openssl/crypto/pkcs12/p12_lcl.h
Andy Polyakov 1194ea8dc3 crypto/pkcs12: facilitate accessing data with non-interoperable password.
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:59 +02:00

53 lines
1.5 KiB
C

/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
struct PKCS12_MAC_DATA_st {
X509_SIG *dinfo;
ASN1_OCTET_STRING *salt;
ASN1_INTEGER *iter; /* defaults to 1 */
};
struct PKCS12_st {
ASN1_INTEGER *version;
PKCS12_MAC_DATA *mac;
PKCS7 *authsafes;
};
struct PKCS12_SAFEBAG_st {
ASN1_OBJECT *type;
union {
struct pkcs12_bag_st *bag; /* secret, crl and certbag */
struct pkcs8_priv_key_info_st *keybag; /* keybag */
X509_SIG *shkeybag; /* shrouded key bag */
STACK_OF(PKCS12_SAFEBAG) *safes;
ASN1_TYPE *other;
} value;
STACK_OF(X509_ATTRIBUTE) *attrib;
};
struct pkcs12_bag_st {
ASN1_OBJECT *type;
union {
ASN1_OCTET_STRING *x509cert;
ASN1_OCTET_STRING *x509crl;
ASN1_OCTET_STRING *octet;
ASN1_IA5STRING *sdsicert;
ASN1_TYPE *other; /* Secret or other bag */
} value;
};
#undef PKCS12_key_gen
/*
* See p12_multi.c:PKCS12_verify_mac() for details...
*/
extern int (*PKCS12_key_gen)(const char *pass, int passlen,
unsigned char *salt, int slen,
int id, int iter, int n,
unsigned char *out,
const EVP_MD *md_type);