From c95a8b4eb51cec25ddce846dfbd922b016d54d0c Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Thu, 5 May 2016 14:26:26 +0100 Subject: [PATCH] Add documentation of PKCS12_newpass() PR#4478 Reviewed-by: Rich Salz Reviewed-by: Stephen Henson --- doc/crypto/PKCS12_newpass.pod | 94 +++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 doc/crypto/PKCS12_newpass.pod diff --git a/doc/crypto/PKCS12_newpass.pod b/doc/crypto/PKCS12_newpass.pod new file mode 100644 index 0000000000..6f01fb346a --- /dev/null +++ b/doc/crypto/PKCS12_newpass.pod @@ -0,0 +1,94 @@ +=pod + +=head1 NAME + +PKCS12_newpass - change the password of a PKCS12 structure + +=head1 SYNOPSIS + + #include + + int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); + +=head1 DESCRIPTION + +PKCS12_newpass() changes the password of a PKCS12 structure. + +B is a pointer to a PKCS12 structure. B is the existing password +and B is the new password. + +=head1 RETURN VALUES + +PKCS12_newpass() returns 1 on success or 0 on failure. Applications can +retrieve the most recent error from PKCS12_newpass() with ERR_get_error(). + +=head1 EXAMPLE + +This example loads a PKCS#12 file, changes its password and writes out +the result to a new file. + + #include + #include + #include + #include + #include + + int main(int argc, char **argv) + { + FILE *fp; + PKCS12 *p12; + if (argc != 5) { + fprintf(stderr, "Usage: pkread p12file password newpass opfile\n"); + return 1; + } + if ((fp = fopen(argv[1], "rb")) == NULL) { + fprintf(stderr, "Error opening file %s\n", argv[1]); + return 1; + } + p12 = d2i_PKCS12_fp(fp, NULL); + fclose(fp); + if (p12 == NULL) { + fprintf(stderr, "Error reading PKCS#12 file\n"); + ERR_print_errors_fp(stderr); + return 1; + } + if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { + fprintf(stderr, "Error changing password\n"); + ERR_print_errors_fp(stderr); + PKCS12_free(p12); + return 1; + } + if ((fp = fopen(argv[4], "wb")) == NULL) { + fprintf(stderr, "Error opening file %s\n", argv[4]); + PKCS12_free(p12); + return 1; + } + i2d_PKCS12_fp(fp, p12); + PKCS12_free(p12); + fclose(fp); + return 0; + } + + +=head1 NOTES + +If the PKCS#12 structure does not have a password, then you must use the empty +string "" for B. Using NULL for B will result in a +PKCS12_newpass() failure. + +If the wrong password is used for B then the function will fail, +with a MAC verification error. In rare cases the PKCS12 structure does not +contain a MAC: in this case it will usually fail with a decryption padding +error. + +=head1 BUGS + +The password format is a NULL terminated ASCII string which is converted to +Unicode form internally. As a result some passwords cannot be supplied to +this function. + +=head1 SEE ALSO + +L, L + +=cut -- 2.25.1