summaryrefslogtreecommitdiff
path: root/lib/libcrypto/pkcs12
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2022-09-11 17:30:14 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2022-09-11 17:30:14 +0000
commit0e9a579d2b1c9f23fe4696fde15f88592db051ed (patch)
tree225983811c4c938975025540eaac9a5f01f52a39 /lib/libcrypto/pkcs12
parentf630e650f9412f73d320e1e597bda4ee66d03260 (diff)
Make structs in pkcs12.h opaque
ok jsing
Diffstat (limited to 'lib/libcrypto/pkcs12')
-rw-r--r--lib/libcrypto/pkcs12/p12_add.c54
-rw-r--r--lib/libcrypto/pkcs12/p12_utl.c45
-rw-r--r--lib/libcrypto/pkcs12/pkcs12.h71
-rw-r--r--lib/libcrypto/pkcs12/pkcs12_local.h37
4 files changed, 45 insertions, 162 deletions
diff --git a/lib/libcrypto/pkcs12/p12_add.c b/lib/libcrypto/pkcs12/p12_add.c
index d9de395c5bc..a7b8c1eaf89 100644
--- a/lib/libcrypto/pkcs12/p12_add.c
+++ b/lib/libcrypto/pkcs12/p12_add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_add.c,v 1.19 2022/08/20 09:16:18 tb Exp $ */
+/* $OpenBSD: p12_add.c,v 1.20 2022/09/11 17:30:13 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -91,58 +91,6 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
return safebag;
}
-#if !defined(LIBRESSL_NEXT_API)
-#undef PKCS12_MAKE_KEYBAG
-#undef PKCS12_MAKE_SHKEYBAG
-/* Turn PKCS8 object into a keybag */
-
-PKCS12_SAFEBAG *
-PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-{
- PKCS12_SAFEBAG *bag;
-
- if (!(bag = PKCS12_SAFEBAG_new())) {
- PKCS12error(ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- bag->type = OBJ_nid2obj(NID_keyBag);
- bag->value.keybag = p8;
- return bag;
-}
-
-/* Turn PKCS8 object into a shrouded keybag */
-
-PKCS12_SAFEBAG *
-PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
-{
- PKCS12_SAFEBAG *bag;
- const EVP_CIPHER *pbe_ciph;
-
- /* Set up the safe bag */
- if (!(bag = PKCS12_SAFEBAG_new())) {
- PKCS12error(ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
-
- pbe_ciph = EVP_get_cipherbynid(pbe_nid);
-
- if (pbe_ciph)
- pbe_nid = -1;
-
- if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
- passlen, salt, saltlen, iter, p8))) {
- PKCS12error(ERR_R_MALLOC_FAILURE);
- PKCS12_SAFEBAG_free(bag);
- return NULL;
- }
-
- return bag;
-}
-#endif
-
/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *
PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
diff --git a/lib/libcrypto/pkcs12/p12_utl.c b/lib/libcrypto/pkcs12/p12_utl.c
index 5c15720e210..4fe557f626d 100644
--- a/lib/libcrypto/pkcs12/p12_utl.c
+++ b/lib/libcrypto/pkcs12/p12_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_utl.c,v 1.18 2022/08/20 09:16:18 tb Exp $ */
+/* $OpenBSD: p12_utl.c,v 1.19 2022/09/11 17:30:13 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -149,46 +149,3 @@ d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
{
return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);
}
-
-#if !defined(LIBRESSL_NEXT_API)
-#undef PKCS12_x5092certbag
-#undef PKCS12_x509crl2certbag
-#undef PKCS12_certbag2x509
-#undef PKCS12_certbag2x509crl
-
-PKCS12_SAFEBAG *
-PKCS12_x5092certbag(X509 *x509)
-{
- return PKCS12_item_pack_safebag(x509, &X509_it,
- NID_x509Certificate, NID_certBag);
-}
-
-PKCS12_SAFEBAG *
-PKCS12_x509crl2certbag(X509_CRL *crl)
-{
- return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
- NID_x509Crl, NID_crlBag);
-}
-
-X509 *
-PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
-{
- if (OBJ_obj2nid(bag->type) != NID_certBag)
- return NULL;
- if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
- return NULL;
- return ASN1_item_unpack(bag->value.bag->value.octet,
- &X509_it);
-}
-
-X509_CRL *
-PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
-{
- if (OBJ_obj2nid(bag->type) != NID_crlBag)
- return NULL;
- if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
- return NULL;
- return ASN1_item_unpack(bag->value.bag->value.octet,
- &X509_CRL_it);
-}
-#endif
diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h
