src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo Buehler <tb@cvs.openbsd.org>	2024-03-02 10:15:17 +0000
committer	Theo Buehler <tb@cvs.openbsd.org>	2024-03-02 10:15:17 +0000
commit	32433ecea3657f249df9c8fb2d5eb5aef0fee55d (patch)
tree	a8cbd7e4a4eb915989fc67f163eaf614c7d63968
parent	e915a1a8183fd966831c142c9574eb807180974e (diff)

Remove a lot of PKCS12 garbage from the public API

PKCS12 is a hot mess. Please participate in the survey at the end of https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html to increase its credibility and unanimity. ok jsing

Diffstat

-rw-r--r--

lib/libcrypto/Symbols.list

-rw-r--r--

lib/libcrypto/Symbols.namespace

-rw-r--r--

lib/libcrypto/evp/evp_pbe.c

-rw-r--r--

lib/libcrypto/hidden/openssl/pkcs12.h

-rw-r--r--

lib/libcrypto/pkcs12/p12_add.c

-rw-r--r--

lib/libcrypto/pkcs12/p12_asn.c

-rw-r--r--

lib/libcrypto/pkcs12/p12_decr.c

-rw-r--r--

lib/libcrypto/pkcs12/p12_key.c

-rw-r--r--

lib/libcrypto/pkcs12/p12_mutl.c

-rw-r--r--

lib/libcrypto/pkcs12/p12_p8d.c

-rw-r--r--

lib/libcrypto/pkcs12/p12_p8e.c

-rw-r--r--

lib/libcrypto/pkcs12/pkcs12.h

-rw-r--r--

lib/libcrypto/pkcs12/pkcs12_local.h

13 files changed, 94 insertions, 205 deletions

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 84a38a342d8..88c618de265 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list

