[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Mon Feb 8 19:15:45 UTC 2016
The branch master has been updated
via 9fc65806d5c879ffa9ada4941f11e82c21cb3dd2 (commit)
via 584bdebc3fafc7ee3226a74007abd783e5756690 (commit)
via c9018bdf813e2a0ebb9e188318b4152743f8cb07 (commit)
via 116503cd51aa3195ce16a82ce9b789abe58a8928 (commit)
via 70c7778db1d5cdb8dbd5c6adff3c8da3ea462da3 (commit)
via 425f33000722f28462ad0b0e01ad2de686c2a00f (commit)
via c8494af54a8903ce7ff11c30aa6007f98340f2c5 (commit)
via 293042c9d9411bd785d3f951ffe02ff6573e4854 (commit)
via 1e1b48d151a9e87592e3ba9303031c5ec0ebec8f (commit)
via 762ee38d55b0d0ca2a2e744b8e59dbc9f39c68a0 (commit)
via e8503762da9df43a414fc5d6c2d0399779f0ff33 (commit)
via 776cfa9bfbc4af1b41454b08f13b205766fa0eb9 (commit)
via 1387a2ecb8f4eecb407952f56eafcce10ab68cb0 (commit)
via 03922a635b363643cfaa28e282a090e593530d2a (commit)
via a40d594984f774e8563f3d932807a07c5548b181 (commit)
via 54c38b7f0dda668be82199b4e4aa56c1f6afe3ea (commit)
from b577fd0b81562ab97cf992bfffbdaf531e0d1d8c (commit)
- Log -----------------------------------------------------------------
commit 9fc65806d5c879ffa9ada4941f11e82c21cb3dd2
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Mon Feb 8 19:10:12 2016 +0000
Remove ancient compatibility defines.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 584bdebc3fafc7ee3226a74007abd783e5756690
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Mon Feb 8 17:00:00 2016 +0000
make update
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit c9018bdf813e2a0ebb9e188318b4152743f8cb07
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Feb 5 15:43:53 2016 +0000
fix various formatting issues
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 116503cd51aa3195ce16a82ce9b789abe58a8928
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Feb 5 15:43:20 2016 +0000
Only use compatibility macros for < 1.1 API.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 70c7778db1d5cdb8dbd5c6adff3c8da3ea462da3
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jan 12 00:00:08 2016 +0000
rename old functions names in libeay.num
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 425f33000722f28462ad0b0e01ad2de686c2a00f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Sep 27 13:42:04 2015 +0100
use new function names
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit c8494af54a8903ce7ff11c30aa6007f98340f2c5
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Feb 5 15:55:02 2016 +0000
Add p12_sbag.c to Makefile.in
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 293042c9d9411bd785d3f951ffe02ff6573e4854
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Sep 27 13:28:26 2015 +0100
Reorganise functions.
Move all PKCS12_SAFEBAG functions into new file p12_sbag.c.
