mirror of https://github.com/openssl/openssl
PKCS12 - Add additional libctx and propq support.
Fixes #19718 Fixes #19716 Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and ASN1_item_unpack_ex(). parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX. PKCS12_free() needed to be manually constructed in order to free the propq. pkcs12_api_test.c changed so that it actually tests the libctx, propq. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19942)
This commit is contained in:
parent
76aa4f3ac0
commit
fe2a7341b5
|
@ -59,3 +59,16 @@ void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
|
|||
ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR);
|
||||
return ret;
|
||||
}
|
||||
|
||||
void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
|
||||
OSSL_LIB_CTX *libctx, const char *propq)
|
||||
{
|
||||
const unsigned char *p;
|
||||
void *ret;
|
||||
|
||||
p = oct->data;
|
||||
if ((ret = ASN1_item_d2i_ex(NULL, &p, oct->length, it,\
|
||||
libctx, propq)) == NULL)
|
||||
ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR);
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -78,7 +78,9 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
|
|||
ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
|
||||
return NULL;
|
||||
}
|
||||
return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
|
||||
return ASN1_item_unpack_ex(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
|
||||
ossl_pkcs7_ctx_get0_libctx(&p7->ctx),
|
||||
ossl_pkcs7_ctx_get0_propq(&p7->ctx));
|
||||
}
|
||||
|
||||
/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
|
||||
|
@ -181,6 +183,7 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
|
|||
STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
|
||||
{
|
||||
STACK_OF(PKCS7) *p7s;
|
||||
PKCS7_CTX *p7ctx;
|
||||
PKCS7 *p7;
|
||||
int i;
|
||||
|
||||
|
@ -188,8 +191,11 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
|
|||
ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
|
||||
return NULL;
|
||||
}
|
||||
p7s = ASN1_item_unpack(p12->authsafes->d.data,
|
||||
ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
|
||||
p7ctx = &p12->authsafes->ctx;
|
||||
p7s = ASN1_item_unpack_ex(p12->authsafes->d.data,
|
||||
ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
|
||||
ossl_pkcs7_ctx_get0_libctx(p7ctx),
|
||||
ossl_pkcs7_ctx_get0_propq(p7ctx));
|
||||
if (p7s != NULL) {
|
||||
for (i = 0; i < sk_PKCS7_num(p7s); i++) {
|
||||
p7 = sk_PKCS7_value(p7s, i);
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
#include <openssl/asn1t.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
#include "p12_local.h"
|
||||
#include "crypto/pkcs7.h"
|
||||
|
||||
/* PKCS#12 ASN1 module */
|
||||
|
||||
|
@ -21,7 +22,21 @@ ASN1_SEQUENCE(PKCS12) = {
|
|||
ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
|
||||
} ASN1_SEQUENCE_END(PKCS12)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(PKCS12, PKCS12, PKCS12)
|
||||
|
||||
PKCS12 *PKCS12_new(void)
|
||||
{
|
||||
return (PKCS12 *)ASN1_item_new(ASN1_ITEM_rptr(PKCS12));
|
||||
}
|
||||
|
||||
void PKCS12_free(PKCS12 *p12)
|
||||
{
|
||||
if (p12 != NULL && p12->authsafes != NULL) {
|
||||
OPENSSL_free(p12->authsafes->ctx.propq);
|
||||
p12->authsafes->ctx.propq = NULL;
|
||||
}
|
||||
ASN1_item_free((ASN1_VALUE *)p12, ASN1_ITEM_rptr(PKCS12));
|
||||
}
|
||||
|
||||
ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
|
||||
ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
|
||||
|
|
|
@ -56,3 +56,9 @@ PKCS12 *PKCS12_init(int mode)
|
|||
return PKCS12_init_ex(mode, NULL, NULL);
|
||||
}
|
||||
|
||||
const PKCS7_CTX *ossl_pkcs12_get0_pkcs7ctx(const PKCS12 *p12)
|
||||
{
|
||||
if (p12 == NULL || p12->authsafes == NULL)
|
||||
return NULL;
|
||||
return &p12->authsafes->ctx;
|
||||
}
|
||||
|
|
|
@ -18,10 +18,12 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
|
|||
EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
