[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Fri Aug 19 14:49:08 UTC 2016
The branch master has been updated
via d5d9636a91b7d755e2bcb50d5708312b9f762a5f (commit)
via 28da14555f09f1d523b8b7277529fb80a1383e85 (commit)
from 7f35b7d9c5f41cac834c9fe20a16757adbd06535 (commit)
- Log -----------------------------------------------------------------
commit d5d9636a91b7d755e2bcb50d5708312b9f762a5f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Aug 19 12:59:55 2016 +0100
make update
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 28da14555f09f1d523b8b7277529fb80a1383e85
Author: Matt Caswell <matt at openssl.org>
Date: Sat Aug 13 12:07:42 2016 +0100
Convert PKCS12* functions to use const getters
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Stephen Henson <steve at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs12.c | 40 +++++++++++++++++++++-------------------
crypto/pkcs12/p12_add.c | 4 ++--
crypto/pkcs12/p12_attr.c | 5 +++--
crypto/pkcs12/p12_kiss.c | 6 +++---
crypto/pkcs12/p12_mutl.c | 2 +-
crypto/pkcs12/p12_sbag.c | 27 ++++++++++++++++++---------
include/openssl/pkcs12.h | 32 ++++++++++++++++++--------------
util/libcrypto.num | 1 +
8 files changed, 67 insertions(+), 50 deletions(-)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 7b12221..b5d5673 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -29,14 +29,15 @@ NON_EMPTY_TRANSLATION_UNIT
static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
- int options, char *pempass, const EVP_CIPHER *enc);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
- char *pass, int passlen, int options, char *pempass,
- const EVP_CIPHER *enc);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
- int passlen, int options, char *pempass,
- const EVP_CIPHER *enc);
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12,
+ const char *pass, int passlen, int options,
+ char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+ const char *pass, int passlen, int options,
+ char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
+ const char *pass, int passlen,
+ int options, char *pempass, const EVP_CIPHER *enc);
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -563,7 +564,7 @@ int pkcs12_main(int argc, char **argv)
return (ret);
}
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
int passlen, int options, char *pempass,
const EVP_CIPHER *enc)
{
@@ -607,9 +608,9 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
return ret;
}
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
- char *pass, int passlen, int options, char *pempass,
- const EVP_CIPHER *enc)
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+ const char *pass, int passlen, int options,
+ char *pempass, const EVP_CIPHER *enc)
{
int i;
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
@@ -621,14 +622,15 @@ int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
return 1;
}
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
- int passlen, int options, char *pempass,
- const EVP_CIPHER *enc)
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
+ const char *pass, int passlen, int options,
+ char *pempass, const EVP_CIPHER *enc)
{
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
+ const PKCS8_PRIV_KEY_INFO *p8c;
X509 *x509;
- STACK_OF(X509_ATTRIBUTE) *attrs;
+ const STACK_OF(X509_ATTRIBUTE) *attrs;
int ret = 0;
attrs = PKCS12_SAFEBAG_get0_attrs(bag);
@@ -640,10 +642,10 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if (options & NOKEYS)
return 1;
print_attribs(out, attrs, "Bag Attributes");
- p8 = PKCS12_SAFEBAG_get0_p8inf(bag);
- if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
+ p8c = PKCS12_SAFEBAG_get0_p8inf(bag);
+ if ((pkey = EVP_PKCS82PKEY(p8c)) == NULL)
return 0;
- print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
+ print_attribs(out, PKCS8_pkey_get0_attrs(p8c), "Key Attributes");
ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index 8a5ad20..193ed80 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -138,7 +138,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
p7->d.encrypted->enc_data->enc_data, 1);
}
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
const char *pass, int passlen)
{
return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
@@ -152,7 +152,7 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
return 0;
}
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
{
if (!PKCS7_type_is_data(p12->authsafes)) {
PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
index 58935c1..a16231f 100644
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -76,7 +76,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
{
- ASN1_TYPE *atype;
+ const ASN1_TYPE *atype;
if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL)
return NULL;
@@ -86,7 +86,8 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
atype->value.bmpstring->length);
}
-STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(PKCS12_SAFEBAG *bag)
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
{
return bag->attrib;
}
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index ea7e0c9..62f5d1e 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -16,7 +16,7 @@
static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
-static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
@@ -157,7 +157,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
return 1;
}
-static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
{
int i;
@@ -174,7 +174,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
{
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
- ASN1_TYPE *attrib;
