summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
authorbeck <>2000-03-19 11:13:58 +0000
committerbeck <>2000-03-19 11:13:58 +0000
commit796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/pkcs12
parent5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
downloadopenbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
-rw-r--r--src/lib/libcrypto/pkcs12/Makefile.ssl23
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c26
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c10
-rw-r--r--src/lib/libcrypto/pkcs12/p12_bags.c8
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c2
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c2
-rw-r--r--src/lib/libcrypto/pkcs12/p12_init.c6
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c23
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c30
-rw-r--r--src/lib/libcrypto/pkcs12/p12_lib.c4
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mac.c16
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c13
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c212
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c2
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h3
15 files changed, 310 insertions, 70 deletions
diff --git a/src/lib/libcrypto/pkcs12/Makefile.ssl b/src/lib/libcrypto/pkcs12/Makefile.ssl
index 7b0c65fad9..5716f608b6 100644
--- a/src/lib/libcrypto/pkcs12/Makefile.ssl
+++ b/src/lib/libcrypto/pkcs12/Makefile.ssl
@@ -1,5 +1,5 @@
1# 1#
2# SSLeay/crypto/asn1/Makefile 2# SSLeay/crypto/pkcs12/Makefile
3# 3#
4 4
5DIR= pkcs12 5DIR= pkcs12
@@ -24,10 +24,10 @@ APPS=
24LIB=$(TOP)/libcrypto.a 24LIB=$(TOP)/libcrypto.a
25LIBSRC= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \ 25LIBSRC= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \
26 p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c\ 26 p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c\
27 p12_sbag.c p12_utl.c pk12err.c 27 p12_sbag.c p12_utl.c p12_npas.c pk12err.c
28LIBOBJ= p12_add.o p12_attr.o p12_bags.o p12_crpt.o p12_crt.o p12_decr.o \ 28LIBOBJ= p12_add.o p12_attr.o p12_bags.o p12_crpt.o p12_crt.o p12_decr.o \
29 p12_init.o p12_key.o p12_kiss.o p12_lib.o p12_mac.o p12_mutl.o\ 29 p12_init.o p12_key.o p12_kiss.o p12_lib.o p12_mac.o p12_mutl.o\
30 p12_sbag.o p12_utl.o pk12err.o 30 p12_sbag.o p12_utl.o p12_npas.o pk12err.o
31 31
32SRC= $(LIBSRC) 32SRC= $(LIBSRC)
33 33
@@ -293,6 +293,23 @@ p12_mutl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
293p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 293p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
294p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 294p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
295p12_mutl.o: ../cryptlib.h 295p12_mutl.o: ../cryptlib.h
296p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
297p12_npas.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
298p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
299p12_npas.o: ../../include/openssl/des.h ../../include/openssl/dh.h
300p12_npas.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
301p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
302p12_npas.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
303p12_npas.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
304p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
305p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
306p12_npas.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
307p12_npas.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
308p12_npas.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
309p12_npas.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
310p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
311p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
312p12_npas.o: ../../include/openssl/x509_vfy.h
296p12_sbag.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h 313p12_sbag.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
297p12_sbag.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h 314p12_sbag.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
298p12_sbag.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h 315p12_sbag.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index ae3d9de3b4..d045cbba8d 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -133,7 +133,7 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
