if(!pkey && !cert && !ca)
-                {
-                PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
-                return NULL;
-                }
-        if (pkey && cert)
-                {
-                if(!X509_check_private_key(cert, pkey))
-                        return NULL;
-                X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
-                }
-        if (cert)
-                {
-                bag = PKCS12_add_cert(&bags, cert);
-                if(name && !PKCS12_add_friendlyname(bag, name, -1))
-                        goto err;
-                if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-                        goto err;
-                }
-        /* Add all other certificates */
-        for(i = 0; i < sk_X509_num(ca); i++)
                {
-                if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+#ifdef OPENSSL_FIPS
-                        goto err;
+                if (FIPS_mode())
-                }
+                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+                else
-        if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+#endif
-                        goto err;
+                        nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-        bags = NULL;
-        if (pkey)
-                {
-                int cspidx;
-                bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
-                if (!bag)
-                        goto err;
-                cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);
-                if (cspidx >= 0)
-                        {
-                        X509_ATTRIBUTE *cspattr;
-                        cspattr = EVP_PKEY_get_attr(pkey, cspidx);
-                        if (!X509at_add1_attr(&bag->attrib, cspattr))
-                                goto err;
-                        }
-                if(name && !PKCS12_add_friendlyname(bag, name, -1))
-                        goto err;
-                if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-                        goto err;
                }
+        if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+        if(!iter) iter = PKCS12_DEFAULT_ITER;
+        if(!mac_iter) mac_iter = 1;
-        if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+        if(!pkey || !cert) {
-                        goto err;
+                PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
+                return NULL;
-        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        }
-        bags = NULL;
-        p12 = PKCS12_add_safes(safes, 0);
-        sk_PKCS7_pop_free(safes, PKCS7_free);
-        safes = NULL;
-        if ((mac_iter != -1) &&
-                !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
-            goto err;
-        return p12;
-        err:
-        if (p12)
-                PKCS12_free(p12);
-        if (safes)
-                sk_PKCS7_pop_free(safes, PKCS7_free);
-        if (bags)
-                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-        return NULL;
-}
+        if(!X509_check_private_key(cert, pkey)) return NULL;
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
-        {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-        PKCS12_SAFEBAG *bag = NULL;
+                return NULL;
-        char *name;
+        }
-        int namelen = -1;
-        unsigned char *keyid;
-        int keyidlen = -1;
        /* Add user certificate */
-        if(!(bag = PKCS12_x5092certbag(cert)))
+        if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
-                goto err;
+        if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
+        X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
-        /* Use friendlyName and localKeyID in certificate.
+        if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
-         * (if present)
-         */
-        name = (char *)X509_alias_get0(cert, &namelen);
-        if(name && !PKCS12_add_friendlyname(bag, name, namelen))
-                goto err;
-        keyid = X509_keyid_get0(cert, &keyidlen);
-        if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-                goto err;
-        if (!pkcs12_add_bag(pbags, bag))
-                goto err;
-        return bag;
-        err:
-        if (bag)
-                PKCS12_SAFEBAG_free(bag);
-        return NULL;
+        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                return NULL;
        }
+        
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
+        /* Add all other certificates */
-                                                int key_usage, int iter,
+        if(ca) {
-                                                int nid_key, char *pass)
+                for(i = 0; i < sk_X509_num(ca); i++) {
-        {
+                        tcert = sk_X509_value(ca, i);
+                        if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
-        PKCS12_SAFEBAG *bag = NULL;
