diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-08-17 17:27:05 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-08-17 17:48:43 +0100 |
| commit | 59b4da05b4072df79e85b5f8bbf4cf049431b9b6 (patch) | |
| tree | 155db4d78c61608b24d072f6a925b9031e3c98db /crypto | |
| parent | d6073e27ebdbab63bf0add13fa0f66dcaa6e39e8 (diff) | |
Constify X509_SIG.
Constify X509_SIG_get0() and order arguments to mactch new standard.
Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asn1/x_sig.c | 13 | ||||
| -rw-r--r-- | crypto/pkcs12/p12_decr.c | 10 | ||||
| -rw-r--r-- | crypto/pkcs12/p12_mutl.c | 22 | ||||
| -rw-r--r-- | crypto/pkcs12/p12_npas.c | 12 | ||||
| -rw-r--r-- | crypto/pkcs12/p12_p8d.c | 8 |
5 files changed, 39 insertions, 26 deletions
diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c index d5b0b69dde..1e835cb191 100644 --- a/crypto/asn1/x_sig.c +++ b/crypto/asn1/x_sig.c @@ -20,8 +20,17 @@ ASN1_SEQUENCE(X509_SIG) = { IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) -void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest, - X509_SIG *sig) +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest) +{ + if (palg) + *palg = sig->algor; + if (pdigest) + *pdigest = sig->digest; +} + +void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest) { if (palg) *palg = sig->algor; diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 9ad17d7f8a..3c860584e8 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -20,9 +20,9 @@ * Encrypt/Decrypt a buffer based on password and algor, result in a * OPENSSL_malloc'ed buffer */ - -unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, - int passlen, unsigned char *in, int inlen, +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, unsigned char **data, int *datalen, int en_de) { unsigned char *out = NULL; @@ -79,9 +79,9 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, * after use. */ -void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, const char *pass, int passlen, - ASN1_OCTET_STRING *oct, int zbuf) + const ASN1_OCTET_STRING *oct, int zbuf) { unsigned char *out; const unsigned char *p; diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 9ab2659293..87c40ee46e 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -20,12 +20,14 @@ int PKCS12_mac_present(PKCS12 *p12) return p12->mac ? 1 : 0; } -void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg, - ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter, - PKCS12 *p12) +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12) { if (p12->mac) { - X509_SIG_get0(pmacalg, pmac, p12->mac->dinfo); + X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac); if (psalt) *psalt = p12->mac->salt; if (piter) @@ -74,7 +76,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, int saltlen, iter; int md_size = 0; int md_type_nid; - X509_ALGOR *macalg; + const X509_ALGOR *macalg; const ASN1_OBJECT *macoid; if (!PKCS7_type_is_data(p12->authsafes)) { @@ -88,7 +90,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, iter = 1; else iter = ASN1_INTEGER_get(p12->mac->iter); - X509_SIG_get0(&macalg, NULL, p12->mac->dinfo); + X509_SIG_get0(p12->mac->dinfo, &macalg, NULL); X509_ALGOR_get0(&macoid, NULL, NULL, macalg); if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); @@ -131,7 +133,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; - ASN1_OCTET_STRING *macoct; + const ASN1_OCTET_STRING *macoct; if (p12->mac == NULL) { PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); @@ -141,7 +143,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } - X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); + X509_SIG_get0(p12->mac->dinfo, NULL, &macoct); if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen)) return 0; @@ -168,7 +170,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } - X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); + X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct); if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); return 0; @@ -206,7 +208,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 0; } else memcpy(p12->mac->salt->data, salt, saltlen); - X509_SIG_get0(&macalg, NULL, p12->mac->dinfo); + X509_SIG_get0_mutable(p12->mac->dinfo, &macalg, NULL); if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)), V_ASN1_NULL, NULL)) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index 21bd772476..f075bcacc3 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -22,7 +22,8 @@ static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, const char *newpass); static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, const char *newpass); -static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); +static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, + int *psaltlen); /* * Change the password on a PKCS#12 structure. @@ -109,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto err; - X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); + X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct); if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) goto err; @@ -148,14 +149,14 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, PKCS8_PRIV_KEY_INFO *p8; X509_SIG *p8new; int p8_nid, p8_saltlen, p8_iter; - X509_ALGOR *shalg; + const X509_ALGOR *shalg; if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag) return 1; if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL) return 0; - X509_SIG_get0(&shalg, NULL, bag->value.shkeybag); + X509_SIG_get0(bag->value.shkeybag, &shalg, NULL); if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen)) return 0; p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, @@ -168,7 +169,8 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, return 1; } -static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) +static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, + int *psaltlen) { PBEPARAM *pbe; pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter); diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c index 97577da26e..d926a77df8 100644 --- a/crypto/pkcs12/p12_p8d.c +++ b/crypto/pkcs12/p12_p8d.c @@ -11,12 +11,12 @@ #include "internal/cryptlib.h" #include <openssl/pkcs12.h> -PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen) { - X509_ALGOR *dalg; - ASN1_OCTET_STRING *doct; - X509_SIG_get0(&dalg, &doct, p8); + const X509_ALGOR *dalg; + const ASN1_OCTET_STRING *doct; + X509_SIG_get0(p8, &dalg, &doct); return PKCS12_item_decrypt_d2i(dalg, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, passlen, doct, 1); |