Move MAC functions into p12_mutl.c
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 1e1b48d151a9e87592e3ba9303031c5ec0ebec8f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Sep 27 12:51:25 2015 +0100
pkcs12.h header reorganisation.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 762ee38d55b0d0ca2a2e744b8e59dbc9f39c68a0
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Sep 27 12:41:53 2015 +0100
Use new names
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit e8503762da9df43a414fc5d6c2d0399779f0ff33
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Sep 27 01:09:27 2015 +0100
Rename PKCS12 function
Rename ancient PKCS12 functions to use more logical names. Include
defines from old to new name.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 776cfa9bfbc4af1b41454b08f13b205766fa0eb9
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Sep 27 00:31:46 2015 +0100
Use accessors in pkcs12 app.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 1387a2ecb8f4eecb407952f56eafcce10ab68cb0
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Sep 27 00:33:59 2015 +0100
pkcs12 accessors
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 03922a635b363643cfaa28e282a090e593530d2a
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Sep 26 13:24:24 2015 +0100
more PKCS12 opacity
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit a40d594984f774e8563f3d932807a07c5548b181
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Sep 26 13:24:00 2015 +0100
New PKCS12 accessors, change macros to functions.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 54c38b7f0dda668be82199b4e4aa56c1f6afe3ea
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Sep 26 12:26:51 2015 +0100
Make PKCS12 structures opaque
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs12.c | 40 +++++----
crypto/pkcs12/Makefile.in | 4 +-
crypto/pkcs12/p12_add.c | 50 +----------
crypto/pkcs12/p12_asn.c | 1 +
crypto/pkcs12/p12_attr.c | 8 +-
crypto/pkcs12/p12_crt.c | 8 +-
crypto/pkcs12/p12_init.c | 1 +
crypto/pkcs12/p12_kiss.c | 16 ++--
crypto/pkcs12/p12_mutl.c | 31 +++++++
crypto/pkcs12/p12_npas.c | 3 +-
crypto/pkcs12/p12_sbag.c | 211 ++++++++++++++++++++++++++++++++++++++++++++++
crypto/pkcs12/p12_utl.c | 32 -------
crypto/pkcs12/pk12err.c | 8 +-
include/openssl/pkcs12.h | 117 +++++++++++--------------
util/libeay.num | 24 ++++--
15 files changed, 370 insertions(+), 184 deletions(-)
create mode 100644 crypto/pkcs12/p12_sbag.c
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 2ede384..2b9a080 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -540,9 +540,13 @@ int pkcs12_main(int argc, char **argv)
if (!twopass)
OPENSSL_strlcpy(macpass, pass, sizeof macpass);
- if ((options & INFO) && p12->mac)
+ if ((options & INFO) && PKCS12_mac_present(p12)) {
+ ASN1_INTEGER *tmaciter;
+
+ PKCS12_get0_mac(NULL, NULL, NULL, &tmaciter, p12);
BIO_printf(bio_err, "MAC Iteration %ld\n",
- p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
+ tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+ }
if (macver) {
/* If we enter empty password try no password first */
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
@@ -640,15 +644,18 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
+ STACK_OF(X509_ATTRIBUTE) *attrs;
- switch (M_PKCS12_bag_type(bag)) {
+ attrs = PKCS12_SAFEBAG_get0_attrs(bag);
+
+ switch (PKCS12_SAFEBAG_get_nid(bag)) {
case NID_keyBag:
if (options & INFO)
BIO_printf(bio_err, "Key bag\n");
if (options & NOKEYS)
return 1;
- print_attribs(out, bag->attrib, "Bag Attributes");
- p8 = bag->value.keybag;
+ print_attribs(out, attrs, "Bag Attributes");
+ p8 = PKCS12_SAFEBAG_get0_p8inf(bag);
if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
return 0;
print_attribs(out, p8->attributes, "Key Attributes");
@@ -658,12 +665,15 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
case NID_pkcs8ShroudedKeyBag:
if (options & INFO) {
+ X509_SIG *tp8;
+
BIO_printf(bio_err, "Shrouded Keybag: ");
- alg_print(bag->value.shkeybag->algor);
+ tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag);
+ alg_print(tp8->algor);
}
if (options & NOKEYS)
return 1;
- print_attribs(out, bag->attrib, "Bag Attributes");
+ print_attribs(out, attrs, "Bag Attributes");
if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
return 0;
if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) {
@@ -681,15 +691,15 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
BIO_printf(bio_err, "Certificate bag\n");
if (options & NOCERTS)
return 1;
- if (PKCS12_get_attr(bag, NID_localKeyID)) {
+ if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)) {
if (options & CACERTS)
return 1;
} else if (options & CLCERTS)
return 1;
- print_attribs(out, bag->attrib, "Bag Attributes");
- if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+ print_attribs(out, attrs, "Bag Attributes");
+ if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
return 1;
- if ((x509 = PKCS12_certbag2x509(bag)) == NULL)
+ if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
return 0;
dump_cert_text(out, x509);
PEM_write_bio_X509(out, x509);
