4 files changed, 45 insertions, 162 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index d9de395c5b..a7b8c1eaf8 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_add.c,v 1.19 2022/08/20 09:16:18 tb Exp $ */
+/* $OpenBSD: p12_add.c,v 1.20 2022/09/11 17:30:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -91,58 +91,6 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
        return safebag;
 }
-#if !defined(LIBRESSL_NEXT_API)
-#undef PKCS12_MAKE_KEYBAG
-#undef PKCS12_MAKE_SHKEYBAG
-/* Turn PKCS8 object into a keybag */
-PKCS12_SAFEBAG *
-PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-{
-        PKCS12_SAFEBAG *bag;
-        if (!(bag = PKCS12_SAFEBAG_new())) {
-                PKCS12error(ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        bag->type = OBJ_nid2obj(NID_keyBag);
-        bag->value.keybag = p8;
-        return bag;
-}
-/* Turn PKCS8 object into a shrouded keybag */
-PKCS12_SAFEBAG *
-PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
-    unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
-{
-        PKCS12_SAFEBAG *bag;
-        const EVP_CIPHER *pbe_ciph;
-        /* Set up the safe bag */
-        if (!(bag = PKCS12_SAFEBAG_new())) {
-                PKCS12error(ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
-        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
-        if (pbe_ciph)
-                pbe_nid = -1;
-        if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
-            passlen, salt, saltlen, iter, p8))) {
-                PKCS12error(ERR_R_MALLOC_FAILURE);
-                PKCS12_SAFEBAG_free(bag);
-                return NULL;
-        }
-        return bag;
-}
-#endif
 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
 PKCS7 *
 PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
index 5c15720e21..4fe557f626 100644
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ b/src/lib/libcrypto/pkcs12/p12_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_utl.c,v 1.18 2022/08/20 09:16:18 tb Exp $ */
+/* $OpenBSD: p12_utl.c,v 1.19 2022/09/11 17:30:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -149,46 +149,3 @@ d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
 {
            return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);
 }
-#if !defined(LIBRESSL_NEXT_API)
-#undef PKCS12_x5092certbag
-#undef PKCS12_x509crl2certbag
-#undef PKCS12_certbag2x509
-#undef PKCS12_certbag2x509crl
-PKCS12_SAFEBAG *
-PKCS12_x5092certbag(X509 *x509)
-{
-        return PKCS12_item_pack_safebag(x509, &X509_it,
-            NID_x509Certificate, NID_certBag);
-}
-PKCS12_SAFEBAG *
-PKCS12_x509crl2certbag(X509_CRL *crl)
-{
-        return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
-            NID_x509Crl, NID_crlBag);
-}
-X509 *
-PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
-{
-        if (OBJ_obj2nid(bag->type) != NID_certBag)
-                return NULL;
-        if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
-                return NULL;
-        return ASN1_item_unpack(bag->value.bag->value.octet,
-            &X509_it);
-}
-X509_CRL *
-PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
-{
-        if (OBJ_obj2nid(bag->type) != NID_crlBag)
-                return NULL;
-        if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
-                return NULL;
-        return ASN1_item_unpack(bag->value.bag->value.octet,
-            &X509_CRL_it);
-}
-#endif
