summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2024-03-02 10:15:16 +0000
committertb <>2024-03-02 10:15:16 +0000
commitb88286b09abf67a2644f5e950fb27492f55b3b3e (patch)
treeb64f2e46e44a68cbc68c3942179d7a04de1089b4
parentd7a8734f3bc8f273ccc2d8c7425ebf2f744118af (diff)
downloadopenbsd-b88286b09abf67a2644f5e950fb27492f55b3b3e.tar.gz
openbsd-b88286b09abf67a2644f5e950fb27492f55b3b3e.tar.bz2
openbsd-b88286b09abf67a2644f5e950fb27492f55b3b3e.zip
Remove a lot of PKCS12 garbage from the public API
PKCS12 is a hot mess. Please participate in the survey at the end of https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html to increase its credibility and unanimity. ok jsing
Diffstat
-rw-r--r--src/lib/libcrypto/Symbols.list39
-rw-r--r--src/lib/libcrypto/Symbols.namespace34
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c6
-rw-r--r--src/lib/libcrypto/hidden/openssl/pkcs12.h37
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c6
-rw-r--r--src/lib/libcrypto/pkcs12/p12_asn.c10
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c7
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c5
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c3
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8d.c3
-rw-r--r--src/lib/libcrypto/pkcs12/p12_p8e.c3
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h71
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12_local.h75
13 files changed, 94 insertions, 205 deletions
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 84a38a342d..88c618de26 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -1930,21 +1930,7 @@ PEM_write_bio_X509_AUX
1930PEM_write_bio_X509_CRL 1930PEM_write_bio_X509_CRL
1931PEM_write_bio_X509_REQ 1931PEM_write_bio_X509_REQ
1932PEM_write_bio_X509_REQ_NEW 1932PEM_write_bio_X509_REQ_NEW
1933PKCS12_AUTHSAFES_it
1934PKCS12_BAGS_free
1935PKCS12_BAGS_it
1936PKCS12_BAGS_new
1937PKCS12_MAC_DATA_free
1938PKCS12_MAC_DATA_it
1939PKCS12_MAC_DATA_new
1940PKCS12_PBE_add 1933PKCS12_PBE_add
1941PKCS12_PBE_keyivgen
1942PKCS12_SAFEBAGS_it
1943PKCS12_SAFEBAG_create0_p8inf
1944PKCS12_SAFEBAG_create0_pkcs8
1945PKCS12_SAFEBAG_create_cert
1946PKCS12_SAFEBAG_create_crl
1947PKCS12_SAFEBAG_create_pkcs8_encrypt
1948PKCS12_SAFEBAG_free 1934PKCS12_SAFEBAG_free
1949PKCS12_SAFEBAG_get0_attr 1935PKCS12_SAFEBAG_get0_attr
1950PKCS12_SAFEBAG_get0_attrs 1936PKCS12_SAFEBAG_get0_attrs
@@ -1958,38 +1944,17 @@ PKCS12_SAFEBAG_get_bag_nid
1958PKCS12_SAFEBAG_get_nid 1944PKCS12_SAFEBAG_get_nid
1959PKCS12_SAFEBAG_it 1945PKCS12_SAFEBAG_it
1960PKCS12_SAFEBAG_new 1946PKCS12_SAFEBAG_new
1961PKCS12_add_CSPName_asc
1962PKCS12_add_cert
1963PKCS12_add_friendlyname_asc
1964PKCS12_add_friendlyname_uni
1965PKCS12_add_key
1966PKCS12_add_localkeyid
1967PKCS12_add_safe
1968PKCS12_add_safes
1969PKCS12_create 1947PKCS12_create
1970PKCS12_decrypt_skey 1948PKCS12_decrypt_skey
1971PKCS12_free 1949PKCS12_free
1972PKCS12_gen_mac
1973PKCS12_get0_mac 1950PKCS12_get0_mac
1974PKCS12_get_attr_gen
1975PKCS12_get_friendlyname 1951PKCS12_get_friendlyname
1976PKCS12_init
1977PKCS12_it 1952PKCS12_it
1978PKCS12_item_decrypt_d2i
1979PKCS12_item_i2d_encrypt
1980PKCS12_item_pack_safebag
1981PKCS12_key_gen_asc
1982PKCS12_key_gen_uni
1983PKCS12_mac_present 1953PKCS12_mac_present
1984PKCS12_new 1954PKCS12_new
1985PKCS12_newpass 1955PKCS12_newpass
1986PKCS12_pack_authsafes
