diff options
Diffstat (limited to 'crypto/pkcs12')
-rw-r--r-- | crypto/pkcs12/p12_p8e.c | 49 | ||||
-rw-r--r-- | crypto/pkcs12/pk12err.c | 3 |
2 files changed, 33 insertions, 19 deletions
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index 46ed78a12f..552f2f0d61 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -66,14 +66,9 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8inf) { - X509_SIG *p8; + X509_SIG *p8 = NULL; X509_ALGOR *pbe; - if ((p8 = X509_SIG_new()) == NULL) { - PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); - goto err; - } - if (pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) @@ -84,22 +79,40 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, } if (!pbe) { PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); - goto err; + return NULL; } - X509_ALGOR_free(p8->algor); - p8->algor = pbe; - ASN1_OCTET_STRING_free(p8->digest); - p8->digest = + p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe); + if (p8 == NULL) { + X509_ALGOR_free(pbe); + return NULL; + } + + return p8; +} + +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe) +{ + X509_SIG *p8; + ASN1_OCTET_STRING *enckey; + + enckey = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, passlen, p8inf, 1); - if (!p8->digest) { - PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); - goto err; + if (!enckey) { + PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR); + return NULL; } - return p8; + if (!(p8 = X509_SIG_new())) { + PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE); + ASN1_OCTET_STRING_free(enckey); + return NULL; + } + X509_ALGOR_free(p8->algor); + ASN1_OCTET_STRING_free(p8->digest); + p8->algor = pbe; + p8->digest = enckey; - err: - X509_SIG_free(p8); - return NULL; + return p8; } diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c index e58710b253..4e6c7dd57b 100644 --- a/crypto/pkcs12/pk12err.c +++ b/crypto/pkcs12/pk12err.c @@ -1,6 +1,6 @@ /* crypto/pkcs12/pk12err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -101,6 +101,7 @@ static ERR_STRING_DATA PKCS12_str_functs[] = { {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, + {ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"}, {0, NULL} }; |