133 return NULL; 133 return NULL;
134 } 134 }
135 p7->type = OBJ_nid2obj(NID_pkcs7_data); 135 p7->type = OBJ_nid2obj(NID_pkcs7_data);
136 if (!(p7->d.data = ASN1_OCTET_STRING_new())) { 136 if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); 137 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
138 return NULL; 138 return NULL;
139 } 139 }
@@ -157,20 +157,18 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
157 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 157 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
158 return NULL; 158 return NULL;
159 } 159 }
160 p7->type = OBJ_nid2obj(NID_pkcs7_encrypted); 160 if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
161 if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) { 161 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
162 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 162 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
163 return NULL; 163 return NULL;
164 } 164 }
165 ASN1_INTEGER_set (p7->d.encrypted->version, 0);
166 p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
167 if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) { 165 if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
168 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); 166 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
169 return NULL; 167 return NULL;
170 } 168 }
171 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); 169 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
172 p7->d.encrypted->enc_data->algorithm = pbe; 170 p7->d.encrypted->enc_data->algorithm = pbe;
173 ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); 171 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
174 if (!(p7->d.encrypted->enc_data->enc_data = 172 if (!(p7->d.encrypted->enc_data->enc_data =
175 PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen, 173 PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
176 (char *)bags, 1))) { 174 (char *)bags, 1))) {
@@ -191,24 +189,28 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
191 189
192 if (!(p8 = X509_SIG_new())) { 190 if (!(p8 = X509_SIG_new())) {
193 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); 191 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
194 return NULL; 192 goto err;
195 } 193 }
196 194
197 if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); 195 if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
198 else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); 196 else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
199 if(!pbe) { 197 if(!pbe) {
200 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); 198 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
201 return NULL; 199 goto err;
202 } 200 }
203 X509_ALGOR_free(p8->algor); 201 X509_ALGOR_free(p8->algor);
204 p8->algor = pbe; 202 p8->algor = pbe;
205 ASN1_OCTET_STRING_free(p8->digest); 203 M_ASN1_OCTET_STRING_free(p8->digest);
206 if (!(p8->digest = 204 if (!(p8->digest =
207 PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen, 205 PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
208 (char *)p8inf, 0))) { 206 (char *)p8inf, 0))) {
209 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); 207 PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
210 return NULL; 208 goto err;
211 } 209 }
212 210
213 return p8; 211 return p8;
212
213 err:
214 X509_SIG_free(p8);
215 return NULL;
214} 216}
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
index 31c9782b77..f559351d18 100644
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ b/src/lib/libcrypto/pkcs12/p12_attr.c
@@ -73,11 +73,11 @@ int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name,
73 return 0; 73 return 0;
74 } 74 }
75 keyid->type = V_ASN1_OCTET_STRING; 75 keyid->type = V_ASN1_OCTET_STRING;
76 if (!(oct = ASN1_OCTET_STRING_new())) { 76 if (!(oct = M_ASN1_OCTET_STRING_new())) {
77 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE); 77 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
78 return 0; 78 return 0;
79 } 79 }
80 if (!ASN1_OCTET_STRING_set(oct, name, namelen)) { 80 if (!M_ASN1_OCTET_STRING_set(oct, name, namelen)) {