1987PKCS12_pack_p7data
1988PKCS12_pack_p7encdata
1989PKCS12_parse 1956PKCS12_parse
1990PKCS12_pbe_crypt
1991PKCS12_set_mac 1957PKCS12_set_mac
1992PKCS12_setup_mac
1993PKCS12_unpack_authsafes 1958PKCS12_unpack_authsafes
1994PKCS12_unpack_p7data 1959PKCS12_unpack_p7data
1995PKCS12_unpack_p7encdata 1960PKCS12_unpack_p7encdata
@@ -3221,8 +3186,6 @@ d2i_PBE2PARAM
3221d2i_PBEPARAM 3186d2i_PBEPARAM
3222d2i_PBKDF2PARAM 3187d2i_PBKDF2PARAM
3223d2i_PKCS12 3188d2i_PKCS12
3224d2i_PKCS12_BAGS
3225d2i_PKCS12_MAC_DATA
3226d2i_PKCS12_SAFEBAG 3189d2i_PKCS12_SAFEBAG
3227d2i_PKCS12_bio 3190d2i_PKCS12_bio
3228d2i_PKCS12_fp 3191d2i_PKCS12_fp
@@ -3418,8 +3381,6 @@ i2d_PBE2PARAM
3418i2d_PBEPARAM 3381i2d_PBEPARAM
3419i2d_PBKDF2PARAM 3382i2d_PBKDF2PARAM
3420i2d_PKCS12 3383i2d_PKCS12
3421i2d_PKCS12_BAGS
3422i2d_PKCS12_MAC_DATA
3423i2d_PKCS12_SAFEBAG 3384i2d_PKCS12_SAFEBAG
3424i2d_PKCS12_bio 3385i2d_PKCS12_bio
3425i2d_PKCS12_fp 3386i2d_PKCS12_fp
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index d63bb91c12..a540b31048 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -136,40 +136,18 @@ _libre_PKCS12_SAFEBAG_get1_crl
136_libre_PKCS8_get_attr 136_libre_PKCS8_get_attr
137_libre_PKCS12_mac_present 137_libre_PKCS12_mac_present
138_libre_PKCS12_get0_mac 138_libre_PKCS12_get0_mac
139_libre_PKCS12_SAFEBAG_create_cert
140_libre_PKCS12_SAFEBAG_create_crl
141_libre_PKCS12_SAFEBAG_create0_p8inf
142_libre_PKCS12_SAFEBAG_create0_pkcs8
143_libre_PKCS12_SAFEBAG_create_pkcs8_encrypt
144_libre_PKCS12_SAFEBAG_get0_p8inf 139_libre_PKCS12_SAFEBAG_get0_p8inf
145_libre_PKCS12_SAFEBAG_get0_pkcs8 140_libre_PKCS12_SAFEBAG_get0_pkcs8
146_libre_PKCS12_SAFEBAG_get0_safes 141_libre_PKCS12_SAFEBAG_get0_safes
147_libre_PKCS12_SAFEBAG_get0_type 142_libre_PKCS12_SAFEBAG_get0_type
148_libre_PKCS12_item_pack_safebag
149_libre_PKCS8_decrypt 143_libre_PKCS8_decrypt
150_libre_PKCS12_decrypt_skey 144_libre_PKCS12_decrypt_skey
151_libre_PKCS8_encrypt 145_libre_PKCS8_encrypt
152_libre_PKCS12_pack_p7data
153_libre_PKCS12_unpack_p7data 146_libre_PKCS12_unpack_p7data
154_libre_PKCS12_pack_p7encdata
155_libre_PKCS12_unpack_p7encdata 147_libre_PKCS12_unpack_p7encdata
156_libre_PKCS12_pack_authsafes
157_libre_PKCS12_unpack_authsafes 148_libre_PKCS12_unpack_authsafes
158_libre_PKCS12_add_localkeyid
159_libre_PKCS12_add_friendlyname_asc
160_libre_PKCS12_add_CSPName_asc
161_libre_PKCS12_add_friendlyname_uni
162_libre_PKCS8_add_keyusage 149_libre_PKCS8_add_keyusage
163_libre_PKCS12_get_attr_gen
164_libre_PKCS12_get_friendlyname 150_libre_PKCS12_get_friendlyname
165_libre_PKCS12_pbe_crypt
166_libre_PKCS12_item_decrypt_d2i
167_libre_PKCS12_item_i2d_encrypt
168_libre_PKCS12_init
169_libre_PKCS12_key_gen_asc
170_libre_PKCS12_key_gen_uni
171_libre_PKCS12_PBE_keyivgen
172_libre_PKCS12_gen_mac
173_libre_PKCS12_verify_mac 151_libre_PKCS12_verify_mac
174_libre_PKCS12_set_mac 152_libre_PKCS12_set_mac
175_libre_PKCS12_setup_mac 153_libre_PKCS12_setup_mac
@@ -179,25 +157,13 @@ _libre_PKCS12_new
179_libre_PKCS12_free 157_libre_PKCS12_free
180_libre_d2i_PKCS12 158_libre_d2i_PKCS12
181_libre_i2d_PKCS12 159_libre_i2d_PKCS12
182_libre_PKCS12_MAC_DATA_new
183_libre_PKCS12_MAC_DATA_free
184_libre_d2i_PKCS12_MAC_DATA
185_libre_i2d_PKCS12_MAC_DATA
186_libre_PKCS12_SAFEBAG_new 160_libre_PKCS12_SAFEBAG_new
187_libre_PKCS12_SAFEBAG_free 161_libre_PKCS12_SAFEBAG_free