|
||||
|
||||
static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
|
||||
int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
|
||||
int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
|
||||
static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
||||
EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
|
||||
EVP_PKEY **pkey, STACK_OF(X509) *ocerts,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
|
||||
/*
|
||||
* Parse and decrypt a PKCS#12 structure returning user key, user cert and
|
||||
|
@ -157,7 +159,8 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
|
|||
sk_PKCS7_pop_free(asafes, PKCS7_free);
|
||||
return 0;
|
||||
}
|
||||
if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
|
||||
if (!parse_bags(bags, pass, passlen, pkey, ocerts,
|
||||
p7->ctx.libctx, p7->ctx.propq)) {
|
||||
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||
sk_PKCS7_pop_free(asafes, PKCS7_free);
|
||||
return 0;
|
||||
|
@ -170,12 +173,14 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
|
|||
|
||||
/* pkey and/or ocerts may be NULL */
|
||||
static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
|
||||
int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
|
||||
int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts,
|
||||
OSSL_LIB_CTX *libctx, const char *propq)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
|
||||
if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i),
|
||||
pass, passlen, pkey, ocerts))
|
||||
pass, passlen, pkey, ocerts,
|
||||
libctx, propq))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
@ -183,7 +188,8 @@ static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
|
|||
|
||||
/* pkey and/or ocerts may be NULL */
|
||||
static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
||||
EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
|
||||
EVP_PKEY **pkey, STACK_OF(X509) *ocerts,
|
||||
OSSL_LIB_CTX *libctx, const char *propq)
|
||||
{
|
||||
PKCS8_PRIV_KEY_INFO *p8;
|
||||
X509 *x509;
|
||||
|
@ -201,7 +207,8 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|||
case NID_keyBag:
|
||||
if (pkey == NULL || *pkey != NULL)
|
||||
return 1;
|
||||
*pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
|
||||
*pkey = EVP_PKCS82PKEY_ex(PKCS12_SAFEBAG_get0_p8inf(bag),
|
||||
libctx, propq);
|
||||
if (*pkey == NULL)
|
||||
return 0;
|
||||
break;
|
||||
|
@ -209,9 +216,10 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|||
case NID_pkcs8ShroudedKeyBag:
|
||||
if (pkey == NULL || *pkey != NULL)
|
||||
return 1;
|
||||
if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
|
||||
if ((p8 = PKCS12_decrypt_skey_ex(bag, pass, passlen,
|
||||
libctx, propq)) == NULL)
|
||||
return 0;
|
||||
*pkey = EVP_PKCS82PKEY(p8);
|
||||
*pkey = EVP_PKCS82PKEY_ex(p8, libctx, propq);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
if (!(*pkey))
|
||||
return 0;
|
||||
|
@ -221,7 +229,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|||
if (ocerts == NULL
|
||||
|| PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
|
||||
return 1;
|
||||
if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
|
||||
if ((x509 = PKCS12_SAFEBAG_get1_cert_ex(bag, libctx, propq)) == NULL)
|
||||
return 0;
|
||||
if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
|
||||
X509_free(x509);
|
||||
|
@ -251,7 +259,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|||
|
||||
case NID_safeContentsBag:
|
||||
return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
|
||||
ocerts);
|
||||
ocerts, libctx, propq);
|
||||
|
||||
default:
|
||||
return 1;
|
||||
|
|
|
@ -41,3 +41,5 @@ struct pkcs12_bag_st {
|
|||
ASN1_TYPE *other; /* Secret or other bag */
|
||||
} value;
|
||||
};
|
||||
|
||||
const PKCS7_CTX *ossl_pkcs12_get0_pkcs7ctx(const PKCS12 *p12);
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
#include "internal/cryptlib.h"
|
||||