@@ -699,13 +709,13 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
case NID_safeContentsBag:
if (options & INFO)
BIO_printf(bio_err, "Safe Contents bag\n");
- print_attribs(out, bag->attrib, "Bag Attributes");
- return dump_certs_pkeys_bags(out, bag->value.safes, pass,
- passlen, options, pempass, enc);
+ print_attribs(out, attrs, "Bag Attributes");
+ return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag),
+ pass, passlen, options, pempass, enc);
default:
BIO_printf(bio_err, "Warning unsupported bag type: ");
- i2a_ASN1_OBJECT(bio_err, bag->type);
+ i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_type(bag));
BIO_printf(bio_err, "\n");
return 1;
}
diff --git a/crypto/pkcs12/Makefile.in b/crypto/pkcs12/Makefile.in
index 66ef8ca..2797939 100644
--- a/crypto/pkcs12/Makefile.in
+++ b/crypto/pkcs12/Makefile.in
@@ -16,10 +16,10 @@ GENERAL=Makefile
LIB=$(TOP)/libcrypto.a
LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
- p12_init.c p12_key.c p12_kiss.c p12_mutl.c\
+ p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_sbag.c \
p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \
- p12_init.o p12_key.o p12_kiss.o p12_mutl.o\
+ p12_init.o p12_key.o p12_kiss.o p12_mutl.o p12_sbag.o \
p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o
SRC= $(LIBSRC)
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index 4f2070e..b7dffc4 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
/* Pack an object into an OCTET STRING and turn into a safebag */
@@ -90,55 +91,6 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
return NULL;
}
-/* Turn PKCS8 object into a keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-{
- PKCS12_SAFEBAG *bag;
-
- if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
- PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- bag->type = OBJ_nid2obj(NID_keyBag);
- bag->value.keybag = p8;
- return bag;
-}
-
-/* Turn PKCS8 object into a shrouded keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
- int passlen, unsigned char *salt,
- int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8)
-{
- PKCS12_SAFEBAG *bag;
- const EVP_CIPHER *pbe_ciph;
-
- /* Set up the safe bag */
- if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
- PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
-
- pbe_ciph = EVP_get_cipherbynid(pbe_nid);
-
- if (pbe_ciph)
- pbe_nid = -1;
-
- if (!(bag->value.shkeybag =
- PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
- p8))) {
- PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
- PKCS12_SAFEBAG_free(bag);
- return NULL;
- }
-
- return bag;
-}
-
/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
{
diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c
index 5a43261..2f9481e 100644
--- a/crypto/pkcs12/p12_asn.c
+++ b/crypto/pkcs12/p12_asn.c
@@ -60,6 +60,7 @@
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
/* PKCS#12 ASN1 module */
diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
index 792e381..fba35cd 100644
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
/* Add a local keyid to a safebag */
@@ -129,10 +130,15 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
{
ASN1_TYPE *atype;
- if ((atype = PKCS12_get_attr(bag, NID_friendlyName)) == NULL)
+ if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL)
return NULL;
if (atype->type != V_ASN1_BMPSTRING)
return NULL;
return OPENSSL_uni2asc(atype->value.bmpstring->data,
atype->value.bmpstring->length);
}
+
+STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(PKCS12_SAFEBAG *bag)
+{
+ return bag->attrib;
+}
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index ae52d9e..1fd22c0 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
PKCS12_SAFEBAG *bag);
@@ -188,7 +189,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
int keyidlen = -1;
/* Add user certificate */
- if ((bag = PKCS12_x5092certbag(cert)) == NULL)
+ if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
goto err;
/*
@@ -230,10 +231,11 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
goto err;
if (nid_key != -1) {
- bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
+ bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0,
+ iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
} else
- bag = PKCS12_MAKE_KEYBAG(p8);
+ bag = PKCS12_SAFEBAG_create0_p8inf(p8);
if (!bag)
goto err;
diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
index 3597e13..9c82969 100644
--- a/crypto/pkcs12/p12_init.c
+++ b/crypto/pkcs12/p12_init.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
/* Initialise a PKCS12 structure to take data */
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 59c84a0..ec59d83 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -227,17 +227,18 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
ASN1_BMPSTRING *fname = NULL;
ASN1_OCTET_STRING *lkid = NULL;
- if ((attrib = PKCS12_get_attr(bag, NID_friendlyName)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
fname = attrib->value.bmpstring;
- if ((attrib = PKCS12_get_attr(bag, NID_localKeyID)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
lkid = attrib->value.octet_string;
