From e4b6dfd5d051d26e64c697da2bebc924f093f928 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 25 Jan 2024 13:32:49 +0000 Subject: [PATCH] Merge PKCS12_newpass() and newpass_p12() With the previous refactoring, newpass_p12() became simple enough that it doesn't require a separate function anymore. Merge the public API into it and move it below (most of) the things it calls. ok jsing --- lib/libcrypto/pkcs12/p12_npas.c | 57 ++++++++++++--------------------- 1 file changed, 20 insertions(+), 37 deletions(-) diff --git a/lib/libcrypto/pkcs12/p12_npas.c b/lib/libcrypto/pkcs12/p12_npas.c index 23a5c5e7687..fc726f2b74e 100644 --- a/lib/libcrypto/pkcs12/p12_npas.c +++ b/lib/libcrypto/pkcs12/p12_npas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_npas.c,v 1.22 2024/01/25 10:53:05 tb Exp $ */ +/* $OpenBSD: p12_npas.c,v 1.23 2024/01/25 13:32:49 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -68,7 +68,6 @@ /* PKCS#12 password change routine */ -static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass); static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, const char *newpass); static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, @@ -79,32 +78,6 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); * Change the password on a PKCS#12 structure. */ -int -PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass) -{ - /* Check for NULL PKCS12 structure */ - - if (!p12) { - PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); - return 0; - } - - /* Check the mac */ - - if (!PKCS12_verify_mac(p12, oldpass, -1)) { - PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); - return 0; - } - - if (!newpass_p12(p12, oldpass, newpass)) { - PKCS12error(PKCS12_R_PARSE_ERROR); - return 0; - } - - return 1; -} -LCRYPTO_ALIAS(PKCS12_newpass); - static int pkcs7_repack_data(PKCS7 *pkcs7, STACK_OF(PKCS7) *newsafes, const char *oldpass, const char *newpass) @@ -207,20 +180,30 @@ pkcs12_repack_authsafes(PKCS12 *pkcs12, STACK_OF(PKCS7) *newsafes, return ret; } -static int -newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) +int +PKCS12_newpass(PKCS12 *pkcs12, const char *oldpass, const char *newpass) { - STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL; + STACK_OF(PKCS7) *authsafes = NULL, *newsafes = NULL; int i; int ret = 0; - if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) + if (pkcs12 == NULL) { + PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); + goto err; + } + + if (!PKCS12_verify_mac(pkcs12, oldpass, -1)) { + PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); + goto err; + } + + if ((authsafes = PKCS12_unpack_authsafes(pkcs12)) == NULL) goto err; if ((newsafes = sk_PKCS7_new_null()) == NULL) goto err; - for (i = 0; i < sk_PKCS7_num(asafes); i++) { - PKCS7 *pkcs7 = sk_PKCS7_value(asafes, i); + for (i = 0; i < sk_PKCS7_num(authsafes); i++) { + PKCS7 *pkcs7 = sk_PKCS7_value(authsafes, i); switch (OBJ_obj2nid(pkcs7->type)) { case NID_pkcs7_data: @@ -234,18 +217,18 @@ newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) } } - if (!pkcs12_repack_authsafes(p12, newsafes, newpass)) + if (!pkcs12_repack_authsafes(pkcs12, newsafes, newpass)) goto err; ret = 1; err: - sk_PKCS7_pop_free(asafes, PKCS7_free); + sk_PKCS7_pop_free(authsafes, PKCS7_free); sk_PKCS7_pop_free(newsafes, PKCS7_free); return ret; } - +LCRYPTO_ALIAS(PKCS12_newpass); static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, -- 2.20.1