Browse Source

Constify X509_SIG.

Constify X509_SIG_get0() and order arguments to mactch new standard.

Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.

Reviewed-by: Matt Caswell <matt@openssl.org>
master
Dr. Stephen Henson 6 years ago
parent
commit
59b4da05b4
9 changed files with 69 additions and 47 deletions
  1. +7
    -7
      apps/pkcs12.c
  2. +11
    -2
      crypto/asn1/x_sig.c
  3. +5
    -5
      crypto/pkcs12/p12_decr.c
  4. +12
    -10
      crypto/pkcs12/p12_mutl.c
  5. +7
    -5
      crypto/pkcs12/p12_npas.c
  6. +4
    -4
      crypto/pkcs12/p12_p8d.c
  7. +8
    -4
      doc/crypto/X509_SIG_get0.pod
  8. +11
    -8
      include/openssl/pkcs12.h
  9. +4
    -2
      include/openssl/x509.h

+ 7
- 7
apps/pkcs12.c View File

@ -40,7 +40,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
static int alg_print(X509_ALGOR *alg);
static int alg_print(const X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
static int set_pbe(int *ppbe, const char *str);
@ -521,8 +521,8 @@ int pkcs12_main(int argc, char **argv)
OPENSSL_strlcpy(macpass, pass, sizeof macpass);
if ((options & INFO) && PKCS12_mac_present(p12)) {
ASN1_INTEGER *tmaciter;
X509_ALGOR *macalgid;
const ASN1_INTEGER *tmaciter;
const X509_ALGOR *macalgid;
const ASN1_OBJECT *macobj;
PKCS12_get0_mac(NULL, &macalgid, NULL, &tmaciter, p12);
X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
@ -650,12 +650,12 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
case NID_pkcs8ShroudedKeyBag:
if (options & INFO) {
X509_SIG *tp8;
X509_ALGOR *tp8alg;
const X509_SIG *tp8;
const X509_ALGOR *tp8alg;
BIO_printf(bio_err, "Shrouded Keybag: ");
tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag);
X509_SIG_get0(&tp8alg, NULL, tp8);
X509_SIG_get0(tp8, &tp8alg, NULL);
alg_print(tp8alg);
}
if (options & NOKEYS)
@ -740,7 +740,7 @@ end:
return i;
}
static int alg_print(X509_ALGOR *alg)
static int alg_print(const X509_ALGOR *alg)
{
int pbenid, aparamtype;
const ASN1_OBJECT *aoid;


+ 11
- 2
crypto/asn1/x_sig.c View File

@ -20,8 +20,17 @@ ASN1_SEQUENCE(X509_SIG) = {
IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
X509_SIG *sig)
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
const ASN1_OCTET_STRING **pdigest)
{
if (palg)
*palg = sig->algor;
if (pdigest)
*pdigest = sig->digest;
}
void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest)
{
if (palg)
*palg = sig->algor;


+ 5
- 5
crypto/pkcs12/p12_decr.c View File

@ -20,9 +20,9 @@
* Encrypt/Decrypt a buffer based on password and algor, result in a
* OPENSSL_malloc'ed buffer
*/
unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
int passlen, unsigned char *in, int inlen,
unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
const char *pass, int passlen,
const unsigned char *in, int inlen,
unsigned char **data, int *datalen, int en_de)
{
unsigned char *out = NULL;
@ -79,9 +79,9 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
* after use.
*/
void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
const char *pass, int passlen,
ASN1_OCTET_STRING *oct, int zbuf)
const ASN1_OCTET_STRING *oct, int zbuf)
{
unsigned char *out;
const unsigned char *p;