index a40659fcf35..44dbb381533 100644
--- a/lib/libcrypto/pkcs12/pkcs12.h
+++ b/lib/libcrypto/pkcs12/pkcs12.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.h,v 1.26 2022/08/03 20:16:06 tb Exp $ */
+/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -96,43 +96,16 @@ extern "C" {
#define KEY_EX 0x10
#define KEY_SIG 0x80
-typedef struct {
- X509_SIG *dinfo;
- ASN1_OCTET_STRING *salt;
- ASN1_INTEGER *iter; /* defaults to 1 */
-} PKCS12_MAC_DATA;
-
-typedef struct {
- ASN1_INTEGER *version;
- PKCS12_MAC_DATA *mac;
- PKCS7 *authsafes;
-} PKCS12;
-
-typedef struct {
- ASN1_OBJECT *type;
- union {
- struct pkcs12_bag_st *bag; /* secret, crl and certbag */
- struct pkcs8_priv_key_info_st *keybag; /* keybag */
- X509_SIG *shkeybag; /* shrouded key bag */
- STACK_OF(PKCS12_SAFEBAG) *safes;
- ASN1_TYPE *other;
- } value;
- STACK_OF(X509_ATTRIBUTE) *attrib;
-} PKCS12_SAFEBAG;
+typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
+
+typedef struct PKCS12_st PKCS12;
+
+typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
DECLARE_STACK_OF(PKCS12_SAFEBAG)
DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
-typedef struct pkcs12_bag_st {
- ASN1_OBJECT *type;
- union {
- ASN1_OCTET_STRING *x509cert;
- ASN1_OCTET_STRING *x509crl;
- ASN1_OCTET_STRING *octet;
- ASN1_IA5STRING *sdsicert;
- ASN1_TYPE *other; /* Secret or other bag */
- } value;
-} PKCS12_BAGS;
+typedef struct pkcs12_bag_st PKCS12_BAGS;
#define PKCS12_ERROR 0
#define PKCS12_OK 1
@@ -155,16 +128,8 @@ typedef struct pkcs12_bag_st {
#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
#define M_PKCS8_decrypt PKCS8_decrypt
-#if !defined(LIBRESSL_NEXT_API)
-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
-#endif
-
#endif /* !LIBRESSL_INTERNAL */
-#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
-
#define M_PKCS12_bag_type PKCS12_bag_type
#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
@@ -210,28 +175,6 @@ const STACK_OF(PKCS12_SAFEBAG) *
PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
-#else /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL*/
-
-#define PKCS12_get_attr(bag, attr_nid) \
- PKCS12_get_attr_gen(bag->attrib, attr_nid)
-
-#define PKCS8_get_attr(p8, attr_nid) \
- PKCS12_get_attr_gen(p8->attributes, attr_nid)
-
-#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
-
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
- int passlen, unsigned char *salt, int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8);
-
-#endif /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL */
-
PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
int nid1, int nid2);
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
diff --git a/lib/libcrypto/pkcs12/pkcs12_local.h b/lib/libcrypto/pkcs12/pkcs12_local.h
index c5a0de36c94..8723fdb2e43 100644
--- a/lib/libcrypto/pkcs12/pkcs12_local.h
+++ b/lib/libcrypto/pkcs12/pkcs12_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12_local.h,v 1.1 2022/08/20 09:16:18 tb Exp $ */
+/* $OpenBSD: pkcs12_local.h,v 1.2 2022/09/11 17:30:13 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -61,6 +61,41 @@
__BEGIN_HIDDEN_DECLS
+struct PKCS12_MAC_DATA_st {
+ X509_SIG *dinfo;
+ ASN1_OCTET_STRING *salt;
+ ASN1_INTEGER *iter; /* defaults to 1 */
+};
+
+struct PKCS12_st {
+ ASN1_INTEGER *version;
+ PKCS12_MAC_DATA *mac;
+ PKCS7 *authsafes;
+};
+
+struct PKCS12_SAFEBAG_st {
+ ASN1_OBJECT *type;
+ union {
+ struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+ struct pkcs8_priv_key_info_st *keybag; /* keybag */
+ X509_SIG *shkeybag; /* shrouded key bag */
+ STACK_OF(PKCS12_SAFEBAG) *safes;
+ ASN1_TYPE *other;
+ } value;
+ STACK_OF(X509_ATTRIBUTE) *attrib;
+};
+
+struct pkcs12_bag_st {
+ ASN1_OBJECT *type;
+ union {
+ ASN1_OCTET_STRING *x509cert;
+ ASN1_OCTET_STRING *x509crl;
+ ASN1_OCTET_STRING *octet;
+ ASN1_IA5STRING *sdsicert;
+ ASN1_TYPE *other; /* Secret or other bag */
+ } value;
+};
+
__END_HIDDEN_DECLS
#endif /* HEADER_PKCS12_LOCAL_H */