Remove more PBE stuff from the public API

This is still needed internally for CMS and its predecessors. This removal will enable disentangling some of its innards. ok jsing
author: tb <> 2024-03-02 10:20:27 +0000
committer: tb <> 2024-03-02 10:20:27 +0000
commit: b4541fab5e606187b51e789c26e6065cfc57ded0 (patch)
tree: fbf01f5453b712e42063e482a28304a6a55892cd
parent: fdfad9e1701882b4e72b41155a9c8e4ef338ddbf (diff)
download: openbsd-b4541fab5e606187b51e789c26e6065cfc57ded0.tar.gz
openbsd-b4541fab5e606187b51e789c26e6065cfc57ded0.tar.bz2
openbsd-b4541fab5e606187b51e789c26e6065cfc57ded0.zip
7 files changed, 24 insertions, 35 deletions
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 7a27d6d1a3..de97306613 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -1952,15 +1952,8 @@ PKCS12_unpack_p7data
 PKCS12_unpack_p7encdata
 PKCS12_verify_mac
 PKCS1_MGF1
-PKCS5_PBE_keyivgen
 PKCS5_PBKDF2_HMAC
 PKCS5_PBKDF2_HMAC_SHA1
-PKCS5_pbe2_set
-PKCS5_pbe2_set_iv
-PKCS5_pbe_set
-PKCS5_pbe_set0_algor
-PKCS5_pbkdf2_set
-PKCS5_v2_PBE_keyivgen
 PKCS7_ATTR_SIGN_it
 PKCS7_ATTR_VERIFY_it
 PKCS7_DIGEST_free
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 28b095ffd4..9e203b086d 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.130 2024/03/02 10:13:13 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.131 2024/03/02 10:20:27 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -870,17 +870,12 @@ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
 int EVP_CIPHER_type(const EVP_CIPHER *ctx);
 /* PKCS5 password based encryption */
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de);
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
    const unsigned char *salt, int saltlen, int iter, int keylen,
    unsigned char *out);
 int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
    int saltlen, int iter, const EVP_MD *digest, int keylen,
    unsigned char *out);
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-    int en_de);
 #define ASN1_PKEY_ALIAS         0x1
 #define ASN1_PKEY_DYNAMIC       0x2
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index bce6a87a1e..dad2cec81e 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.18 2024/03/02 10:08:29 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.19 2024/03/02 10:20:27 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -340,9 +340,6 @@ struct evp_pkey_method_st {
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
-int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de);
 /* EVP_AEAD represents a specific AEAD algorithm. */
 struct evp_aead_st {
        unsigned char key_len;
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index a9f5b8fb12..532c924a9e 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_pbe.c,v 1.45 2024/03/02 10:17:37 tb Exp $ */
+/* $OpenBSD: evp_pbe.c,v 1.46 2024/03/02 10:20:27 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -73,9 +73,15 @@
 #include "x509_local.h"
 /* Password based encryption (PBE) functions */
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de);
+int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+    ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de);
 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
    int en_de);
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+    ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de);
 static const struct pbe_config {
        int pbe_nid;
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index dd72c99985..f6f42c558c 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_add.c,v 1.24 2024/03/02 10:15:16 tb Exp $ */
+/* $OpenBSD: p12_add.c,v 1.25 2024/03/02 10:20:27 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -62,6 +62,7 @@
 #include <openssl/pkcs12.h>
 #include "pkcs12_local.h"
+#include "x509_local.h"
 /* Pack an object into an OCTET STRING and turn into a safebag */
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index bd8497d9c4..66752f34e9 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.104 2024/03/02 10:17:37 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.105 2024/03/02 10:20:27 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1018,20 +1018,6 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
 extern const ASN1_ITEM PBEPARAM_it;
-int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
-                                const unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
-                                const unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-                                         unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
-                                 unsigned char *salt, int saltlen,
-                                 unsigned char *aiv, int prf_nid);
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
-                                int prf_nid, int keylen);
 /* PKCS#8 utilities */
 PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h
index 1e813797e1..4ac99da2bd 100644
--- a/src/lib/libcrypto/x509/x509_local.h
+++ b/src/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_local.h,v 1.19 2024/03/02 10:17:37 tb Exp $ */
+/*      $OpenBSD: x509_local.h,v 1.20 2024/03/02 10:20:27 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2013.
 */
@@ -391,6 +391,17 @@ PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len
 int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out);
 extern const ASN1_ITEM PBKDF2PARAM_it;
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+    const unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+    unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+    unsigned char *salt, int saltlen, unsigned char *aiv, int prf_nid);
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, const unsigned char *salt,
+    int saltlen);
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+    int prf_nid, int keylen);
 __END_HIDDEN_DECLS
 #endif /* !HEADER_X509_LOCAL_H */
author	tb <>	2024-03-02 10:20:27 +0000
committer	tb <>	2024-03-02 10:20:27 +0000
commit	b4541fab5e606187b51e789c26e6065cfc57ded0 (patch)
tree	fbf01f5453b712e42063e482a28304a6a55892cd
parent	fdfad9e1701882b4e72b41155a9c8e4ef338ddbf (diff)
download	openbsd-b4541fab5e606187b51e789c26e6065cfc57ded0.tar.gz openbsd-b4541fab5e606187b51e789c26e6065cfc57ded0.tar.bz2 openbsd-b4541fab5e606187b51e789c26e6065cfc57ded0.zip