Various PKCS#12 related tidies and fixes: it might even compile now :-)

67d5ac03 · Dr. Stephen Henson · 8d8c7266 · 67d5ac03 · 67d5ac03 · 67d5ac03
8 changed file
--- a/STATUS
+++ b/STATUS

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/03/23 14:48:59 $
+  ______________                           $Date: 1999/03/29 00:19:51 $

  DEVELOPMENT STATE

@@ -12,8 +12,6 @@

    o Compilation warnings: ctype-related int vs. char
    o Compilation error: "unsigned long*" and "int*" under AIX
-    o Why are NULL ciphers in front of the cipher spec?
-      (see my posting "Bug?!: Cipher Suite and NULL Ciphers" in openssl-dev)
    o A Linux alpha user reported: "alpha.s does not have bn_div_word()"
      (see posting "ALPHA error" in openssl-dev)
    o Undefined BN symbols in assembler stuff on Solaris
@@ -30,13 +28,10 @@

  IN PROGRESS

-    o Steve is currently working on:
-        X509 V3 extension code including:
-        1. Support for the more common PKIX extensions.
-        2. Proper (or at least usable) certificate chain verification.
-        3. Support in standard applications (req, x509, ca).
-        4. Documentation on how all the above works.
-        Next on the list is probably PKCS#12 integration.
+    o Steve is currently working on (in no particular order):
+        PKCS#12 code integration.
+        Proper (or at least usable) certificate chain verification.
+        Documentation on X509 V3 extension code.

    o Mark is currently working on:
        Folding in any changes that are in the C2Net code base that were

--- a/crypto/asn1/asn1.err
+++ b/crypto/asn1/asn1.err
@@ -20,6 +20,7 @@
 #define ASN1_F_ASN1_INTEGER_TO_BN			 112
 #define ASN1_F_ASN1_OBJECT_NEW				 113
 #define ASN1_F_ASN1_PACK_STRING				 245
+#define ASN1_F_ASN1_PBE_SET				 253
 #define ASN1_F_ASN1_SEQ_PACK				 246
 #define ASN1_F_ASN1_SEQ_UNPACK				 247
 #define ASN1_F_ASN1_SIGN				 114
@@ -65,6 +66,10 @@
 #define ASN1_F_D2I_NETSCAPE_SPKAC			 143
 #define ASN1_F_D2I_NETSCAPE_SPKI			 144
 #define ASN1_F_D2I_PBEPARAM				 249
+#define ASN1_F_D2I_PKCS12				 254
+#define ASN1_F_D2I_PKCS12_BAGS				 255
+#define ASN1_F_D2I_PKCS12_MAC_DATA			 256
+#define ASN1_F_D2I_PKCS12_SAFEBAG			 257
 #define ASN1_F_D2I_PKCS7				 145
 #define ASN1_F_D2I_PKCS7_DIGEST				 146
 #define ASN1_F_D2I_PKCS7_ENCRYPT			 147
@@ -120,6 +125,10 @@
 #define ASN1_F_NETSCAPE_SPKAC_NEW			 190
 #define ASN1_F_NETSCAPE_SPKI_NEW			 191
 #define ASN1_F_PBEPARAM_NEW				 251
+#define ASN1_F_PKCS12_BAGS_NEW				 258
+#define ASN1_F_PKCS12_MAC_DATA_NEW			 259
+#define ASN1_F_PKCS12_NEW				 260
+#define ASN1_F_PKCS12_SAFEBAG_NEW			 261
 #define ASN1_F_PKCS7_DIGEST_NEW				 192
 #define ASN1_F_PKCS7_ENCRYPT_NEW			 193
 #define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194