188_libre_d2i_PKCS12_SAFEBAG 162_libre_d2i_PKCS12_SAFEBAG
189_libre_i2d_PKCS12_SAFEBAG 163_libre_i2d_PKCS12_SAFEBAG
190_libre_PKCS12_BAGS_new
191_libre_PKCS12_BAGS_free
192_libre_d2i_PKCS12_BAGS
193_libre_i2d_PKCS12_BAGS
194_libre_PKCS12_PBE_add 164_libre_PKCS12_PBE_add
195_libre_PKCS12_parse 165_libre_PKCS12_parse
196_libre_PKCS12_create 166_libre_PKCS12_create
197_libre_PKCS12_add_cert
198_libre_PKCS12_add_key
199_libre_PKCS12_add_safe
200_libre_PKCS12_add_safes
201_libre_i2d_PKCS12_bio 167_libre_i2d_PKCS12_bio
202_libre_i2d_PKCS12_fp 168_libre_i2d_PKCS12_fp
203_libre_d2i_PKCS12_bio 169_libre_d2i_PKCS12_bio
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index e33f2cb08f..3f1f1ec9a4 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_pbe.c,v 1.43 2024/03/02 10:06:48 tb Exp $ */ 1/* $OpenBSD: evp_pbe.c,v 1.44 2024/03/02 10:15:15 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -69,8 +69,12 @@
69 69
70#include "evp_local.h" 70#include "evp_local.h"
71#include "hmac_local.h" 71#include "hmac_local.h"
72#include "pkcs12_local.h"
72 73
73/* Password based encryption (PBE) functions */ 74/* Password based encryption (PBE) functions */
75int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
76 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
77 int en_de);
74 78
75static const struct pbe_config { 79static const struct pbe_config {
76 int pbe_nid; 80 int pbe_nid;
diff --git a/src/lib/libcrypto/hidden/openssl/pkcs12.h b/src/lib/libcrypto/hidden/openssl/pkcs12.h
index 9a2dffa354..4c37e73cc4 100644
--- a/src/lib/libcrypto/hidden/openssl/pkcs12.h
+++ b/src/lib/libcrypto/hidden/openssl/pkcs12.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.h,v 1.2 2023/07/05 21:14:54 bcook Exp $ */ 1/* $OpenBSD: pkcs12.h,v 1.3 2024/03/02 10:15:16 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -34,68 +34,33 @@ LCRYPTO_USED(PKCS12_SAFEBAG_get1_crl);
34LCRYPTO_USED(PKCS8_get_attr); 34LCRYPTO_USED(PKCS8_get_attr);
35LCRYPTO_USED(PKCS12_mac_present); 35LCRYPTO_USED(PKCS12_mac_present);
36LCRYPTO_USED(PKCS12_get0_mac); 36LCRYPTO_USED(PKCS12_get0_mac);
37LCRYPTO_USED(PKCS12_SAFEBAG_create_cert);
38LCRYPTO_USED(PKCS12_SAFEBAG_create_crl);
39LCRYPTO_USED(PKCS12_SAFEBAG_create0_p8inf);
40LCRYPTO_USED(PKCS12_SAFEBAG_create0_pkcs8);
41LCRYPTO_USED(PKCS12_SAFEBAG_create_pkcs8_encrypt);
42LCRYPTO_USED(PKCS12_SAFEBAG_get0_p8inf); 37LCRYPTO_USED(PKCS12_SAFEBAG_get0_p8inf);
43LCRYPTO_USED(PKCS12_SAFEBAG_get0_pkcs8); 38LCRYPTO_USED(PKCS12_SAFEBAG_get0_pkcs8);
44LCRYPTO_USED(PKCS12_SAFEBAG_get0_safes); 39LCRYPTO_USED(PKCS12_SAFEBAG_get0_safes);
45LCRYPTO_USED(PKCS12_SAFEBAG_get0_type); 40LCRYPTO_USED(PKCS12_SAFEBAG_get0_type);
46LCRYPTO_USED(PKCS12_item_pack_safebag);
47LCRYPTO_USED(PKCS8_decrypt); 41LCRYPTO_USED(PKCS8_decrypt);
48LCRYPTO_USED(PKCS12_decrypt_skey); 42LCRYPTO_USED(PKCS12_decrypt_skey);
49LCRYPTO_USED(PKCS8_encrypt); 43LCRYPTO_USED(PKCS8_encrypt);
50LCRYPTO_USED(PKCS12_pack_p7data);
51LCRYPTO_USED(PKCS12_unpack_p7data); 44LCRYPTO_USED(PKCS12_unpack_p7data);
52LCRYPTO_USED(PKCS12_pack_p7encdata);
53LCRYPTO_USED(PKCS12_unpack_p7encdata); 45LCRYPTO_USED(PKCS12_unpack_p7encdata);
54LCRYPTO_USED(PKCS12_pack_authsafes);
55LCRYPTO_USED(PKCS12_unpack_authsafes); 46LCRYPTO_USED(PKCS12_unpack_authsafes);
56LCRYPTO_USED(PKCS12_add_localkeyid);
