From a49530d730a50ca4dac4bc7514f79894aa6176d0 Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 2 Mar 2024 10:15:15 +0000 Subject: [PATCH] Remove a lot of PKCS12 garbage from the public API PKCS12 is a hot mess. Please participate in the survey at the end of https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html to increase its credibility and unanimity. ok jsing --- lib/libcrypto/Symbols.list | 39 -------------- lib/libcrypto/Symbols.namespace | 34 ------------ lib/libcrypto/evp/evp_pbe.c | 6 ++- lib/libcrypto/hidden/openssl/pkcs12.h | 37 +------------ lib/libcrypto/pkcs12/p12_add.c | 6 +-- lib/libcrypto/pkcs12/p12_asn.c | 10 +--- lib/libcrypto/pkcs12/p12_decr.c | 7 +-- lib/libcrypto/pkcs12/p12_key.c | 5 +- lib/libcrypto/pkcs12/p12_mutl.c | 3 +- lib/libcrypto/pkcs12/p12_p8d.c | 3 +- lib/libcrypto/pkcs12/p12_p8e.c | 3 +- lib/libcrypto/pkcs12/pkcs12.h | 71 ++----------------------- lib/libcrypto/pkcs12/pkcs12_local.h | 75 ++++++++++++++++++++++++++- 13 files changed, 94 insertions(+), 205 deletions(-) diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index 84a38a342d8..88c618de265 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -1930,21 +1930,7 @@ PEM_write_bio_X509_AUX PEM_write_bio_X509_CRL PEM_write_bio_X509_REQ PEM_write_bio_X509_REQ_NEW -PKCS12_AUTHSAFES_it -PKCS12_BAGS_free -PKCS12_BAGS_it -PKCS12_BAGS_new -PKCS12_MAC_DATA_free -PKCS12_MAC_DATA_it -PKCS12_MAC_DATA_new PKCS12_PBE_add -PKCS12_PBE_keyivgen -PKCS12_SAFEBAGS_it -PKCS12_SAFEBAG_create0_p8inf -PKCS12_SAFEBAG_create0_pkcs8 -PKCS12_SAFEBAG_create_cert -PKCS12_SAFEBAG_create_crl -PKCS12_SAFEBAG_create_pkcs8_encrypt PKCS12_SAFEBAG_free PKCS12_SAFEBAG_get0_attr PKCS12_SAFEBAG_get0_attrs @@ -1958,38 +1944,17 @@ PKCS12_SAFEBAG_get_bag_nid PKCS12_SAFEBAG_get_nid PKCS12_SAFEBAG_it PKCS12_SAFEBAG_new -PKCS12_add_CSPName_asc -PKCS12_add_cert -PKCS12_add_friendlyname_asc -PKCS12_add_friendlyname_uni -PKCS12_add_key -PKCS12_add_localkeyid -PKCS12_add_safe -PKCS12_add_safes PKCS12_create PKCS12_decrypt_skey PKCS12_free -PKCS12_gen_mac PKCS12_get0_mac -PKCS12_get_attr_gen PKCS12_get_friendlyname -PKCS12_init PKCS12_it -PKCS12_item_decrypt_d2i -PKCS12_item_i2d_encrypt -PKCS12_item_pack_safebag -PKCS12_key_gen_asc -PKCS12_key_gen_uni PKCS12_mac_present PKCS12_new PKCS12_newpass -PKCS12_pack_authsafes -PKCS12_pack_p7data -PKCS12_pack_p7encdata PKCS12_parse -PKCS12_pbe_crypt PKCS12_set_mac -PKCS12_setup_mac PKCS12_unpack_authsafes PKCS12_unpack_p7data PKCS12_unpack_p7encdata @@ -3221,8 +3186,6 @@ d2i_PBE2PARAM d2i_PBEPARAM d2i_PBKDF2PARAM d2i_PKCS12 -d2i_PKCS12_BAGS -d2i_PKCS12_MAC_DATA d2i_PKCS12_SAFEBAG d2i_PKCS12_bio d2i_PKCS12_fp @@ -3418,8 +3381,6 @@ i2d_PBE2PARAM i2d_PBEPARAM i2d_PBKDF2PARAM i2d_PKCS12 -i2d_PKCS12_BAGS -i2d_PKCS12_MAC_DATA i2d_PKCS12_SAFEBAG i2d_PKCS12_bio i2d_PKCS12_fp diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace index d63bb91c121..a540b310489 100644 --- a/lib/libcrypto/Symbols.namespace +++ b/lib/libcrypto/Symbols.namespace @@ -136,40 +136,18 @@ _libre_PKCS12_SAFEBAG_get1_crl _libre_PKCS8_get_attr _libre_PKCS12_mac_present _libre_PKCS12_get0_mac -_libre_PKCS12_SAFEBAG_create_cert -_libre_PKCS12_SAFEBAG_create_crl -_libre_PKCS12_SAFEBAG_create0_p8inf -_libre_PKCS12_SAFEBAG_create0_pkcs8 -_libre_PKCS12_SAFEBAG_create_pkcs8_encrypt _libre_PKCS12_SAFEBAG_get0_p8inf _libre_PKCS12_SAFEBAG_get0_pkcs8 _libre_PKCS12_SAFEBAG_get0_safes _libre_PKCS12_SAFEBAG_get0_type -_libre_PKCS12_item_pack_safebag _libre_PKCS8_decrypt _libre_PKCS12_decrypt_skey _libre_PKCS8_encrypt -_libre_PKCS12_pack_p7data _libre_PKCS12_unpack_p7data -_libre_PKCS12_pack_p7encdata _libre_PKCS12_unpack_p7encdata -_libre_PKCS12_pack_authsafes _libre_PKCS12_unpack_authsafes -_libre_PKCS12_add_localkeyid -_libre_PKCS12_add_friendlyname_asc -_libre_PKCS12_add_CSPName_asc -_libre_PKCS12_add_friendlyname_uni _libre_PKCS8_add_keyusage -_libre_PKCS12_get_attr_gen _libre_PKCS12_get_friendlyname -_libre_PKCS12_pbe_crypt -_libre_PKCS12_item_decrypt_d2i -_libre_PKCS12_item_i2d_encrypt -_libre_PKCS12_init -_libre_PKCS12_key_gen_asc -_libre_PKCS12_key_gen_uni -_libre_PKCS12_PBE_keyivgen -_libre_PKCS12_gen_mac _libre_PKCS12_verify_mac _libre_PKCS12_set_mac _libre_PKCS12_setup_mac @@ -179,25 +157,13 @@ _libre_PKCS12_new _libre_PKCS12_free _libre_d2i_PKCS12 _libre_i2d_PKCS12 -_libre_PKCS12_MAC_DATA_new -_libre_PKCS12_MAC_DATA_free -_libre_d2i_PKCS12_MAC_DATA -_libre_i2d_PKCS12_MAC_DATA _libre_PKCS12_SAFEBAG_new _libre_PKCS12_SAFEBAG_free _libre_d2i_PKCS12_SAFEBAG _libre_i2d_PKCS12_SAFEBAG -_libre_PKCS12_BAGS_new -_libre_PKCS12_BAGS_free -_libre_d2i_PKCS12_BAGS -_libre_i2d_PKCS12_BAGS _libre_PKCS12_PBE_add _libre_PKCS12_parse _libre_PKCS12_create -_libre_PKCS12_add_cert -_libre_PKCS12_add_key -_libre_PKCS12_add_safe -_libre_PKCS12_add_safes _libre_i2d_PKCS12_bio _libre_i2d_PKCS12_fp _libre_d2i_PKCS12_bio diff --git a/lib/libcrypto/evp/evp_pbe.c b/lib/libcrypto/evp/evp_pbe.c index e33f2cb08f4..3f1f1ec9a4d 100644 --- a/lib/libcrypto/evp/evp_pbe.c +++ b/lib/libcrypto/evp/evp_pbe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_pbe.c,v 1.43 2024/03/02 10:06:48 tb Exp $ */ +/* $OpenBSD: evp_pbe.c,v 1.44 2024/03/02 10:15:15 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -69,8 +69,12 @@ #include "evp_local.h" #include "hmac_local.h" +#include "pkcs12_local.h" /* Password based encryption (PBE) functions */ +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, + int en_de); static const struct pbe_config { int pbe_nid; diff --git a/lib/libcrypto/hidden/openssl/pkcs12.h b/lib/libcrypto/hidden/openssl/pkcs12.h index 9a2dffa3549..4c37e73cc4c 100644 --- a/lib/libcrypto/hidden/openssl/pkcs12.h +++ b/lib/libcrypto/hidden/openssl/pkcs12.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.h,v 1.2 2023/07/05 21:14:54 bcook Exp $ */ +/* $OpenBSD: pkcs12.h,v 1.3 2024/03/02 10:15:16 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -34,68 +34,33 @@ LCRYPTO_USED(PKCS12_SAFEBAG_get1_crl); LCRYPTO_USED(PKCS8_get_attr); LCRYPTO_USED(PKCS12_mac_present); LCRYPTO_USED(PKCS12_get0_mac); -LCRYPTO_USED(PKCS12_SAFEBAG_create_cert); -LCRYPTO_USED(PKCS12_SAFEBAG_create_crl); -LCRYPTO_USED(PKCS12_SAFEBAG_create0_p8inf); -LCRYPTO_USED(PKCS12_SAFEBAG_create0_pkcs8); -LCRYPTO_USED(PKCS12_SAFEBAG_create_pkcs8_encrypt); LCRYPTO_USED(PKCS12_SAFEBAG_get0_p8inf); LCRYPTO_USED(PKCS12_SAFEBAG_get0_pkcs8); LCRYPTO_USED(PKCS12_SAFEBAG_get0_safes); LCRYPTO_USED(PKCS12_SAFEBAG_get0_type); -LCRYPTO_USED(PKCS12_item_pack_safebag); LCRYPTO_USED(PKCS8_decrypt); LCRYPTO_USED(PKCS12_decrypt_skey); LCRYPTO_USED(PKCS8_encrypt); -LCRYPTO_USED(PKCS12_pack_p7data); LCRYPTO_USED(PKCS12_unpack_p7data); -LCRYPTO_USED(PKCS12_pack_p7encdata); LCRYPTO_USED(PKCS12_unpack_p7encdata); -LCRYPTO_USED(PKCS12_pack_authsafes); LCRYPTO_USED(PKCS12_unpack_authsafes); -LCRYPTO_USED(PKCS12_add_localkeyid); -LCRYPTO_USED(PKCS12_add_friendlyname_asc); -LCRYPTO_USED(PKCS12_add_CSPName_