--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -725,6 +725,7 @@ ASN1_STRING *ASN1_pack_string();
 #define ASN1_F_ASN1_INTEGER_TO_BN			 112
 #define ASN1_F_ASN1_OBJECT_NEW				 113
 #define ASN1_F_ASN1_PACK_STRING				 245
+#define ASN1_F_ASN1_PBE_SET				 253
 #define ASN1_F_ASN1_SEQ_PACK				 246
 #define ASN1_F_ASN1_SEQ_UNPACK				 247
 #define ASN1_F_ASN1_SIGN				 114
@@ -770,6 +771,10 @@ ASN1_STRING *ASN1_pack_string();
 #define ASN1_F_D2I_NETSCAPE_SPKAC			 143
 #define ASN1_F_D2I_NETSCAPE_SPKI			 144
 #define ASN1_F_D2I_PBEPARAM				 249
+#define ASN1_F_D2I_PKCS12				 254
+#define ASN1_F_D2I_PKCS12_BAGS				 255
+#define ASN1_F_D2I_PKCS12_MAC_DATA			 256
+#define ASN1_F_D2I_PKCS12_SAFEBAG			 257
 #define ASN1_F_D2I_PKCS7				 145
 #define ASN1_F_D2I_PKCS7_DIGEST				 146
 #define ASN1_F_D2I_PKCS7_ENCRYPT			 147
@@ -825,6 +830,10 @@ ASN1_STRING *ASN1_pack_string();
 #define ASN1_F_NETSCAPE_SPKAC_NEW			 190
 #define ASN1_F_NETSCAPE_SPKI_NEW			 191
 #define ASN1_F_PBEPARAM_NEW				 251
+#define ASN1_F_PKCS12_BAGS_NEW				 258
+#define ASN1_F_PKCS12_MAC_DATA_NEW			 259
+#define ASN1_F_PKCS12_NEW				 260
+#define ASN1_F_PKCS12_SAFEBAG_NEW			 261
 #define ASN1_F_PKCS7_DIGEST_NEW				 192
 #define ASN1_F_PKCS7_ENCRYPT_NEW			 193
 #define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194

--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -82,6 +82,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),	"ASN1_INTEGER_to_BN"},
 {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),	"ASN1_OBJECT_new"},
 {ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0),	"ASN1_pack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0),	"ASN1_PBE_SET"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_SIGN"},
@@ -127,6 +128,10 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"D2I_NETSCAPE_SPKAC"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"D2I_NETSCAPE_SPKI"},
 {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"D2I_PBEPARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12,0),	"D2I_PKCS12"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0),	"D2I_PKCS12_BAGS"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0),	"D2I_PKCS12_MAC_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0),	"D2I_PKCS12_SAFEBAG"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"D2I_PKCS7"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"D2I_PKCS7_DIGEST"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"D2I_PKCS7_ENCRYPT"},
@@ -182,6 +187,10 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_NEW"},
 {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0),	"PKCS12_BAGS_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),	"PKCS12_MAC_DATA_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS12_NEW,0),	"PKCS12_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0),	"PKCS12_SAFEBAG_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_NEW"},

--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -109,6 +109,7 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
 {ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},
 {ERR_PACK(ERR_LIB_X509V3,0,0)		,"X509 V3 routines"},
+{ERR_PACK(ERR_LIB_PKCS12,0,0)		,"PKCS12 routines"},
 {0,NULL},
 	};

@@ -148,6 +149,7 @@ static ERR_STRING_DATA ERR_str_reasons[]=
 {ERR_R_PROXY_LIB			,"PROXY lib"},
 {ERR_R_BIO_LIB				,"BIO lib"},
 {ERR_R_PKCS7_LIB			,"PKCS7 lib"},
+{ERR_R_PKCS12_LIB			,"PKCS12 lib"},
 {ERR_R_MALLOC_FAILURE			,"Malloc failure"},
 {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a fuction you should not call"},
 {ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},

--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -191,6 +191,7 @@ typedef struct err_state_st
 #define ERR_R_PROXY_LIB	ERR_LIB_PROXY
 #define ERR_R_BIO_LIB	ERR_LIB_BIO
 #define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7
+#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12

 /* fatal error */
 #define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)

--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -157,7 +157,7 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_new()
 	M_ASN1_New(ret->attrib, sk_new_null);
 	ret->rest=NULL;
 	return (ret);
-	M_ASN1_New_Error(PKCS12_F_PKCS12_SAFEBAG_NEW);
+	M_ASN1_New_Error(ASN1_F_PKCS12_SAFEBAG_NEW);
 }

 PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(a,pp,length)

--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -66,8 +66,6 @@ extern "C" {
 #include "bio.h"
 #include "x509.h"