@@ -1930,21 +1930,7 @@ PEM_write_bio_X509_AUX

PEM_write_bio_X509_CRL

PEM_write_bio_X509_REQ

PEM_write_bio_X509_REQ_NEW

-PKCS12_AUTHSAFES_it

-PKCS12_BAGS_free

-PKCS12_BAGS_it

-PKCS12_BAGS_new

-PKCS12_MAC_DATA_free

-PKCS12_MAC_DATA_it

-PKCS12_MAC_DATA_new

PKCS12_PBE_add

-PKCS12_PBE_keyivgen

-PKCS12_SAFEBAGS_it

-PKCS12_SAFEBAG_create0_p8inf

-PKCS12_SAFEBAG_create0_pkcs8

-PKCS12_SAFEBAG_create_cert

-PKCS12_SAFEBAG_create_crl

-PKCS12_SAFEBAG_create_pkcs8_encrypt

PKCS12_SAFEBAG_free

PKCS12_SAFEBAG_get0_attr

PKCS12_SAFEBAG_get0_attrs

@@ -1958,38 +1944,17 @@ PKCS12_SAFEBAG_get_bag_nid

PKCS12_SAFEBAG_get_nid

PKCS12_SAFEBAG_it

PKCS12_SAFEBAG_new

-PKCS12_add_CSPName_asc

-PKCS12_add_cert

-PKCS12_add_friendlyname_asc

-PKCS12_add_friendlyname_uni

-PKCS12_add_key

-PKCS12_add_localkeyid

-PKCS12_add_safe

-PKCS12_add_safes

PKCS12_create

PKCS12_decrypt_skey

PKCS12_free

-PKCS12_gen_mac

PKCS12_get0_mac

-PKCS12_get_attr_gen

PKCS12_get_friendlyname

-PKCS12_init

PKCS12_it

-PKCS12_item_decrypt_d2i

-PKCS12_item_i2d_encrypt

-PKCS12_item_pack_safebag

-PKCS12_key_gen_asc

-PKCS12_key_gen_uni

PKCS12_mac_present

PKCS12_new

PKCS12_newpass

-PKCS12_pack_authsafes

-PKCS12_pack_p7data

-PKCS12_pack_p7encdata

PKCS12_parse

-PKCS12_pbe_crypt

PKCS12_set_mac

-PKCS12_setup_mac

PKCS12_unpack_authsafes

PKCS12_unpack_p7data

PKCS12_unpack_p7encdata

@@ -3221,8 +3186,6 @@ d2i_PBE2PARAM

d2i_PBEPARAM

d2i_PBKDF2PARAM

d2i_PKCS12

-d2i_PKCS12_BAGS

-d2i_PKCS12_MAC_DATA

d2i_PKCS12_SAFEBAG

d2i_PKCS12_bio

d2i_PKCS12_fp

@@ -3418,8 +3381,6 @@ i2d_PBE2PARAM

i2d_PBEPARAM

i2d_PBKDF2PARAM

i2d_PKCS12

-i2d_PKCS12_BAGS

-i2d_PKCS12_MAC_DATA

i2d_PKCS12_SAFEBAG

i2d_PKCS12_bio

i2d_PKCS12_fp

diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace
index d63bb91c121..a540b310489 100644
--- a/lib/libcrypto/Symbols.namespace
+++ b/lib/libcrypto/Symbols.namespace

