diff options
| author | tb <> | 2022-09-11 18:07:46 +0000 |
|---|---|---|
| committer | tb <> | 2022-09-11 18:07:46 +0000 |
| commit | adff37448fd0872af6649b8b84fab06f149976f3 (patch) | |
| tree | 91b7406b763da486429706148f31de09a25f4d64 | |
| parent | 7b0f99bd0d59e0cdcf43d79676c03ac93a777f98 (diff) | |
| download | openbsd-adff37448fd0872af6649b8b84fab06f149976f3.tar.gz openbsd-adff37448fd0872af6649b8b84fab06f149976f3.tar.bz2 openbsd-adff37448fd0872af6649b8b84fab06f149976f3.zip | |
Adjust for opaque structs in pkcs12.h
ok jsing
| -rw-r--r-- | src/usr.bin/openssl/pkcs12.c | 63 |
1 files changed, 38 insertions, 25 deletions
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c index 6195a2cc9a..4914eae4a7 100644 --- a/src/usr.bin/openssl/pkcs12.c +++ b/src/usr.bin/openssl/pkcs12.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pkcs12.c,v 1.21 2022/08/03 20:17:38 tb Exp $ */ | 1 | /* $OpenBSD: pkcs12.c,v 1.22 2022/09/11 18:07:46 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -71,12 +71,6 @@ | |||
| 71 | #include <openssl/pem.h> | 71 | #include <openssl/pem.h> |
| 72 | #include <openssl/pkcs12.h> | 72 | #include <openssl/pkcs12.h> |
| 73 | 73 | ||
| 74 | /* XXX: temporary workarounds until the next libcrypto bump. */ | ||
| 75 | #define PKCS12_get_attr(bag, attr_nid) \ | ||
| 76 | PKCS12_get_attr_gen(bag->attrib, attr_nid) | ||
| 77 | #undef PKCS12_certbag2x509 | ||
| 78 | X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); | ||
| 79 | |||
| 80 | #define NOKEYS 0x1 | 74 | #define NOKEYS 0x1 |
| 81 | #define NOCERTS 0x2 | 75 | #define NOCERTS 0x2 |
| 82 | #define INFO 0x4 | 76 | #define INFO 0x4 |
| @@ -87,7 +81,7 @@ static int get_cert_chain(X509 *cert, X509_STORE *store, | |||
| 87 | STACK_OF(X509) **chain); | 81 | STACK_OF(X509) **chain); |
| 88 | static int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, | 82 | static int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, |
| 89 | int options, char *pempass); | 83 | int options, char *pempass); |
| 90 | static int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, | 84 | static int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, |
| 91 | char *pass, int passlen, int options, char *pempass); | 85 | char *pass, int passlen, int options, char *pempass); |
| 92 | static int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, | 86 | static int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, |
| 93 | int passlen, int options, char *pempass); | 87 | int passlen, int options, char *pempass); |
| @@ -790,9 +784,13 @@ pkcs12_main(int argc, char **argv) | |||
| 790 | if (!pkcs12_config.twopass) | 784 | if (!pkcs12_config.twopass) |
| 791 | strlcpy(macpass, pass, sizeof macpass); | 785 | strlcpy(macpass, pass, sizeof macpass); |
| 792 | 786 | ||
| 793 | if ((pkcs12_config.options & INFO) != 0 && p12->mac != NULL) | 787 | if ((pkcs12_config.options & INFO) != 0 && PKCS12_mac_present(p12)) { |
| 788 | const ASN1_INTEGER *iter; | ||
| 789 | |||
| 790 | PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12); | ||
| 794 | BIO_printf(bio_err, "MAC Iteration %ld\n", | 791 | BIO_printf(bio_err, "MAC Iteration %ld\n", |
| 795 | p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1); | 792 | iter != NULL ? ASN1_INTEGER_get(iter) : 1); |
| 793 | } | ||
| 796 | if (pkcs12_config.macver) { | 794 | if (pkcs12_config.macver) { |
| 797 | /* If we enter empty password try no password first */ | 795 | /* If we enter empty password try no password first */ |
| 798 | if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { | 796 | if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { |
| @@ -871,8 +869,8 @@ dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, | |||
| 871 | } | 869 | } |
| 872 | 870 | ||
| 873 | static int | 871 | static int |
| 874 | dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, | 872 | dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, |
| 875 | int passlen, int options, char *pempass) | 873 | char *pass, int passlen, int options, char *pempass) |
| 876 | { | 874 | { |
| 877 | int i; | 875 | int i; |
| 878 | 876 | ||
| @@ -891,17 +889,24 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen, | |||
| 891 | int options, char *pempass) | 889 | int options, char *pempass) |
| 892 | { | 890 | { |
| 893 | EVP_PKEY *pkey; | 891 | EVP_PKEY *pkey; |
| 894 | PKCS8_PRIV_KEY_INFO *p8; | 892 | const STACK_OF(X509_ATTRIBUTE) *attrs; |
| 895 | X509 *x509; | 893 | X509 *x509; |
| 896 | 894 | ||
| 897 | switch (OBJ_obj2nid(bag->type)) { | 895 | |
| 896 | attrs = PKCS12_SAFEBAG_get0_attrs(bag); | ||
| 897 | |||
| 898 | switch (PKCS12_SAFEBAG_get_nid(bag)) { | ||
| 898 | case NID_keyBag: | 899 | case NID_keyBag: |
| 900 | { | ||
| 901 | const PKCS8_PRIV_KEY_INFO *p8; | ||
| 902 | |||