+                        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
-        PKCS8_PRIV_KEY_INFO *p8 = NULL;
+                                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                                return NULL;
-        /* Make a PKCS#8 structure */
+                        }
-        if(!(p8 = EVP_PKEY2PKCS8(key)))
-                goto err;
-        if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
-                goto err;
-        if (nid_key != -1)
-                {
-                bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
-                PKCS8_PRIV_KEY_INFO_free(p8);
                }
-        else
-                bag = PKCS12_MAKE_KEYBAG(p8);
-        if(!bag)
-                goto err;
-        if (!pkcs12_add_bag(pbags, bag))
-                goto err;
-        return bag;
-        err:
-        if (bag)
-                PKCS12_SAFEBAG_free(bag);
-        return NULL;
        }
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+        /* Turn certbags into encrypted authsafe */
-                                                int nid_safe, int iter, char *pass)
+        authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
-        {
-        PKCS7 *p7 = NULL;
-        int free_safes = 0;
-        if (!*psafes)
-                {
-                *psafes = sk_PKCS7_new_null();
-                if (!*psafes)
-                        return 0;
-                free_safes = 1;
-                }
-        else
-                free_safes = 0;
-        if (nid_safe == 0)
-                nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
-        if (nid_safe == -1)
-                p7 = PKCS12_pack_p7data(bags);
-        else
-                p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
                                          iter, bags);
-        if (!p7)
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-                goto err;
-        if (!sk_PKCS7_push(*psafes, p7))
-                goto err;
-        return 1;
-        err:
-        if (free_safes)
-                {
-                sk_PKCS7_free(*psafes);
-                *psafes = NULL;
-                }
-        if (p7)
-                PKCS7_free(p7);
-        return 0;
+        if (!authsafe) return NULL;
+        if(!(safes = sk_PKCS7_new_null ())
+           || !sk_PKCS7_push(safes, authsafe)) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                return NULL;
        }
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
+        /* Make a shrouded key bag */
-        {
+        if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
-        int free_bags;
+        if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
-        if (!pbags)
+        bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
-                return 1;
+        if(!bag) return NULL;
-        if (!*pbags)
+        PKCS8_PRIV_KEY_INFO_free(p8);
-                {
+        if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
-                *pbags = sk_PKCS12_SAFEBAG_new_null();
+        if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-                if (!*pbags)
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null())
-                        return 0;
+           || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
-                free_bags = 1;
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                }
+                return NULL;
-        else 
+        }
-                free_bags = 0;
+        /* Turn it into unencrypted safe bag */
+        if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
-        if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-                {
+        if(!sk_PKCS7_push(safes, authsafe)) {
-                if (free_bags)
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                        {
+                return NULL;
-                        sk_PKCS12_SAFEBAG_free(*pbags);
-                        *pbags = NULL;
-                        }
-                return 0;
-                }
-        return 1;
        }
-                
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
+        if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
-        {
-        PKCS12 *p12;
-        if (nid_p7 <= 0)
-                nid_p7 = NID_pkcs7_data;
-        p12 = PKCS12_init(nid_p7);
-        if (!p12)
+        if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
-                return NULL;
-        if(!PKCS12_pack_authsafes(p12, safes))
+        sk_PKCS7_pop_free(safes, PKCS7_free);
-                {
-                PKCS12_free(p12);
+        if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
-                return NULL;
+            return NULL;
-                }
        return p12;
-        }
+}

diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c index dbafda17b6..40340a7bef 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -1,9 +1,9 @@
1	/* p12_crt.c */	1	/* p12_crt.c */