@@ -136,40 +136,18 @@ _libre_PKCS12_SAFEBAG_get1_crl

_libre_PKCS8_get_attr

_libre_PKCS12_mac_present

_libre_PKCS12_get0_mac

-_libre_PKCS12_SAFEBAG_create_cert

-_libre_PKCS12_SAFEBAG_create_crl

-_libre_PKCS12_SAFEBAG_create0_p8inf

-_libre_PKCS12_SAFEBAG_create0_pkcs8

-_libre_PKCS12_SAFEBAG_create_pkcs8_encrypt

_libre_PKCS12_SAFEBAG_get0_p8inf

_libre_PKCS12_SAFEBAG_get0_pkcs8

_libre_PKCS12_SAFEBAG_get0_safes

_libre_PKCS12_SAFEBAG_get0_type

-_libre_PKCS12_item_pack_safebag

_libre_PKCS8_decrypt

_libre_PKCS12_decrypt_skey

_libre_PKCS8_encrypt

-_libre_PKCS12_pack_p7data

_libre_PKCS12_unpack_p7data

-_libre_PKCS12_pack_p7encdata

_libre_PKCS12_unpack_p7encdata

-_libre_PKCS12_pack_authsafes

_libre_PKCS12_unpack_authsafes

-_libre_PKCS12_add_localkeyid

-_libre_PKCS12_add_friendlyname_asc

-_libre_PKCS12_add_CSPName_asc

-_libre_PKCS12_add_friendlyname_uni

_libre_PKCS8_add_keyusage

-_libre_PKCS12_get_attr_gen

_libre_PKCS12_get_friendlyname

-_libre_PKCS12_pbe_crypt

-_libre_PKCS12_item_decrypt_d2i

-_libre_PKCS12_item_i2d_encrypt

-_libre_PKCS12_init

-_libre_PKCS12_key_gen_asc

-_libre_PKCS12_key_gen_uni

-_libre_PKCS12_PBE_keyivgen

-_libre_PKCS12_gen_mac

_libre_PKCS12_verify_mac

_libre_PKCS12_set_mac

_libre_PKCS12_setup_mac

@@ -179,25 +157,13 @@ _libre_PKCS12_new

_libre_PKCS12_free

_libre_d2i_PKCS12

_libre_i2d_PKCS12

-_libre_PKCS12_MAC_DATA_new

-_libre_PKCS12_MAC_DATA_free

-_libre_d2i_PKCS12_MAC_DATA

-_libre_i2d_PKCS12_MAC_DATA

_libre_PKCS12_SAFEBAG_new

_libre_PKCS12_SAFEBAG_free

_libre_d2i_PKCS12_SAFEBAG

_libre_i2d_PKCS12_SAFEBAG

-_libre_PKCS12_BAGS_new

-_libre_PKCS12_BAGS_free

-_libre_d2i_PKCS12_BAGS

-_libre_i2d_PKCS12_BAGS

_libre_PKCS12_PBE_add

_libre_PKCS12_parse

_libre_PKCS12_create

-_libre_PKCS12_add_cert

-_libre_PKCS12_add_key

-_libre_PKCS12_add_safe

-_libre_PKCS12_add_safes

_libre_i2d_PKCS12_bio

_libre_i2d_PKCS12_fp

_libre_d2i_PKCS12_bio

diff --git a/lib/libcrypto/evp/evp_pbe.c b/lib/libcrypto/evp/evp_pbe.c
index e33f2cb08f4..3f1f1ec9a4d 100644
--- a/lib/libcrypto/evp/evp_pbe.c
+++ b/lib/libcrypto/evp/evp_pbe.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: evp_pbe.c,v 1.43 2024/03/02 10:06:48 tb Exp $ */

+/* $OpenBSD: evp_pbe.c,v 1.44 2024/03/02 10:15:15 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -69,8 +69,12 @@

#include "evp_local.h"

#include "hmac_local.h"

+#include "pkcs12_local.h"

/* Password based encryption (PBE) functions */

+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

+ ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,

+ int en_de);

static const struct pbe_config {

int pbe_nid;

diff --git a/lib/libcrypto/hidden/openssl/pkcs12.h b/lib/libcrypto/hidden/openssl/pkcs12.h
index 9a2dffa3549..4c37e73cc4c 100644
--- a/lib/libcrypto/hidden/openssl/pkcs12.h
+++ b/lib/libcrypto/hidden/openssl/pkcs12.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pkcs12.h,v 1.2 2023/07/05 21:14:54 bcook Exp $ */

+/* $OpenBSD: pkcs12.h,v 1.3 2024/03/02 10:15:16 tb Exp $ */

@@ -34,68 +34,33 @@ LCRYPTO_USED(PKCS12_SAFEBAG_get1_crl);

LCRYPTO_USED(PKCS8_get_attr);

LCRYPTO_USED(PKCS12_mac_present);

LCRYPTO_USED(PKCS12_get0_mac);

-LCRYPTO_USED(PKCS12_SAFEBAG_create_cert);

-LCRYPTO_USED(PKCS12_SAFEBAG_create_crl);

-LCRYPTO_USED(PKCS12_SAFEBAG_create0_p8inf);

-LCRYPTO_USED(PKCS12_SAFEBAG_create0_pkcs8);

-LCRYPTO_USED(PKCS12_SAFEBAG_create_pkcs8_encrypt);

LCRYPTO_USED(PKCS12_SAFEBAG_get0_p8inf);

LCRYPTO_USED(PKCS12_SAFEBAG_get0_pkcs8);

LCRYPTO_USED(PKCS12_SAFEBAG_get0_safes);

LCRYPTO_USED(PKCS12_SAFEBAG_get0_type);

-LCRYPTO_USED(PKCS12_item_pack_safebag);

LCRYPTO_USED(PKCS8_decrypt);

LCRYPTO_USED(PKCS12_decrypt_skey);

LCRYPTO_USED(PKCS8_encrypt);

-LCRYPTO_USED(PKCS12_pack_p7data);

LCRYPTO_USED(PKCS12_unpack_p7data);

-LCRYPTO_USED(PKCS12_pack_p7encdata);

LCRYPTO_USED(PKCS12_unpack_p7encdata);

-LCRYPTO_USED(PKCS12_pack_authsafes);

LCRYPTO_USED(PKCS12_unpack_authsafes);

-LCRYPTO_USED(PKCS12_add_localkeyid);

-LCRYPTO_USED(PKCS12_add_friendlyname_asc);

-LCRYPTO_USED(PKCS12_add_CSPName_asc);

-LCRYPTO_USED(PKCS12_add_friendlyname_uni);

LCRYPTO_USED(PKCS8_add_keyusage);

