import PKCS12_newpass(3) from OpenSSL

author: schwarze <> 2016-11-28 23:02:16 +0000
committer: schwarze <> 2016-11-28 23:02:16 +0000
commit: 55a7e3cda79792783f3e76b5f27994e2f2fe1e1a (patch)
tree: e4b6cbad9685f43b8ba1c55c6da711933262c641
parent: 878ead0bb560fb7bb8deece3f3022d3e7f42fb6c (diff)
download: openbsd-55a7e3cda79792783f3e76b5f27994e2f2fe1e1a.tar.gz
openbsd-55a7e3cda79792783f3e76b5f27994e2f2fe1e1a.tar.bz2
openbsd-55a7e3cda79792783f3e76b5f27994e2f2fe1e1a.zip
2 files changed, 157 insertions, 1 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 3275d0784c..568d65fa74 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.58 2016/11/28 17:55:26 schwarze Exp $
+# $OpenBSD: Makefile,v 1.59 2016/11/28 23:02:16 schwarze Exp $
 .include <bsd.own.mk>
@@ -137,6 +137,7 @@ MAN=	\
        PEM_read_bio_PrivateKey.3 \
        PEM_write_bio_PKCS7_stream.3 \
        PKCS12_create.3 \
+        PKCS12_newpass.3 \
        PKCS12_parse.3 \
        PKCS5_PBKDF2_HMAC.3 \
        PKCS7_decrypt.3 \
diff --git a/src/lib/libcrypto/man/PKCS12_newpass.3 b/src/lib/libcrypto/man/PKCS12_newpass.3
new file mode 100644
index 0000000000..b651a575ba
--- /dev/null
+++ b/src/lib/libcrypto/man/PKCS12_newpass.3
@@ -0,0 +1,155 @@
+.\"     $OpenBSD: PKCS12_newpass.3,v 1.1 2016/11/28 23:02:16 schwarze Exp $
+.\"     OpenSSL c95a8b4e May 5 14:26:26 2016 +0100
+.\"
+.\" This file was written by Jeffrey Walton <noloader@gmail.com>.
+.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 28 2016 $
+.Dt PKCS12_NEWPASS 3
+.Os
+.Sh NAME
+.Nm PKCS12_newpass
+.Nd change the password of a PKCS#12 structure
+.Sh SYNOPSIS
+.In openssl/pkcs12.h
+.Ft int
+.Fo PKCS12_newpass
+.Fa "PKCS12 *p12"
+.Fa "const char *oldpass"
+.Fa "const char *newpass"
+.Fc
+.Sh DESCRIPTION
+.Fn PKCS12_newpass
+changes the password of a PKCS#12 structure.
+.Pp
+.Fa p12
+is a pointer to a PKCS#12 structure.
+.Fa oldpass
+is the existing password and
+.Fa newpass
+is the new password.
+.Pp
+If the PKCS#12 structure does not have a password, use the empty
+string
+.Qq \&
+for
+.Fa oldpass .
+Passing
+.Dv NULL
+for
+.Fa oldpass
+results in a
+.Fn PKCS12_newpass
+failure.
+.Pp
+If the wrong password is used for
+.Fa oldpass ,
+the function will fail with a MAC verification error.
+In rare cases, the PKCS#12 structure does not contain a MAC:
+in this case it will usually fail with a decryption padding error.
+.Sh RETURN VALUES
+.Fn PKCS12_newpass
+returns 1 on success or 0 on failure.
+.Pp
+Applications can retrieve the most recent error from
+.Fn PKCS12_newpass
+with
+.Xr ERR_get_error 3 .
+.Sh EXAMPLES
+This example loads a PKCS#12 file, changes its password,
+and writes out the result to a new file.
