Typesafety Thought Police part 3.

    if (export_cert) {

	EVP_PKEY *key;

	STACK_OF(PKCS12_SAFEBAG) *bags;

	STACK *safes;

	STACK_OF(PKCS7) *safes;

	PKCS12_SAFEBAG *bag;

	PKCS8_PRIV_KEY_INFO *p8;

	PKCS7 *authsafe;

		goto end;

	}

	safes = sk_new (NULL);

	sk_push (safes, (char *)authsafe);

	safes = sk_PKCS7_new (NULL);

	sk_PKCS7_push (safes, authsafe);

	/* Make a shrouded key bag */

	p8 = EVP_PKEY2PKCS8 (key);

	/* Turn it into unencrypted safe bag */

	authsafe = PKCS12_pack_p7data (bags);

	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

	sk_push (safes, (char *)authsafe);

	sk_PKCS7_push (safes, authsafe);

	p12 = PKCS12_init (NID_pkcs7_data);

	M_PKCS12_pack_authsafes (p12, safes);

	sk_pop_free(safes, (void(*)(void *)) PKCS7_free);

	sk_PKCS7_pop_free(safes, PKCS7_free);

	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);

int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,

	     int passlen, int options, char *pempass)

{

	STACK *asafes;

	STACK_OF(PKCS7) *asafes;

	STACK_OF(PKCS12_SAFEBAG) *bags;

	int i, bagnid;

	PKCS7 *p7;

	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;

	for (i = 0; i < sk_num (asafes); i++) {

		p7 = (PKCS7 *) sk_value (asafes, i);

	for (i = 0; i < sk_PKCS7_num (asafes); i++) {

		p7 = sk_PKCS7_value (asafes, i);

		bagnid = OBJ_obj2nid (p7->type);

		if (bagnid == NID_pkcs7_data) {

			bags = M_PKCS12_unpack_p7data (p7);

		}

		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);

	}

	sk_pop_free (asafes, (void(*)(void *)) PKCS7_free);

	sk_PKCS7_pop_free (asafes, PKCS7_free);

	return 1;

}

	a->d.ptr=NULL;

	}

IMPLEMENT_STACK_OF(PKCS7)

IMPLEMENT_ASN1_SET_OF(PKCS7)

{

	PKCS12 *p12;

	STACK_OF(PKCS12_SAFEBAG) *bags;

	STACK *safes;

	STACK_OF(PKCS7) *safes;

	PKCS12_SAFEBAG *bag;

	PKCS8_PRIV_KEY_INFO *p8;

	PKCS7 *authsafe;

	if (!authsafe) return NULL;

	if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) {

	if(!(safes = sk_PKCS7_new (NULL))

	   || !sk_PKCS7_push(safes, authsafe)) {

		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);

		return NULL;

	}

	/* Turn it into unencrypted safe bag */

	if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;

	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

	if(!sk_push(safes, (char *)authsafe)) {

	if(!sk_PKCS7_push(safes, authsafe)) {

		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);

		return NULL;

	}

	if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;

	sk_pop_free(safes, (void(*)(void *)) PKCS7_free);

	sk_PKCS7_pop_free(safes, PKCS7_free);

	if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))

	    return NULL;

	Free (in);

	return oct;

}

IMPLEMENT_PKCS12_STACK_OF(PKCS7)

static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,

	     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)

{

	STACK *asafes;

	STACK_OF(PKCS7) *asafes;

	STACK_OF(PKCS12_SAFEBAG) *bags;

	int i, bagnid;

	PKCS7 *p7;

	ASN1_OCTET_STRING *keyid = NULL;

	char keymatch = 0;

	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;

	for (i = 0; i < sk_num (asafes); i++) {

		p7 = (PKCS7 *) sk_value (asafes, i);

	for (i = 0; i < sk_PKCS7_num (asafes); i++) {

		p7 = sk_PKCS7_value (asafes, i);

		bagnid = OBJ_obj2nid (p7->type);

		if (bagnid == NID_pkcs7_data) {

			bags = M_PKCS12_unpack_p7data (p7);

			bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);

		} else continue;

		if (!bags) {

			sk_pop_free (asafes, (void(*)(void *)) PKCS7_free);

			sk_PKCS7_pop_free (asafes, PKCS7_free);

			return 0;

		}

	    	if (!parse_bags(bags, pass, passlen, pkey, cert, ca,

							 &keyid, &keymatch)) {

			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

			sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);

			sk_PKCS7_pop_free(asafes, PKCS7_free);

			return 0;

		}

		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

	}

	sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);

	sk_PKCS7_pop_free(asafes, PKCS7_free);

	if (keyid) M_ASN1_OCTET_STRING_free(keyid);

	return 1;

}