-LCRYPTO_USED(PKCS12_get_attr_gen);

LCRYPTO_USED(PKCS12_get_friendlyname);

-LCRYPTO_USED(PKCS12_pbe_crypt);

-LCRYPTO_USED(PKCS12_item_decrypt_d2i);

-LCRYPTO_USED(PKCS12_item_i2d_encrypt);

-LCRYPTO_USED(PKCS12_init);

-LCRYPTO_USED(PKCS12_key_gen_asc);

-LCRYPTO_USED(PKCS12_key_gen_uni);

-LCRYPTO_USED(PKCS12_PBE_keyivgen);

-LCRYPTO_USED(PKCS12_gen_mac);

LCRYPTO_USED(PKCS12_verify_mac);

LCRYPTO_USED(PKCS12_set_mac);

-LCRYPTO_USED(PKCS12_setup_mac);

LCRYPTO_USED(OPENSSL_asc2uni);

LCRYPTO_USED(OPENSSL_uni2asc);

LCRYPTO_USED(PKCS12_new);

LCRYPTO_USED(PKCS12_free);

LCRYPTO_USED(d2i_PKCS12);

LCRYPTO_USED(i2d_PKCS12);

-LCRYPTO_USED(PKCS12_MAC_DATA_new);

-LCRYPTO_USED(PKCS12_MAC_DATA_free);

-LCRYPTO_USED(d2i_PKCS12_MAC_DATA);

-LCRYPTO_USED(i2d_PKCS12_MAC_DATA);

LCRYPTO_USED(PKCS12_SAFEBAG_new);

LCRYPTO_USED(PKCS12_SAFEBAG_free);

LCRYPTO_USED(d2i_PKCS12_SAFEBAG);

LCRYPTO_USED(i2d_PKCS12_SAFEBAG);

-LCRYPTO_USED(PKCS12_BAGS_new);

-LCRYPTO_USED(PKCS12_BAGS_free);

-LCRYPTO_USED(d2i_PKCS12_BAGS);

-LCRYPTO_USED(i2d_PKCS12_BAGS);

LCRYPTO_USED(PKCS12_PBE_add);

LCRYPTO_USED(PKCS12_parse);

LCRYPTO_USED(PKCS12_create);

-LCRYPTO_USED(PKCS12_add_cert);

-LCRYPTO_USED(PKCS12_add_key);

-LCRYPTO_USED(PKCS12_add_safe);

-LCRYPTO_USED(PKCS12_add_safes);

LCRYPTO_USED(i2d_PKCS12_bio);

LCRYPTO_USED(i2d_PKCS12_fp);

LCRYPTO_USED(d2i_PKCS12_bio);

diff --git a/lib/libcrypto/pkcs12/p12_add.c b/lib/libcrypto/pkcs12/p12_add.c
index 8ce1fede74f..dd72c999859 100644
--- a/lib/libcrypto/pkcs12/p12_add.c
+++ b/lib/libcrypto/pkcs12/p12_add.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_add.c,v 1.23 2024/01/25 13:44:08 tb Exp $ */

+/* $OpenBSD: p12_add.c,v 1.24 2024/03/02 10:15:16 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -90,7 +90,6 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)

safebag->type = OBJ_nid2obj(nid2);

return safebag;

}

-LCRYPTO_ALIAS(PKCS12_item_pack_safebag);

/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */

PKCS7 *

@@ -118,7 +117,6 @@ err:

PKCS7_free(p7);

return NULL;

}

-LCRYPTO_ALIAS(PKCS12_pack_p7data);

/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */

STACK_OF(PKCS12_SAFEBAG) *

@@ -181,7 +179,6 @@ err:

PKCS7_free(p7);

return NULL;

}

-LCRYPTO_ALIAS(PKCS12_pack_p7encdata);

STACK_OF(PKCS12_SAFEBAG) *

PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)

@@ -214,7 +211,6 @@ PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)

return 1;

return 0;

