From 28da14555f09f1d523b8b7277529fb80a1383e85 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Sat, 13 Aug 2016 12:07:42 +0100 Subject: [PATCH] Convert PKCS12* functions to use const getters Reviewed-by: Richard Levitte Reviewed-by: Stephen Henson --- apps/pkcs12.c | 40 +++++++++++++++++++++------------------- crypto/pkcs12/p12_add.c | 4 ++-- crypto/pkcs12/p12_attr.c | 5 +++-- crypto/pkcs12/p12_kiss.c | 6 +++--- crypto/pkcs12/p12_mutl.c | 2 +- crypto/pkcs12/p12_sbag.c | 27 ++++++++++++++++++--------- include/openssl/pkcs12.h | 32 ++++++++++++++++++-------------- 7 files changed, 66 insertions(+), 50 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 7b12221ae11b9..b5d5673002261 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -29,14 +29,15 @@ NON_EMPTY_TRANSLATION_UNIT static int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); -int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, - int options, char *pempass, const EVP_CIPHER *enc); -int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, - char *pass, int passlen, int options, char *pempass, - const EVP_CIPHER *enc); -int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, - int passlen, int options, char *pempass, - const EVP_CIPHER *enc); +int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, + const char *pass, int passlen, int options, + char *pempass, const EVP_CIPHER *enc); +int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, + const char *pass, int passlen, int options, + char *pempass, const EVP_CIPHER *enc); +int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, + const char *pass, int passlen, + int options, char *pempass, const EVP_CIPHER *enc); int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); @@ -563,7 +564,7 @@ int pkcs12_main(int argc, char **argv) return (ret); } -int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, +int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass, int passlen, int options, char *pempass, const EVP_CIPHER *enc) { @@ -607,9 +608,9 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, return ret; } -int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, - char *pass, int passlen, int options, char *pempass, - const EVP_CIPHER *enc) +int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, + const char *pass, int passlen, int options, + char *pempass, const EVP_CIPHER *enc) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { @@ -621,14 +622,15 @@ int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, return 1; } -int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, - int passlen, int options, char *pempass, - const EVP_CIPHER *enc) +int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag, + const char *pass, int passlen, int options, + char *pempass, const EVP_CIPHER *enc) { EVP_PKEY *pkey; PKCS8_PRIV_KEY_INFO *p8; + const PKCS8_PRIV_KEY_INFO *p8c; X509 *x509; - STACK_OF(X509_ATTRIBUTE) *attrs; + const STACK_OF(X509_ATTRIBUTE) *attrs; int ret = 0; attrs = PKCS12_SAFEBAG_get0_attrs(bag); @@ -640,10 +642,10 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, if (options & NOKEYS) return 1; print_attribs(out, attrs, "Bag Attributes"); - p8 = PKCS12_SAFEBAG_get0_p8inf(bag); - if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) + p8c = PKCS12_SAFEBAG_get0_p8inf(bag); + if ((pkey = EVP_PKCS82PKEY(p8c)) == NULL) return 0; - print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); + print_attribs(out, PKCS8_pkey_get0_attrs(p8c), "Key Attributes"); ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); EVP_PKEY_free(pkey); break; diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 8a5ad2068d17f..193ed8097dc3f 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -138,7 +138,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, p7->d.encrypted->enc_data->enc_data, 1); } -PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, const char *pass, int passlen) { return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); @@ -152,7 +152,7 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) return 0; } -STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12) { if (!PKCS7_type_is_data(p12->authsafes)) { PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index 58935c154fa7f..a16231f074df0 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -76,7 +76,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) { - ASN1_TYPE *atype; + const ASN1_TYPE *atype; if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL) return NULL; @@ -86,7 +86,8 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) atype->value.bmpstring->length); } -STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(PKCS12_SAFEBAG *bag) +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag) { return bag->attrib; } diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index ea7e0c94ef2e9..62f5d1ec17b97 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -16,7 +16,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); -static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, +static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, @@ -157,7 +157,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, return 1; } -static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, +static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { int i; @@ -174,7 +174,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; - ASN1_TYPE *attrib; + const ASN1_TYPE *attrib; ASN1_BMPSTRING *fname = NULL; ASN1_OCTET_STRING *lkid = NULL; diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 87c40ee46ef3a..d608a5c02cf94 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -15,7 +15,7 @@ # include # include "p12_lcl.h" -int PKCS12_mac_present(PKCS12 *p12) +int PKCS12_mac_present(const PKCS12 *p12) { return p12->mac ? 1 : 0; } diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index c8564b4168227..4a3d259930730 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -12,7 +12,15 @@ #include #include "p12_lcl.h" -ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid) +#if OPENSSL_API_COMPAT < 0x10100000L +ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) +{ + return PKCS12_get_attr_gen(bag->attrib, attr_nid); +} +#endif + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid) { return PKCS12_get_attr_gen(bag->attrib, attr_nid); } @@ -22,38 +30,39 @@ ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid) return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid); } -PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag) +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag) { if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag) return NULL; return bag->value.keybag; } -X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag) +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag) { if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag) return NULL; return bag->value.shkeybag; } -STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag) +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag) { if (OBJ_obj2nid(bag->type) != NID_safeContentsBag) return NULL; return bag->value.safes; } -ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag) +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag) { return bag->type; } -int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag) +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag) { return OBJ_obj2nid(bag->type); } -int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag) +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag) { int btype = PKCS12_SAFEBAG_get_nid(bag); @@ -62,7 +71,7 @@ int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag) return OBJ_obj2nid(bag->value.bag->type); } -X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag) +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag) { if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag) return NULL; @@ -72,7 +81,7 @@ X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag) ASN1_ITEM_rptr(X509)); } -X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag) +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag) { if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag) return NULL; diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index 663f298d95257..76aa2c41a4c90 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -72,7 +72,6 @@ typedef struct pkcs12_bag_st PKCS12_BAGS; # define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert # define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl -# define PKCS12_get_attr PKCS12_SAFEBAG_get0_attr # define PKCS12_bag_type PKCS12_SAFEBAG_get_nid # define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid # define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert @@ -82,24 +81,28 @@ typedef struct pkcs12_bag_st PKCS12_BAGS; #endif +DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) + ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); -int PKCS12_mac_present(PKCS12 *p12); +int PKCS12_mac_present(const PKCS12 *p12); void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg, const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter, const PKCS12 *p12); -ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid); -ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag); -int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag); -int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag); +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); -X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag); -X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag); -STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag); -PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag); -X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag); +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); @@ -116,7 +119,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen); -PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, const char *pass, int passlen); X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, unsigned char *salt, @@ -132,7 +135,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen); int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); -STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); @@ -146,7 +149,8 @@ int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); -STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(PKCS12_SAFEBAG *bag); +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, const unsigned char *in, int inlen,