81 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE); 81 PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
82 return 0; 82 return 0;
83 } 83 }
@@ -115,11 +115,11 @@ int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage)
115 return 0; 115 return 0;
116 } 116 }
117 keyid->type = V_ASN1_BIT_STRING; 117 keyid->type = V_ASN1_BIT_STRING;
118 if (!(bstr = ASN1_BIT_STRING_new())) { 118 if (!(bstr = M_ASN1_BIT_STRING_new())) {
119 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE); 119 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
120 return 0; 120 return 0;
121 } 121 }
122 if (!ASN1_BIT_STRING_set(bstr, &us_val, 1)) { 122 if (!M_ASN1_BIT_STRING_set(bstr, &us_val, 1)) {
123 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE); 123 PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
124 return 0; 124 return 0;
125 } 125 }
@@ -176,7 +176,7 @@ int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
176 return 0; 176 return 0;
177 } 177 }
178 fname->type = V_ASN1_BMPSTRING; 178 fname->type = V_ASN1_BMPSTRING;
179 if (!(bmp = ASN1_BMPSTRING_new())) { 179 if (!(bmp = M_ASN1_BMPSTRING_new())) {
180 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI, 180 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
181 ERR_R_MALLOC_FAILURE); 181 ERR_R_MALLOC_FAILURE);
182 return 0; 182 return 0;
diff --git a/src/lib/libcrypto/pkcs12/p12_bags.c b/src/lib/libcrypto/pkcs12/p12_bags.c
index d6eab92c83..c358b06735 100644
--- a/src/lib/libcrypto/pkcs12/p12_bags.c
+++ b/src/lib/libcrypto/pkcs12/p12_bags.c
@@ -171,15 +171,15 @@ void PKCS12_BAGS_free (PKCS12_BAGS *a)
171 switch (OBJ_obj2nid(a->type)) { 171 switch (OBJ_obj2nid(a->type)) {
172 172
173 case NID_x509Certificate: 173 case NID_x509Certificate:
174 ASN1_OCTET_STRING_free (a->value.x509cert); 174 M_ASN1_OCTET_STRING_free (a->value.x509cert);
175 break; 175 break;
176 176
177 case NID_x509Crl: 177 case NID_x509Crl:
178 ASN1_OCTET_STRING_free (a->value.x509crl); 178 M_ASN1_OCTET_STRING_free (a->value.x509crl);
179 break; 179 break;
180 180
181 case NID_sdsiCertificate: 181 case NID_sdsiCertificate:
182 ASN1_IA5STRING_free (a->value.sdsicert); 182 M_ASN1_IA5STRING_free (a->value.sdsicert);
183 break; 183 break;
184 184
185 default: 185 default:
@@ -188,5 +188,5 @@ void PKCS12_BAGS_free (PKCS12_BAGS *a)
188 } 188 }
189 189
190 ASN1_OBJECT_free (a->type); 190 ASN1_OBJECT_free (a->type);
191 Free ((char *)a); 191 Free (a);
192} 192}
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index 6de6f8128f..7b96584f07 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -70,10 +70,12 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
70EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), 70EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
71 PKCS12_PBE_keyivgen); 71 PKCS12_PBE_keyivgen);
72#endif 72#endif
73#ifndef NO_DES
73EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 74EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
74 EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); 75 EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
75EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 76EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
76 EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); 77 EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
78#endif
77#ifndef NO_RC2 79#ifndef NO_RC2
78EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), 80EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
79 EVP_sha1(), PKCS12_PBE_keyivgen); 81 EVP_sha1(), PKCS12_PBE_keyivgen);
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index d3d288e187..4be44eac50 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -155,7 +155,7 @@ ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(),
155 ASN1_OCTET_STRING *oct; 155 ASN1_OCTET_STRING *oct;
156 unsigned char *in, *p; 156 unsigned char *in, *p;
157 int inlen; 157 int inlen;
158 if (!(oct = ASN1_OCTET_STRING_new ())) { 158 if (!(oct = M_ASN1_OCTET_STRING_new ())) {
159 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); 159 PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
160 return NULL; 160 return NULL;
161 } 161 }