}

-LCRYPTO_ALIAS(PKCS12_pack_authsafes);

STACK_OF(PKCS7) *

PKCS12_unpack_authsafes(const PKCS12 *p12)

diff --git a/lib/libcrypto/pkcs12/p12_asn.c b/lib/libcrypto/pkcs12/p12_asn.c
index a9decccb5b3..e6078050be8 100644
--- a/lib/libcrypto/pkcs12/p12_asn.c
+++ b/lib/libcrypto/pkcs12/p12_asn.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_asn.c,v 1.14 2023/02/16 08:38:17 tb Exp $ */

+/* $OpenBSD: p12_asn.c,v 1.15 2024/03/02 10:15:16 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -170,28 +170,24 @@ d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)

return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,

&PKCS12_MAC_DATA_it);

}

-LCRYPTO_ALIAS(d2i_PKCS12_MAC_DATA);

int

i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)

{

return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);

}

-LCRYPTO_ALIAS(i2d_PKCS12_MAC_DATA);

PKCS12_MAC_DATA *

PKCS12_MAC_DATA_new(void)

{

return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);

}

-LCRYPTO_ALIAS(PKCS12_MAC_DATA_new);

void

PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)

{

ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);

}

-LCRYPTO_ALIAS(PKCS12_MAC_DATA_free);

static const ASN1_TEMPLATE bag_default_tt = {

.flags = ASN1_TFLG_EXPLICIT,

@@ -280,28 +276,24 @@ d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)

return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,

&PKCS12_BAGS_it);

}

-LCRYPTO_ALIAS(d2i_PKCS12_BAGS);

int

i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)

{

return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);

}

-LCRYPTO_ALIAS(i2d_PKCS12_BAGS);

PKCS12_BAGS *

PKCS12_BAGS_new(void)

{

return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);

}

-LCRYPTO_ALIAS(PKCS12_BAGS_new);

void

PKCS12_BAGS_free(PKCS12_BAGS *a)

{

ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);

}

-LCRYPTO_ALIAS(PKCS12_BAGS_free);

static const ASN1_TEMPLATE safebag_default_tt = {

.flags = ASN1_TFLG_EXPLICIT,

diff --git a/lib/libcrypto/pkcs12/p12_decr.c b/lib/libcrypto/pkcs12/p12_decr.c
index 04818acd13f..907d4e52a6c 100644
--- a/lib/libcrypto/pkcs12/p12_decr.c
+++ b/lib/libcrypto/pkcs12/p12_decr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_decr.c,v 1.25 2024/02/18 15:44:10 tb Exp $ */

+/* $OpenBSD: p12_decr.c,v 1.26 2024/03/02 10:15:16 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -116,7 +116,6 @@ err:

return out;

}

-LCRYPTO_ALIAS(PKCS12_pbe_crypt);

/* Decrypt an OCTET STRING and decode ASN1 structure

* if zbuf set zero buffer after use.

@@ -145,7 +144,6 @@ PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,

free(out);

return ret;

}

-LCRYPTO_ALIAS(PKCS12_item_decrypt_d2i);

/* Encode ASN1 structure and encrypt, return OCTET STRING

* if zbuf set zero encoding.

@@ -184,6 +182,3 @@ err:

ASN1_OCTET_STRING_free(oct);

return NULL;

}

-LCRYPTO_ALIAS(PKCS12_item_i2d_encrypt);

-IMPLEMENT_PKCS12_STACK_OF(PKCS7)

diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c
index 8812f1c06a8..78e7d0450ed 100644
--- a/lib/libcrypto/pkcs12/p12_key.c
+++ b/lib/libcrypto/pkcs12/p12_key.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_key.c,v 1.34 2023/02/16 08:38:17 tb Exp $ */

+/* $OpenBSD: p12_key.c,v 1.35 2024/03/02 10:15:16 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -64,6 +64,7 @@

#include <openssl/pkcs12.h>

#include "evp_local.h"

+#include "pkcs12_local.h"

