From: Dr. Stephen Henson Date: Mon, 29 Mar 1999 00:19:55 +0000 (+0000) Subject: Various PKCS#12 related tidies and fixes: it might even compile now :-) X-Git-Tag: OpenSSL_0_9_3beta1~395 X-Git-Url: https://git.openssl.org/?a=commitdiff_plain;ds=sidebyside;h=67d5ac039f2ceb9a260a6aaf96707c1fc90640d3;p=openssl.git Various PKCS#12 related tidies and fixes: it might even compile now :-) --- diff --git a/STATUS b/STATUS index 1bdac4247a..b22ecd1f86 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 1999/03/23 14:48:59 $ + ______________ $Date: 1999/03/29 00:19:51 $ DEVELOPMENT STATE @@ -12,8 +12,6 @@ o Compilation warnings: ctype-related int vs. char o Compilation error: "unsigned long*" and "int*" under AIX - o Why are NULL ciphers in front of the cipher spec? - (see my posting "Bug?!: Cipher Suite and NULL Ciphers" in openssl-dev) o A Linux alpha user reported: "alpha.s does not have bn_div_word()" (see posting "ALPHA error" in openssl-dev) o Undefined BN symbols in assembler stuff on Solaris @@ -30,13 +28,10 @@ IN PROGRESS - o Steve is currently working on: - X509 V3 extension code including: - 1. Support for the more common PKIX extensions. - 2. Proper (or at least usable) certificate chain verification. - 3. Support in standard applications (req, x509, ca). - 4. Documentation on how all the above works. - Next on the list is probably PKCS#12 integration. + o Steve is currently working on (in no particular order): + PKCS#12 code integration. + Proper (or at least usable) certificate chain verification. + Documentation on X509 V3 extension code. o Mark is currently working on: Folding in any changes that are in the C2Net code base that were diff --git a/crypto/asn1/asn1.err b/crypto/asn1/asn1.err index 065448c24b..2f366bfba7 100644 --- a/crypto/asn1/asn1.err +++ b/crypto/asn1/asn1.err @@ -20,6 +20,7 @@ #define ASN1_F_ASN1_INTEGER_TO_BN 112 #define ASN1_F_ASN1_OBJECT_NEW 113 #define ASN1_F_ASN1_PACK_STRING 245 +#define ASN1_F_ASN1_PBE_SET 253 #define ASN1_F_ASN1_SEQ_PACK 246 #define ASN1_F_ASN1_SEQ_UNPACK 247 #define ASN1_F_ASN1_SIGN 114 @@ -65,6 +66,10 @@ #define ASN1_F_D2I_NETSCAPE_SPKAC 143 #define ASN1_F_D2I_NETSCAPE_SPKI 144 #define ASN1_F_D2I_PBEPARAM 249 +#define ASN1_F_D2I_PKCS12 254 +#define ASN1_F_D2I_PKCS12_BAGS 255 +#define ASN1_F_D2I_PKCS12_MAC_DATA 256 +#define ASN1_F_D2I_PKCS12_SAFEBAG 257 #define ASN1_F_D2I_PKCS7 145 #define ASN1_F_D2I_PKCS7_DIGEST 146 #define ASN1_F_D2I_PKCS7_ENCRYPT 147 @@ -120,6 +125,10 @@ #define ASN1_F_NETSCAPE_SPKAC_NEW 190 #define ASN1_F_NETSCAPE_SPKI_NEW 191 #define ASN1_F_PBEPARAM_NEW 251 +#define ASN1_F_PKCS12_BAGS_NEW 258 +#define ASN1_F_PKCS12_MAC_DATA_NEW 259 +#define ASN1_F_PKCS12_NEW 260 +#define ASN1_F_PKCS12_SAFEBAG_NEW 261 #define ASN1_F_PKCS7_DIGEST_NEW 192 #define ASN1_F_PKCS7_ENCRYPT_NEW 193 #define ASN1_F_PKCS7_ENC_CONTENT_NEW 194 diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 36ffa372a2..a46841ebfc 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -725,6 +725,7 @@ ASN1_STRING *ASN1_pack_string(); #define ASN1_F_ASN1_INTEGER_TO_BN 112 #define ASN1_F_ASN1_OBJECT_NEW 113 #define ASN1_F_ASN1_PACK_STRING 245 +#define ASN1_F_ASN1_PBE_SET 253 #define ASN1_F_ASN1_SEQ_PACK 246 #define ASN1_F_ASN1_SEQ_UNPACK 247 #define ASN1_F_ASN1_SIGN 114 @@ -770,6 +771,10 @@ ASN1_STRING *ASN1_pack_string(); #define ASN1_F_D2I_NETSCAPE_SPKAC 143 #define ASN1_F_D2I_NETSCAPE_SPKI 144 #define ASN1_F_D2I_PBEPARAM 249 +#define ASN1_F_D2I_PKCS12 254 +#define ASN1_F_D2I_PKCS12_BAGS 255 +#define ASN1_F_D2I_PKCS12_MAC_DATA 256 +#define ASN1_F_D2I_PKCS12_SAFEBAG 257 #define ASN1_F_D2I_PKCS7 145 #define ASN1_F_D2I_PKCS7_DIGEST 146 #define ASN1_F_D2I_PKCS7_ENCRYPT 147 @@ -825,6 +830,10 @@ ASN1_STRING *ASN1_pack_string(); #define ASN1_F_NETSCAPE_SPKAC_NEW 190 #define ASN1_F_NETSCAPE_SPKI_NEW 191 #define ASN1_F_PBEPARAM_NEW 251 +#define ASN1_F_PKCS12_BAGS_NEW 258 +#define ASN1_F_PKCS12_MAC_DATA_NEW 259 +#define