+.Bd -literal
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+int main(int argc, char **argv)
+{
+        FILE *fp;
+        PKCS12 *p12;
+        if (argc != 5) {
+                fprintf(stderr,
+                    "Usage: pkread p12file password newpass opfile\en");
+                return 1;
+        }
+        if ((fp = fopen(argv[1], "rb")) == NULL) {
+                fprintf(stderr, "Error opening file %s\en", argv[1]);
+                return 1;
+        }
+        p12 = d2i_PKCS12_fp(fp, NULL);
+        fclose(fp);
+        if (p12 == NULL) {
+                fprintf(stderr, "Error reading PKCS#12 file\en");
+                ERR_print_errors_fp(stderr);
+                return 1;
+        }
+        if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
+                fprintf(stderr, "Error changing password\en");
+                ERR_print_errors_fp(stderr);
+                PKCS12_free(p12);
+                return 1;
+        }
+        if ((fp = fopen(argv[4], "wb")) == NULL) {
+                fprintf(stderr, "Error opening file %s\en", argv[4]);
+                PKCS12_free(p12);
+                return 1;
+        }
+        i2d_PKCS12_fp(fp, p12);
+        PKCS12_free(p12);
+        fclose(fp);
+        return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr ERR_get_error 3 ,
+.Xr PKCS12_create 3
+.Sh BUGS
+The password format is a NUL terminated ASCII string which is
+converted to Unicode form internally.
+As a result, some passwords cannot be supplied to this function.
author	schwarze <>	2016-11-28 23:02:16 +0000
committer	schwarze <>	2016-11-28 23:02:16 +0000
commit	55a7e3cda79792783f3e76b5f27994e2f2fe1e1a (patch)
tree	e4b6cbad9685f43b8ba1c55c6da711933262c641
parent	878ead0bb560fb7bb8deece3f3022d3e7f42fb6c (diff)
download	openbsd-55a7e3cda79792783f3e76b5f27994e2f2fe1e1a.tar.gz openbsd-55a7e3cda79792783f3e76b5f27994e2f2fe1e1a.tar.bz2 openbsd-55a7e3cda79792783f3e76b5f27994e2f2fe1e1a.zip

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 3275d0784c..568d65fa74 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.58 2016/11/28 17:55:26 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.59 2016/11/28 23:02:16 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -137,6 +137,7 @@ MAN= \
137	PEM_read_bio_PrivateKey.3 \	137	PEM_read_bio_PrivateKey.3 \
138	PEM_write_bio_PKCS7_stream.3 \	138	PEM_write_bio_PKCS7_stream.3 \
139	PKCS12_create.3 \	139	PKCS12_create.3 \
		140	PKCS12_newpass.3 \
140	PKCS12_parse.3 \	141	PKCS12_parse.3 \
141	PKCS5_PBKDF2_HMAC.3 \	142	PKCS5_PBKDF2_HMAC.3 \
142	PKCS7_decrypt.3 \	143	PKCS7_decrypt.3 \


diff --git a/src/lib/libcrypto/man/PKCS12_newpass.3 b/src/lib/libcrypto/man/PKCS12_newpass.3 new file mode 100644 index 0000000000..b651a575ba --- /dev/null +++ b/src/lib/libcrypto/man/PKCS12_newpass.3
@@ -0,0 +1,155 @@
		1	.\" $OpenBSD: PKCS12_newpass.3,v 1.1 2016/11/28 23:02:16 schwarze Exp $
		2	.\" OpenSSL c95a8b4e May 5 14:26:26 2016 +0100
		3	.\"
		4	.\" This file was written by Jeffrey Walton <noloader@gmail.com>.
		5	.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved.
		6	.\"
		7	.\" Redistribution and use in source and binary forms, with or without
		8	.\" modification, are permitted provided that the following conditions
		9	.\" are met:
		10	.\"
		11	.\" 1. Redistributions of source code must retain the above copyright
		12	.\" notice, this list of conditions and the following disclaimer.
		13	.\"
		14	.\" 2. Redistributions in binary form must reproduce the above copyright
		15	.\" notice, this list of conditions and the following disclaimer in
		16	.\" the documentation and/or other materials provided with the
		17	.\" distribution.
		18	.\"
		19	.\" 3. All advertising materials mentioning features or use of this
		20	.\" software must display the following acknowledgment:
		21	.\" "This product includes software developed by the OpenSSL Project
		22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		23	.\"
		24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		25	.\" endorse or promote products derived from this software without
		26	.\" prior written permission. For written permission, please contact
		27	.\" openssl-core@openssl.org.