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index a40659fcf3..44dbb38153 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.h,v 1.26 2022/08/03 20:16:06 tb Exp $ */
+/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -96,43 +96,16 @@ extern "C" {
 #define KEY_EX  0x10
 #define KEY_SIG 0x80
-typedef struct {
+typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
-        X509_SIG *dinfo;
-        ASN1_OCTET_STRING *salt;
+typedef struct PKCS12_st PKCS12;
-        ASN1_INTEGER *iter;     /* defaults to 1 */
-} PKCS12_MAC_DATA;
+typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
-typedef struct {
-        ASN1_INTEGER *version;
-        PKCS12_MAC_DATA *mac;
-        PKCS7 *authsafes;
-} PKCS12;
-typedef struct {
-        ASN1_OBJECT *type;
-        union {
-        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
-        struct pkcs8_priv_key_info_st   *keybag; /* keybag */
-        X509_SIG *shkeybag; /* shrouded key bag */
-                STACK_OF(PKCS12_SAFEBAG) *safes;
-                ASN1_TYPE *other;
-        } value;
-        STACK_OF(X509_ATTRIBUTE) *attrib;
-} PKCS12_SAFEBAG;
 DECLARE_STACK_OF(PKCS12_SAFEBAG)
 DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
-typedef struct pkcs12_bag_st {
+typedef struct pkcs12_bag_st PKCS12_BAGS;
-        ASN1_OBJECT *type;
-        union {
-                ASN1_OCTET_STRING *x509cert;
-                ASN1_OCTET_STRING *x509crl;
-                ASN1_OCTET_STRING *octet;
-                ASN1_IA5STRING *sdsicert;
-                ASN1_TYPE *other; /* Secret or other bag */
-        } value;
-} PKCS12_BAGS;
 #define PKCS12_ERROR    0
 #define PKCS12_OK       1
@@ -155,16 +128,8 @@ typedef struct pkcs12_bag_st {
 #define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
 #define M_PKCS8_decrypt PKCS8_decrypt
-#if !defined(LIBRESSL_NEXT_API)
-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
-#endif
 #endif /* !LIBRESSL_INTERNAL */
-#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
 #define M_PKCS12_bag_type       PKCS12_bag_type
 #define M_PKCS12_cert_bag_type  PKCS12_cert_bag_type
 #define M_PKCS12_crl_bag_type   PKCS12_cert_bag_type
@@ -210,28 +175,6 @@ const STACK_OF(PKCS12_SAFEBAG) *
    PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
-#else /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL*/
-#define PKCS12_get_attr(bag, attr_nid) \
-                         PKCS12_get_attr_gen(bag->attrib, attr_nid)
-#define PKCS8_get_attr(p8, attr_nid) \
-                PKCS12_get_attr_gen(p8->attributes, attr_nid)
-#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-    int passlen, unsigned char *salt, int saltlen, int iter,
-    PKCS8_PRIV_KEY_INFO *p8);
-#endif /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL */
 PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
    int nid1, int nid2);
 PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
diff --git a/src/lib/libcrypto/pkcs12/pkcs12_local.h b/src/lib/libcrypto/pkcs12/pkcs12_local.h
index c5a0de36c9..8723fdb2e4 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12_local.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12_local.h,v 1.1 2022/08/20 09:16:18 tb Exp $ */
+/* $OpenBSD: pkcs12_local.h,v 1.2 2022/09/11 17:30:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -61,6 +61,41 @@
 __BEGIN_HIDDEN_DECLS
+struct PKCS12_MAC_DATA_st {
+        X509_SIG *dinfo;
+        ASN1_OCTET_STRING *salt;
+        ASN1_INTEGER *iter;     /* defaults to 1 */
+};
+struct PKCS12_st {
+        ASN1_INTEGER *version;