#include <openssl/pkcs12.h>
|
||||
#include "p12_local.h"
|
||||
#include "crypto/x509.h"
|
||||
|
||||
#ifndef OPENSSL_NO_DEPRECATED_1_1_0
|
||||
ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
|
||||
|
@ -101,6 +102,42 @@ X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
|
|||
ASN1_ITEM_rptr(X509_CRL));
|
||||
}
|
||||
|
||||
X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag,
|
||||
OSSL_LIB_CTX *libctx, const char *propq)
|
||||
{
|
||||
X509 *ret = NULL;
|
||||
|
||||
if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
|
||||
return NULL;
|
||||
if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
|
||||
return NULL;
|
||||
ret = ASN1_item_unpack_ex(bag->value.bag->value.octet,
|
||||
ASN1_ITEM_rptr(X509), libctx, propq);
|
||||
if (!ossl_x509_set0_libctx(ret, libctx, propq)) {
|
||||
X509_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag,
|
||||
OSSL_LIB_CTX *libctx, const char *propq)
|
||||
{
|
||||
X509_CRL *ret = NULL;
|
||||
|
||||
if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
|
||||
return NULL;
|
||||
if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
|
||||
return NULL;
|
||||
ret = ASN1_item_unpack_ex(bag->value.bag->value.octet,
|
||||
ASN1_ITEM_rptr(X509_CRL), libctx, propq);
|
||||
if (!ossl_x509_crl_set0_libctx(ret, libctx, propq)) {
|
||||
X509_CRL_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
|
||||
{
|
||||
return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
|
||||
|
|
|
@ -10,6 +10,8 @@
|
|||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/pkcs12.h>
|
||||
#include "p12_local.h"
|
||||
#include "crypto/pkcs7/pk7_local.h"
|
||||
|
||||
/* Cheap and nasty Unicode stuff */
|
||||
|
||||
|
@ -230,12 +232,34 @@ int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12)
|
|||
|
||||
PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
|
||||
{
|
||||
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
|
||||
OSSL_LIB_CTX *libctx = NULL;
|
||||
const char *propq = NULL;
|
||||
const PKCS7_CTX *p7ctx = NULL;
|
||||
|
||||
if (p12 != NULL) {
|
||||
p7ctx = ossl_pkcs12_get0_pkcs7ctx(*p12);
|
||||
if (p7ctx != NULL) {
|
||||
libctx = ossl_pkcs7_ctx_get0_libctx(p7ctx);
|
||||
propq = ossl_pkcs7_ctx_get0_propq(p7ctx);
|
||||
}
|
||||
}
|
||||
return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS12), bp, p12, libctx, propq);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_STDIO
|
||||
PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
|
||||
{
|
||||
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
|
||||
OSSL_LIB_CTX *libctx = NULL;
|
||||
const char *propq = NULL;
|
||||
const PKCS7_CTX *p7ctx = NULL;
|
||||
|
||||
if (p12 != NULL) {
|
||||
p7ctx = ossl_pkcs12_get0_pkcs7ctx(*p12);
|
||||
if (p7ctx != NULL) {
|
||||
libctx = ossl_pkcs7_ctx_get0_libctx(p7ctx);
|
||||
propq = ossl_pkcs7_ctx_get0_propq(p7ctx);
|
||||
}
|
||||
}
|
||||
return ASN1_item_d2i_fp_ex(ASN1_ITEM_rptr(PKCS12), fp, p12, libctx, propq);
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
=head1 NAME
|
||||
|
||||
ASN1_item_d2i_ex, ASN1_item_d2i, ASN1_item_d2i_bio_ex, ASN1_item_d2i_bio,
|
||||
ASN1_item_d2i_fp_ex, ASN1_item_d2i_fp, ASN1_item_i2d_mem_bio
|
||||
ASN1_item_d2i_fp_ex, ASN1_item_d2i_fp, ASN1_item_i2d_mem_bio,
|
||||
ASN1_item_pack, ASN1_item_unpack_ex, ASN1_item_unpack
|
||||
- decode and encode DER-encoded ASN.1 structures
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
@ -26,6 +27,13 @@ ASN1_item_d2i_fp_ex, ASN1_item_d2i_fp, ASN1_item_i2d_mem_bio
|
|||
|
||||
BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val);
|
||||
|
||||
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct);
|
||||
|
||||
void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
|
||||
|
||||
void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
ASN1_item_d2i_ex() decodes the contents of the data stored in I<*in> of length
|
||||
|
@ -65,20 +73,39 @@ string.
