{
PKCS12_SAFEBAG *bag;
if (!(bag = PKCS12_SAFEBAG_new())) {
- PKCS12err(PKCS12_F_PKCS12_MAKE_SAFEBAG, ERR_R_MALLOC_FAILURE);
+ PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
return NULL;
}
bag->type = OBJ_nid2obj(NID_keyBag);
bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
if (!(bag->value.shkeybag =
- PKCS8_encrypt(pbe_nid, pass, passlen, salt, saltlen, iter, p8))) {
+ PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+ p8))) {
PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
return NULL;
}
{
PKCS7 *p7;
if (!(p7 = PKCS7_new())) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7_DATA, ERR_R_MALLOC_FAILURE);
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
return NULL;
}
p7->type = OBJ_nid2obj(NID_pkcs7_data);
- if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7_DATA, ERR_R_MALLOC_FAILURE);
+ if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
return NULL;
}
PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
return NULL;
}
- p7->type = OBJ_nid2obj(NID_pkcs7_encrypted);
- if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+ if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+ PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
return NULL;
}
- ASN1_INTEGER_set (p7->d.encrypted->version, 0);
- p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
return NULL;
}
X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
p7->d.encrypted->enc_data->algorithm = pbe;
- ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+ M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
if (!(p7->d.encrypted->enc_data->enc_data =
PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
(char *)bags, 1))) {
return p7;
}
-X509_SIG *PKCS8_encrypt (int pbe_nid, const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8inf)
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+ const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ PKCS8_PRIV_KEY_INFO *p8inf)
{
X509_SIG *p8;
X509_ALGOR *pbe;
if (!(p8 = X509_SIG_new())) {
PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
- if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
- return NULL;
+ if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+ else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+ if(!pbe) {
+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+ goto err;
}
X509_ALGOR_free(p8->algor);
p8->algor = pbe;
- ASN1_OCTET_STRING_free(p8->digest);
+ M_ASN1_OCTET_STRING_free(p8->digest);
if (!(p8->digest =
PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
(char *)p8inf, 0))) {
PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
- return NULL;
+ goto err;
}
return p8;
+
+ err:
+ X509_SIG_free(p8);
+ return NULL;
}
projects / openssl.git / blobdiff