+ const ASN1_TYPE *attrib;
ASN1_BMPSTRING *fname = NULL;
ASN1_OCTET_STRING *lkid = NULL;
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 87c40ee..d608a5c 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -15,7 +15,7 @@
# include <openssl/pkcs12.h>
# include "p12_lcl.h"
-int PKCS12_mac_present(PKCS12 *p12)
+int PKCS12_mac_present(const PKCS12 *p12)
{
return p12->mac ? 1 : 0;
}
diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
index c8564b4..4a3d259 100644
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -12,7 +12,15 @@
#include <openssl/pkcs12.h>
#include "p12_lcl.h"
-ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid)
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
+{
+ return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+#endif
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+ int attr_nid)
{
return PKCS12_get_attr_gen(bag->attrib, attr_nid);
}
@@ -22,38 +30,39 @@ ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
}
-PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag)
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
{
if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
return NULL;
return bag->value.keybag;
}
-X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag)
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
{
if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
return NULL;
return bag->value.shkeybag;
}
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag)
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
{
if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
return NULL;
return bag->value.safes;
}
-ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag)
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
{
return bag->type;
}
-int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag)
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
{
return OBJ_obj2nid(bag->type);
}
-int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag)
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
{
int btype = PKCS12_SAFEBAG_get_nid(bag);
@@ -62,7 +71,7 @@ int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag)
return OBJ_obj2nid(bag->value.bag->type);
}
-X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag)
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
{
if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
return NULL;
@@ -72,7 +81,7 @@ X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag)
ASN1_ITEM_rptr(X509));
}
-X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag)
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
{
if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
return NULL;
diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h
index 663f298..76aa2c4 100644
--- a/include/openssl/pkcs12.h
+++ b/include/openssl/pkcs12.h
@@ -72,7 +72,6 @@ typedef struct pkcs12_bag_st PKCS12_BAGS;
# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert
# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl
-# define PKCS12_get_attr PKCS12_SAFEBAG_get0_attr
# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
@@ -82,24 +81,28 @@ typedef struct pkcs12_bag_st PKCS12_BAGS;
#endif
+DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid))
+
ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
-int PKCS12_mac_present(PKCS12 *p12);
+int PKCS12_mac_present(const PKCS12 *p12);
void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
const X509_ALGOR **pmacalg,
const ASN1_OCTET_STRING **psalt,
const ASN1_INTEGER **piter,
const PKCS12 *p12);
-ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid);
-ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag);
-int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag);
-int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag);
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+ int attr_nid);
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
-X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag);
-PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag);
-X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag);
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag);
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
@@ -116,7 +119,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
int nid1, int nid2);
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
int passlen);
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
const char *pass, int passlen);
X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
const char *pass, int passlen, unsigned char *salt,
@@ -132,7 +135,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
int passlen);
int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12);
int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
int namelen);
@@ -146,7 +149,8 @@ int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
int attr_nid);
char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
-STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(PKCS12_SAFEBAG *bag);
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
const char *pass, int passlen,
const unsigned char *in, int inlen,
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 20c9dfb..19a8902 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4193,3 +4193,4 @@ EVP_PKEY_get1_tls_encodedpoint 4139 1_1_0 EXIST::FUNCTION:
ASN1_STRING_get0_data 4140 1_1_0 EXIST::FUNCTION:
X509_SIG_get0_mutable 4141 1_1_0 EXIST::FUNCTION:
X509_get0_serialNumber 4142 1_1_0 EXIST::FUNCTION:
+PKCS12_get_attr 4143 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
More information about the openssl-commits
mailing list