+ 12
- 10
crypto/pkcs12/p12_mutl.c View File

@ -20,12 +20,14 @@ int PKCS12_mac_present(PKCS12 *p12)
return p12->mac ? 1 : 0;
}
void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg,
ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter,
PKCS12 *p12)
void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
const X509_ALGOR **pmacalg,
const ASN1_OCTET_STRING **psalt,
const ASN1_INTEGER **piter,
const PKCS12 *p12)
{
if (p12->mac) {
X509_SIG_get0(pmacalg, pmac, p12->mac->dinfo);
X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);
if (psalt)
*psalt = p12->mac->salt;
if (piter)
@ -74,7 +76,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
int saltlen, iter;
int md_size = 0;
int md_type_nid;
X509_ALGOR *macalg;
const X509_ALGOR *macalg;
const ASN1_OBJECT *macoid;
if (!PKCS7_type_is_data(p12->authsafes)) {
@ -88,7 +90,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
iter = 1;
else
iter = ASN1_INTEGER_get(p12->mac->iter);
X509_SIG_get0(&macalg, NULL, p12->mac->dinfo);
X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
@ -131,7 +133,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
{
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
ASN1_OCTET_STRING *macoct;
const ASN1_OCTET_STRING *macoct;
if (p12->mac == NULL) {
PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
@ -141,7 +143,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);
X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
|| CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen))
return 0;
@ -168,7 +170,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);
X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);
if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
return 0;
@ -206,7 +208,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
X509_SIG_get0(&macalg, NULL, p12->mac->dinfo);
X509_SIG_get0_mutable(p12->mac->dinfo, &macalg, NULL);
if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
V_ASN1_NULL, NULL)) {
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);


+ 7
- 5
crypto/pkcs12/p12_npas.c View File

@ -22,7 +22,8 @@ static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
const char *newpass);
static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
const char *newpass);
static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
int *psaltlen);
/*
* Change the password on a PKCS#12 structure.
@ -109,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
goto err;
X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);
X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);
if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
goto err;
@ -148,14 +149,14 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
PKCS8_PRIV_KEY_INFO *p8;
X509_SIG *p8new;
int p8_nid, p8_saltlen, p8_iter;
X509_ALGOR *shalg;
const X509_ALGOR *shalg;
if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
return 1;
if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
return 0;
X509_SIG_get0(&shalg, NULL, bag->value.shkeybag);
X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
return 0;
p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
@ -168,7 +169,8 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
return 1;
}
static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
int *psaltlen)
{
PBEPARAM *pbe;
pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);


+ 4
- 4
crypto/pkcs12/p12_p8d.c View File

@ -11,12 +11,12 @@
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
int passlen)
{
X509_ALGOR *dalg;
ASN1_OCTET_STRING *doct;
X509_SIG_get0(&dalg, &doct, p8);
const X509_ALGOR *dalg;
const ASN1_OCTET_STRING *doct;
X509_SIG_get0(p8, &dalg, &doct);
return PKCS12_item_decrypt_d2i(dalg,
ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
passlen, doct, 1);


+ 8
- 4
doc/crypto/X509_SIG_get0.pod View File

@ -2,19 +2,23 @@
=head1 NAME
X509_SIG_get0 - Get DigestInfo functions
X509_SIG_get0, X509_SIG_get0_mutable - DigestInfo functions
=head1 SYNOPSIS
#include <openssl/x509.h>
void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
X509_SIG *sig);
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
const ASN1_OCTET_STRING **pdigest);
void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest,
=head1 DESCRIPTION
X509_SIG_get0() returns pointers to the algorithm identifier and digest
value in B<sig>. These values can then be examined or initialised.
value in B<sig>. X509_SIG_get0_mutable() is identical to X509_SIG_get0()
except the pointers returned are not constant and can be modified:
for example to initialise them.
=head1 SEE ALSO


+ 11
- 8
include/openssl/pkcs12.h View File

@ -84,9 +84,11 @@ typedef struct pkcs12_bag_st PKCS12_BAGS;
ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
int PKCS12_mac_present(PKCS12 *p12);
void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg,
ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter,
PKCS12 *p12);
void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
const X509_ALGOR **pmacalg,
const ASN1_OCTET_STRING **psalt,
const ASN1_INTEGER **piter,
const PKCS12 *p12);
ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid);
ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag);
@ -112,7 +114,7 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
int nid1, int nid2);
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
int passlen);
PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
const char *pass, int passlen);
@ -145,13 +147,14 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
int attr_nid);
char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(PKCS12_SAFEBAG *bag);
unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
int passlen, unsigned char *in, int inlen,
unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
const char *pass, int passlen,
const unsigned char *in, int inlen,
unsigned char **data, int *datalen,
int en_de);
void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
const char *pass, int passlen,
ASN1_OCTET_STRING *oct, int zbuf);
const ASN1_OCTET_STRING *oct, int zbuf);
ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
const ASN1_ITEM *it,
const char *pass, int passlen,


+ 4
- 2
include/openssl/x509.h View File

@ -516,8 +516,10 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
# endif
DECLARE_ASN1_FUNCTIONS(X509_SIG)
void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
X509_SIG *sig);
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
const ASN1_OCTET_STRING **pdigest);
void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest);
DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
DECLARE_ASN1_FUNCTIONS(X509_REQ)


Loading…
Cancel
Save