|
|||
ASN1_item_i2d_mem_bio() encodes the given ASN.1 value I<val>
|
||||
using the ASN.1 template I<it> and returns the result in a memory BIO.
|
||||
|
||||
ASN1_item_pack() encodes the given ASN.1 value in I<obj> using the
|
||||
ASN.1 template I<it> and returns an B<ASN1_STRING> object. If the passed in
|
||||
I<*oct> is not NULL then this is used to store the returned result, otherwise
|
||||
a new B<ASN1_STRING> object is created. If I<oct> is not NULL and I<*oct> is NULL
|
||||
then the returned return is also set into I<*oct>. If there is an error the optional
|
||||
passed in B<ASN1_STRING> will not be freed, but the previous value may be cleared when
|
||||
ASN1_STRING_set0(*oct, NULL, 0) is called internally.
|
||||
|
||||
ASN1_item_unpack() uses ASN1_item_d2i() to decode the DER-encoded B<ASN1_STRING>
|
||||
I<oct> using the ASN.1 template I<it>.
|
||||
|
||||
ASN1_item_unpack_ex() is similar to ASN1_item_unpack(), but uses ASN1_item_d2i_ex() so
|
||||
that the I<libctx> and I<propq> can be used when doing algorithm fetching.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
ASN1_item_d2i_bio() returns a pointer to an B<ASN1_VALUE> or NULL.
|
||||
ASN1_item_d2i_bio(), ASN1_item_unpack_ex() and ASN1_item_unpack() return a pointer to
|
||||
an B<ASN1_VALUE> or NULL on error.
|
||||
|
||||
ASN1_item_i2d_mem_bio() returns a pointer to a memory BIO or NULL on error.
|
||||
|
||||
ASN1_item_pack() returns a pointer to an B<ASN1_STRING> or NULL on error.
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
The functions ASN1_item_d2i_ex(), ASN1_item_d2i_bio_ex(), ASN1_item_d2i_fp_ex()
|
||||
and ASN1_item_i2d_mem_bio() were added in OpenSSL 3.0.
|
||||
|
||||
The function ASN1_item_unpack_ex() was added in OpenSSL 3.2.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -5,7 +5,8 @@
|
|||
PKCS12_SAFEBAG_get0_attr, PKCS12_SAFEBAG_get0_type,
|
||||
PKCS12_SAFEBAG_get_nid, PKCS12_SAFEBAG_get_bag_nid,
|
||||
PKCS12_SAFEBAG_get0_bag_obj, PKCS12_SAFEBAG_get0_bag_type,
|
||||
PKCS12_SAFEBAG_get1_cert, PKCS12_SAFEBAG_get1_crl,
|
||||
PKCS12_SAFEBAG_get1_cert_ex, PKCS12_SAFEBAG_get1_cert,
|
||||
PKCS12_SAFEBAG_get1_crl_ex, PKCS12_SAFEBAG_get1_crl,
|
||||
PKCS12_SAFEBAG_get0_safes, PKCS12_SAFEBAG_get0_p8inf,
|
||||
PKCS12_SAFEBAG_get0_pkcs8 - Get objects from a PKCS#12 safeBag
|
||||
|
||||
|
@ -20,7 +21,11 @@ PKCS12_SAFEBAG_get0_pkcs8 - Get objects from a PKCS#12 safeBag
|
|||
int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
|
||||
const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
|
||||
const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
|
||||
X509_CRL *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
|
||||
X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
|
||||
const STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
|
||||
const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);
|
||||
|
@ -41,8 +46,13 @@ arbitrary for B<secretBag>s. PKCS12_SAFEBAG_get0_bag_type() gets this type as an
|
|||
|
||||
PKCS12_SAFEBAG_get0_bag_obj() retrieves the object contained within the safeBag.
