diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/pkcs12/p12_crt.c | 5 | ||||
-rw-r--r-- | crypto/pkcs12/p12_sbag.c | 53 | ||||
-rw-r--r-- | crypto/pkcs12/pk12err.c | 8 |
3 files changed, 44 insertions, 22 deletions
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 4041b966a2..1fd22c0560 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -231,10 +231,11 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) goto err; if (nid_key != -1) { - bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); + bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0, + iter, p8); PKCS8_PRIV_KEY_INFO_free(p8); } else - bag = PKCS12_MAKE_KEYBAG(p8); + bag = PKCS12_SAFEBAG_create0_p8inf(p8); if (!bag) goto err; diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index a54367216d..d0ed1e13b0 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -145,12 +145,12 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl) /* Turn PKCS8 object into a keybag */ -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8) +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8) { - PKCS12_SAFEBAG *bag; + PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new(); - if ((bag = PKCS12_SAFEBAG_new()) == NULL) { - PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); + if (bag == NULL) { + PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE); return NULL; } bag->type = OBJ_nid2obj(NID_keyBag); @@ -160,31 +160,48 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8) /* Turn PKCS8 object into a shrouded keybag */ -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8) +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8) { - PKCS12_SAFEBAG *bag; - const EVP_CIPHER *pbe_ciph; - + PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new(); /* Set up the safe bag */ - if ((bag = PKCS12_SAFEBAG_new()) == NULL) { - PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + if (bag == NULL) { + PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE); return NULL; } - bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); + bag->value.shkeybag = p8; + return bag; +} + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf) +{ + PKCS12_SAFEBAG *bag; + const EVP_CIPHER *pbe_ciph; + X509_SIG *p8; pbe_ciph = EVP_get_cipherbynid(pbe_nid); if (pbe_ciph) pbe_nid = -1; - if (!(bag->value.shkeybag = - PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, - p8))) { - PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, + p8inf); + + if (p8 == NULL) { + PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); + return NULL; + } + + bag = PKCS12_SAFEBAG_create0_pkcs8(p8); + + if (bag == NULL) { + PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); + X509_SIG_free(p8); return NULL; } diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c index c3c0d59f3b..0850da8b7f 100644 --- a/crypto/pkcs12/pk12err.c +++ b/crypto/pkcs12/pk12err.c @@ -85,14 +85,18 @@ static ERR_STRING_DATA PKCS12_str_functs[] = { {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, - {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, - {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, + {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF), + "PKCS12_SAFEBAG_create0_p8inf"}, + {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8), + "PKCS12_SAFEBAG_create0_pkcs8"}, + {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT), + "PKCS12_SAFEBAG_create_pkcs8_encrypt"}, {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, |