diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2022-09-11 17:30:14 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-09-11 17:30:14 +0000 |
commit | 0e9a579d2b1c9f23fe4696fde15f88592db051ed (patch) | |
tree | 225983811c4c938975025540eaac9a5f01f52a39 /lib | |
parent | f630e650f9412f73d320e1e597bda4ee66d03260 (diff) |
Make structs in pkcs12.h opaque
ok jsing
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libcrypto/pkcs12/p12_add.c | 54 | ||||
-rw-r--r-- | lib/libcrypto/pkcs12/p12_utl.c | 45 | ||||
-rw-r--r-- | lib/libcrypto/pkcs12/pkcs12.h | 71 | ||||
-rw-r--r-- | lib/libcrypto/pkcs12/pkcs12_local.h | 37 |
4 files changed, 45 insertions, 162 deletions
diff --git a/lib/libcrypto/pkcs12/p12_add.c b/lib/libcrypto/pkcs12/p12_add.c index d9de395c5bc..a7b8c1eaf89 100644 --- a/lib/libcrypto/pkcs12/p12_add.c +++ b/lib/libcrypto/pkcs12/p12_add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_add.c,v 1.19 2022/08/20 09:16:18 tb Exp $ */ +/* $OpenBSD: p12_add.c,v 1.20 2022/09/11 17:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -91,58 +91,6 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2) return safebag; } -#if !defined(LIBRESSL_NEXT_API) -#undef PKCS12_MAKE_KEYBAG -#undef PKCS12_MAKE_SHKEYBAG -/* Turn PKCS8 object into a keybag */ - -PKCS12_SAFEBAG * -PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) -{ - PKCS12_SAFEBAG *bag; - - if (!(bag = PKCS12_SAFEBAG_new())) { - PKCS12error(ERR_R_MALLOC_FAILURE); - return NULL; - } - bag->type = OBJ_nid2obj(NID_keyBag); - bag->value.keybag = p8; - return bag; -} - -/* Turn PKCS8 object into a shrouded keybag */ - -PKCS12_SAFEBAG * -PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8) -{ - PKCS12_SAFEBAG *bag; - const EVP_CIPHER *pbe_ciph; - - /* Set up the safe bag */ - if (!(bag = PKCS12_SAFEBAG_new())) { - PKCS12error(ERR_R_MALLOC_FAILURE); - return NULL; - } - - bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); - - pbe_ciph = EVP_get_cipherbynid(pbe_nid); - - if (pbe_ciph) - pbe_nid = -1; - - if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, - passlen, salt, saltlen, iter, p8))) { - PKCS12error(ERR_R_MALLOC_FAILURE); - PKCS12_SAFEBAG_free(bag); - return NULL; - } - - return bag; -} -#endif - /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ PKCS7 * PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) diff --git a/lib/libcrypto/pkcs12/p12_utl.c b/lib/libcrypto/pkcs12/p12_utl.c index 5c15720e210..4fe557f626d 100644 --- a/lib/libcrypto/pkcs12/p12_utl.c +++ b/lib/libcrypto/pkcs12/p12_utl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_utl.c,v 1.18 2022/08/20 09:16:18 tb Exp $ */ +/* $OpenBSD: p12_utl.c,v 1.19 2022/09/11 17:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -149,46 +149,3 @@ d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) { return ASN1_item_d2i_fp(&PKCS12_it, fp, p12); } - -#if !defined(LIBRESSL_NEXT_API) -#undef PKCS12_x5092certbag -#undef PKCS12_x509crl2certbag -#undef PKCS12_certbag2x509 -#undef PKCS12_certbag2x509crl - -PKCS12_SAFEBAG * -PKCS12_x5092certbag(X509 *x509) -{ - return PKCS12_item_pack_safebag(x509, &X509_it, - NID_x509Certificate, NID_certBag); -} - -PKCS12_SAFEBAG * -PKCS12_x509crl2certbag(X509_CRL *crl) -{ - return PKCS12_item_pack_safebag(crl, &X509_CRL_it, - NID_x509Crl, NID_crlBag); -} - -X509 * -PKCS12_certbag2x509(PKCS12_SAFEBAG *bag) -{ - if (OBJ_obj2nid(bag->type) != NID_certBag) - return NULL; - if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) - return NULL; - return ASN1_item_unpack(bag->value.bag->value.octet, - &X509_it); -} - -X509_CRL * -PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag) -{ - if (OBJ_obj2nid(bag->type) != NID_crlBag) - return NULL; - if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) - return NULL; - return ASN1_item_unpack(bag->value.bag->value.octet, - &X509_CRL_it); -} -#endif diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h index a40659fcf35..44dbb381533 100644 --- a/lib/libcrypto/pkcs12/pkcs12.h +++ b/lib/libcrypto/pkcs12/pkcs12.