+        PKCS12_MAC_DATA *mac;
+        PKCS7 *authsafes;
+};
+struct PKCS12_SAFEBAG_st {
+        ASN1_OBJECT *type;
+        union {
+        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+        struct pkcs8_priv_key_info_st   *keybag; /* keybag */
+        X509_SIG *shkeybag; /* shrouded key bag */
+                STACK_OF(PKCS12_SAFEBAG) *safes;
+                ASN1_TYPE *other;
+        } value;
+        STACK_OF(X509_ATTRIBUTE) *attrib;
+};
+struct pkcs12_bag_st {
+        ASN1_OBJECT *type;
+        union {
+                ASN1_OCTET_STRING *x509cert;
+                ASN1_OCTET_STRING *x509crl;
+                ASN1_OCTET_STRING *octet;
+                ASN1_IA5STRING *sdsicert;
+                ASN1_TYPE *other; /* Secret or other bag */
+        } value;
+};
 __END_HIDDEN_DECLS
 #endif /* HEADER_PKCS12_LOCAL_H */

diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c index d9de395c5b..a7b8c1eaf8 100644 --- a/src/lib/libcrypto/pkcs12/p12_add.c +++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p12_add.c,v 1.19 2022/08/20 09:16:18 tb Exp $ */	1	/* $OpenBSD: p12_add.c,v 1.20 2022/09/11 17:30:13 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -91,58 +91,6 @@ PKCS12_item_pack_safebag(void obj, const ASN1_ITEM it, int nid1, int nid2)
91	return safebag;	91	return safebag;
92	}	92	}
93		93
94	#if !defined(LIBRESSL_NEXT_API)
95	#undef PKCS12_MAKE_KEYBAG
96	#undef PKCS12_MAKE_SHKEYBAG
97	/* Turn PKCS8 object into a keybag */
98
99	PKCS12_SAFEBAG *
100	PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
101	{
102	PKCS12_SAFEBAG *bag;
103
104	if (!(bag = PKCS12_SAFEBAG_new())) {
105	PKCS12error(ERR_R_MALLOC_FAILURE);
106	return NULL;
107	}
108	bag->type = OBJ_nid2obj(NID_keyBag);
109	bag->value.keybag = p8;
110	return bag;
111	}
112
113	/* Turn PKCS8 object into a shrouded keybag */
114
115	PKCS12_SAFEBAG *
116	PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,
117	unsigned char salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO p8)
118	{
119	PKCS12_SAFEBAG *bag;
120	const EVP_CIPHER *pbe_ciph;
121
122	/* Set up the safe bag */
123	if (!(bag = PKCS12_SAFEBAG_new())) {
124	PKCS12error(ERR_R_MALLOC_FAILURE);
125	return NULL;
126	}
127
128	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
129
130	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
131
132	if (pbe_ciph)
133	pbe_nid = -1;
134
135	if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
136	passlen, salt, saltlen, iter, p8))) {
137	PKCS12error(ERR_R_MALLOC_FAILURE);
138	PKCS12_SAFEBAG_free(bag);
139	return NULL;
140	}
141
142	return bag;
143	}
144	#endif
145
146	/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */	94	/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
147	PKCS7 *	95	PKCS7 *
148	PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)	96	PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)


diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c index 5c15720e21..4fe557f626 100644 --- a/src/lib/libcrypto/pkcs12/p12_utl.c +++ b/src/lib/libcrypto/pkcs12/p12_utl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p12_utl.c,v 1.18 2022/08/20 09:16:18 tb Exp $ */	1	/* $OpenBSD: p12_utl.c,v 1.19 2022/09/11 17:30:13 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -149,46 +149,3 @@ d2i_PKCS12_fp(FILE fp, PKCS12 *p12)
149	{	149	{
150	return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);	150	return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);
151	}	151	}
152
153	#if !defined(LIBRESSL_NEXT_API)