|
||||
|
||||
PKCS12_SAFEBAG_get1_cert() and PKCS12_SAFEBAG_get1_crl() return new B<X509> or
|
||||
B<X509_CRL> objects from the item in the safeBag.
|
||||
PKCS12_SAFEBAG_get1_cert_ex() and PKCS12_SAFEBAG_get1_crl_ex() return new B<X509> or
|
||||
B<X509_CRL> objects from the item in the safeBag. I<libctx> and I<propq> are used when
|
||||
fetching algorithms, and may optionally be set to NULL.
|
||||
|
||||
PKCS12_SAFEBAG_get1_cert() and PKCS12_SAFEBAG_get1_crl() are the same as
|
||||
PKCS12_SAFEBAG_get1_cert_ex() and PKCS12_SAFEBAG_get1_crl_ex() and set the I<libctx> and
|
||||
I<prop> to NULL. This will use the default library context.
|
||||
|
||||
PKCS12_SAFEBAG_get0_p8inf() and PKCS12_SAFEBAG_get0_pkcs8() return the PKCS8 object
|
||||
from a PKCS8shroudedKeyBag or a keyBag.
|
||||
|
@ -62,9 +72,14 @@ L<PKCS12_create(3)>,
|
|||
L<PKCS12_add_safe(3)>,
|
||||
L<PKCS12_add_safes(3)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
The functions PKCS12_SAFEBAG_get1_cert_ex() and PKCS12_SAFEBAG_get1_crl_ex() were
|
||||
added in OpenSSL 3.2.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -832,6 +832,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
|
|||
unsigned char *data, int max_len);
|
||||
|
||||
void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
|
||||
void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
|
||||
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
|
||||
ASN1_OCTET_STRING **oct);
|
||||
|
|
|
@ -111,7 +111,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
|
|||
const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag);
|
||||
const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag);
|
||||
|
||||
X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
|
||||
X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
|
||||
X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq);
|
||||
X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
|
||||
const STACK_OF(PKCS12_SAFEBAG) *
|
||||
PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
|
||||
|
|
|
@ -23,7 +23,6 @@
|
|||
|
||||
static OSSL_LIB_CTX *testctx = NULL;
|
||||
static OSSL_PROVIDER *nullprov = NULL;
|
||||
static OSSL_PROVIDER *deflprov = NULL;
|
||||
|
||||
static int test_null_args(void)
|
||||
{
|
||||
|
@ -39,7 +38,7 @@ static PKCS12 *PKCS12_load(const char *fpath)
|
|||
if (!TEST_ptr(bio))
|
||||
goto err;
|
||||
|
||||
p12 = PKCS12_init(NID_pkcs7_data);
|
||||
p12 = PKCS12_init_ex(NID_pkcs7_data, testctx, "provider=default");
|
||||
if (!TEST_ptr(p12))
|
||||
goto err;
|
||||
|
||||
|
@ -133,7 +132,7 @@ static int pkcs12_create_ex2_test(int test)
|
|||