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.h,v 1.26 2022/08/03 20:16:06 tb Exp $ */ +/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -96,43 +96,16 @@ extern "C" { #define KEY_EX 0x10 #define KEY_SIG 0x80 -typedef struct { - X509_SIG *dinfo; - ASN1_OCTET_STRING *salt; - ASN1_INTEGER *iter; /* defaults to 1 */ -} PKCS12_MAC_DATA; - -typedef struct { - ASN1_INTEGER *version; - PKCS12_MAC_DATA *mac; - PKCS7 *authsafes; -} PKCS12; - -typedef struct { - ASN1_OBJECT *type; - union { - struct pkcs12_bag_st *bag; /* secret, crl and certbag */ - struct pkcs8_priv_key_info_st *keybag; /* keybag */ - X509_SIG *shkeybag; /* shrouded key bag */ - STACK_OF(PKCS12_SAFEBAG) *safes; - ASN1_TYPE *other; - } value; - STACK_OF(X509_ATTRIBUTE) *attrib; -} PKCS12_SAFEBAG; +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; DECLARE_STACK_OF(PKCS12_SAFEBAG) DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) -typedef struct pkcs12_bag_st { - ASN1_OBJECT *type; - union { - ASN1_OCTET_STRING *x509cert; - ASN1_OCTET_STRING *x509crl; - ASN1_OCTET_STRING *octet; - ASN1_IA5STRING *sdsicert; - ASN1_TYPE *other; /* Secret or other bag */ - } value; -} PKCS12_BAGS; +typedef struct pkcs12_bag_st PKCS12_BAGS; #define PKCS12_ERROR 0 #define PKCS12_OK 1 @@ -155,16 +128,8 @@ typedef struct pkcs12_bag_st { #define M_PKCS12_decrypt_skey PKCS12_decrypt_skey #define M_PKCS8_decrypt PKCS8_decrypt -#if !defined(LIBRESSL_NEXT_API) -#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) -#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) -#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type -#endif - #endif /* !LIBRESSL_INTERNAL */ -#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL) - #define M_PKCS12_bag_type PKCS12_bag_type #define M_PKCS12_cert_bag_type PKCS12_cert_bag_type #define M_PKCS12_crl_bag_type PKCS12_cert_bag_type @@ -210,28 +175,6 @@ const STACK_OF(PKCS12_SAFEBAG) * PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); -#else /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL*/ - -#define PKCS12_get_attr(bag, attr_nid) \ - PKCS12_get_attr_gen(bag->attrib, attr_nid) - -#define PKCS8_get_attr(p8, attr_nid) \ - PKCS12_get_attr_gen(p8->attributes, attr_nid) - -#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) - -PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); -PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); -X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); -X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); - -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8); - -#endif /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL */ - PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, diff --git a/lib/libcrypto/pkcs12/pkcs12_local.h b/lib/libcrypto/pkcs12/pkcs12_local.h index c5a0de36c94..8723fdb2e43 100644 --- a/lib/libcrypto/pkcs12/pkcs12_local.h +++ b/lib/libcrypto/pkcs12/pkcs12_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12_local.h,v 1.1 2022/08/20 09:16:18 tb Exp $ */ +/* $OpenBSD: pkcs12_local.h,v 1.2 2022/09/11 17:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -61,6 +61,41 @@ __BEGIN_HIDDEN_DECLS +struct PKCS12_MAC_DATA_st { + X509_SIG *dinfo; + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; /* defaults to 1 */ +}; + +struct PKCS12_st { + ASN1_INTEGER *version; + PKCS12_MAC_DATA *mac; + PKCS7 *authsafes; +}; + +struct PKCS12_SAFEBAG_st { + ASN1_OBJECT *type; + union { + struct pkcs12_bag_st *bag; /* secret, crl and certbag */ + struct pkcs8_priv_key_info_st *keybag; /* keybag */ + X509_SIG *shkeybag; /* shrouded key bag */ + STACK_OF(PKCS12_SAFEBAG) *safes; + ASN1_TYPE *other; + } value; + STACK_OF(X509_ATTRIBUTE) *attrib; +}; + +struct pkcs12_bag_st { + ASN1_OBJECT *type; + union { + ASN1_OCTET_STRING *x509cert; + ASN1_OCTET_STRING *x509crl; + ASN1_OCTET_STRING *octet; + ASN1_IA5STRING *sdsicert; + ASN1_TYPE *other; /* Secret or other bag */ + } value; +}; + __END_HIDDEN_DECLS #endif /* HEADER_PKCS12_LOCAL_H */ |