1 files changed, 20 insertions, 37 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index 23a5c5e768..fc726f2b74 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_npas.c,v 1.22 2024/01/25 10:53:05 tb Exp $ */
+/* $OpenBSD: p12_npas.c,v 1.23 2024/01/25 13:32:49 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -68,7 +68,6 @@
 /* PKCS#12 password change routine */
-static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
 static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
    const char *newpass);
 static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
@@ -79,32 +78,6 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
 * Change the password on a PKCS#12 structure.
 */
-int
-PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
-{
-        /* Check for NULL PKCS12 structure */
-        if (!p12) {
-                PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-                return 0;
-        }
-        /* Check the mac */
-        if (!PKCS12_verify_mac(p12, oldpass, -1)) {
-                PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
-                return 0;
-        }
-        if (!newpass_p12(p12, oldpass, newpass)) {
-                PKCS12error(PKCS12_R_PARSE_ERROR);
-                return 0;
-        }
-        return 1;
-}
-LCRYPTO_ALIAS(PKCS12_newpass);
 static int
 pkcs7_repack_data(PKCS7 *pkcs7, STACK_OF(PKCS7) *newsafes, const char *oldpass,
    const char *newpass)
@@ -207,20 +180,30 @@ pkcs12_repack_authsafes(PKCS12 *pkcs12, STACK_OF(PKCS7) *newsafes,
        return ret;
 }
-static int
+int
-newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
+PKCS12_newpass(PKCS12 *pkcs12, const char *oldpass, const char *newpass)
 {
-        STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;
+        STACK_OF(PKCS7) *authsafes = NULL, *newsafes = NULL;
        int i;
        int ret = 0;
-        if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        if (pkcs12 == NULL) {
+                PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+                goto err;
+        }
+        if (!PKCS12_verify_mac(pkcs12, oldpass, -1)) {
+                PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
+                goto err;
+        }
+        if ((authsafes = PKCS12_unpack_authsafes(pkcs12)) == NULL)
                goto err;
        if ((newsafes = sk_PKCS7_new_null()) == NULL)
                goto err;
-        for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        for (i = 0; i < sk_PKCS7_num(authsafes); i++) {
-                PKCS7 *pkcs7 = sk_PKCS7_value(asafes, i);
+                PKCS7 *pkcs7 = sk_PKCS7_value(authsafes, i);
                switch (OBJ_obj2nid(pkcs7->type)) {
                case NID_pkcs7_data:
@@ -234,18 +217,18 @@ newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
                }
        }
-        if (!pkcs12_repack_authsafes(p12, newsafes, newpass))
+        if (!pkcs12_repack_authsafes(pkcs12, newsafes, newpass))
                goto err;
        ret = 1;
 err:
-        sk_PKCS7_pop_free(asafes, PKCS7_free);
+        sk_PKCS7_pop_free(authsafes, PKCS7_free);
        sk_PKCS7_pop_free(newsafes, PKCS7_free);
        return ret;
 }
+LCRYPTO_ALIAS(PKCS12_newpass);
 static int
 newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,

diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c index 23a5c5e768..fc726f2b74 100644 --- a/src/lib/libcrypto/pkcs12/p12_npas.c +++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p12_npas.c,v 1.22 2024/01/25 10:53:05 tb Exp $ */	1	/* $OpenBSD: p12_npas.c,v 1.23 2024/01/25 13:32:49 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -68,7 +68,6 @@
68		68
69	/* PKCS#12 password change routine */	69	/* PKCS#12 password change routine */
70		70
71	static int newpass_p12(PKCS12 p12, const char oldpass, const char *newpass);
72	static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) bags, const char oldpass,	71	static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) bags, const char oldpass,
73	const char *newpass);	72	const char *newpass);
74	static int newpass_bag(PKCS12_SAFEBAG bag, const char oldpass,	73	static int newpass_bag(PKCS12_SAFEBAG bag, const char oldpass,
@@ -79,32 +78,6 @@ static int alg_get(X509_ALGOR alg, int pnid, int piter, int psaltlen);
79	* Change the password on a PKCS#12 structure.	78	* Change the password on a PKCS#12 structure.
