diff options
Diffstat (limited to 'lib/x509/pkcs12_bag.c')
-rw-r--r-- | lib/x509/pkcs12_bag.c | 743 |
1 files changed, 378 insertions, 365 deletions
diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index e27504bb01..352ddb279a 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -47,26 +47,25 @@ **/ int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag * bag) { - *bag = gnutls_calloc( 1, sizeof(gnutls_pkcs12_bag_int)); + *bag = gnutls_calloc(1, sizeof(gnutls_pkcs12_bag_int)); - if (*bag) { - return 0; /* success */ - } - return GNUTLS_E_MEMORY_ERROR; + if (*bag) { + return 0; /* success */ + } + return GNUTLS_E_MEMORY_ERROR; } -static inline -void _pkcs12_bag_free_data( gnutls_pkcs12_bag bag) +static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag bag) { -int i; - - for (i=0;i<bag->bag_elements;i++) { - _gnutls_free_datum( &bag->element[i].data); - _gnutls_free_datum( &bag->element[i].local_key_id); - gnutls_free( bag->element[i].friendly_name); - bag->element[i].friendly_name = NULL; - bag->element[i].type = 0; - } + int i; + + for (i = 0; i < bag->bag_elements; i++) { + _gnutls_free_datum(&bag->element[i].data); + _gnutls_free_datum(&bag->element[i].local_key_id); + gnutls_free(bag->element[i].friendly_name); + bag->element[i].friendly_name = NULL; + bag->element[i].type = 0; + } } @@ -80,11 +79,12 @@ int i; **/ void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag bag) { - if (!bag) return; + if (!bag) + return; - _pkcs12_bag_free_data( bag); + _pkcs12_bag_free_data(bag); - gnutls_free(bag); + gnutls_free(bag); } /** @@ -96,16 +96,17 @@ void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag bag) * enumerations. * **/ -gnutls_pkcs12_bag_type gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag bag, int indx) +gnutls_pkcs12_bag_type gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag bag, + int indx) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (indx >= bag->bag_elements) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - return bag->element[indx].type; + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (indx >= bag->bag_elements) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return bag->element[indx].type; } /** @@ -117,12 +118,12 @@ gnutls_pkcs12_bag_type gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag bag, int ind **/ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag bag) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return bag->bag_elements; + return bag->bag_elements; } /** @@ -138,151 +139,156 @@ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag bag) * Returns 0 on success and a negative error code on error. * **/ -int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag bag, int indx, gnutls_datum * data) +int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag bag, int indx, + gnutls_datum * data) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (indx >= bag->bag_elements) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (indx >= bag->bag_elements) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - data->data = bag->element[indx].data.data; - data->size = bag->element[indx].data.size; + data->data = bag->element[indx].data.data; + data->size = bag->element[indx].data.size; - return 0; + return 0; } #define X509_CERT_OID "1.2.840.113549.1.9.22.1" #define X509_CRL_OID "1.2.840.113549.1.9.23.1" -int _pkcs12_decode_crt_bag( gnutls_pkcs12_bag_type type, const gnutls_datum* in, - gnutls_datum* out) +int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type type, + const gnutls_datum * in, gnutls_datum * out) { - int ret; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (type == GNUTLS_BAG_CERTIFICATE) { - if ((ret=asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CertBag", &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; - } - - ret = asn1_der_decoding( &c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; - } - - ret = _gnutls_x509_read_value( c2, "certValue", out, 1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - } else { /* CRL */ - if ((ret=asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CRLBag", &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; - } - - ret = asn1_der_decoding( &c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; - } - - ret = _gnutls_x509_read_value( c2, "crlValue", out, 1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + int ret; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (type == GNUTLS_BAG_CERTIFICATE) { + if ((ret = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-CertBag", + &c2)) != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; } - asn1_delete_structure( &c2); + ret = asn1_der_decoding(&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } - return 0; - + ret = _gnutls_x509_read_value(c2, "certValue", out, 1); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } - cleanup: + } else { /* CRL */ + if ((ret = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-CRLBag", + &c2)) != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } - asn1_delete_structure( &c2); - return ret; + ret = asn1_der_decoding(&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } + + ret = _gnutls_x509_read_value(c2, "crlValue", out, 1); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + } + + asn1_delete_structure(&c2); + + return 0; + + + cleanup: + + asn1_delete_structure(&c2); + return ret; } -int _pkcs12_encode_crt_bag( gnutls_pkcs12_bag_type type, const gnutls_datum* raw, - gnutls_datum* out) +int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type type, + const gnutls_datum * raw, gnutls_datum * out) { - int ret; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (type == GNUTLS_BAG_CERTIFICATE) { - if ((ret=asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CertBag", &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; - } - - ret = asn1_write_value( c2, "certId", X509_CERT_OID, 1); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; - } - - ret = _gnutls_x509_write_value( c2, "certValue", raw, 1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - } else { /* CRL */ - if ((ret=asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CRLBag", &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; - } - - ret = asn1_write_value( c2, "crlId", X509_CRL_OID, 1); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; - } - - ret = _gnutls_x509_write_value( c2, "crlValue", raw, 1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + int ret; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (type == GNUTLS_BAG_CERTIFICATE) { + if ((ret = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-CertBag", + &c2)) != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; } - ret = _gnutls_x509_der_encode( c2, "", out, 0); + ret = asn1_write_value(c2, "certId", X509_CERT_OID, 1); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } + ret = _gnutls_x509_write_value(c2, "certValue", raw, 1); if (ret < 0) { - gnutls_assert(); - goto cleanup; + gnutls_assert(); + goto cleanup; } - - asn1_delete_structure( &c2); - return 0; - + } else { /* CRL */ + if ((ret = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-CRLBag", + &c2)) != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } - cleanup: + ret = asn1_write_value(c2, "crlId", X509_CRL_OID, 1); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } - asn1_delete_structure( &c2); - return ret; + ret = _gnutls_x509_write_value(c2, "crlValue", raw, 1); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + } + + ret = _gnutls_x509_der_encode(c2, "", out, 0); + + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + asn1_delete_structure(&c2); + + return 0; + + + cleanup: + + asn1_delete_structure(&c2); + return ret; } @@ -299,46 +305,49 @@ int _pkcs12_encode_crt_bag( gnutls_pkcs12_bag_type type, const gnutls_datum* raw * value on error. * **/ -int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag bag, gnutls_pkcs12_bag_type type, - const gnutls_datum* data) +int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag bag, + gnutls_pkcs12_bag_type type, + const gnutls_datum * data) { -int ret; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + int ret; + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (bag->bag_elements == MAX_BAG_ELEMENTS - 1) { + gnutls_assert(); + /* bag is full */ + return GNUTLS_E_MEMORY_ERROR; + } - if (bag->bag_elements == MAX_BAG_ELEMENTS-1) { - gnutls_assert(); - /* bag is full */ - return GNUTLS_E_MEMORY_ERROR; - } + if (bag->bag_elements == 1) { + /* A bag with a key or an encrypted bag, must have + * only one element. + */ - if (bag->bag_elements == 1) { - /* A bag with a key or an encrypted bag, must have - * only one element. - */ - - if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY || - bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY || - bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY || + bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY || + bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; } + } - ret = _gnutls_set_datum( &bag->element[bag->bag_elements].data, data->data, data->size); + ret = + _gnutls_set_datum(&bag->element[bag->bag_elements].data, + data->data, data->size); - if (ret < 0) { - gnutls_assert(); - return ret; - } + if (ret < 0) { + gnutls_assert(); + return ret; + } - bag->element[bag->bag_elements].type = type; + bag->element[bag->bag_elements].type = type; - bag->bag_elements++; + bag->bag_elements++; - return bag->bag_elements-1; + return bag->bag_elements - 1; } /** @@ -355,25 +364,25 @@ int ret; **/ int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag bag, gnutls_x509_crt crt) { -int ret; -gnutls_datum data; + int ret; + gnutls_datum data; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - ret = _gnutls_x509_der_encode( crt->cert, "", &data, 0); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = gnutls_pkcs12_bag_set_data( bag, GNUTLS_BAG_CERTIFICATE, &data); - - _gnutls_free_datum( &data); - + ret = _gnutls_x509_der_encode(crt->cert, "", &data, 0); + if (ret < 0) { + gnutls_assert(); return ret; + } + + ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CERTIFICATE, &data); + + _gnutls_free_datum(&data); + + return ret; } /** @@ -390,26 +399,26 @@ gnutls_datum data; **/ int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag bag, gnutls_x509_crl crl) { -int ret; -gnutls_datum data; + int ret; + gnutls_datum data; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - ret = _gnutls_x509_der_encode( crl->crl, "", &data, 0); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = gnutls_pkcs12_bag_set_data( bag, GNUTLS_BAG_CRL, &data); - - _gnutls_free_datum( &data); - + ret = _gnutls_x509_der_encode(crl->crl, "", &data, 0); + if (ret < 0) { + gnutls_assert(); return ret; + } + + ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CRL, &data); + + _gnutls_free_datum(&data); + + return ret; } /** @@ -425,31 +434,31 @@ gnutls_datum data; * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag bag, int indx, - const gnutls_datum* id) +int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag bag, int indx, + const gnutls_datum * id) { -int ret; + int ret; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (indx > bag->bag_elements-1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (indx > bag->bag_elements - 1) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - ret = _gnutls_set_datum( &bag->element[indx].local_key_id, - id->data, id->size); + ret = _gnutls_set_datum(&bag->element[indx].local_key_id, + id->data, id->size); - if (ret < 0) { - gnutls_assert(); - return ret; - } + if (ret < 0) { + gnutls_assert(); + return ret; + } - return 0; + return 0; } /** @@ -464,23 +473,23 @@ int ret; * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag bag, int indx, - gnutls_datum* id) +int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag bag, int indx, + gnutls_datum * id) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (indx > bag->bag_elements-1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (indx > bag->bag_elements - 1) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - id->data = bag->element[indx].local_key_id.data; - id->size = bag->element[indx].local_key_id.size; + id->data = bag->element[indx].local_key_id.data; + id->size = bag->element[indx].local_key_id.size; - return 0; + return 0; } /** @@ -495,22 +504,22 @@ int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag bag, int indx, * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag bag, int indx, - char **name) +int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag bag, int indx, + char **name) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (indx > bag->bag_elements-1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (indx > bag->bag_elements - 1) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - *name = bag->element[indx].friendly_name; + *name = bag->element[indx].friendly_name; - return 0; + return 0; } @@ -527,27 +536,27 @@ int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag bag, int indx, * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag bag, int indx, - const char* name) +int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag bag, int indx, + const char *name) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (indx > bag->bag_elements-1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + if (indx > bag->bag_elements - 1) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - bag->element[indx].friendly_name = gnutls_strdup(name); + bag->element[indx].friendly_name = gnutls_strdup(name); - if (name == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } + if (name == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } - return 0; + return 0; } @@ -559,45 +568,44 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag bag, int indx, * This function will decrypt the given encrypted bag and return 0 on success. * **/ -int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag bag, const char* pass) +int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag bag, const char *pass) { -int ret; -gnutls_datum dec; + int ret; + gnutls_datum dec; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_pkcs7_decrypt_data( - &bag->element[0].data, pass, &dec); + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = _gnutls_pkcs7_decrypt_data(&bag->element[0].data, pass, &dec); - /* decryption succeeded. Now decode the SafeContents - * stuff, and parse it. - */ + if (ret < 0) { + gnutls_assert(); + return ret; + } - _gnutls_free_datum( &bag->element[0].data); + /* decryption succeeded. Now decode the SafeContents + * stuff, and parse it. + */ - ret = _pkcs12_decode_safe_contents( &dec, bag); + _gnutls_free_datum(&bag->element[0].data); - _gnutls_free_datum( &dec); + ret = _pkcs12_decode_safe_contents(&dec, bag); - if (ret < 0) { - gnutls_assert(); - return ret; - } + _gnutls_free_datum(&dec); - return 0; + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return 0; } /** @@ -609,78 +617,83 @@ gnutls_datum dec; * This function will encrypt the given bag and return 0 on success. * **/ -int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag bag, const char* pass, unsigned int flags) +int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag bag, const char *pass, + unsigned int flags) { -int ret; -ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY; -gnutls_datum der = {NULL, 0}; -gnutls_datum enc = {NULL, 0}; -schema_id id; - - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - /* Encode the whole bag to a safe contents - * structure. - */ - ret = _pkcs12_encode_safe_contents( bag, &safe_cont, NULL); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - /* DER encode the SafeContents. - */ - ret = _gnutls_x509_der_encode( safe_cont, "", &der, 0); - - asn1_delete_structure( &safe_cont); - - if (ret < 0) { - gnutls_assert(); - return ret; - } + int ret; + ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY; + gnutls_datum der = { NULL, 0 }; + gnutls_datum enc = { NULL, 0 }; + schema_id id; + + if (bag == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + /* Encode the whole bag to a safe contents + * structure. + */ + ret = _pkcs12_encode_safe_contents(bag, &safe_cont, NULL); + if (ret < 0) { + gnutls_assert(); + return ret; + } - if (flags & GNUTLS_PKCS_PLAIN) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) id = PKCS12_ARCFOUR_SHA1; - else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) id = PKCS12_RC2_40_SHA1; - else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) id = PBES2; - else id = PKCS12_3DES_SHA1; + /* DER encode the SafeContents. + */ + ret = _gnutls_x509_der_encode(safe_cont, "", &der, 0); - /* Now encrypt them. - */ - ret = _gnutls_pkcs7_encrypt_data( id, &der, pass, &enc); + asn1_delete_structure(&safe_cont); - _gnutls_free_datum( &der); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + if (flags & GNUTLS_PKCS_PLAIN) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) + id = PKCS12_ARCFOUR_SHA1; + else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) + id = PKCS12_RC2_40_SHA1; + else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) + id = PBES2; + else + id = PKCS12_3DES_SHA1; + + /* Now encrypt them. + */ + ret = _gnutls_pkcs7_encrypt_data(id, &der, pass, &enc); + + _gnutls_free_datum(&der); + + if (ret < 0) { + gnutls_assert(); + return ret; + } - if (ret < 0) { - gnutls_assert(); - return ret; - } + /* encryption succeeded. + */ - /* encryption succeeded. - */ + _pkcs12_bag_free_data(bag); - _pkcs12_bag_free_data( bag); + bag->element[0].type = GNUTLS_BAG_ENCRYPTED; + bag->element[0].data = enc; - bag->element[0].type = GNUTLS_BAG_ENCRYPTED; - bag->element[0].data = enc; - - bag->bag_elements = 1; + bag->bag_elements = 1; - return 0; + return 0; } -#endif /* ENABLE_PKI */ +#endif /* ENABLE_PKI */ |