2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL	2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3	* project.	3	* project 1999.
4	*/	4	*/
5	/* ====================================================================	5	/* ====================================================================
6	* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.	6	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7	*	7	*
8	* Redistribution and use in source and binary forms, with or without	8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions	9	* modification, are permitted provided that the following conditions
@@ -60,289 +60,113 @@
60	#include "cryptlib.h"	60	#include "cryptlib.h"
61	#include <openssl/pkcs12.h>	61	#include <openssl/pkcs12.h>
62		62
63
64	static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) *pbags, PKCS12_SAFEBAG bag);
65
66	PKCS12 PKCS12_create(char pass, char name, EVP_PKEY pkey, X509 *cert,	63	PKCS12 PKCS12_create(char pass, char name, EVP_PKEY pkey, X509 *cert,
67	STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,	64	STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
68	int keytype)	65	int keytype)
69	{	66	{
70	PKCS12 *p12 = NULL;	67	PKCS12 *p12;
71	STACK_OF(PKCS7) *safes = NULL;	68	STACK_OF(PKCS12_SAFEBAG) *bags;
72	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;	69	STACK_OF(PKCS7) *safes;
73	PKCS12_SAFEBAG *bag = NULL;	70	PKCS12_SAFEBAG *bag;
		71	PKCS8_PRIV_KEY_INFO *p8;
		72	PKCS7 *authsafe;
		73	X509 *tcert;
74	int i;	74	int i;
75	unsigned char keyid[EVP_MAX_MD_SIZE];	75	unsigned char keyid[EVP_MAX_MD_SIZE];
76	unsigned int keyidlen = 0;	76	unsigned int keyidlen;
77		77
78	/* Set defaults */	78	/* Set defaults */
79	if (!nid_cert)	79	if(!nid_cert)
80	nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
81	if (!nid_key)
82	nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
83	if (!iter)
84	iter = PKCS12_DEFAULT_ITER;
85	if (!mac_iter)
86	mac_iter = 1;
87
88	if(!pkey && !cert && !ca)
89	{
90	PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
91	return NULL;
92	}
93
94	if (pkey && cert)
95	{
96	if(!X509_check_private_key(cert, pkey))
97	return NULL;
98	X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
99	}
100
101	if (cert)
102	{
103	bag = PKCS12_add_cert(&bags, cert);
104	if(name && !PKCS12_add_friendlyname(bag, name, -1))
105	goto err;
106	if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
107	goto err;
108	}
109
110	/* Add all other certificates */
111	for(i = 0; i < sk_X509_num(ca); i++)
112	{	80	{
113	if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))	81	#ifdef OPENSSL_FIPS
114	goto err;	82	if (FIPS_mode())
115	}	83	nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
116		84	else
117	if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))	85	#endif
118	goto err;	86	nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
119
120	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
121	bags = NULL;
122
123	if (pkey)
124	{
125	int cspidx;
126	bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
127
128	if (!bag)
129	goto err;
130
131	cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);
132	if (cspidx >= 0)
133	{
134	X509_ATTRIBUTE *cspattr;
135	cspattr = EVP_PKEY_get_attr(pkey, cspidx);
136	if (!X509at_add1_attr(&bag->attrib, cspattr))
137	goto err;
138	}
139
140	if(name && !PKCS12_add_friendlyname(bag, name, -1))
141	goto err;
142	if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
143	goto err;
144	}	87	}
		88	if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
		89	if(!iter) iter = PKCS12_DEFAULT_ITER;
		90	if(!mac_iter) mac_iter = 1;
145		91
146	if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))	92	if(!pkey \|\| !cert) {
147	goto err;	93	PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
148		94	return NULL;
149	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);	95	}
150	bags = NULL;
151
152	p12 = PKCS12_add_safes(safes, 0);
153
154	sk_PKCS7_pop_free(safes, PKCS7_free);
155
156	safes = NULL;
157
158	if ((mac_iter != -1) &&
159	!PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
160	goto err;
161
162	return p12;
163
164	err:
165
166	if (p12)
167	PKCS12_free(p12);
168	if (safes)
169	sk_PKCS7_pop_free(safes, PKCS7_free);
170	if (bags)
171	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
172	return NULL;
173		96
174	}	97	if(!X509_check_private_key(cert, pkey)) return NULL;
175		98
176	PKCS12_SAFEBAG PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) pbags, X509 cert)	99	if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
177	{	100	PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
178	PKCS12_SAFEBAG *bag = NULL;	101	return NULL;
179	char *name;	102	}
180	int namelen = -1;
181	unsigned char *keyid;
182	int keyidlen = -1;
183		103
184	/* Add user certificate */	104	/* Add user certificate */
185	if(!(bag = PKCS12_x5092certbag(cert)))	105	if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
186	goto err;	106	if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
187		107	X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