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
index dc6ab41db8..d5d4884c82 100644
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ b/src/lib/libcrypto/pkcs12/p12_init.c
@@ -69,11 +69,11 @@ PKCS12 *PKCS12_init (int mode)
69 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); 69 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
70 return NULL; 70 return NULL;
71 } 71 }
72 if (!(pkcs12->version = ASN1_INTEGER_new ())) { 72 if (!(pkcs12->version = M_ASN1_INTEGER_new ())) {
73 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); 73 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
74 return NULL; 74 return NULL;
75 } 75 }
76 ASN1_INTEGER_set (pkcs12->version, 3); 76 ASN1_INTEGER_set(pkcs12->version, 3);
77 if (!(pkcs12->authsafes = PKCS7_new())) { 77 if (!(pkcs12->authsafes = PKCS7_new())) {
78 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); 78 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
79 return NULL; 79 return NULL;
@@ -82,7 +82,7 @@ PKCS12 *PKCS12_init (int mode)
82 switch (mode) { 82 switch (mode) {
83 case NID_pkcs7_data: 83 case NID_pkcs7_data:
84 if (!(pkcs12->authsafes->d.data = 84 if (!(pkcs12->authsafes->d.data =
85 ASN1_OCTET_STRING_new())) { 85 M_ASN1_OCTET_STRING_new())) {
86 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); 86 PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
87 return NULL; 87 return NULL;
88 } 88 }
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 25d8cdae57..02fdd20e2f 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -64,7 +64,7 @@
64/* Uncomment out this line to get debugging info about key generation */ 64/* Uncomment out this line to get debugging info about key generation */
65/*#define DEBUG_KEYGEN*/ 65/*#define DEBUG_KEYGEN*/
66#ifdef DEBUG_KEYGEN 66#ifdef DEBUG_KEYGEN
67#include <bio.h> 67#include <openssl/bio.h>
68extern BIO *bio_err; 68extern BIO *bio_err;
69void h__dump (unsigned char *p, int len); 69void h__dump (unsigned char *p, int len);
70#endif 70#endif
@@ -104,13 +104,12 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
104#ifdef DEBUG_KEYGEN 104#ifdef DEBUG_KEYGEN
105 unsigned char *tmpout = out; 105 unsigned char *tmpout = out;
106 int tmpn = n; 106 int tmpn = n;
107 BIO_printf (bio_err, "KEYGEN DEBUG\n"); 107 fprintf(stderr, "KEYGEN DEBUG\n");
108 BIO_printf (bio_err, "ID %d, ITER %d\n", id, iter); 108 fprintf(stderr, "ID %d, ITER %d\n", id, iter);
109 BIO_printf (bio_err, "Password (length %d):\n", passlen); 109 fprintf(stderr, "Password (length %d):\n", passlen);
110 h__dump (pass, passlen); 110 h__dump(pass, passlen);
111 BIO_printf (bio_err, "Salt (length %d):\n", saltlen); 111 fprintf(stderr, "Salt (length %d):\n", saltlen);
112 h__dump (salt, saltlen); 112 h__dump(salt, saltlen);
113 BIO_printf (bio_err, "ID %d, ITER %d\n\n", id, iter);
114#endif 113#endif
115 v = EVP_MD_block_size (md_type); 114 v = EVP_MD_block_size (md_type);
116 u = EVP_MD_size (md_type); 115 u = EVP_MD_size (md_type);
@@ -150,8 +149,8 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
150 BN_free (Ij); 149 BN_free (Ij);
151 BN_free (Bpl1); 150 BN_free (Bpl1);
152#ifdef DEBUG_KEYGEN 151#ifdef DEBUG_KEYGEN
153 BIO_printf (bio_err, "Output KEY (length %d)\n", tmpn); 152 fprintf(stderr, "Output KEY (length %d)\n", tmpn);
154 h__dump (tmpout, tmpn); 153 h__dump(tmpout, tmpn);
155#endif 154#endif
156 return 1; 155 return 1;
157 } 156 }
@@ -176,7 +175,7 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
176#ifdef DEBUG_KEYGEN 175#ifdef DEBUG_KEYGEN
177void h__dump (unsigned char *p, int len) 176void h__dump (unsigned char *p, int len)
178{ 177{
179 for (; len --; p++) BIO_printf (bio_err, "%02X", *p); 178 for (; len --; p++) fprintf(stderr, "%02X", *p);
180 BIO_printf (bio_err, "\n"); 179 fprintf(stderr, "\n");
181} 180}
182#endif 181#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index 767e1303da..08a60556e0 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -139,16 +139,16 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
139 sk_pop_free (asafes, PKCS7_free); 139 sk_pop_free (asafes, PKCS7_free);
140 return 0; 140 return 0;
141 } 141 }
142 if (!parse_bags (bags, pass, passlen, pkey, cert, ca, 142 if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
