Commit 59b4da05 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Constify X509_SIG. 



Constify X509_SIG_get0() and order arguments to mactch new standard.

Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent d6073e27

apps/pkcs12.c

+7 −7
Original line number Diff line number Diff line
@@ -40,7 +40,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, 
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,

                  const char *name);

void hex_prin(BIO *out, unsigned char *buf, int len);

static int alg_print(X509_ALGOR *alg);

static int alg_print(const X509_ALGOR *alg);

int cert_load(BIO *in, STACK_OF(X509) *sk);

static int set_pbe(int *ppbe, const char *str);
@@ -521,8 +521,8 @@ int pkcs12_main(int argc, char **argv) 
        OPENSSL_strlcpy(macpass, pass, sizeof macpass);



    if ((options & INFO) && PKCS12_mac_present(p12)) {

        ASN1_INTEGER *tmaciter;

        X509_ALGOR *macalgid;

        const ASN1_INTEGER *tmaciter;

        const X509_ALGOR *macalgid;

        const ASN1_OBJECT *macobj;

        PKCS12_get0_mac(NULL, &macalgid, NULL, &tmaciter, p12);

        X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
@@ -650,12 +650,12 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, 


    case NID_pkcs8ShroudedKeyBag:

        if (options & INFO) {

            X509_SIG *tp8;

            X509_ALGOR *tp8alg;

            const X509_SIG *tp8;

            const X509_ALGOR *tp8alg;



            BIO_printf(bio_err, "Shrouded Keybag: ");

            tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag);

            X509_SIG_get0(&tp8alg, NULL, tp8);

            X509_SIG_get0(tp8, &tp8alg, NULL);

            alg_print(tp8alg);

        }

        if (options & NOKEYS)
@@ -740,7 +740,7 @@ end: 
    return i;

}



static int alg_print(X509_ALGOR *alg)

static int alg_print(const X509_ALGOR *alg)

{

    int pbenid, aparamtype;

    const ASN1_OBJECT *aoid;

crypto/asn1/x_sig.c

+11 −2
Original line number Diff line number Diff line
@@ -20,8 +20,17 @@ ASN1_SEQUENCE(X509_SIG) = { 


IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)



void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,

                   X509_SIG *sig)

void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,

                   const ASN1_OCTET_STRING **pdigest)

{

    if (palg)

        *palg = sig->algor;

    if (pdigest)

        *pdigest = sig->digest;

}



void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,

                           ASN1_OCTET_STRING **pdigest)

{

    if (palg)

        *palg = sig->algor;

crypto/pkcs12/p12_decr.c

+5 −5
Original line number Diff line number Diff line
@@ -20,9 +20,9 @@ 
 * Encrypt/Decrypt a buffer based on password and algor, result in a

 * OPENSSL_malloc'ed buffer

 */



unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,

                                int passlen, unsigned char *in, int inlen,

unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,

                                const char *pass, int passlen,

                                const unsigned char *in, int inlen,

                                unsigned char **data, int *datalen, int en_de)

{

    unsigned char *out = NULL;
@@ -79,9 +79,9 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, 
 * after use.

 */



void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,

void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,

                              const char *pass, int passlen,

                              ASN1_OCTET_STRING *oct, int zbuf)

                              const ASN1_OCTET_STRING *oct, int zbuf)

{

    unsigned char *out;

    const unsigned char *p;

crypto/pkcs12/p12_mutl.c

+12 −10
Original line number Diff line number Diff line
@@ -20,12 +20,14 @@ int PKCS12_mac_present(PKCS12 *p12) 
    return p12->mac ? 1 : 0;

}



void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg,

                     ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter,

                     PKCS12 *p12)

void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,

                     const X509_ALGOR **pmacalg,

                     const ASN1_OCTET_STRING **psalt,

                     const ASN1_INTEGER **piter,

                     const PKCS12 *p12)

{

    if (p12->mac) {

        X509_SIG_get0(pmacalg, pmac, p12->mac->dinfo);

        X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);

        if (psalt)

            *psalt = p12->mac->salt;

        if (piter)
@@ -74,7 +76,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 
    int saltlen, iter;

    int md_size = 0;

    int md_type_nid;

    X509_ALGOR *macalg;

    const X509_ALGOR *macalg;

    const ASN1_OBJECT *macoid;



    if (!PKCS7_type_is_data(p12->authsafes)) {
@@ -88,7 +90,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 
        iter = 1;

    else

        iter = ASN1_INTEGER_get(p12->mac->iter);

    X509_SIG_get0(&macalg, NULL, p12->mac->dinfo);

    X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);

    X509_ALGOR_get0(&macoid, NULL, NULL, macalg);

    if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {

        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
@@ -131,7 +133,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) 
{

    unsigned char mac[EVP_MAX_MD_SIZE];

    unsigned int maclen;

    ASN1_OCTET_STRING *macoct;

    const ASN1_OCTET_STRING *macoct;



    if (p12->mac == NULL) {

        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
@@ -141,7 +143,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) 
        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);

        return 0;

    }

    X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);

    X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);

    if ((maclen != (unsigned int)ASN1_STRING_length(macoct))

        || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen))

        return 0;
@@ -168,7 +170,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, 
        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);

        return 0;

    }

    X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);

    X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);

    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {

        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);

        return 0;
@@ -206,7 +208,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, 
            return 0;

    } else

        memcpy(p12->mac->salt->data, salt, saltlen);

    X509_SIG_get0(&macalg, NULL, p12->mac->dinfo);

    X509_SIG_get0_mutable(p12->mac->dinfo, &macalg, NULL);

    if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),

                         V_ASN1_NULL, NULL)) {

        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);

crypto/pkcs12/p12_npas.c

+7 −5
Original line number Diff line number Diff line
@@ -22,7 +22,8 @@ static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, 
                        const char *newpass);

static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,

                        const char *newpass);

static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);

static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,

                   int *psaltlen);



/*

 * Change the password on a PKCS#12 structure.
@@ -109,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) 


    if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))

        goto err;

    X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);

    X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);

    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))

        goto err;
@@ -148,14 +149,14 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, 
    PKCS8_PRIV_KEY_INFO *p8;

    X509_SIG *p8new;

    int p8_nid, p8_saltlen, p8_iter;

    X509_ALGOR *shalg;

    const X509_ALGOR *shalg;



    if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)

        return 1;



    if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)

        return 0;

    X509_SIG_get0(&shalg, NULL, bag->value.shkeybag);

    X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);

    if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))

        return 0;

    p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
@@ -168,7 +169,8 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, 
    return 1;

}



static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)

static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,

                   int *psaltlen)

{

    PBEPARAM *pbe;

    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);