/* PKCS12 compatible key/IV generation */

#ifndef min

@@ -93,7 +94,6 @@ PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,

freezero(unipass, uniplen);

return ret;

}

-LCRYPTO_ALIAS(PKCS12_key_gen_asc);

int

PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,

@@ -194,4 +194,3 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,

return ret;

}

-LCRYPTO_ALIAS(PKCS12_key_gen_uni);

diff --git a/lib/libcrypto/pkcs12/p12_mutl.c b/lib/libcrypto/pkcs12/p12_mutl.c
index c71ed735ea6..2a728294aff 100644
--- a/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/lib/libcrypto/pkcs12/p12_mutl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_mutl.c,v 1.36 2024/01/25 13:44:08 tb Exp $ */

+/* $OpenBSD: p12_mutl.c,v 1.37 2024/03/02 10:15:16 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -263,5 +263,4 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,

return 1;

}

-LCRYPTO_ALIAS(PKCS12_setup_mac);

#endif

diff --git a/lib/libcrypto/pkcs12/p12_p8d.c b/lib/libcrypto/pkcs12/p12_p8d.c
index dd5e8d9875c..d4874e3b738 100644
--- a/lib/libcrypto/pkcs12/p12_p8d.c
+++ b/lib/libcrypto/pkcs12/p12_p8d.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_p8d.c,v 1.11 2023/02/16 08:38:17 tb Exp $ */

+/* $OpenBSD: p12_p8d.c,v 1.12 2024/03/02 10:15:16 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 2001.

@@ -60,6 +60,7 @@

#include <openssl/pkcs12.h>

+#include "pkcs12_local.h"

#include "x509_local.h"

PKCS8_PRIV_KEY_INFO *

diff --git a/lib/libcrypto/pkcs12/p12_p8e.c b/lib/libcrypto/pkcs12/p12_p8e.c
index 87c4be56a31..bf61593266e 100644
--- a/lib/libcrypto/pkcs12/p12_p8e.c
+++ b/lib/libcrypto/pkcs12/p12_p8e.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_p8e.c,v 1.12 2023/02/16 08:38:17 tb Exp $ */

+/* $OpenBSD: p12_p8e.c,v 1.13 2024/03/02 10:15:16 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 2001.

@@ -61,6 +61,7 @@

#include <openssl/err.h>

#include <openssl/pkcs12.h>

+#include "pkcs12_local.h"

#include "x509_local.h"

X509_SIG *

diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h
index 44dbb381533..962403976db 100644
--- a/lib/libcrypto/pkcs12/pkcs12.h
+++ b/lib/libcrypto/pkcs12/pkcs12.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */

+/* $OpenBSD: pkcs12.h,v 1.28 2024/03/02 10:15:16 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -161,22 +161,12 @@ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg,

const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter,

const PKCS12 *p12);

-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);

-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);

-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);

-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);

-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,

- const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,

- PKCS8_PRIV_KEY_INFO *p8);

const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);

const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag);

const STACK_OF(PKCS12_SAFEBAG) *

PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);

const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);

-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,

- int nid1, int nid2);

PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,

int passlen);

PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,

@@ -184,53 +174,19 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,

X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,

const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,

PKCS8_PRIV_KEY_INFO *p8);

-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);

STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);

-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,

- unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags);

STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,

int passlen);

-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);

STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12);

-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,

- int namelen);

-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,

- int namelen);

-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,

- int namelen);

-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,

- int namelen);

int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);

-ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,

- int attr_nid);

char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);

-unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass,

- int passlen, const unsigned char *in, int inlen, unsigned char **data,

- int *datalen, int en_de);

-void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,

- const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf);

-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,

- const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf);

-PKCS12 *PKCS12_init(int mode);

-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,

- int saltlen, int id, int iter, int n, unsigned char *out,

- const EVP_MD *md_type);

-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,

- int saltlen, int id, int iter, int n, unsigned char *out,

- const EVP_MD *md_type);