143 &keyid, &keymatch)) { 143 &keyid, &keymatch)) {
144 sk_pop_free (bags, PKCS12_SAFEBAG_free); 144 sk_pop_free(bags, PKCS12_SAFEBAG_free);
145 sk_pop_free (asafes, PKCS7_free); 145 sk_pop_free(asafes, PKCS7_free);
146 return 0; 146 return 0;
147 } 147 }
148 sk_pop_free (bags, PKCS12_SAFEBAG_free); 148 sk_pop_free(bags, PKCS12_SAFEBAG_free);
149 } 149 }
150 sk_pop_free (asafes, PKCS7_free); 150 sk_pop_free(asafes, PKCS7_free);
151 if (keyid) ASN1_OCTET_STRING_free (keyid); 151 if (keyid) M_ASN1_OCTET_STRING_free(keyid);
152 return 1; 152 return 1;
153} 153}
154 154
@@ -158,8 +158,8 @@ static int parse_bags (STACK *bags, const char *pass, int passlen,
158 ASN1_OCTET_STRING **keyid, char *keymatch) 158 ASN1_OCTET_STRING **keyid, char *keymatch)
159{ 159{
160 int i; 160 int i;
161 for (i = 0; i < sk_num (bags); i++) { 161 for (i = 0; i < sk_num(bags); i++) {
162 if (!parse_bag ((PKCS12_SAFEBAG *)sk_value (bags, i), 162 if (!parse_bag((PKCS12_SAFEBAG *)sk_value (bags, i),
163 pass, passlen, pkey, cert, ca, keyid, 163 pass, passlen, pkey, cert, ca, keyid,
164 keymatch)) return 0; 164 keymatch)) return 0;
165 } 165 }
@@ -170,7 +170,7 @@ static int parse_bags (STACK *bags, const char *pass, int passlen,
170#define MATCH_CERT 0x2 170#define MATCH_CERT 0x2
171#define MATCH_ALL 0x3 171#define MATCH_ALL 0x3
172 172
173static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen, 173static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
174 EVP_PKEY **pkey, X509 **cert, STACK **ca, 174 EVP_PKEY **pkey, X509 **cert, STACK **ca,
175 ASN1_OCTET_STRING **keyid, 175 ASN1_OCTET_STRING **keyid,
176 char *keymatch) 176 char *keymatch)
@@ -187,9 +187,9 @@ static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen,
187 /* Check for any local key id matching (if needed) */ 187 /* Check for any local key id matching (if needed) */
188 if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { 188 if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
189 if (*keyid) { 189 if (*keyid) {
190 if (ASN1_OCTET_STRING_cmp (*keyid, lkey)) lkey = NULL; 190 if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
191 } else { 191 } else {
192 if (!(*keyid = ASN1_OCTET_STRING_dup (lkey))) { 192 if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
193 PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE); 193 PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
194 return 0; 194 return 0;
195 } 195 }
@@ -200,16 +200,16 @@ static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen,
200 { 200 {
201 case NID_keyBag: 201 case NID_keyBag:
202 if (!lkey || !pkey) return 1; 202 if (!lkey || !pkey) return 1;
203 if (!(*pkey = EVP_PKCS82PKEY (bag->value.keybag))) return 0; 203 if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
204 *keymatch |= MATCH_KEY; 204 *keymatch |= MATCH_KEY;
205 break; 205 break;
206 206
207 case NID_pkcs8ShroudedKeyBag: 207 case NID_pkcs8ShroudedKeyBag:
208 if (!lkey || !pkey) return 1; 208 if (!lkey || !pkey) return 1;
209 if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen))) 209 if (!(p8 = M_PKCS12_decrypt_skey(bag, pass, passlen)))
210 return 0; 210 return 0;
211 *pkey = EVP_PKCS82PKEY (p8); 211 *pkey = EVP_PKCS82PKEY(p8);
212 PKCS8_PRIV_KEY_INFO_free (p8); 212 PKCS8_PRIV_KEY_INFO_free(p8);
213 if (!(*pkey)) return 0; 213 if (!(*pkey)) return 0;
214 *keymatch |= MATCH_KEY; 214 *keymatch |= MATCH_KEY;
215 break; 215 break;
diff --git a/src/lib/libcrypto/pkcs12/p12_lib.c b/src/lib/libcrypto/pkcs12/p12_lib.c
index 00a6695d9b..7ca9c14908 100644
--- a/src/lib/libcrypto/pkcs12/p12_lib.c
+++ b/src/lib/libcrypto/pkcs12/p12_lib.c
@@ -104,8 +104,8 @@ PKCS12 *PKCS12_new(void)
104void PKCS12_free (PKCS12 *a) 104void PKCS12_free (PKCS12 *a)
105{ 105{
106 if (a == NULL) return; 106 if (a == NULL) return;
107 ASN1_INTEGER_free (a->version); 107 M_ASN1_INTEGER_free(a->version);
108 PKCS12_MAC_DATA_free (a->mac); 108 PKCS12_MAC_DATA_free (a->mac);
109 PKCS7_free (a->authsafes); 109 PKCS7_free (a->authsafes);
110 Free ((char *)a); 110 Free (a);
111} 111}
diff --git a/src/lib/libcrypto/pkcs12/p12_mac.c b/src/lib/libcrypto/pkcs12/p12_mac.c
index f163d4cfaa..f5ab0d6464 100644
--- a/src/lib/libcrypto/pkcs12/p12_mac.c
