From 65a74ca85df35967792e35e1060f5c4f7cfea35c Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 3 Aug 2022 20:16:06 +0000
Subject: Prepare to provide PKCS12 accessors

In order to be able to make pkcs12/ opaque, we need an entire family of
accessors. These are in a particularly nasty tangle since this was done
in about a dozen steps while sprinkling const, renaming functions, etc.
The public API also adds backward compat macros for functions that were
in the tree for half a day and then renamed. Of course some of them got
picked up by some ports.

Some of the gruesome hacks in here will go away with the next bump, but
that doesn't mean that the pkcs12 directory will be prettier afterward.

ok jsing
---
 src/lib/libcrypto/pkcs12/p12_crt.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/lib/libcrypto/pkcs12/p12_crt.c')

diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index f8ba3357e7..dbcfd25478 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_crt.c,v 1.18 2018/05/13 13:46:55 tb Exp $ */
+/* $OpenBSD: p12_crt.c,v 1.19 2022/08/03 20:16:06 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -232,12 +232,12 @@ PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,
 	if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
 		goto err;
 	if (nid_key != -1) {
-		bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0,
-		    iter, p8);
+		bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1,
+		    NULL, 0, iter, p8);
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		p8 = NULL;
 	} else {
-		bag = PKCS12_MAKE_KEYBAG(p8);
+		bag = PKCS12_SAFEBAG_create0_p8inf(p8);
 		if (bag != NULL)
 			p8 = NULL;
 	}
-- 
cgit v1.2.3-55-g6feb