asc); -LCRYPTO_USED(PKCS12_add_friendlyname_uni); LCRYPTO_USED(PKCS8_add_keyusage); -LCRYPTO_USED(PKCS12_get_attr_gen); LCRYPTO_USED(PKCS12_get_friendlyname); -LCRYPTO_USED(PKCS12_pbe_crypt); -LCRYPTO_USED(PKCS12_item_decrypt_d2i); -LCRYPTO_USED(PKCS12_item_i2d_encrypt); -LCRYPTO_USED(PKCS12_init); -LCRYPTO_USED(PKCS12_key_gen_asc); -LCRYPTO_USED(PKCS12_key_gen_uni); -LCRYPTO_USED(PKCS12_PBE_keyivgen); -LCRYPTO_USED(PKCS12_gen_mac); LCRYPTO_USED(PKCS12_verify_mac); LCRYPTO_USED(PKCS12_set_mac); -LCRYPTO_USED(PKCS12_setup_mac); LCRYPTO_USED(OPENSSL_asc2uni); LCRYPTO_USED(OPENSSL_uni2asc); LCRYPTO_USED(PKCS12_new); LCRYPTO_USED(PKCS12_free); LCRYPTO_USED(d2i_PKCS12); LCRYPTO_USED(i2d_PKCS12); -LCRYPTO_USED(PKCS12_MAC_DATA_new); -LCRYPTO_USED(PKCS12_MAC_DATA_free); -LCRYPTO_USED(d2i_PKCS12_MAC_DATA); -LCRYPTO_USED(i2d_PKCS12_MAC_DATA); LCRYPTO_USED(PKCS12_SAFEBAG_new); LCRYPTO_USED(PKCS12_SAFEBAG_free); LCRYPTO_USED(d2i_PKCS12_SAFEBAG); LCRYPTO_USED(i2d_PKCS12_SAFEBAG); -LCRYPTO_USED(PKCS12_BAGS_new); -LCRYPTO_USED(PKCS12_BAGS_free); -LCRYPTO_USED(d2i_PKCS12_BAGS); -LCRYPTO_USED(i2d_PKCS12_BAGS); LCRYPTO_USED(PKCS12_PBE_add); LCRYPTO_USED(PKCS12_parse); LCRYPTO_USED(PKCS12_create); -LCRYPTO_USED(PKCS12_add_cert); -LCRYPTO_USED(PKCS12_add_key); -LCRYPTO_USED(PKCS12_add_safe); -LCRYPTO_USED(PKCS12_add_safes); LCRYPTO_USED(i2d_PKCS12_bio); LCRYPTO_USED(i2d_PKCS12_fp); LCRYPTO_USED(d2i_PKCS12_bio); diff --git a/lib/libcrypto/pkcs12/p12_add.c b/lib/libcrypto/pkcs12/p12_add.c index 8ce1fede74f..dd72c999859 100644 --- a/lib/libcrypto/pkcs12/p12_add.c +++ b/lib/libcrypto/pkcs12/p12_add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_add.c,v 1.23 2024/01/25 13:44:08 tb Exp $ */ +/* $OpenBSD: p12_add.c,v 1.24 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -90,7 +90,6 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2) safebag->type = OBJ_nid2obj(nid2); return safebag; } -LCRYPTO_ALIAS(PKCS12_item_pack_safebag); /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ PKCS7 * @@ -118,7 +117,6 @@ err: PKCS7_free(p7); return NULL; } -LCRYPTO_ALIAS(PKCS12_pack_p7data); /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ STACK_OF(PKCS12_SAFEBAG) * @@ -181,7 +179,6 @@ err: PKCS7_free(p7); return NULL; } -LCRYPTO_ALIAS(PKCS12_pack_p7encdata); STACK_OF(PKCS12_SAFEBAG) * PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) @@ -214,7 +211,6 @@ PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) return 1; return 0; } -LCRYPTO_ALIAS(PKCS12_pack_authsafes); STACK_OF(PKCS7) * PKCS12_unpack_authsafes(const PKCS12 *p12) diff --git a/lib/libcrypto/pkcs12/p12_asn.c b/lib/libcrypto/pkcs12/p12_asn.c index a9decccb5b3..e6078050be8 100644 --- a/lib/libcrypto/pkcs12/p12_asn.c +++ b/lib/libcrypto/pkcs12/p12_asn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_asn.c,v 1.14 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_asn.c,v 1.15 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -170,28 +170,24 @@ d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len) return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &PKCS12_MAC_DATA_it); } -LCRYPTO_ALIAS(d2i_PKCS12_MAC_DATA); int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out) { return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it); } -LCRYPTO_ALIAS(i2d_PKCS12_MAC_DATA); PKCS12_MAC_DATA * PKCS12_MAC_DATA_new(void) { return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it); } -LCRYPTO_ALIAS(PKCS12_MAC_DATA_new); void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a) { ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it); } -LCRYPTO_ALIAS(PKCS12_MAC_DATA_free); static const ASN1_TEMPLATE bag_default_tt = { .flags = ASN1_TFLG_EXPLICIT, @@ -280,28 +276,24 @@ d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len) return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &PKCS12_BAGS_it); } -LCRYPTO_ALIAS(d2i_PKCS12_BAGS); int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out) { return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it); } -LCRYPTO_ALIAS(i2d_PKCS12_BAGS); PKCS12_BAGS * PKCS12_BAGS_new(void) { return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it); } -LCRYPTO_ALIAS(PKCS12_BAGS_new); void PKCS12_BAGS_free(PKCS12_BAGS *a) { ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it); } -LCRYPTO_ALIAS(PKCS12_BAGS_free); static const ASN1_TEMPLATE safebag_default_tt = { .flags = ASN1_TFLG_EXPLICIT, diff --git a/lib/libcrypto/pkcs12/p12_decr.c b/lib/libcrypto/pkcs12/p12_decr.c index 04818acd13f..907d4e52a6c 100644 --- a/lib/libcrypto/pkcs12/p12_decr.c +++ b/lib/libcrypto/pkcs12/p12_decr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_decr.c,v 1.25 2024/02/18 15:44:10 tb Exp $ */ +/* $OpenBSD: p12_decr.c,v 1.26 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -116,7 +116,6 @@ err: return out; } -LCRYPTO_ALIAS(PKCS12_pbe_crypt); /* Decrypt an OCTET STRING and decode ASN1 structure * if zbuf set zero buffer after use. @@ -145,7 +144,6 @@ PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, free(out); return ret; } -LCRYPTO_ALIAS(PKCS12_item_decrypt_d2i); /* Encode ASN1 structure and encrypt, return OCTET STRING * if zbuf set zero encoding. @@ -184,6 +182,3 @@ err: ASN1_OCTET_STRING_free(oct); return NULL; } -LCRYPTO_ALIAS(PKCS12_item_i2d_encrypt); - -IMPLEMENT_PKCS12_STACK_OF(PKCS7) diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c index 8812f1c06a8..78e7d0450ed 100644 --- a/lib/libcrypto/pkcs12/p12_key.c +++ b/lib/libcrypto/pkcs12/p12_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_key.c,v 1.34 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_key.c,v 1.35 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -64,6 +64,7 @@ #include #include "evp_local.h" +#include "pkcs12_local.h" /* PKCS12 compatible key/IV generation */ #ifndef min @@ -93,7 +94,6 @@ PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, freezero(unipass, uniplen); return ret; } -LCRYPTO_ALIAS(PKCS12_key_gen_asc); int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, @@ -194,4 +194,3 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, return ret; } -LCRYPTO_ALIAS(PKCS12_key_gen_uni); diff --git a/lib/libcrypto/pkcs12/p12_mutl.c b/lib/libcrypto/pkcs12/p12_mutl.c index c71ed735ea6..2a728294aff 100644 --- a/lib/libcrypto/pkcs12/p12_mutl.c +++ b/lib/libcrypto/pkcs12/p12_mutl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_mutl.c,v 1.36 2024/01/25 13:44:08 tb Exp $ */ +/* $OpenBSD: p12_mutl.c,v 1.37 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -263,5 +263,4 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 1; } -LCRYPTO_ALIAS(PKCS12_setup_mac); #endif diff --git a/lib/libcrypto/pkcs12/p12_p8d.c b/lib/libcrypto/pkcs12/p12_p8d.c index dd5e8d9875c..d4874e3b738 100644 --- a/lib/libcrypto/pkcs12/p12_p8d.c +++ b/lib/libcrypto/pkcs12/p12_p8d.