57LCRYPTO_USED(PKCS12_add_friendlyname_asc);
58LCRYPTO_USED(PKCS12_add_CSPName_asc);
59LCRYPTO_USED(PKCS12_add_friendlyname_uni);
60LCRYPTO_USED(PKCS8_add_keyusage); 47LCRYPTO_USED(PKCS8_add_keyusage);
61LCRYPTO_USED(PKCS12_get_attr_gen);
62LCRYPTO_USED(PKCS12_get_friendlyname); 48LCRYPTO_USED(PKCS12_get_friendlyname);
63LCRYPTO_USED(PKCS12_pbe_crypt);
64LCRYPTO_USED(PKCS12_item_decrypt_d2i);
65LCRYPTO_USED(PKCS12_item_i2d_encrypt);
66LCRYPTO_USED(PKCS12_init);
67LCRYPTO_USED(PKCS12_key_gen_asc);
68LCRYPTO_USED(PKCS12_key_gen_uni);
69LCRYPTO_USED(PKCS12_PBE_keyivgen);
70LCRYPTO_USED(PKCS12_gen_mac);
71LCRYPTO_USED(PKCS12_verify_mac); 49LCRYPTO_USED(PKCS12_verify_mac);
72LCRYPTO_USED(PKCS12_set_mac); 50LCRYPTO_USED(PKCS12_set_mac);
73LCRYPTO_USED(PKCS12_setup_mac);
74LCRYPTO_USED(OPENSSL_asc2uni); 51LCRYPTO_USED(OPENSSL_asc2uni);
75LCRYPTO_USED(OPENSSL_uni2asc); 52LCRYPTO_USED(OPENSSL_uni2asc);
76LCRYPTO_USED(PKCS12_new); 53LCRYPTO_USED(PKCS12_new);
77LCRYPTO_USED(PKCS12_free); 54LCRYPTO_USED(PKCS12_free);
78LCRYPTO_USED(d2i_PKCS12); 55LCRYPTO_USED(d2i_PKCS12);
79LCRYPTO_USED(i2d_PKCS12); 56LCRYPTO_USED(i2d_PKCS12);
80LCRYPTO_USED(PKCS12_MAC_DATA_new);
81LCRYPTO_USED(PKCS12_MAC_DATA_free);
82LCRYPTO_USED(d2i_PKCS12_MAC_DATA);
83LCRYPTO_USED(i2d_PKCS12_MAC_DATA);
84LCRYPTO_USED(PKCS12_SAFEBAG_new); 57LCRYPTO_USED(PKCS12_SAFEBAG_new);
85LCRYPTO_USED(PKCS12_SAFEBAG_free); 58LCRYPTO_USED(PKCS12_SAFEBAG_free);
86LCRYPTO_USED(d2i_PKCS12_SAFEBAG); 59LCRYPTO_USED(d2i_PKCS12_SAFEBAG);
87LCRYPTO_USED(i2d_PKCS12_SAFEBAG); 60LCRYPTO_USED(i2d_PKCS12_SAFEBAG);
88LCRYPTO_USED(PKCS12_BAGS_new);
89LCRYPTO_USED(PKCS12_BAGS_free);
90LCRYPTO_USED(d2i_PKCS12_BAGS);
91LCRYPTO_USED(i2d_PKCS12_BAGS);
92LCRYPTO_USED(PKCS12_PBE_add); 61LCRYPTO_USED(PKCS12_PBE_add);
93LCRYPTO_USED(PKCS12_parse); 62LCRYPTO_USED(PKCS12_parse);
94LCRYPTO_USED(PKCS12_create); 63LCRYPTO_USED(PKCS12_create);
95LCRYPTO_USED(PKCS12_add_cert);
96LCRYPTO_USED(PKCS12_add_key);
97LCRYPTO_USED(PKCS12_add_safe);
98LCRYPTO_USED(PKCS12_add_safes);
99LCRYPTO_USED(i2d_PKCS12_bio); 64LCRYPTO_USED(i2d_PKCS12_bio);
100LCRYPTO_USED(i2d_PKCS12_fp); 65LCRYPTO_USED(i2d_PKCS12_fp);
101LCRYPTO_USED(d2i_PKCS12_bio); 66LCRYPTO_USED(d2i_PKCS12_bio);
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 8ce1fede74..dd72c99985 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_add.c,v 1.23 2024/01/25 13:44:08 tb Exp $ */ 1/* $OpenBSD: p12_add.c,v 1.24 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -90,7 +90,6 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
90 safebag->type = OBJ_nid2obj(nid2); 90 safebag->type = OBJ_nid2obj(nid2);
91 return safebag; 91 return safebag;
92} 92}
93LCRYPTO_ALIAS(PKCS12_item_pack_safebag);
94 93
95/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ 94/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
96PKCS7 * 95PKCS7 *
@@ -118,7 +117,6 @@ err:
118 PKCS7_free(p7); 117 PKCS7_free(p7);
119 return NULL; 118 return NULL;
120} 119}
121LCRYPTO_ALIAS(PKCS12_pack_p7data);
122 120
123/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ 121/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
124STACK_OF(PKCS12_SAFEBAG) * 122STACK_OF(PKCS12_SAFEBAG) *
@@ -181,7 +179,6 @@ err:
181 PKCS7_free(p7); 179 PKCS7_free(p7);
182 return NULL; 180 return NULL;
183} 181}
184LCRYPTO_ALIAS(PKCS12_pack_p7encdata);
185 182
