Prepare to provide PKCS12 accessors

In order to be able to make pkcs12/ opaque, we need an entire family of
accessors. These are in a particularly nasty tangle since this was done
in about a dozen steps while sprinkling const, renaming functions, etc.
The public API also adds backward compat macros for functions that were
in the tree for half a day and then renamed. Of course some of them got
picked up by some ports.

Some of the gruesome hacks in here will go away with the next bump, but
that doesn't mean that the pkcs12 directory will be prettier afterward.

ok jsing

1 files changed, 4 insertions, 4 deletions

diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index f8ba3357e7..dbcfd25478 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_crt.c,v 1.18 2018/05/13 13:46:55 tb Exp $ */
+/* $OpenBSD: p12_crt.c,v 1.19 2022/08/03 20:16:06 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -232,12 +232,12 @@ PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,
         if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
                 goto err;
         if (nid_key != -1) {
-                bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0,
-                    iter, p8);
+                bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1,
+                    NULL, 0, iter, p8);
                 PKCS8_PRIV_KEY_INFO_free(p8);
                 p8 = NULL;
         } else {
-                bag = PKCS12_MAKE_KEYBAG(p8);
+                bag = PKCS12_SAFEBAG_create0_p8inf(p8);
                 if (bag != NULL)
                         p8 = NULL;
         }