80	*/	79	*/
81		80
82	int
83	PKCS12_newpass(PKCS12 p12, const char oldpass, const char *newpass)
84	{
85	/* Check for NULL PKCS12 structure */
86
87	if (!p12) {
88	PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
89	return 0;
90	}
91
92	/* Check the mac */
93
94	if (!PKCS12_verify_mac(p12, oldpass, -1)) {
95	PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
96	return 0;
97	}
98
99	if (!newpass_p12(p12, oldpass, newpass)) {
100	PKCS12error(PKCS12_R_PARSE_ERROR);
101	return 0;
102	}
103
104	return 1;
105	}
106	LCRYPTO_ALIAS(PKCS12_newpass);
107
108	static int	81	static int
109	pkcs7_repack_data(PKCS7 pkcs7, STACK_OF(PKCS7) newsafes, const char *oldpass,	82	pkcs7_repack_data(PKCS7 pkcs7, STACK_OF(PKCS7) newsafes, const char *oldpass,
110	const char *newpass)	83	const char *newpass)
@@ -207,20 +180,30 @@ pkcs12_repack_authsafes(PKCS12 pkcs12, STACK_OF(PKCS7) newsafes,
207	return ret;	180	return ret;
208	}	181	}
209		182
210	static int	183	int
211	newpass_p12(PKCS12 p12, const char oldpass, const char *newpass)	184	PKCS12_newpass(PKCS12 pkcs12, const char oldpass, const char *newpass)
212	{	185	{
213	STACK_OF(PKCS7) asafes = NULL, newsafes = NULL;	186	STACK_OF(PKCS7) authsafes = NULL, newsafes = NULL;
214	int i;	187	int i;
215	int ret = 0;	188	int ret = 0;
216		189
217	if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)	190	if (pkcs12 == NULL) {
		191	PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
		192	goto err;
		193	}
		194
		195	if (!PKCS12_verify_mac(pkcs12, oldpass, -1)) {
		196	PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
		197	goto err;
		198	}
		199
		200	if ((authsafes = PKCS12_unpack_authsafes(pkcs12)) == NULL)
218	goto err;	201	goto err;
219	if ((newsafes = sk_PKCS7_new_null()) == NULL)	202	if ((newsafes = sk_PKCS7_new_null()) == NULL)
220	goto err;	203	goto err;
221		204
222	for (i = 0; i < sk_PKCS7_num(asafes); i++) {	205	for (i = 0; i < sk_PKCS7_num(authsafes); i++) {
223	PKCS7 *pkcs7 = sk_PKCS7_value(asafes, i);	206	PKCS7 *pkcs7 = sk_PKCS7_value(authsafes, i);
224		207
225	switch (OBJ_obj2nid(pkcs7->type)) {	208	switch (OBJ_obj2nid(pkcs7->type)) {
226	case NID_pkcs7_data:	209	case NID_pkcs7_data:
@@ -234,18 +217,18 @@ newpass_p12(PKCS12 p12, const char oldpass, const char *newpass)
234	}	217	}
235	}	218	}
236		219
237	if (!pkcs12_repack_authsafes(p12, newsafes, newpass))	220	if (!pkcs12_repack_authsafes(pkcs12, newsafes, newpass))
238	goto err;	221	goto err;
239		222
240	ret = 1;	223	ret = 1;
241		224
242	err:	225	err:
243	sk_PKCS7_pop_free(asafes, PKCS7_free);	226	sk_PKCS7_pop_free(authsafes, PKCS7_free);
244	sk_PKCS7_pop_free(newsafes, PKCS7_free);	227	sk_PKCS7_pop_free(newsafes, PKCS7_free);
245		228
246	return ret;	229	return ret;
247	}	230	}
248		231	LCRYPTO_ALIAS(PKCS12_newpass);
249		232
250	static int	233	static int
251	newpass_bags(STACK_OF(PKCS12_SAFEBAG) bags, const char oldpass,	234	newpass_bags(STACK_OF(PKCS12_SAFEBAG) bags, const char oldpass,