		28	.\"
		29	.\" 5. Products derived from this software may not be called "OpenSSL"
		30	.\" nor may "OpenSSL" appear in their names without prior written
		31	.\" permission of the OpenSSL Project.
		32	.\"
		33	.\" 6. Redistributions of any form whatsoever must retain the following
		34	.\" acknowledgment:
		35	.\" "This product includes software developed by the OpenSSL Project
		36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		37	.\"
		38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		50	.\"
		51	.Dd $Mdocdate: November 28 2016 $
		52	.Dt PKCS12_NEWPASS 3
		53	.Os
		54	.Sh NAME
		55	.Nm PKCS12_newpass
		56	.Nd change the password of a PKCS#12 structure
		57	.Sh SYNOPSIS
		58	.In openssl/pkcs12.h
		59	.Ft int
		60	.Fo PKCS12_newpass
		61	.Fa "PKCS12 *p12"
		62	.Fa "const char *oldpass"
		63	.Fa "const char *newpass"
		64	.Fc
		65	.Sh DESCRIPTION
		66	.Fn PKCS12_newpass
		67	changes the password of a PKCS#12 structure.
		68	.Pp
		69	.Fa p12
		70	is a pointer to a PKCS#12 structure.
		71	.Fa oldpass
		72	is the existing password and
		73	.Fa newpass
		74	is the new password.
		75	.Pp
		76	If the PKCS#12 structure does not have a password, use the empty
		77	string
		78	.Qq \&
		79	for
		80	.Fa oldpass .
		81	Passing
		82	.Dv NULL
		83	for
		84	.Fa oldpass
		85	results in a
		86	.Fn PKCS12_newpass
		87	failure.
		88	.Pp
		89	If the wrong password is used for
		90	.Fa oldpass ,
		91	the function will fail with a MAC verification error.
		92	In rare cases, the PKCS#12 structure does not contain a MAC:
		93	in this case it will usually fail with a decryption padding error.
		94	.Sh RETURN VALUES
		95	.Fn PKCS12_newpass
		96	returns 1 on success or 0 on failure.
		97	.Pp
		98	Applications can retrieve the most recent error from
		99	.Fn PKCS12_newpass
		100	with
		101	.Xr ERR_get_error 3 .
		102	.Sh EXAMPLES
		103	This example loads a PKCS#12 file, changes its password,
		104	and writes out the result to a new file.
		105	.Bd -literal
		106	#include <stdio.h>
		107	#include <stdlib.h>
		108	#include <openssl/pem.h>
		109	#include <openssl/err.h>
		110	#include <openssl/pkcs12.h>
		111
		112	int main(int argc, char **argv)
		113	{
		114	FILE *fp;
		115	PKCS12 *p12;
		116	if (argc != 5) {
		117	fprintf(stderr,
		118	"Usage: pkread p12file password newpass opfile\en");
		119	return 1;
		120	}
		121	if ((fp = fopen(argv[1], "rb")) == NULL) {
		122	fprintf(stderr, "Error opening file %s\en", argv[1]);
		123	return 1;
		124	}
		125	p12 = d2i_PKCS12_fp(fp, NULL);
		126	fclose(fp);
		127	if (p12 == NULL) {
		128	fprintf(stderr, "Error reading PKCS#12 file\en");
		129	ERR_print_errors_fp(stderr);
		130	return 1;
		131	}
		132	if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
		133	fprintf(stderr, "Error changing password\en");
		134	ERR_print_errors_fp(stderr);
		135	PKCS12_free(p12);
		136	return 1;
		137	}
		138	if ((fp = fopen(argv[4], "wb")) == NULL) {
		139	fprintf(stderr, "Error opening file %s\en", argv[4]);
		140	PKCS12_free(p12);
		141	return 1;
		142	}
		143	i2d_PKCS12_fp(fp, p12);
		144	PKCS12_free(p12);
		145	fclose(fp);
		146	return 0;
		147	}
		148	.Ed
		149	.Sh SEE ALSO
		150	.Xr ERR_get_error 3 ,
		151	.Xr PKCS12_create 3
		152	.Sh BUGS
		153	The password format is a NUL terminated ASCII string which is
		154	converted to Unicode form internally.
		155	As a result, some passwords cannot be supplied to this function.