|
@@ -18,10 +18,12 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
|
|
|
EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
|
|
|
|
|
|
static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
|
|
|
- int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
|
|
|
+ int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts,
|
|
|
+ OSSL_LIB_CTX *libctx, const char *propq);
|
|
|
|
|
|
static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|
|
- EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
|
|
|
+ EVP_PKEY **pkey, STACK_OF(X509) *ocerts,
|
|
|
+ OSSL_LIB_CTX *libctx, const char *propq);
|
|
|
|
|
|
/*
|
|
|
* Parse and decrypt a PKCS#12 structure returning user key, user cert and
|
|
@@ -157,7 +159,8 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
|
|
|
sk_PKCS7_pop_free(asafes, PKCS7_free);
|
|
|
return 0;
|
|
|
}
|
|
|
- if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
|
|
|
+ if (!parse_bags(bags, pass, passlen, pkey, ocerts,
|
|
|
+ p7->ctx.libctx, p7->ctx.propq)) {
|
|
|
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
|
|
sk_PKCS7_pop_free(asafes, PKCS7_free);
|
|
|
return 0;
|
|
@@ -170,12 +173,14 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
|
|
|
|
|
|
/* pkey and/or ocerts may be NULL */
|
|
|
static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
|
|
|
- int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
|
|
|
+ int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts,
|
|
|
+ OSSL_LIB_CTX *libctx, const char *propq)
|
|
|
{
|
|
|
int i;
|
|
|
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
|
|
|
if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i),
|
|
|
- pass, passlen, pkey, ocerts))
|
|
|
+ pass, passlen, pkey, ocerts,
|
|
|
+ libctx, propq))
|
|
|
return 0;
|
|
|
}
|
|
|
return 1;
|
|
@@ -183,7 +188,8 @@ static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
|
|
|
|
|
|
/* pkey and/or ocerts may be NULL */
|
|
|
static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|
|
- EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
|
|
|
+ EVP_PKEY **pkey, STACK_OF(X509) *ocerts,
|
|
|
+ OSSL_LIB_CTX *libctx, const char *propq)
|
|
|
{
|
|
|
PKCS8_PRIV_KEY_INFO *p8;
|
|
|
X509 *x509;
|
|
@@ -201,7 +207,8 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|
|
case NID_keyBag:
|
|
|
if (pkey == NULL || *pkey != NULL)
|
|
|
return 1;
|
|
|
- *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
|
|
|
+ *pkey = EVP_PKCS82PKEY_ex(PKCS12_SAFEBAG_get0_p8inf(bag),
|
|
|
+ libctx, propq);
|
|
|
if (*pkey == NULL)
|
|
|
return 0;
|
|
|
break;
|
|
@@ -209,9 +216,10 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|
|
case NID_pkcs8ShroudedKeyBag:
|
|
|
if (pkey == NULL || *pkey != NULL)
|
|
|
return 1;
|
|
|
- if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
|
|
|
+ if ((p8 = PKCS12_decrypt_skey_ex(bag, pass, passlen,
|
|
|
+ libctx, propq)) == NULL)
|
|
|
return 0;
|
|
|
- *pkey = EVP_PKCS82PKEY(p8);
|
|
|
+ *pkey = EVP_PKCS82PKEY_ex(p8, libctx, propq);
|
|
|
PKCS8_PRIV_KEY_INFO_free(p8);
|
|
|
if (!(*pkey))
|
|
|
return 0;
|
|
@@ -221,7 +229,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|
|
if (ocerts == NULL
|
|
|
|| PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
|
|
|
return 1;
|
|
|
- if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
|
|
|
+ if ((x509 = PKCS12_SAFEBAG_get1_cert_ex(bag, libctx, propq)) == NULL)
|
|
|
return 0;
|
|
|
if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
|
|
|
X509_free(x509);
|
|
@@ -251,7 +259,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
|
|
|
|
|
|
case NID_safeContentsBag:
|
|
|
return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
|
|
|
- ocerts);
|
|
|
+ ocerts, libctx, propq);
|
|
|
|
|
|
default:
|
|
|
return 1;
|