ASN1_F_PKCS12_NEW 260 +#define ASN1_F_PKCS12_SAFEBAG_NEW 261 #define ASN1_F_PKCS7_DIGEST_NEW 192 #define ASN1_F_PKCS7_ENCRYPT_NEW 193 #define ASN1_F_PKCS7_ENC_CONTENT_NEW 194 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index a150e3fa53..54f052a7f8 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -82,6 +82,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"}, {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"}, {ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"}, +{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0), "ASN1_PBE_SET"}, {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"}, {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, {ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_SIGN"}, @@ -127,6 +128,10 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0), "D2I_NETSCAPE_SPKAC"}, {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0), "D2I_NETSCAPE_SPKI"}, {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0), "D2I_PBEPARAM"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS12,0), "D2I_PKCS12"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0), "D2I_PKCS12_BAGS"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0), "D2I_PKCS12_MAC_DATA"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0), "D2I_PKCS12_SAFEBAG"}, {ERR_PACK(0,ASN1_F_D2I_PKCS7,0), "D2I_PKCS7"}, {ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0), "D2I_PKCS7_DIGEST"}, {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0), "D2I_PKCS7_ENCRYPT"}, @@ -182,6 +187,10 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0), "NETSCAPE_SPKAC_NEW"}, {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0), "NETSCAPE_SPKI_NEW"}, {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0), "PBEPARAM_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0), "PKCS12_BAGS_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0), "PKCS12_MAC_DATA_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS12_NEW,0), "PKCS12_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0), "PKCS12_SAFEBAG_NEW"}, {ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0), "PKCS7_DIGEST_NEW"}, {ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0), "PKCS7_ENCRYPT_NEW"}, {ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0), "PKCS7_ENC_CONTENT_NEW"}, diff --git a/crypto/err/err.c b/crypto/err/err.c index fcd92284e0..ef47252736 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -109,6 +109,7 @@ static ERR_STRING_DATA ERR_str_libraries[]= {ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, {ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, {ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, +{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"}, {0,NULL}, }; @@ -148,6 +149,7 @@ static ERR_STRING_DATA ERR_str_reasons[]= {ERR_R_PROXY_LIB ,"PROXY lib"}, {ERR_R_BIO_LIB ,"BIO lib"}, {ERR_R_PKCS7_LIB ,"PKCS7 lib"}, +{ERR_R_PKCS12_LIB ,"PKCS12 lib"}, {ERR_R_MALLOC_FAILURE ,"Malloc failure"}, {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a fuction you should not call"}, {ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, diff --git a/crypto/err/err.h b/crypto/err/err.h index c10868ac7f..f06ed383e8 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -191,6 +191,7 @@ typedef struct err_state_st #define ERR_R_PROXY_LIB ERR_LIB_PROXY #define ERR_R_BIO_LIB ERR_LIB_BIO #define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 +#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 /* fatal error */ #define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index 11049bb35d..7888fdad1d 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -157,7 +157,7 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_new() M_ASN1_New(ret->attrib, sk_new_null); ret->rest=NULL; return (ret); - M_ASN1_New_Error(PKCS12_F_PKCS12_SAFEBAG_NEW); + M_ASN1_New_Error(ASN1_F_PKCS12_SAFEBAG_NEW); } PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(a,pp,length) diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h