diff options
| author | tb <> | 2024-01-25 13:32:49 +0000 |
|---|---|---|
| committer | tb <> | 2024-01-25 13:32:49 +0000 |
| commit | 054892485301bc4fb700ac9a0ce8338b47f40acf (patch) | |
| tree | ab26d2ee05d8d32df8b00fa90137b6de2d49b439 | |
| parent | 3f1a78dc1058a974c35bb505a60421766215d9a5 (diff) | |
| download | openbsd-054892485301bc4fb700ac9a0ce8338b47f40acf.tar.gz openbsd-054892485301bc4fb700ac9a0ce8338b47f40acf.tar.bz2 openbsd-054892485301bc4fb700ac9a0ce8338b47f40acf.zip | |
Merge PKCS12_newpass() and newpass_p12()
With the previous refactoring, newpass_p12() became simple enough that it
doesn't require a separate function anymore. Merge the public API into it
and move it below (most of) the things it calls.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_npas.c | 57 |
1 files changed, 20 insertions, 37 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c index 23a5c5e768..fc726f2b74 100644 --- a/src/lib/libcrypto/pkcs12/p12_npas.c +++ b/src/lib/libcrypto/pkcs12/p12_npas.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_npas.c,v 1.22 2024/01/25 10:53:05 tb Exp $ */ | 1 | /* $OpenBSD: p12_npas.c,v 1.23 2024/01/25 13:32:49 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -68,7 +68,6 @@ | |||
| 68 | 68 | ||
| 69 | /* PKCS#12 password change routine */ | 69 | /* PKCS#12 password change routine */ |
| 70 | 70 | ||
| 71 | static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass); | ||
| 72 | static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, | 71 | static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, |
| 73 | const char *newpass); | 72 | const char *newpass); |
| 74 | static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, | 73 | static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, |
| @@ -79,32 +78,6 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); | |||
| 79 | * Change the password on a PKCS#12 structure. | 78 | * Change the password on a PKCS#12 structure. |
| 80 | */ | 79 | */ |
| 81 | 80 | ||
| 82 | int | ||
| 83 | PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass) | ||
| 84 | { | ||
| 85 | /* Check for NULL PKCS12 structure */ | ||
| 86 | |||
| 87 | if (!p12) { | ||
| 88 | PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); | ||
| 89 | return 0; | ||
| 90 | } | ||
| 91 | |||
| 92 | /* Check the mac */ | ||
| 93 | |||
| 94 | if (!PKCS12_verify_mac(p12, oldpass, -1)) { | ||
| 95 | PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); | ||
| 96 | return 0; | ||
| 97 | } | ||
| 98 | |||
| 99 | if (!newpass_p12(p12, oldpass, newpass)) { | ||
| 100 | PKCS12error(PKCS12_R_PARSE_ERROR); | ||
| 101 | return 0; | ||
| 102 | } | ||
| 103 | |||
| 104 | return 1; | ||
| 105 | } | ||
| 106 | LCRYPTO_ALIAS(PKCS12_newpass); | ||
| 107 | |||
| 108 | static int | 81 | static int |
| 109 | pkcs7_repack_data(PKCS7 *pkcs7, STACK_OF(PKCS7) *newsafes, const char *oldpass, | 82 | pkcs7_repack_data(PKCS7 *pkcs7, STACK_OF(PKCS7) *newsafes, const char *oldpass, |
| 110 | const char *newpass) | 83 | const char *newpass) |
| @@ -207,20 +180,30 @@ pkcs12_repack_authsafes(PKCS12 *pkcs12, STACK_OF(PKCS7) *newsafes, | |||
| 207 | return ret; | 180 | return ret; |
| 208 | } | 181 | } |
| 209 | 182 | ||
| 210 | static int | 183 | int |
| 211 | newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) | 184 | PKCS12_newpass(PKCS12 *pkcs12, const char *oldpass, const char *newpass) |
| 212 | { | 185 | { |
| 213 | STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL; | 186 | STACK_OF(PKCS7) *authsafes = NULL, *newsafes = NULL; |
| 214 | int i; | 187 | int i; |
| 215 | int ret = 0; | 188 | int ret = 0; |
| 216 | 189 | ||
| 217 | if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) | 190 | if (pkcs12 == NULL) { |
| 191 | PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); | ||
| 192 | goto err; | ||
| 193 | } | ||
| 194 | |||
| 195 | if (!PKCS12_verify_mac(pkcs12, oldpass, -1)) { | ||
| 196 | PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); | ||
| 197 | goto err; | ||
| 198 | } | ||
| 199 | |||
| 200 | if ((authsafes = PKCS12_unpack_authsafes(pkcs12)) == NULL) | ||
| 218 | goto err; | 201 | goto err; |
| 219 | if ((newsafes = sk_PKCS7_new_null()) == NULL) | 202 | if ((newsafes = sk_PKCS7_new_null()) == NULL) |
| 220 | goto err; | 203 | goto err; |
| 221 | 204 | ||
| 222 | for (i = 0; i < sk_PKCS7_num(asafes); i++) { | 205 | for (i = 0; i < sk_PKCS7_num(authsafes); i++) { |
| 223 | PKCS7 *pkcs7 = sk_PKCS7_value(asafes, i); | 206 | PKCS7 *pkcs7 = sk_PKCS7_value(authsafes, i); |
| 224 | 207 | ||
| 225 | switch (OBJ_obj2nid(pkcs7->type)) { | 208 | switch (OBJ_obj2nid(pkcs7->type)) { |
| 226 | case NID_pkcs7_data: | 209 | case NID_pkcs7_data: |
| @@ -234,18 +217,18 @@ newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) | |||
| 234 | } | 217 | } |
| 235 | } | 218 | } |
| 236 | 219 | ||
| 237 | if (!pkcs12_repack_authsafes(p12, newsafes, newpass)) | 220 | if (!pkcs12_repack_authsafes(pkcs12, newsafes, newpass)) |
| 238 | goto err; | 221 | goto err; |
| 239 | 222 | ||
| 240 | ret = 1; | 223 | ret = 1; |
| 241 | 224 | ||
| 242 | err: | 225 | err: |
| 243 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 226 | sk_PKCS7_pop_free(authsafes, PKCS7_free); |
| 244 | sk_PKCS7_pop_free(newsafes, PKCS7_free); | 227 | sk_PKCS7_pop_free(newsafes, PKCS7_free); |
| 245 | 228 | ||
| 246 | return ret; | 229 | return ret; |
| 247 | } | 230 | } |
| 248 | 231 | LCRYPTO_ALIAS(PKCS12_newpass); | |
| 249 | 232 | ||
| 250 | static int | 233 | static int |
| 251 | newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, | 234 | newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, |