188	/* Use friendlyName and localKeyID in certificate.	108	if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
189	* (if present)
190	*/
191
192	name = (char *)X509_alias_get0(cert, &namelen);
193
194	if(name && !PKCS12_add_friendlyname(bag, name, namelen))
195	goto err;
196
197	keyid = X509_keyid_get0(cert, &keyidlen);
198
199	if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
200	goto err;
201
202	if (!pkcs12_add_bag(pbags, bag))
203	goto err;
204
205	return bag;
206
207	err:
208
209	if (bag)
210	PKCS12_SAFEBAG_free(bag);
211
212	return NULL;
213		109
		110	if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
		111	PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
		112	return NULL;
214	}	113	}
215		114
216	PKCS12_SAFEBAG PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) pbags, EVP_PKEY key,	115	/* Add all other certificates */
217	int key_usage, int iter,	116	if(ca) {
218	int nid_key, char *pass)	117	for(i = 0; i < sk_X509_num(ca); i++) {
219	{	118	tcert = sk_X509_value(ca, i);
220		119	if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
221	PKCS12_SAFEBAG *bag = NULL;	120	if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
222	PKCS8_PRIV_KEY_INFO *p8 = NULL;	121	PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
223		122	return NULL;
224	/* Make a PKCS#8 structure */	123	}
225	if(!(p8 = EVP_PKEY2PKCS8(key)))
226	goto err;
227	if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
228	goto err;
229	if (nid_key != -1)
230	{
231	bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
232	PKCS8_PRIV_KEY_INFO_free(p8);
233	}	124	}
234	else
235	bag = PKCS12_MAKE_KEYBAG(p8);
236
237	if(!bag)
238	goto err;
239
240	if (!pkcs12_add_bag(pbags, bag))
241	goto err;
242
243	return bag;
244
245	err:
246
247	if (bag)
248	PKCS12_SAFEBAG_free(bag);
249
250	return NULL;
251
252	}	125	}
253		126
254	int PKCS12_add_safe(STACK_OF(PKCS7) *psafes, STACK_OF(PKCS12_SAFEBAG) bags,	127	/* Turn certbags into encrypted authsafe */
255	int nid_safe, int iter, char *pass)	128	authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
256	{
257	PKCS7 *p7 = NULL;
258	int free_safes = 0;
259
260	if (!*psafes)
261	{
262	*psafes = sk_PKCS7_new_null();
263	if (!*psafes)
264	return 0;
265	free_safes = 1;
266	}
267	else
268	free_safes = 0;
269
270	if (nid_safe == 0)
271	nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
272
273	if (nid_safe == -1)
274	p7 = PKCS12_pack_p7data(bags);
275	else
276	p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
277	iter, bags);	129	iter, bags);
278	if (!p7)	130	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
279	goto err;
280
281	if (!sk_PKCS7_push(*psafes, p7))
282	goto err;
283
284	return 1;
285
286	err:
287	if (free_safes)
288	{
289	sk_PKCS7_free(*psafes);
290	*psafes = NULL;
291	}
292
293	if (p7)
294	PKCS7_free(p7);
295		131
296	return 0;	132	if (!authsafe) return NULL;
297		133
		134	if(!(safes = sk_PKCS7_new_null ())
		135	\|\| !sk_PKCS7_push(safes, authsafe)) {
		136	PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
		137	return NULL;
298	}	138	}
299		139
300	static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) *pbags, PKCS12_SAFEBAG bag)	140	/* Make a shrouded key bag */
301	{	141	if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
302	int free_bags;	142	if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
303	if (!pbags)	143	bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
304	return 1;	144	if(!bag) return NULL;
305	if (!*pbags)	145	PKCS8_PRIV_KEY_INFO_free(p8);
306	{	146	if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
307	*pbags = sk_PKCS12_SAFEBAG_new_null();	147	if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
308	if (!*pbags)	148	if(!(bags = sk_PKCS12_SAFEBAG_new_null())
309	return 0;	149	\|\| !sk_PKCS12_SAFEBAG_push (bags, bag)) {
310	free_bags = 1;	150	PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
311	}	151	return NULL;
312	else	152	}
313	free_bags = 0;	153	/* Turn it into unencrypted safe bag */
314		154	if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
315	if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))	155	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
316	{	156	if(!sk_PKCS7_push(safes, authsafe)) {
317	if (free_bags)	157	PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
318	{	158	return NULL;
319	sk_PKCS12_SAFEBAG_free(*pbags);
320	*pbags = NULL;
321	}
322	return 0;
323	}
324
325	return 1;
326
327	}	159	}
328
329		160
330	PKCS12 PKCS12_add_safes(STACK_OF(PKCS7) safes, int nid_p7)	161	if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
331	{
332	PKCS12 *p12;
333	if (nid_p7 <= 0)
334	nid_p7 = NID_pkcs7_data;
335	p12 = PKCS12_init(nid_p7);
336		162
337	if (!p12)	163	if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
338	return NULL;
339		164
340	if(!PKCS12_pack_authsafes(p12, safes))	165	sk_PKCS7_pop_free(safes, PKCS7_free);
341	{	166
342	PKCS12_free(p12);	167	if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
343	return NULL;	168	return NULL;
344	}
345		169
346	return p12;	170	return p12;
347		171
348	}	172	}