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_p8d.c,v 1.11 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_p8d.c,v 1.12 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -60,6 +60,7 @@ #include +#include "pkcs12_local.h" #include "x509_local.h" PKCS8_PRIV_KEY_INFO * diff --git a/lib/libcrypto/pkcs12/p12_p8e.c b/lib/libcrypto/pkcs12/p12_p8e.c index 87c4be56a31..bf61593266e 100644 --- a/lib/libcrypto/pkcs12/p12_p8e.c +++ b/lib/libcrypto/pkcs12/p12_p8e.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_p8e.c,v 1.12 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_p8e.c,v 1.13 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -61,6 +61,7 @@ #include #include +#include "pkcs12_local.h" #include "x509_local.h" X509_SIG * diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h index 44dbb381533..962403976db 100644 --- a/lib/libcrypto/pkcs12/pkcs12.h +++ b/lib/libcrypto/pkcs12/pkcs12.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */ +/* $OpenBSD: pkcs12.h,v 1.28 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -161,22 +161,12 @@ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg, const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter, const PKCS12 *p12); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, - const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8); - const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); const STACK_OF(PKCS12_SAFEBAG) * PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); -PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - int nid1, int nid2); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, @@ -184,53 +174,19 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); -PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); + STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); -PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen); - -int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); -int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - int namelen); -int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); -int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); -int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, - int namelen); int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); -ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, - int attr_nid); char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); -unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, - int passlen, const unsigned char *in, int inlen, unsigned char **data, - int *datalen, int en_de); -void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf); -ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, - const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf); -PKCS12 *PKCS12_init(int mode); -int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, unsigned char *out, - const EVP_MD *md_type); -int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, unsigned char *out, - const EVP_MD *md_type); -int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, - int en_de); -int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen); int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type); -int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, - int saltlen, const EVP_MD *md_type); + unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); @@ -240,24 +196,12 @@ void PKCS12_free(PKCS12 *a); PKCS12 *d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len); int i2d_PKCS12(PKCS12 *a, unsigned char **out); extern const ASN1_ITEM