Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
d800d0f4
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d800d0f4
编写于
5月 05, 2016
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Tidy up PKCS12_newpass() fix memory leaks.
PR#4466 Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
708cf5de
变更
1
显示空白变更内容
内联
并排
Showing
1 changed file
with
36 addition
and
37 deletion
+36
-37
crypto/pkcs12/p12_npas.c
crypto/pkcs12/p12_npas.c
+36
-37
未找到文件。
crypto/pkcs12/p12_npas.c
浏览文件 @
d800d0f4
...
...
@@ -105,18 +105,19 @@ int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
static
int
newpass_p12
(
PKCS12
*
p12
,
char
*
oldpass
,
char
*
newpass
)
{
STACK_OF
(
PKCS7
)
*
asafes
,
*
newsafes
;
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
;
STACK_OF
(
PKCS7
)
*
asafes
=
NULL
,
*
newsafes
=
NULL
;
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
=
NULL
;
int
i
,
bagnid
,
pbe_nid
=
0
,
pbe_iter
=
0
,
pbe_saltlen
=
0
;
PKCS7
*
p7
,
*
p7new
;
ASN1_OCTET_STRING
*
p12_data_tmp
=
NULL
,
*
macoct
=
NULL
;
unsigned
char
mac
[
EVP_MAX_MD_SIZE
];
unsigned
int
maclen
;
int
rv
=
0
;
if
((
asafes
=
PKCS12_unpack_authsafes
(
p12
))
==
NULL
)
return
0
;
goto
err
;
if
((
newsafes
=
sk_PKCS7_new_null
())
==
NULL
)
return
0
;
goto
err
;
for
(
i
=
0
;
i
<
sk_PKCS7_num
(
asafes
);
i
++
)
{
p7
=
sk_PKCS7_value
(
asafes
,
i
);
bagnid
=
OBJ_obj2nid
(
p7
->
type
);
...
...
@@ -125,59 +126,55 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
}
else
if
(
bagnid
==
NID_pkcs7_encrypted
)
{
bags
=
PKCS12_unpack_p7encdata
(
p7
,
oldpass
,
-
1
);
if
(
!
alg_get
(
p7
->
d
.
encrypted
->
enc_data
->
algorithm
,
&
pbe_nid
,
&
pbe_iter
,
&
pbe_saltlen
))
{
sk_PKCS12_SAFEBAG_pop_free
(
bags
,
PKCS12_SAFEBAG_free
);
bags
=
NULL
;
}
}
else
&
pbe_nid
,
&
pbe_iter
,
&
pbe_saltlen
))
goto
err
;
}
else
{
continue
;
if
(
!
bags
)
{
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
return
0
;
}
if
(
!
newpass_bags
(
bags
,
oldpass
,
newpass
))
{
sk_PKCS12_SAFEBAG_pop_free
(
bags
,
PKCS12_SAFEBAG_free
);
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
return
0
;
}
if
(
bags
==
NULL
)
goto
err
;
if
(
!
newpass_bags
(
bags
,
oldpass
,
newpass
))
goto
err
;
/* Repack bag in same form with new password */
if
(
bagnid
==
NID_pkcs7_data
)
p7new
=
PKCS12_pack_p7data
(
bags
);
else
p7new
=
PKCS12_pack_p7encdata
(
pbe_nid
,
newpass
,
-
1
,
NULL
,
pbe_saltlen
,
pbe_iter
,
bags
);
if
(
!
p7new
||
!
sk_PKCS7_push
(
newsafes
,
p7new
))
goto
err
;
sk_PKCS12_SAFEBAG_pop_free
(
bags
,
PKCS12_SAFEBAG_free
);
if
(
!
p7new
)
{
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
return
0
;
}
sk_PKCS7_push
(
newsafes
,
p7new
);
bags
=
NULL
;
}
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
/* Repack safe: save old safe in case of error */
p12_data_tmp
=
p12
->
authsafes
->
d
.
data
;
if
((
p12
->
authsafes
->
d
.
data
=
ASN1_OCTET_STRING_new
())
==
NULL
)
goto
saf
err
;
goto
err
;
if
(
!
PKCS12_pack_authsafes
(
p12
,
newsafes
))
goto
saf
err
;
goto
err
;
if
(
!
PKCS12_gen_mac
(
p12
,
newpass
,
-
1
,
mac
,
&
maclen
))
goto
saf
err
;
goto
err
;
X509_SIG_get0
(
NULL
,
&
macoct
,
p12
->
mac
->
dinfo
);
if
(
!
ASN1_OCTET_STRING_set
(
macoct
,
mac
,
maclen
))
goto
saferr
;
ASN1_OCTET_STRING_free
(
p12_data_tmp
);
goto
err
;
r
eturn
1
;
r
v
=
1
;
saferr:
/* Restore old safe */
err:
/* Restore old safe if necessary */
if
(
rv
==
1
)
{
ASN1_OCTET_STRING_free
(
p12_data_tmp
);
}
else
if
(
p12_data_tmp
!=
NULL
)
{
ASN1_OCTET_STRING_free
(
p12
->
authsafes
->
d
.
data
);
p12
->
authsafes
->
d
.
data
=
p12_data_tmp
;
return
0
;
}
sk_PKCS12_SAFEBAG_pop_free
(
bags
,
PKCS12_SAFEBAG_free
);
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
sk_PKCS7_pop_free
(
newsafes
,
PKCS7_free
);
return
rv
;
}
static
int
newpass_bags
(
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
,
char
*
oldpass
,
...
...
@@ -208,8 +205,10 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
X509_SIG_get0
(
&
shalg
,
NULL
,
bag
->
value
.
shkeybag
);
if
(
!
alg_get
(
shalg
,
&
p8_nid
,
&
p8_iter
,
&
p8_saltlen
))
return
0
;
if
((
p8new
=
PKCS8_encrypt
(
p8_nid
,
NULL
,
newpass
,
-
1
,
NULL
,
p8_saltlen
,
p8_iter
,
p8
))
==
NULL
)
p8new
=
PKCS8_encrypt
(
p8_nid
,
NULL
,
newpass
,
-
1
,
NULL
,
p8_saltlen
,
p8_iter
,
p8
);
PKCS8_PRIV_KEY_INFO_free
(
p8
);
if
(
p8new
==
NULL
)
return
0
;
X509_SIG_free
(
bag
->
value
.
shkeybag
);
bag
->
value
.
shkeybag
=
p8new
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录