Peter Sylvester wrote:
>
> maybe you can get some inspiration from the following code.
> The code is not memory leak free.
>
> typedef struct TIAX_st {
> PKCS12 * p12 ;
> EVP_PKEY * pkey ;
> ...
>
> } TIAX ;
>
> int TIAX_login(TIAX * a,char * pass, int passlen)
> {
> STACK *asafes, *bags;
> int bagnid;
> PKCS7 *p7;
> PKCS12_SAFEBAG * bag;
> PKCS8_PRIV_KEY_INFO *p8;
> int ret ;
> /* verify MAC of PKC12 structure */
> if (!(ret = PKCS12_verify_mac (a->p12, pass, -1))) return 1 ;
>
> /* there should be two authenticated safes */
>
> if (!( asafes = M_PKCS12_unpack_authsafes (a->p12))) return 1;
> if (sk_num (asafes) != 2) return 1;
>
> /* first is an encrypted one for two certificates */
> p7 = (PKCS7 *) sk_value (asafes, 0);
> bagnid = OBJ_obj2nid (p7->type);
> if (bagnid != NID_pkcs7_encrypted) return 1;
> if (!(bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen))) return 1;
> if (sk_num (bags) != 2) return 1;
>
> ...
>
> /* second safe contains a private key as data. */
>
> p7 = (PKCS7 *) sk_value (asafes, 1);
> bagnid = OBJ_obj2nid (p7->type);
> if (bagnid != NID_pkcs7_data) return 1;
> if (!(bags = M_PKCS12_unpack_p7data (p7))) return 1;
>
> /* There is one bag in pkcs8ShroudedKeyBag format */
> if (sk_num (bags) != 1) return 1;
> bag = (PKCS12_SAFEBAG *)sk_value (bags, 0);
> if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
> if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
> return 1;
> if (!(a->pkey = EVP_PKCS82PKEY (p8))) return 1;
> ...
>
> return 0 ;
>
>
> }
Use of those macros is now strongly discouraged. You can replace the lot
with a single call to PKCS12_parse() which generally "does the right
thing".
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]