154	#undef PKCS12_x5092certbag
155	#undef PKCS12_x509crl2certbag
156	#undef PKCS12_certbag2x509
157	#undef PKCS12_certbag2x509crl
158
159	PKCS12_SAFEBAG *
160	PKCS12_x5092certbag(X509 *x509)
161	{
162	return PKCS12_item_pack_safebag(x509, &X509_it,
163	NID_x509Certificate, NID_certBag);
164	}
165
166	PKCS12_SAFEBAG *
167	PKCS12_x509crl2certbag(X509_CRL *crl)
168	{
169	return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
170	NID_x509Crl, NID_crlBag);
171	}
172
173	X509 *
174	PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
175	{
176	if (OBJ_obj2nid(bag->type) != NID_certBag)
177	return NULL;
178	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
179	return NULL;
180	return ASN1_item_unpack(bag->value.bag->value.octet,
181	&X509_it);
182	}
183
184	X509_CRL *
185	PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
186	{
187	if (OBJ_obj2nid(bag->type) != NID_crlBag)
188	return NULL;
189	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
190	return NULL;
191	return ASN1_item_unpack(bag->value.bag->value.octet,
192	&X509_CRL_it);
193	}
194	#endif


diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h index a40659fcf3..44dbb38153 100644 --- a/src/lib/libcrypto/pkcs12/pkcs12.h +++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pkcs12.h,v 1.26 2022/08/03 20:16:06 tb Exp $ */	1	/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -96,43 +96,16 @@ extern "C" {
96	#define KEY_EX 0x10	96	#define KEY_EX 0x10
97	#define KEY_SIG 0x80	97	#define KEY_SIG 0x80
98		98
99	typedef struct {	99	typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
100	X509_SIG *dinfo;	100
101	ASN1_OCTET_STRING *salt;	101	typedef struct PKCS12_st PKCS12;
102	ASN1_INTEGER iter; / defaults to 1 */	102
103	} PKCS12_MAC_DATA;	103	typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
104
105	typedef struct {
106	ASN1_INTEGER *version;
107	PKCS12_MAC_DATA *mac;
108	PKCS7 *authsafes;
109	} PKCS12;
110
111	typedef struct {
112	ASN1_OBJECT *type;
113	union {
114	struct pkcs12_bag_st bag; / secret, crl and certbag */
115	struct pkcs8_priv_key_info_st keybag; / keybag */
116	X509_SIG shkeybag; / shrouded key bag */
117	STACK_OF(PKCS12_SAFEBAG) *safes;
118	ASN1_TYPE *other;
119	} value;
120	STACK_OF(X509_ATTRIBUTE) *attrib;
121	} PKCS12_SAFEBAG;
122		104
123	DECLARE_STACK_OF(PKCS12_SAFEBAG)	105	DECLARE_STACK_OF(PKCS12_SAFEBAG)
124	DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)	106	DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
125		107
126	typedef struct pkcs12_bag_st {	108	typedef struct pkcs12_bag_st PKCS12_BAGS;
127	ASN1_OBJECT *type;
128	union {
129	ASN1_OCTET_STRING *x509cert;
130	ASN1_OCTET_STRING *x509crl;
131	ASN1_OCTET_STRING *octet;
132	ASN1_IA5STRING *sdsicert;
133	ASN1_TYPE other; / Secret or other bag */
134	} value;
135	} PKCS12_BAGS;
136		109
137	#define PKCS12_ERROR 0	110	#define PKCS12_ERROR 0
138	#define PKCS12_OK 1	111	#define PKCS12_OK 1
@@ -155,16 +128,8 @@ typedef struct pkcs12_bag_st {
155	#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey	128	#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
156	#define M_PKCS8_decrypt PKCS8_decrypt	129	#define M_PKCS8_decrypt PKCS8_decrypt
157		130
158	#if !defined(LIBRESSL_NEXT_API)
159	#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
160	#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
161	#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
162	#endif
163
164	#endif /* !LIBRESSL_INTERNAL */	131	#endif /* !LIBRESSL_INTERNAL */
165		132
