case NID_pkcs8ShroudedKeyBag:
if (options & INFO) {
X509_SIG *tp8;
+ X509_ALGOR *tp8alg;
BIO_printf(bio_err, "Shrouded Keybag: ");
tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag);
- alg_print(tp8->algor);
+ X509_SIG_get0(&tp8alg, NULL, tp8);
+ alg_print(tp8alg);
}
if (options & NOKEYS)
return 1;
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
ASN1_SEQUENCE(X509_SIG) = {
ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
} ASN1_SEQUENCE_END(X509_SIG)
IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
+
+void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
+ X509_SIG *sig)
+{
+ if (palg)
+ *palg = sig->algor;
+ if (pdigest)
+ *pdigest = sig->digest;
+}
ASN1_OCTET_STRING *pkey;
STACK_OF(X509_ATTRIBUTE) *attributes;
};
+
+struct X509_sig_st {
+ X509_ALGOR *algor;
+ ASN1_OCTET_STRING *digest;
+};
PKCS12 *p12)
{
if (p12->mac) {
- if (pmac)
- *pmac = p12->mac->dinfo->digest;
- if (pmacalg)
- *pmacalg = p12->mac->dinfo->algor;
+ X509_SIG_get0(pmacalg, pmac, p12->mac->dinfo);
if (psalt)
*psalt = p12->mac->salt;
if (piter)
int saltlen, iter;
int md_size = 0;
int md_type_nid;
+ X509_ALGOR *macalg;
+ ASN1_OBJECT *macoid;
if (!PKCS7_type_is_data(p12->authsafes)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
iter = 1;
else
iter = ASN1_INTEGER_get(p12->mac->iter);
- if ((md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))
- == NULL) {
+ X509_SIG_get0(&macalg, NULL, p12->mac->dinfo);
+ X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
+ if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
return 0;
}
{
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
+ ASN1_OCTET_STRING *macoct;
+
if (p12->mac == NULL) {
PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
return 0;
PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
- if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
- || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
+ X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);
+ if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
+ || CRYPTO_memcmp(mac, ASN1_STRING_data(macoct), maclen))
return 0;
return 1;
}
{
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
+ ASN1_OCTET_STRING *macoct;
if (!md_type)
md_type = EVP_sha1();
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
- if (!(ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
+ X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);
+ if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
return 0;
}
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
const EVP_MD *md_type)
{
+ X509_ALGOR *macalg;
+
if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
return PKCS12_ERROR;
if (iter > 1) {
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
- p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
- if ((p12->mac->dinfo->algor->parameter = ASN1_TYPE_new()) == NULL) {
+ X509_SIG_get0(&macalg, NULL, p12->mac->dinfo);
+ if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
+ V_ASN1_NULL, NULL)) {
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
- p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
return 1;
}
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
PKCS7 *p7, *p7new;
- ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
+ ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
goto saferr;
- if ((macnew = ASN1_OCTET_STRING_new()) == NULL)
+ X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);
+ if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
goto saferr;
- if (!ASN1_OCTET_STRING_set(macnew, mac, maclen))
- goto saferr;
- ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
- p12->mac->dinfo->digest = macnew;
ASN1_OCTET_STRING_free(p12_data_tmp);
return 1;
saferr:
/* Restore old safe */
ASN1_OCTET_STRING_free(p12->authsafes->d.data);
- ASN1_OCTET_STRING_free(macnew);
p12->authsafes->d.data = p12_data_tmp;
return 0;
PKCS8_PRIV_KEY_INFO *p8;
X509_SIG *p8new;
int p8_nid, p8_saltlen, p8_iter;
+ X509_ALGOR *shalg;
if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
return 1;
if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
return 0;
- if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen))
+ X509_SIG_get0(&shalg, NULL, bag->value.shkeybag);
+ if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
return 0;
if ((p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
p8_iter, p8)) == NULL)
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
int passlen)
{
- return PKCS12_item_decrypt_d2i(p8->algor,
+ X509_ALGOR *dalg;
+ ASN1_OCTET_STRING *doct;
+ X509_SIG_get0(&dalg, &doct, p8);
+ return PKCS12_item_decrypt_d2i(dalg,
ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
- passlen, p8->digest, 1);
+ passlen, doct, 1);
}
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
+#include "internal/x509_int.h"
X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
const char *pass, int passlen,
return NULL;
}
- if ((p8 = X509_SIG_new()) == NULL) {
+ p8 = OPENSSL_zalloc(sizeof(*p8));
+
+ if (p8 == NULL) {
PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE);
ASN1_OCTET_STRING_free(enckey);
return NULL;
}
- X509_ALGOR_free(p8->algor);
- ASN1_OCTET_STRING_free(p8->digest);
p8->algor = pbe;
p8->digest = enckey;
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
#include "rsa_locl.h"
/* Size of an SSL signature: MD5+SHA1 */
X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
+ void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
+ X509_SIG *sig);
=head1 DESCRIPTION
-These functions decode and encode an X509_SIG structure which is
-equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
+The functions d2i_X509_SIG() and i2d_X509_SIG() decode and encode an
+X509_SIG structure which is equivalent to the B<DigestInfo> structure
+defined in PKCS#1 and PKCS#7.
-Otherwise these behave in a similar way to d2i_X509() and i2d_X509()
+Otherwise they behave in a similar way to d2i_X509() and i2d_X509()
described in the L<d2i_X509(3)> manual page.
+X509_SIG_get0() returns pointers to the algorithm identifier and digest
+value in B<sig>. These values can then be examined or initialised.
+
=head1 SEE ALSO
L<d2i_X509(3)>
CRYPTO_RWLOCK *lock;
};
-typedef struct X509_sig_st {
- X509_ALGOR *algor;
- ASN1_OCTET_STRING *digest;
-} X509_SIG;
+typedef struct X509_sig_st X509_SIG;
typedef struct X509_name_entry_st X509_NAME_ENTRY;
# endif
DECLARE_ASN1_FUNCTIONS(X509_SIG)
+void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
+ X509_SIG *sig);
+
DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
DECLARE_ASN1_FUNCTIONS(X509_REQ)
projects / openssl.git / commitdiff