-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,

- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,

- int en_de);

-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,

- unsigned char *mac, unsigned int *maclen);

int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);

int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,

unsigned char *salt, int saltlen, int iter,

const EVP_MD *md_type);

-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,

- int saltlen, const EVP_MD *md_type);

unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,

unsigned char **uni, int *unilen);

char *OPENSSL_uni2asc(const unsigned char *uni, int unilen);

@@ -240,24 +196,12 @@ void PKCS12_free(PKCS12 *a);

PKCS12 *d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len);

int i2d_PKCS12(PKCS12 *a, unsigned char **out);

extern const ASN1_ITEM PKCS12_it;

-PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);

-void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);

-PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len);

-int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out);

-extern const ASN1_ITEM PKCS12_MAC_DATA_it;

PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);

void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);

PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len);

int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out);

extern const ASN1_ITEM PKCS12_SAFEBAG_it;

-PKCS12_BAGS *PKCS12_BAGS_new(void);

-void PKCS12_BAGS_free(PKCS12_BAGS *a);

-PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len);

-int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out);

-extern const ASN1_ITEM PKCS12_BAGS_it;

-extern const ASN1_ITEM PKCS12_SAFEBAGS_it;

-extern const ASN1_ITEM PKCS12_AUTHSAFES_it;

void PKCS12_PBE_add(void);

int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,

@@ -266,13 +210,6 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,

X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,

int mac_iter, int keytype);

-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);

-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,

- int key_usage, int iter, int key_nid, const char *pass);

-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,

- int safe_nid, int iter, const char *pass);

-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);

int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);

int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);

PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);

diff --git a/lib/libcrypto/pkcs12/pkcs12_local.h b/lib/libcrypto/pkcs12/pkcs12_local.h
index 8d82d2f4622..dfdcdce1f99 100644
--- a/lib/libcrypto/pkcs12/pkcs12_local.h
+++ b/lib/libcrypto/pkcs12/pkcs12_local.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pkcs12_local.h,v 1.4 2024/01/25 13:44:08 tb Exp $ */

+/* $OpenBSD: pkcs12_local.h,v 1.5 2024/03/02 10:15:16 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -96,6 +96,79 @@ struct pkcs12_bag_st {

} value;

};

+extern const ASN1_ITEM PKCS12_SAFEBAGS_it;

+extern const ASN1_ITEM PKCS12_AUTHSAFES_it;

+PKCS12_BAGS *PKCS12_BAGS_new(void);

+void PKCS12_BAGS_free(PKCS12_BAGS *a);

+PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len);

+int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out);

+extern const ASN1_ITEM PKCS12_BAGS_it;

+PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);

+void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);

+PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len);

+int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out);

+extern const ASN1_ITEM PKCS12_MAC_DATA_it;

+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);

+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);

+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);

+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);

+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,

+ const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,

+ PKCS8_PRIV_KEY_INFO *p8);

+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);

+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,

+ int key_usage, int iter, int key_nid, const char *pass);

+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,

+ int safe_nid, int iter, const char *pass);

+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);

+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,

+ int namelen);

+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,

+ int namelen);

+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,

+ int namelen);

+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,

+ int namelen);

+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,

+ unsigned char *mac, unsigned int *maclen);

+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,

+ int attr_nid);

+PKCS12 *PKCS12_init(int mode);

+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,

+ const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf);

+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,

+ const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf);

+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,

+ int nid1, int nid2);

+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,

+ int saltlen, int id, int iter, int n, unsigned char *out,

+ const EVP_MD *md_type);

+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,

+ int saltlen, int id, int iter, int n, unsigned char *out,

+ const EVP_MD *md_type);

+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);

+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);

+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,

+ unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags);

+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass,

+ int passlen, const unsigned char *in, int inlen, unsigned char **data,

+ int *datalen, int en_de);

+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,

+ int saltlen, const EVP_MD *md_type);

/* XXX - should go into pkcs7_local.h. */

ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7);