index c626ad15e9..1f03e2b084 100644 --- a/crypto/pkcs12/pkcs12.h +++ b/crypto/pkcs12/pkcs12.h @@ -66,8 +66,6 @@ extern "C" { #include "bio.h" #include "x509.h" -#define PKCS12_LIB_NAME "PKCS12 library" - #define PKCS12_KEY_ID 1 #define PKCS12_IV_ID 2 #define PKCS12_MAC_ID 3 @@ -93,26 +91,6 @@ extern "C" { #define KEY_EX 0x10 #define KEY_SIG 0x80 -/* Various ASN1 macros */ - -#ifndef M_ASN1_D2I_get_set_opt -#define M_ASN1_D2I_get_set_opt(r,func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ - { M_ASN1_D2I_get_set(r,func); } -#endif - -#ifndef M_ASN1_I2D_len_SET_opt -#define M_ASN1_I2D_len_SET_opt(a,f) \ - if (a != NULL) M_ASN1_I2D_len_SET(a,f); -#endif - -#ifndef M_ASN1_I2D_put_SET_opt -#define M_ASN1_I2D_put_SET_opt(a,f) \ - if (a != NULL) M_ASN1_I2D_put_SET(a,f); - -#endif - typedef struct { X509_SIG *dinfo; ASN1_OCTET_STRING *salt; @@ -125,9 +103,6 @@ PKCS12_MAC_DATA *mac; PKCS7 *authsafes; } PKCS12; -#define PKCS8_OK 0 -#define PKCS8_NO_OCTET 1 - typedef struct { ASN1_OBJECT *type; union { @@ -220,13 +195,7 @@ obj = OBJ_nid2obj((nid));\ } #ifndef NOPROTO -int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp); -PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void); -PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, unsigned char **pp, long length); -void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a); PKCS12_SAFEBAG *PKCS12_pack_safebag(char *obj, int (*i2d)(), int nid1, int nid2); -PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey); -EVP_PKEY *PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); X509_SIG *PKCS8_encrypt(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); @@ -242,7 +211,6 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, unsigned char *pass, int pass char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(), void (*free_func)(), unsigned char *pass, int passlen, ASN1_STRING *oct, int seq); ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(), unsigned char *pass, int passlen, char *obj, int seq); PKCS12 *PKCS12_init(int mode); -X509_ALGOR *PKCS12_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); int PKCS12_key_gen_asc(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, EVP_MD *md_type); int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, EVP_MD *md_type); int PKCS12_PBE_keyivgen(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_CIPHER *cipher, EVP_MD *md_type, unsigned char *key, unsigned char *iv); @@ -273,7 +241,6 @@ void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a); void ERR_load_PKCS12_strings(void); void ERR_PKCS12_error(int function, int reason, char *file, int line); void PKCS12_add_obj(void); -void PKCS12_lib_init(void); void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert, STACK **ca); PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype); @@ -284,13 +251,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); #else -int i2d_PKCS8_PRIV_KEY_INFO(); -PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(); -PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(); -void PKCS8_PRIV_KEY_INFO_free(); PKCS12_SAFEBAG *PKCS12_pack_safebag(); -PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(); -EVP_PKEY *PKCS82PKEY(); PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(); X509_SIG *PKCS8_encrypt(); PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(); @@ -304,7 +265,6 @@ unsigned char *PKCS12_pbe_crypt(); char *PKCS12_decrypt_d2i(); ASN1_STRING *PKCS12_i2d_encrypt(); PKCS12 *PKCS12_init(); -X509_ALGOR *PKCS12_pbe_set(); int PKCS12_key_gen_asc(); int PKCS12_key_gen_uni(); int PKCS12_gen_mac(); @@ -333,7 +293,6 @@ void PKCS12_SAFEBAG_free(); void ERR_load_PKCS12_strings(); void ERR_PKCS12_error (); void PKCS12_add_obj(); -void PKCS12_lib_init(); void PKCS12_PBE_add(); int PKCS8_add_keyusage(); ASN1_TYPE *PKCS12_get_attr_gen();