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
|
||||
NULL, NULL, NID_undef, NID_undef,
|
||||
0, 0, 0,
|
||||
NULL, NULL,
|
||||
testctx, NULL,
|
||||
NULL, NULL);
|
||||
if (TEST_ptr(ptr))
|
||||
goto err;
|
||||
|
@ -147,7 +146,7 @@ static int pkcs12_create_ex2_test(int test)
|
|||
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
|
||||
cert, NULL, NID_undef, NID_undef,
|
||||
0, 0, 0,
|
||||
NULL, NULL,
|
||||
testctx, NULL,
|
||||
pkcs12_create_cb, (void*)&cb_ret);
|
||||
/* PKCS12 successfully created */
|
||||
if (!TEST_ptr(ptr))
|
||||
|
@ -158,7 +157,7 @@ static int pkcs12_create_ex2_test(int test)
|
|||
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
|
||||
cert, NULL, NID_undef, NID_undef,
|
||||
0, 0, 0,
|
||||
NULL, NULL,
|
||||
testctx, NULL,
|
||||
pkcs12_create_cb, (void*)&cb_ret);
|
||||
/* PKCS12 not created */
|
||||
if (TEST_ptr(ptr))
|
||||
|
@ -169,7 +168,7 @@ static int pkcs12_create_ex2_test(int test)
|
|||
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
|
||||
cert, NULL, NID_undef, NID_undef,
|
||||
0, 0, 0,
|
||||
NULL, NULL,
|
||||
testctx, NULL,
|
||||
pkcs12_create_cb, (void*)&cb_ret);
|
||||
/* PKCS12 successfully created */
|
||||
if (!TEST_ptr(ptr))
|
||||
|
@ -243,9 +242,11 @@ int setup_tests(void)
|
|||
}
|
||||
}
|
||||
|
||||
deflprov = OSSL_PROVIDER_load(testctx, "default");
|
||||
if (!TEST_ptr(deflprov))
|
||||
if (!test_get_libctx(&testctx, &nullprov, NULL, NULL, NULL)) {
|
||||
OSSL_LIB_CTX_free(testctx);
|
||||
testctx = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
ADD_TEST(test_null_args);
|
||||
ADD_TEST(pkcs12_parse_test);
|
||||
|
@ -255,7 +256,6 @@ int setup_tests(void)
|
|||
|
||||
void cleanup_tests(void)
|
||||
{
|
||||
OSSL_PROVIDER_unload(nullprov);
|
||||
OSSL_PROVIDER_unload(deflprov);
|
||||
OSSL_LIB_CTX_free(testctx);
|
||||
OSSL_PROVIDER_unload(nullprov);
|
||||
}
|
||||
|
|
|
@ -5508,3 +5508,6 @@ OSSL_HPKE_get_recommended_ikmelen ? 3_2_0 EXIST::FUNCTION:
|
|||
OSSL_PROVIDER_get0_default_search_path ? 3_2_0 EXIST::FUNCTION:
|
||||
BIO_get_rpoll_descriptor ? 3_2_0 EXIST::FUNCTION:
|
||||
BIO_get_wpoll_descriptor ? 3_2_0 EXIST::FUNCTION:
|
||||
ASN1_item_unpack_ex ? 3_2_0 EXIST::FUNCTION:
|
||||
PKCS12_SAFEBAG_get1_cert_ex ? 3_2_0 EXIST::FUNCTION:
|
||||
PKCS12_SAFEBAG_get1_crl_ex ? 3_2_0 EXIST::FUNCTION:
|
||||
|
|
|
@ -148,9 +148,7 @@ ASN1_item_i2d(3)
|
|||
ASN1_item_i2d_bio(3)
|
||||
ASN1_item_i2d_fp(3)
|
||||
ASN1_item_ndef_i2d(3)
|
||||
ASN1_item_pack(3)
|
||||
ASN1_item_print(3)
|
||||
ASN1_item_unpack(3)
|
||||
ASN1_mbstring_copy(3)
|
||||
ASN1_mbstring_ncopy(3)
|
||||
ASN1_object_size(3)
|
||||
|
|
Loading…
Reference in New Issue