| 899 | if (options & INFO) | 903 | if (options & INFO) |
| 900 | BIO_printf(bio_err, "Key bag\n"); | 904 | BIO_printf(bio_err, "Key bag\n"); |
| 901 | if (options & NOKEYS) | 905 | if (options & NOKEYS) |
| 902 | return 1; | 906 | return 1; |
| 903 | print_attribs(out, bag->attrib, "Bag Attributes"); | 907 | print_attribs(out, attrs, "Bag Attributes"); |
| 904 | p8 = bag->value.keybag; | 908 | if ((p8 = PKCS12_SAFEBAG_get0_p8inf(bag)) == NULL) |
| 909 | return 0; | ||
| 905 | if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) | 910 | if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) |
| 906 | return 0; | 911 | return 0; |
| 907 | print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); | 912 | print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); |
| @@ -909,18 +914,25 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen, | |||
| 909 | NULL, pempass); | 914 | NULL, pempass); |
| 910 | EVP_PKEY_free(pkey); | 915 | EVP_PKEY_free(pkey); |
| 911 | break; | 916 | break; |
| 917 | } | ||
| 912 | 918 | ||
| 913 | case NID_pkcs8ShroudedKeyBag: | 919 | case NID_pkcs8ShroudedKeyBag: |
| 920 | { | ||
| 921 | PKCS8_PRIV_KEY_INFO *p8; | ||
| 922 | |||
| 914 | if (options & INFO) { | 923 | if (options & INFO) { |
| 924 | const X509_SIG *tp8; | ||
| 915 | const X509_ALGOR *tp8alg; | 925 | const X509_ALGOR *tp8alg; |
| 916 | 926 | ||
| 917 | BIO_printf(bio_err, "Shrouded Keybag: "); | 927 | BIO_printf(bio_err, "Shrouded Keybag: "); |
| 918 | X509_SIG_get0(bag->value.shkeybag, &tp8alg, NULL); | 928 | if ((tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag)) == NULL) |
| 929 | return 0; | ||
| 930 | X509_SIG_get0(tp8, &tp8alg, NULL); | ||
| 919 | alg_print(bio_err, tp8alg); | 931 | alg_print(bio_err, tp8alg); |
| 920 | } | 932 | } |
| 921 | if (options & NOKEYS) | 933 | if (options & NOKEYS) |
| 922 | return 1; | 934 | return 1; |
| 923 | print_attribs(out, bag->attrib, "Bag Attributes"); | 935 | print_attribs(out, attrs, "Bag Attributes"); |
| 924 | if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) | 936 | if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) |
| 925 | return 0; | 937 | return 0; |
| 926 | if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) { | 938 | if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) { |
| @@ -933,19 +945,20 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen, | |||
| 933 | NULL, pempass); | 945 | NULL, pempass); |
| 934 | EVP_PKEY_free(pkey); | 946 | EVP_PKEY_free(pkey); |
| 935 | break; | 947 | break; |
| 948 | } | ||
| 936 | 949 | ||
| 937 | case NID_certBag: | 950 | case NID_certBag: |
| 938 | if (options & INFO) | 951 | if (options & INFO) |
| 939 | BIO_printf(bio_err, "Certificate bag\n"); | 952 | BIO_printf(bio_err, "Certificate bag\n"); |
| 940 | if (options & NOCERTS) | 953 | if (options & NOCERTS) |
| 941 | return 1; | 954 | return 1; |
| 942 | if (PKCS12_get_attr(bag, NID_localKeyID) != NULL) { | 955 | if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID) != NULL) { |
| 943 | if (options & CACERTS) | 956 | if (options & CACERTS) |
| 944 | return 1; | 957 | return 1; |
| 945 | } else if (options & CLCERTS) | 958 | } else if (options & CLCERTS) |
| 946 | return 1; | 959 | return 1; |
| 947 | print_attribs(out, bag->attrib, "Bag Attributes"); | 960 | print_attribs(out, attrs, "Bag Attributes"); |
| 948 | if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) | 961 | if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate) |
| 949 | return 1; | 962 | return 1; |
| 950 | if ((x509 = PKCS12_certbag2x509(bag)) == NULL) | 963 | if ((x509 = PKCS12_certbag2x509(bag)) == NULL) |
| 951 | return 0; | 964 | return 0; |
| @@ -957,13 +970,13 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen, | |||
| 957 | case NID_safeContentsBag: | 970 | case NID_safeContentsBag: |
| 958 | if (options & INFO) | 971 | if (options & INFO) |
| 959 | BIO_printf(bio_err, "Safe Contents bag\n"); | 972 | BIO_printf(bio_err, "Safe Contents bag\n"); |
| 960 | print_attribs(out, bag->attrib, "Bag Attributes"); | 973 | print_attribs(out, attrs, "Bag Attributes"); |
| 961 | return dump_certs_pkeys_bags(out, bag->value.safes, pass, | 974 | return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag), |
| 962 | passlen, options, pempass); | 975 | pass, passlen, options, pempass); |
| 963 | 976 | ||
| 964 | default: | 977 | default: |
| 965 | BIO_printf(bio_err, "Warning unsupported bag type: "); | 978 | BIO_printf(bio_err, "Warning unsupported bag type: "); |
| 966 | i2a_ASN1_OBJECT(bio_err, bag->type); | 979 | i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_type(bag)); |
| 967 | BIO_printf(bio_err, "\n"); | 980 | BIO_printf(bio_err, "\n"); |
| 968 | return 1; | 981 | return 1; |
| 969 | break; | 982 | break; |