186STACK_OF(PKCS12_SAFEBAG) * 183STACK_OF(PKCS12_SAFEBAG) *
187PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) 184PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
@@ -214,7 +211,6 @@ PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
214 return 1; 211 return 1;
215 return 0; 212 return 0;
216} 213}
217LCRYPTO_ALIAS(PKCS12_pack_authsafes);
218 214
219STACK_OF(PKCS7) * 215STACK_OF(PKCS7) *
220PKCS12_unpack_authsafes(const PKCS12 *p12) 216PKCS12_unpack_authsafes(const PKCS12 *p12)
diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c
index a9decccb5b..e6078050be 100644
--- a/src/lib/libcrypto/pkcs12/p12_asn.c
+++ b/src/lib/libcrypto/pkcs12/p12_asn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_asn.c,v 1.14 2023/02/16 08:38:17 tb Exp $ */ 1/* $OpenBSD: p12_asn.c,v 1.15 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -170,28 +170,24 @@ d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
170 return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 170 return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
171 &PKCS12_MAC_DATA_it); 171 &PKCS12_MAC_DATA_it);
172} 172}
173LCRYPTO_ALIAS(d2i_PKCS12_MAC_DATA);
174 173
175int 174int
176i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out) 175i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
177{ 176{
178 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it); 177 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
179} 178}
180LCRYPTO_ALIAS(i2d_PKCS12_MAC_DATA);
181 179
182PKCS12_MAC_DATA * 180PKCS12_MAC_DATA *
183PKCS12_MAC_DATA_new(void) 181PKCS12_MAC_DATA_new(void)
184{ 182{
185 return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it); 183 return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
186} 184}
187LCRYPTO_ALIAS(PKCS12_MAC_DATA_new);
188 185
189void 186void
190PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a) 187PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
191{ 188{
192 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it); 189 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
193} 190}
194LCRYPTO_ALIAS(PKCS12_MAC_DATA_free);
195 191
196static const ASN1_TEMPLATE bag_default_tt = { 192static const ASN1_TEMPLATE bag_default_tt = {
197 .flags = ASN1_TFLG_EXPLICIT, 193 .flags = ASN1_TFLG_EXPLICIT,
@@ -280,28 +276,24 @@ d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
280 return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 276 return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
281 &PKCS12_BAGS_it); 277 &PKCS12_BAGS_it);
282} 278}
283LCRYPTO_ALIAS(d2i_PKCS12_BAGS);
284 279
285int 280int
286i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out) 281i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
287{ 282{
288 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it); 283 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
289} 284}
290LCRYPTO_ALIAS(i2d_PKCS12_BAGS);
291 285
292PKCS12_BAGS * 286PKCS12_BAGS *
293PKCS12_BAGS_new(void) 287PKCS12_BAGS_new(void)
294{ 288{
295 return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it); 289 return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
296} 290}
297LCRYPTO_ALIAS(PKCS12_BAGS_new);
298 291
299void 292void
300PKCS12_BAGS_free(PKCS12_BAGS *a) 293PKCS12_BAGS_free(PKCS12_BAGS *a)
301{ 294{
302 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it); 295 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