PKCS12_it; -PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void); -void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a); -PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len); -int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out); -extern const ASN1_ITEM PKCS12_MAC_DATA_it; + PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void); void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a); PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len); int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out); extern const ASN1_ITEM PKCS12_SAFEBAG_it; -PKCS12_BAGS *PKCS12_BAGS_new(void); -void PKCS12_BAGS_free(PKCS12_BAGS *a); -PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len); -int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out); -extern const ASN1_ITEM PKCS12_BAGS_it; - -extern const ASN1_ITEM PKCS12_SAFEBAGS_it; -extern const ASN1_ITEM PKCS12_AUTHSAFES_it; void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, @@ -266,13 +210,6 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype); -PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); -PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, - int key_usage, int iter, int key_nid, const char *pass); -int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int safe_nid, int iter, const char *pass); -PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); - int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); diff --git a/lib/libcrypto/pkcs12/pkcs12_local.h b/lib/libcrypto/pkcs12/pkcs12_local.h index 8d82d2f4622..dfdcdce1f99 100644 --- a/lib/libcrypto/pkcs12/pkcs12_local.h +++ b/lib/libcrypto/pkcs12/pkcs12_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12_local.h,v 1.4 2024/01/25 13:44:08 tb Exp $ */ +/* $OpenBSD: pkcs12_local.h,v 1.5 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -96,6 +96,79 @@ struct pkcs12_bag_st { } value; }; +extern const ASN1_ITEM PKCS12_SAFEBAGS_it; +extern const ASN1_ITEM PKCS12_AUTHSAFES_it; + +PKCS12_BAGS *PKCS12_BAGS_new(void); +void PKCS12_BAGS_free(PKCS12_BAGS *a); +PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len); +int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_BAGS_it; + +PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void); +void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a); +PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len); +int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_MAC_DATA_it; + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, + int key_usage, int iter, int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, + int namelen); +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); + +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); + +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); + +PKCS12 *PKCS12_init(int mode); + +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf); +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); + +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, unsigned char *out, + const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, unsigned char *out, + const EVP_MD *md_type); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags); + +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, + int passlen, const unsigned char *in, int inlen, unsigned char **data, + int *datalen, int en_de); + +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); + /* XXX - should go into pkcs7_local.h. */ ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); -- 2.20.1