+++ b/src/lib/libcrypto/pkcs12/p12_mac.c
@@ -82,9 +82,9 @@ PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void)
82 ASN1_CTX c; 82 ASN1_CTX c;
83 M_ASN1_New_Malloc(ret, PKCS12_MAC_DATA); 83 M_ASN1_New_Malloc(ret, PKCS12_MAC_DATA);
84 ret->dinfo = X509_SIG_new(); 84 ret->dinfo = X509_SIG_new();
85 ret->salt = ASN1_OCTET_STRING_new(); 85 ret->salt = M_ASN1_OCTET_STRING_new();
86 ret->iter = NULL; 86 ret->iter = NULL;
87 return (ret); 87 return(ret);
88 M_ASN1_New_Error(ASN1_F_PKCS12_MAC_DATA_NEW); 88 M_ASN1_New_Error(ASN1_F_PKCS12_MAC_DATA_NEW);
89} 89}
90 90
@@ -94,9 +94,9 @@ PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, unsigned char **pp,
94 M_ASN1_D2I_vars(a,PKCS12_MAC_DATA *,PKCS12_MAC_DATA_new); 94 M_ASN1_D2I_vars(a,PKCS12_MAC_DATA *,PKCS12_MAC_DATA_new);
95 M_ASN1_D2I_Init(); 95 M_ASN1_D2I_Init();
96 M_ASN1_D2I_start_sequence(); 96 M_ASN1_D2I_start_sequence();
97 M_ASN1_D2I_get (ret->dinfo, d2i_X509_SIG); 97 M_ASN1_D2I_get(ret->dinfo, d2i_X509_SIG);
98 M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING); 98 M_ASN1_D2I_get(ret->salt, d2i_ASN1_OCTET_STRING);
99 M_ASN1_D2I_get_opt (ret->iter, d2i_ASN1_INTEGER, V_ASN1_INTEGER); 99 M_ASN1_D2I_get_opt(ret->iter, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
100 M_ASN1_D2I_Finish(a, PKCS12_MAC_DATA_free, ASN1_F_D2I_PKCS12_MAC_DATA); 100 M_ASN1_D2I_Finish(a, PKCS12_MAC_DATA_free, ASN1_F_D2I_PKCS12_MAC_DATA);
101} 101}
102 102
@@ -104,7 +104,7 @@ void PKCS12_MAC_DATA_free (PKCS12_MAC_DATA *a)
104{ 104{
105 if (a == NULL) return; 105 if (a == NULL) return;
106 X509_SIG_free (a->dinfo); 106 X509_SIG_free (a->dinfo);
107 ASN1_OCTET_STRING_free (a->salt); 107 M_ASN1_OCTET_STRING_free(a->salt);
108 ASN1_INTEGER_free (a->iter); 108 M_ASN1_INTEGER_free(a->iter);
109 Free ((char *)a); 109 Free (a);
110} 110}
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index bac558d6b9..f1094b3840 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -131,7 +131,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
131 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR); 131 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
132 return 0; 132 return 0;
133 } 133 }
134 if (!(ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { 134 if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
135 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); 135 PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
136 return 0; 136 return 0;
137 } 137 }
@@ -142,13 +142,13 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
142int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, 142int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
143 EVP_MD *md_type) 143 EVP_MD *md_type)
144{ 144{
145 if (!(p12->mac = PKCS12_MAC_DATA_new ())) return PKCS12_ERROR; 145 if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
146 if (iter > 1) { 146 if (iter > 1) {
147 if(!(p12->mac->iter = ASN1_INTEGER_new())) { 147 if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
148 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); 148 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
149 return 0; 149 return 0;
150 } 150 }
151 ASN1_INTEGER_set (p12->mac->iter, iter); 151 ASN1_INTEGER_set(p12->mac->iter, iter);
152 } 152 }
153 if (!saltlen) saltlen = PKCS12_SALT_LEN; 153 if (!saltlen) saltlen = PKCS12_SALT_LEN;
154 p12->mac->salt->length = saltlen; 154 p12->mac->salt->length = saltlen;
@@ -156,7 +156,10 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
156 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); 156 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
157 return 0; 157 return 0;
158 } 158 }
159 if (!salt) RAND_bytes (p12->mac->salt->data, saltlen); 159 if (!salt) {
160 if (RAND_bytes (p12->mac->salt->data, saltlen) <= 0)
161 return 0;
162 }
160 else memcpy (p12->mac->salt->data, salt, saltlen); 163 else memcpy (p12->mac->salt->data, salt, saltlen);
161 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); 164 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
162 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { 165 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
new file mode 100644
index 0000000000..ee71707e2c