303} 296}
304LCRYPTO_ALIAS(PKCS12_BAGS_free);
305 297
306static const ASN1_TEMPLATE safebag_default_tt = { 298static const ASN1_TEMPLATE safebag_default_tt = {
307 .flags = ASN1_TFLG_EXPLICIT, 299 .flags = ASN1_TFLG_EXPLICIT,
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index 04818acd13..907d4e52a6 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_decr.c,v 1.25 2024/02/18 15:44:10 tb Exp $ */ 1/* $OpenBSD: p12_decr.c,v 1.26 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -116,7 +116,6 @@ err:
116 return out; 116 return out;
117 117
118} 118}
119LCRYPTO_ALIAS(PKCS12_pbe_crypt);
120 119
121/* Decrypt an OCTET STRING and decode ASN1 structure 120/* Decrypt an OCTET STRING and decode ASN1 structure
122 * if zbuf set zero buffer after use. 121 * if zbuf set zero buffer after use.
@@ -145,7 +144,6 @@ PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
145 free(out); 144 free(out);
146 return ret; 145 return ret;
147} 146}
148LCRYPTO_ALIAS(PKCS12_item_decrypt_d2i);
149 147
150/* Encode ASN1 structure and encrypt, return OCTET STRING 148/* Encode ASN1 structure and encrypt, return OCTET STRING
151 * if zbuf set zero encoding. 149 * if zbuf set zero encoding.
@@ -184,6 +182,3 @@ err:
184 ASN1_OCTET_STRING_free(oct); 182 ASN1_OCTET_STRING_free(oct);
185 return NULL; 183 return NULL;
186} 184}
187LCRYPTO_ALIAS(PKCS12_item_i2d_encrypt);
188
189IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 8812f1c06a..78e7d0450e 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_key.c,v 1.34 2023/02/16 08:38:17 tb Exp $ */ 1/* $OpenBSD: p12_key.c,v 1.35 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -64,6 +64,7 @@
64#include <openssl/pkcs12.h> 64#include <openssl/pkcs12.h>
65 65
66#include "evp_local.h" 66#include "evp_local.h"
67#include "pkcs12_local.h"
67 68
68/* PKCS12 compatible key/IV generation */ 69/* PKCS12 compatible key/IV generation */
69#ifndef min 70#ifndef min
@@ -93,7 +94,6 @@ PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
93 freezero(unipass, uniplen); 94 freezero(unipass, uniplen);
94 return ret; 95 return ret;
95} 96}
96LCRYPTO_ALIAS(PKCS12_key_gen_asc);
97 97
98int 98int
99PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, 99PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
@@ -194,4 +194,3 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
194 194
195 return ret; 195 return ret;
196} 196}
197LCRYPTO_ALIAS(PKCS12_key_gen_uni);
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index c71ed735ea..2a728294af 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_mutl.c,v 1.36 2024/01/25 13:44:08 tb Exp $ */ 1/* $OpenBSD: p12_mutl.c,v 1.37 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -263,5 +263,4 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
263 263
264 return 1; 264 return 1;
265} 265}
266LCRYPTO_ALIAS(PKCS12_setup_mac);
267#endif 266#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_p8d.c b/src/lib/libcrypto/pkcs12/p12_p8d.c
index dd5e8d9875..d4874e3b73 100644
--- a/src/lib/libcrypto/pkcs12/p12_p8d.c
+++ b/src/lib/libcrypto/pkcs12/p12_p8d.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_p8d.c,v 1.11 2023/02/16 08:38:17 tb Exp $ */ 1/* $OpenBSD: p12_p8d.c,v 1.12 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001. 3 * project 2001.
