From fdfad9e1701882b4e72b41155a9c8e4ef338ddbf Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 2 Mar 2024 10:17:37 +0000
Subject: Remove most PBEPARAM stuff from public visibility

The struct itself needs to remain public, unfortunately.

ok jsing
---
 src/lib/libcrypto/Symbols.list      | 14 --------------
 src/lib/libcrypto/asn1/p5_pbe.c     |  4 +++-
 src/lib/libcrypto/asn1/p5_pbev2.c   |  3 ++-
 src/lib/libcrypto/evp/evp_pbe.c     |  3 ++-
 src/lib/libcrypto/x509/x509.h       | 33 +--------------------------------
 src/lib/libcrypto/x509/x509_local.h | 33 ++++++++++++++++++++++++++++++++-
 6 files changed, 40 insertions(+), 50 deletions(-)

diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 88c618de26..7a27d6d1a3 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -1810,15 +1810,7 @@ OpenSSL_add_all_ciphers
 OpenSSL_add_all_digests
 OpenSSL_version
 OpenSSL_version_num
-PBE2PARAM_free
-PBE2PARAM_it
-PBE2PARAM_new
-PBEPARAM_free
 PBEPARAM_it
-PBEPARAM_new
-PBKDF2PARAM_free
-PBKDF2PARAM_it
-PBKDF2PARAM_new
 PEM_ASN1_read
 PEM_ASN1_read_bio
 PEM_ASN1_write
@@ -3182,9 +3174,6 @@ d2i_OCSP_SERVICELOC
 d2i_OCSP_SIGNATURE
 d2i_OCSP_SINGLERESP
 d2i_OTHERNAME
-d2i_PBE2PARAM
-d2i_PBEPARAM
-d2i_PBKDF2PARAM
 d2i_PKCS12
 d2i_PKCS12_SAFEBAG
 d2i_PKCS12_bio
@@ -3377,9 +3366,6 @@ i2d_OCSP_SERVICELOC
 i2d_OCSP_SIGNATURE
 i2d_OCSP_SINGLERESP
 i2d_OTHERNAME
-i2d_PBE2PARAM
-i2d_PBEPARAM
-i2d_PBKDF2PARAM
 i2d_PKCS12
 i2d_PKCS12_SAFEBAG
 i2d_PKCS12_bio
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
index 204e818286..0b628b36d9 100644
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbe.c,v 1.25 2023/07/07 19:37:52 beck Exp $ */
+/* $OpenBSD: p5_pbe.c,v 1.26 2024/03/02 10:17:37 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -64,6 +64,8 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+#include "x509_local.h"
+
 /* PKCS#5 password based encryption structure */
 
 static const ASN1_TEMPLATE PBEPARAM_seq_tt[] = {
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 8ee752c020..ebb20c296f 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbev2.c,v 1.31 2024/02/18 15:44:10 tb Exp $ */
+/* $OpenBSD: p5_pbev2.c,v 1.32 2024/03/02 10:17:37 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999-2004.
  */
@@ -65,6 +65,7 @@
 #include <openssl/x509.h>
 
 #include "evp_local.h"
+#include "x509_local.h"
 
 /* PKCS#5 v2.0 password based encryption structures */
 
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 3f1f1ec9a4..a9f5b8fb12 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_pbe.c,v 1.44 2024/03/02 10:15:15 tb Exp $ */
+/* $OpenBSD: evp_pbe.c,v 1.45 2024/03/02 10:17:37 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -70,6 +70,7 @@
 #include "evp_local.h"
 #include "hmac_local.h"
 #include "pkcs12_local.h"
+#include "x509_local.h"
 
 /* Password based encryption (PBE) functions */
 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index fe18202533..bd8497d9c4 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.103 2023/11/02 20:25:48 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.104 2024/03/02 10:17:37 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -328,28 +328,11 @@ typedef struct Netscape_spki_st {
 	ASN1_BIT_STRING *signature;
 } NETSCAPE_SPKI;
 
-/* Password based encryption structure */
-
 typedef struct PBEPARAM_st {
 	ASN1_OCTET_STRING *salt;
 	ASN1_INTEGER *iter;
 } PBEPARAM;
 
-/* Password based encryption V2 structures */
-
-typedef struct PBE2PARAM_st {
-	X509_ALGOR *keyfunc;
-	X509_ALGOR *encryption;
-} PBE2PARAM;
-
-typedef struct PBKDF2PARAM_st {
-	/* Usually OCTET STRING but could be anything */
-	ASN1_TYPE *salt;
-	ASN1_INTEGER *iter;
-	ASN1_INTEGER *keylength;
-	X509_ALGOR *prf;
-} PBKDF2PARAM;
-
 #ifdef  __cplusplus
 }
 #endif
@@ -1033,21 +1016,7 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
 				     ASN1_INTEGER *serial);
 X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
 
-PBEPARAM *PBEPARAM_new(void);
-void PBEPARAM_free(PBEPARAM *a);
-PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len);
-int i2d_PBEPARAM(PBEPARAM *a, unsigned char **out);
 extern const ASN1_ITEM PBEPARAM_it;
-PBE2PARAM *PBE2PARAM_new(void);
-void PBE2PARAM_free(PBE2PARAM *a);
-PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len);
-int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out);
-extern const ASN1_ITEM PBE2PARAM_it;
-PBKDF2PARAM *PBKDF2PARAM_new(void);
-void PBKDF2PARAM_free(PBKDF2PARAM *a);
-PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len);
-int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out);
-extern const ASN1_ITEM PBKDF2PARAM_it;
 
 int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
 				const unsigned char *salt, int saltlen);
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h
index f62f5ad57d..1e813797e1 100644
--- a/src/lib/libcrypto/x509/x509_local.h
+++ b/src/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509_local.h,v 1.18 2024/01/06 17:37:23 tb Exp $ */
+/*	$OpenBSD: x509_local.h,v 1.19 2024/03/02 10:17:37 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -360,6 +360,37 @@ int X509_policy_check(const STACK_OF(X509) *certs,
     const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags,
     X509 **out_current_cert);
 
+PBEPARAM *PBEPARAM_new(void);
+void PBEPARAM_free(PBEPARAM *a);
+PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len);
+int i2d_PBEPARAM(PBEPARAM *a, unsigned char **out);
+
+/* Password based encryption V2 structures */
+typedef struct PBE2PARAM_st {
+	X509_ALGOR *keyfunc;
+	X509_ALGOR *encryption;
+} PBE2PARAM;
+
+PBE2PARAM *PBE2PARAM_new(void);
+void PBE2PARAM_free(PBE2PARAM *a);
+PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len);
+int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out);
+extern const ASN1_ITEM PBE2PARAM_it;
+
+typedef struct PBKDF2PARAM_st {
+	/* Usually OCTET STRING but could be anything */
+	ASN1_TYPE *salt;
+	ASN1_INTEGER *iter;
+	ASN1_INTEGER *keylength;
+	X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+PBKDF2PARAM *PBKDF2PARAM_new(void);
+void PBKDF2PARAM_free(PBKDF2PARAM *a);
+PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len);
+int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out);
+extern const ASN1_ITEM PBKDF2PARAM_it;
+
 __END_HIDDEN_DECLS
 
 #endif /* !HEADER_X509_LOCAL_H */
-- 
cgit v1.2.3-55-g6feb