-#define PKCS12_LIB_NAME	"PKCS12 library"
-
 #define PKCS12_KEY_ID	1
 #define PKCS12_IV_ID	2
 #define PKCS12_MAC_ID	3
@@ -93,26 +91,6 @@ extern "C" {
 #define KEY_EX	0x10
 #define KEY_SIG 0x80

-/* Various ASN1 macros */
-
-#ifndef M_ASN1_D2I_get_set_opt
-#define M_ASN1_D2I_get_set_opt(r,func) \
- 	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- 		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
- 		{ M_ASN1_D2I_get_set(r,func); }
-#endif
- 
-#ifndef M_ASN1_I2D_len_SET_opt
-#define M_ASN1_I2D_len_SET_opt(a,f) \
- 		if (a != NULL) M_ASN1_I2D_len_SET(a,f);
-#endif
-
-#ifndef M_ASN1_I2D_put_SET_opt
-#define M_ASN1_I2D_put_SET_opt(a,f) \
-		if (a != NULL) M_ASN1_I2D_put_SET(a,f);
-
-#endif
-
 typedef struct {
 X509_SIG *dinfo;
 ASN1_OCTET_STRING *salt;
@@ -125,9 +103,6 @@ PKCS12_MAC_DATA *mac;
 PKCS7 *authsafes;
 } PKCS12;

-#define PKCS8_OK	0
-#define PKCS8_NO_OCTET	1
-
 typedef struct {
 ASN1_OBJECT *type;
 union {
@@ -220,13 +195,7 @@ obj = OBJ_nid2obj((nid));\
 }

 #ifndef NOPROTO
-int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
-PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, unsigned char **pp, long length);
-void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
 PKCS12_SAFEBAG *PKCS12_pack_safebag(char *obj, int (*i2d)(), int nid1, int nid2);
-PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey);
-EVP_PKEY *PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
 PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
 X509_SIG *PKCS8_encrypt(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
 PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
@@ -242,7 +211,6 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, unsigned char *pass, int pass
 char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(), void (*free_func)(), unsigned char *pass, int passlen, ASN1_STRING *oct, int seq);
 ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(), unsigned char *pass, int passlen, char *obj, int seq);
 PKCS12 *PKCS12_init(int mode);
-X509_ALGOR *PKCS12_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
 int PKCS12_key_gen_asc(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, EVP_MD *md_type);
 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, EVP_MD *md_type);
 int PKCS12_PBE_keyivgen(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_CIPHER *cipher, EVP_MD *md_type, unsigned char *key, unsigned char *iv);
@@ -273,7 +241,6 @@ void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
 void ERR_load_PKCS12_strings(void);
 void ERR_PKCS12_error(int function, int reason, char *file, int line);
 void PKCS12_add_obj(void);
-void PKCS12_lib_init(void);
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert, STACK **ca);
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
@@ -284,13 +251,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);

 #else

-int i2d_PKCS8_PRIV_KEY_INFO();
-PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new();
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO();
-void PKCS8_PRIV_KEY_INFO_free();
 PKCS12_SAFEBAG *PKCS12_pack_safebag();
-PKCS8_PRIV_KEY_INFO *PKEY2PKCS8();
-EVP_PKEY *PKCS82PKEY();
 PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG();
 X509_SIG *PKCS8_encrypt();
 PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG();
@@ -304,7 +265,6 @@ unsigned char *PKCS12_pbe_crypt();
 char *PKCS12_decrypt_d2i();
 ASN1_STRING *PKCS12_i2d_encrypt();
 PKCS12 *PKCS12_init();
-X509_ALGOR *PKCS12_pbe_set();
 int PKCS12_key_gen_asc();
 int PKCS12_key_gen_uni();
 int PKCS12_gen_mac();
@@ -333,7 +293,6 @@ void PKCS12_SAFEBAG_free();
 void ERR_load_PKCS12_strings();
 void ERR_PKCS12_error ();
 void PKCS12_add_obj();
-void PKCS12_lib_init();
 void PKCS12_PBE_add();
 int PKCS8_add_keyusage();
 ASN1_TYPE *PKCS12_get_attr_gen();