4 */ 4 */
@@ -60,6 +60,7 @@
60 60
61#include <openssl/pkcs12.h> 61#include <openssl/pkcs12.h>
62 62
63#include "pkcs12_local.h"
63#include "x509_local.h" 64#include "x509_local.h"
64 65
65PKCS8_PRIV_KEY_INFO * 66PKCS8_PRIV_KEY_INFO *
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
index 87c4be56a3..bf61593266 100644
--- a/src/lib/libcrypto/pkcs12/p12_p8e.c
+++ b/src/lib/libcrypto/pkcs12/p12_p8e.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_p8e.c,v 1.12 2023/02/16 08:38:17 tb Exp $ */ 1/* $OpenBSD: p12_p8e.c,v 1.13 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001. 3 * project 2001.
4 */ 4 */
@@ -61,6 +61,7 @@
61#include <openssl/err.h> 61#include <openssl/err.h>
62#include <openssl/pkcs12.h> 62#include <openssl/pkcs12.h>
63 63
64#include "pkcs12_local.h"
64#include "x509_local.h" 65#include "x509_local.h"
65 66
66X509_SIG * 67X509_SIG *
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index 44dbb38153..962403976d 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */ 1/* $OpenBSD: pkcs12.h,v 1.28 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -161,22 +161,12 @@ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg,
161 const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter, 161 const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter,
162 const PKCS12 *p12); 162 const PKCS12 *p12);
163 163
164PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
165PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
166PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
167PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
168PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
169 const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,
170 PKCS8_PRIV_KEY_INFO *p8);
171
172const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); 164const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);
173const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); 165const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag);
174const STACK_OF(PKCS12_SAFEBAG) * 166const STACK_OF(PKCS12_SAFEBAG) *
175 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); 167 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
176const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); 168const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
177 169
178PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
179 int nid1, int nid2);
180PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, 170PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
181 int passlen); 171 int passlen);
182PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, 172PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
@@ -184,53 +174,19 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
184X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 174X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
185 const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, 175 const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,
186 PKCS8_PRIV_KEY_INFO *p8); 176 PKCS8_PRIV_KEY_INFO *p8);
187PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); 177
188STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); 178STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
189PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
190 unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags);
191STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, 179STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
192 int passlen); 180 int passlen);
193
194int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
195STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); 181STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12);
196 182
197int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
198 int namelen);
199int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
200 int namelen);
201int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
202 int namelen);
203int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
204 int namelen);
205int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); 183int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
206ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
207 int attr_nid);
208char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); 184char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
209unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass,
210 int passlen, const unsigned char *in, int inlen, unsigned char **data,
211 int *datalen, int en_de);
212void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
213 const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf);
214ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
215 const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf);
216PKCS12 *PKCS12_init(int mode);
217int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
218 int saltlen, int id, int iter, int n, unsigned char *out,
219 const EVP_MD *md_type);
220int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
221 int saltlen, int id, int iter, int n, unsigned char *out,
222 const EVP_MD *md_type);
223int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
224 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
225 int en_de);
226int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
227 unsigned char *mac, unsigned int *maclen);
228int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); 185int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
229int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, 186int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
230 unsigned char *salt, int saltlen, int iter, 187 unsigned char *salt, int saltlen, int iter,
231 const EVP_MD *md_type); 188 const EVP_MD *md_type);
232int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 189
233 int saltlen, const EVP_MD *md_type);
234unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, 190unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
235 unsigned char **uni, int *unilen); 191 unsigned char **uni, int *unilen);
236char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); 192char *OPENSSL_uni2asc(const unsigned char *uni, int unilen);
@@ -240,24 +196,12 @@ void PKCS12_free(PKCS12 *a);
240PKCS12 *d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len); 196PKCS12 *d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len);