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -0,0 +1,212 @@
1/* p12_npas.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include <openssl/pkcs12.h>
65
66/* PKCS#12 password change routine */
67
68static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
69static int newpass_bags(STACK *bags, char *oldpass, char *newpass);
70static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
71static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
72
73/*
74 * Change the password on a PKCS#12 structure.
75 */
76
77int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
78{
79
80/* Check for NULL PKCS12 structure */
81
82if(!p12) {
83 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
84 return 0;
85}
86
87/* Check the mac */
88
89if (!PKCS12_verify_mac(p12, oldpass, -1)) {
90 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
91 return 0;
92}
93
94if (!newpass_p12(p12, oldpass, newpass)) {
95 PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
96 return 0;
97}
98
99return 1;
100
101}
102
103/* Parse the outer PKCS#12 structure */
104
105static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
106{
107 STACK *asafes, *newsafes, *bags;
108 int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
109 PKCS7 *p7, *p7new;
110 ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
111 unsigned char mac[EVP_MAX_MD_SIZE];
112 unsigned int maclen;
113 if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
114 if(!(newsafes = sk_new(NULL))) return 0;
115 for (i = 0; i < sk_num (asafes); i++) {
116 p7 = (PKCS7 *) sk_value(asafes, i);
117 bagnid = OBJ_obj2nid(p7->type);
118 if (bagnid == NID_pkcs7_data) {
119 bags = M_PKCS12_unpack_p7data(p7);
120 } else if (bagnid == NID_pkcs7_encrypted) {
121 bags = M_PKCS12_unpack_p7encdata(p7, oldpass, -1);
122 alg_get(p7->d.encrypted->enc_data->algorithm,
123 &pbe_nid, &pbe_iter, &pbe_saltlen);
124 } else continue;
125 if (!bags) {
126 sk_pop_free(asafes, PKCS7_free);
127 return 0;
128 }
129 if (!newpass_bags(bags, oldpass, newpass)) {
130 sk_pop_free(bags, PKCS12_SAFEBAG_free);
131 sk_pop_free(asafes, PKCS7_free);
132 return 0;
133 }
134 /* Repack bag in same form with new password */
135 if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
136 else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
137 pbe_saltlen, pbe_iter, bags);
138 sk_pop_free(bags, PKCS12_SAFEBAG_free);
139 if(!p7new) {
140 sk_pop_free(asafes, PKCS7_free);
141 return 0;
142 }
143 sk_push(newsafes, (char *)p7new);
144 }
145 sk_pop_free(asafes, PKCS7_free);
146
147 /* Repack safe: save old safe in case of error */
148
149 p12_data_tmp = p12->authsafes->d.data;
150 if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
151 if(!M_PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
152
153 if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
154 if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
155 if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
156 ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
157 p12->mac->dinfo->digest = macnew;
158 ASN1_OCTET_STRING_free(p12_data_tmp);
159
160 return 1;
161
162 saferr:
163 /* Restore old safe */
164 ASN1_OCTET_STRING_free(p12->authsafes->d.data);
165 ASN1_OCTET_STRING_free(macnew);
166 p12->authsafes->d.data = p12_data_tmp;
167 return 0;
168
169}
170
171
172static int newpass_bags(STACK *bags, char *oldpass, char *newpass)
173{
174 int i;
175 for (i = 0; i < sk_num(bags); i++) {
176 if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i),
177 oldpass, newpass)) return 0;
178 }
179 return 1;
180}
181
182/* Change password of safebag: only needs handle shrouded keybags */
183
184static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
185{
186 PKCS8_PRIV_KEY_INFO *p8;
187 X509_SIG *p8new;
188 int p8_nid, p8_saltlen, p8_iter;
189
190 if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
191
192 if (!(p8 = M_PKCS12_decrypt_skey(bag, oldpass, -1))) return 0;
193 alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
194 if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
195 p8_iter, p8))) return 0;
196 X509_SIG_free(bag->value.shkeybag);
197 bag->value.shkeybag = p8new;
198 return 1;
199}
200
201static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