166	#if defined(LIBRESSL_NEXT_API) \|\| defined(LIBRESSL_INTERNAL)
167
168	#define M_PKCS12_bag_type PKCS12_bag_type	133	#define M_PKCS12_bag_type PKCS12_bag_type
169	#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type	134	#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
170	#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type	135	#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
@@ -210,28 +175,6 @@ const STACK_OF(PKCS12_SAFEBAG) *
210	PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);	175	PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
211	const ASN1_OBJECT PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG bag);	176	const ASN1_OBJECT PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG bag);
212		177
213	#else /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL*/
214
215	#define PKCS12_get_attr(bag, attr_nid) \
216	PKCS12_get_attr_gen(bag->attrib, attr_nid)
217
218	#define PKCS8_get_attr(p8, attr_nid) \
219	PKCS12_get_attr_gen(p8->attributes, attr_nid)
220
221	#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
222
223	PKCS12_SAFEBAG PKCS12_x5092certbag(X509 x509);
224	PKCS12_SAFEBAG PKCS12_x509crl2certbag(X509_CRL crl);
225	X509 PKCS12_certbag2x509(PKCS12_SAFEBAG bag);
226	X509_CRL PKCS12_certbag2x509crl(PKCS12_SAFEBAG bag);
227
228	PKCS12_SAFEBAG PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO p8);
229	PKCS12_SAFEBAG PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char pass,
230	int passlen, unsigned char *salt, int saltlen, int iter,
231	PKCS8_PRIV_KEY_INFO *p8);
232
233	#endif /* !LIBRESSL_NEXT_API && !LIBRESSL_INTERNAL */
234
235	PKCS12_SAFEBAG PKCS12_item_pack_safebag(void obj, const ASN1_ITEM *it,	178	PKCS12_SAFEBAG PKCS12_item_pack_safebag(void obj, const ASN1_ITEM *it,
236	int nid1, int nid2);	179	int nid1, int nid2);
237	PKCS8_PRIV_KEY_INFO PKCS8_decrypt(const X509_SIG p8, const char *pass,	180	PKCS8_PRIV_KEY_INFO PKCS8_decrypt(const X509_SIG p8, const char *pass,


diff --git a/src/lib/libcrypto/pkcs12/pkcs12_local.h b/src/lib/libcrypto/pkcs12/pkcs12_local.h index c5a0de36c9..8723fdb2e4 100644 --- a/src/lib/libcrypto/pkcs12/pkcs12_local.h +++ b/src/lib/libcrypto/pkcs12/pkcs12_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pkcs12_local.h,v 1.1 2022/08/20 09:16:18 tb Exp $ */	1	/* $OpenBSD: pkcs12_local.h,v 1.2 2022/09/11 17:30:13 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -61,6 +61,41 @@
61		61
62	__BEGIN_HIDDEN_DECLS	62	__BEGIN_HIDDEN_DECLS
63		63
		64	struct PKCS12_MAC_DATA_st {
		65	X509_SIG *dinfo;
		66	ASN1_OCTET_STRING *salt;
		67	ASN1_INTEGER iter; / defaults to 1 */
		68	};
		69
		70	struct PKCS12_st {
		71	ASN1_INTEGER *version;
		72	PKCS12_MAC_DATA *mac;
		73	PKCS7 *authsafes;
		74	};
		75
		76	struct PKCS12_SAFEBAG_st {
		77	ASN1_OBJECT *type;
		78	union {
		79	struct pkcs12_bag_st bag; / secret, crl and certbag */
		80	struct pkcs8_priv_key_info_st keybag; / keybag */
		81	X509_SIG shkeybag; / shrouded key bag */
		82	STACK_OF(PKCS12_SAFEBAG) *safes;
		83	ASN1_TYPE *other;
		84	} value;
		85	STACK_OF(X509_ATTRIBUTE) *attrib;
		86	};
		87
		88	struct pkcs12_bag_st {
		89	ASN1_OBJECT *type;
		90	union {
		91	ASN1_OCTET_STRING *x509cert;
		92	ASN1_OCTET_STRING *x509crl;
		93	ASN1_OCTET_STRING *octet;
		94	ASN1_IA5STRING *sdsicert;
		95	ASN1_TYPE other; / Secret or other bag */
		96	} value;
		97	};
		98
64	__END_HIDDEN_DECLS	99	__END_HIDDEN_DECLS
65		100
66	#endif /* HEADER_PKCS12_LOCAL_H */	101	#endif /* HEADER_PKCS12_LOCAL_H */