241int i2d_PKCS12(PKCS12 *a, unsigned char **out); 197int i2d_PKCS12(PKCS12 *a, unsigned char **out);
242extern const ASN1_ITEM PKCS12_it; 198extern const ASN1_ITEM PKCS12_it;
243PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void); 199
244void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
245PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len);
246int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out);
247extern const ASN1_ITEM PKCS12_MAC_DATA_it;
248PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void); 200PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);
249void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a); 201void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
250PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len); 202PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len);
251int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out); 203int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out);
252extern const ASN1_ITEM PKCS12_SAFEBAG_it; 204extern const ASN1_ITEM PKCS12_SAFEBAG_it;
253PKCS12_BAGS *PKCS12_BAGS_new(void);
254void PKCS12_BAGS_free(PKCS12_BAGS *a);
255PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len);
256int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out);
257extern const ASN1_ITEM PKCS12_BAGS_it;
258
259extern const ASN1_ITEM PKCS12_SAFEBAGS_it;
260extern const ASN1_ITEM PKCS12_AUTHSAFES_it;
261 205
262void PKCS12_PBE_add(void); 206void PKCS12_PBE_add(void);
263int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 207int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
@@ -266,13 +210,6 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
266 X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, 210 X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
267 int mac_iter, int keytype); 211 int mac_iter, int keytype);
268 212
269PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
270PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
271 int key_usage, int iter, int key_nid, const char *pass);
272int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
273 int safe_nid, int iter, const char *pass);
274PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
275
276int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); 213int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
277int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); 214int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
278PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); 215PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
diff --git a/src/lib/libcrypto/pkcs12/pkcs12_local.h b/src/lib/libcrypto/pkcs12/pkcs12_local.h
index 8d82d2f462..dfdcdce1f9 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12_local.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12_local.h,v 1.4 2024/01/25 13:44:08 tb Exp $ */ 1/* $OpenBSD: pkcs12_local.h,v 1.5 2024/03/02 10:15:16 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -96,6 +96,79 @@ struct pkcs12_bag_st {
96 } value; 96 } value;
97}; 97};
98 98
99extern const ASN1_ITEM PKCS12_SAFEBAGS_it;
100extern const ASN1_ITEM PKCS12_AUTHSAFES_it;
101
102PKCS12_BAGS *PKCS12_BAGS_new(void);
103void PKCS12_BAGS_free(PKCS12_BAGS *a);
104PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len);
105int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out);
106extern const ASN1_ITEM PKCS12_BAGS_it;
107
108PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);
109void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
110PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len);
111int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out);
112extern const ASN1_ITEM PKCS12_MAC_DATA_it;
113
114PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
115PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
116PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
117PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
118PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
119 const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,
120 PKCS8_PRIV_KEY_INFO *p8);
121
122PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
123PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
124 int key_usage, int iter, int key_nid, const char *pass);
125int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
126 int safe_nid, int iter, const char *pass);
127PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
128
129int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
130 int namelen);
131int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
132 int namelen);
133int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
134 int namelen);
135int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
136 int namelen);
137
138int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
139 unsigned char *mac, unsigned int *maclen);
140
141ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
142 int attr_nid);
143
144PKCS12 *PKCS12_init(int mode);
145
146void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
147 const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf);
148ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
149 const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf);
150PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
151 int nid1, int nid2);
152
153int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
154 int saltlen, int id, int iter, int n, unsigned char *out,
155 const EVP_MD *md_type);
156int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
157 int saltlen, int id, int iter, int n, unsigned char *out,
158 const EVP_MD *md_type);
159
160int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
161PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
162PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
163 unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags);
164
165unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass,
166 int passlen, const unsigned char *in, int inlen, unsigned char **data,
167 int *datalen, int en_de);
168
169int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
170 int saltlen, const EVP_MD *md_type);
171
99/* XXX - should go into pkcs7_local.h. */ 172/* XXX - should go into pkcs7_local.h. */
100ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); 173ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7);
101 174
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:19:17 +0000