202{
203 PBEPARAM *pbe;
204 unsigned char *p;
205 p = alg->parameter->value.sequence->data;
206 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
207 *pnid = OBJ_obj2nid(alg->algorithm);
208 *piter = ASN1_INTEGER_get(pbe->iter);
209 *psaltlen = pbe->salt->length;
210 PBEPARAM_free(pbe);
211 return 0;
212}
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
index 38d7be7675..9d8de10e1e 100644
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ b/src/lib/libcrypto/pkcs12/pk12err.c
@@ -79,6 +79,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
79{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, 79{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
80{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, 80{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, 81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
82{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
82{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, 83{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
83{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, 84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, 85{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
@@ -99,6 +100,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[]=
99{PKCS12_R_DECODE_ERROR ,"decode error"}, 100{PKCS12_R_DECODE_ERROR ,"decode error"},
100{PKCS12_R_ENCODE_ERROR ,"encode error"}, 101{PKCS12_R_ENCODE_ERROR ,"encode error"},
101{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"}, 102{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"},
103{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
102{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, 104{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
103{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"}, 105{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"},
104{PKCS12_R_IV_GEN_ERROR ,"iv gen error"}, 106{PKCS12_R_IV_GEN_ERROR ,"iv gen error"},
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index 4cfba5e6c6..254000fa12 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -273,6 +273,7 @@ int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
273int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); 273int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
274PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); 274PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
275PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); 275PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
276int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
276 277
277/* BEGIN ERROR CODES */ 278/* BEGIN ERROR CODES */
278/* The following lines are auto generated by the script mkerr.pl. Any changes 279/* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -296,6 +297,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
296#define PKCS12_F_PKCS12_KEY_GEN_UNI 111 297#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
297#define PKCS12_F_PKCS12_MAKE_KEYBAG 112 298#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
298#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 299#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
300#define PKCS12_F_PKCS12_NEWPASS 128
299#define PKCS12_F_PKCS12_PACK_P7DATA 114 301#define PKCS12_F_PKCS12_PACK_P7DATA 114
300#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 302#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
301#define PKCS12_F_PKCS12_PACK_SAFEBAG 117 303#define PKCS12_F_PKCS12_PACK_SAFEBAG 117
@@ -313,6 +315,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
313#define PKCS12_R_DECODE_ERROR 101 315#define PKCS12_R_DECODE_ERROR 101
314#define PKCS12_R_ENCODE_ERROR 102 316#define PKCS12_R_ENCODE_ERROR 102
315#define PKCS12_R_ENCRYPT_ERROR 103 317#define PKCS12_R_ENCRYPT_ERROR 103
318#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
316#define PKCS12_R_INVALID_NULL_ARGUMENT 104 319#define PKCS12_R_INVALID_NULL_ARGUMENT 104
317#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 320#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
318#define PKCS12_R_IV_GEN_ERROR 106 321#define PKCS12_R_IV_GEN_ERROR 106
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-25 23:26:58 +0000