- switch (M_PKCS12_bag_type(bag)) {
+ switch (PKCS12_SAFEBAG_get_nid(bag)) {
case NID_keyBag:
if (!pkey || *pkey)
return 1;
- if ((*pkey = EVP_PKCS82PKEY(bag->value.keybag)) == NULL)
+ *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
+ if (*pkey == NULL)
return 0;
break;
@@ -253,9 +254,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
break;
case NID_certBag:
- if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+ if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
return 1;
- if ((x509 = PKCS12_certbag2x509(bag)) == NULL)
+ if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
return 0;
if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
X509_free(x509);
@@ -283,7 +284,8 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
break;
case NID_safeContentsBag:
- return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts);
+ return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
+ ocerts);
default:
return 1;
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 8ed9ac5..230f3e6 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -62,6 +62,37 @@
# include <openssl/hmac.h>
# include <openssl/rand.h>
# include <openssl/pkcs12.h>
+# include "p12_lcl.h"
+
+int PKCS12_mac_present(PKCS12 *p12)
+{
+ return p12->mac ? 1 : 0;
+}
+
+void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg,
+ ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter,
+ PKCS12 *p12)
+{
+ if (p12->mac) {
+ if (pmac)
+ *pmac = p12->mac->dinfo->digest;
+ if (pmacalg)
+ *pmacalg = p12->mac->dinfo->algor;
+ if (psalt)
+ *psalt = p12->mac->salt;
+ if (piter)
+ *piter = p12->mac->iter;
+ } else {
+ if (pmac)
+ *pmac = NULL;
+ if (pmacalg)
+ *pmacalg = NULL;
+ if (psalt)
+ *psalt = NULL;
+ if (piter)
+ *piter = NULL;
+ }
+}
# define TK26_MAC_KEY_LEN 32
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index d670624..f2fc12f 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -62,6 +62,7 @@
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
/* PKCS#12 password change routine */
@@ -202,7 +203,7 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
X509_SIG *p8new;
int p8_nid, p8_saltlen, p8_iter;
- if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
+ if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
return 1;
if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
new file mode 100644
index 0000000..62703b4
--- /dev/null
+++ b/crypto/pkcs12/p12_sbag.c
@@ -0,0 +1,211 @@
+/* p12_sbag.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999-2015.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid)
+{
+ return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
+{
+ return PKCS12_get_attr_gen(p8->attributes, attr_nid);
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag)
+{
+ if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
+ return NULL;
+ return bag->value.keybag;
+}
+
+X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag)
+{
+ if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
+ return NULL;
+ return bag->value.shkeybag;
+}
+
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag)
+{
+ if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
+ return NULL;
+ return bag->value.safes;
+}
+
+ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag)
+{
+ return bag->type;
+}
+
+int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag)
+{
+ return OBJ_obj2nid(bag->type);
+}
+
+int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag)
+{
+ int btype = PKCS12_SAFEBAG_get_nid(bag);
+
+ if (btype != NID_certBag || btype != NID_crlBag || btype != NID_secretBag)
+ return -1;
+ return OBJ_obj2nid(bag->value.bag->type);
+}
+
+X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag)
+{
+ if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
+ return NULL;
+ if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
+ return NULL;
+ return ASN1_item_unpack(bag->value.bag->value.octet,
+ ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag)
+{
+ if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
+ return NULL;
+ if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
+ return NULL;
+ return ASN1_item_unpack(bag->value.bag->value.octet,
+ ASN1_ITEM_rptr(X509_CRL));
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
+{
+ return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+ NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
+{
+ return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+ NID_x509Crl, NID_crlBag);
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
+{
+ PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+ if (bag == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ bag->type = OBJ_nid2obj(NID_keyBag);
+ bag->value.keybag = p8;
+ return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
+{
+ PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+ /* Set up the safe bag */
+ if (bag == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+ bag->value.shkeybag = p8;
+ return bag;
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+ const char *pass,
+ int passlen,
+ unsigned char *salt,
+ int saltlen, int iter,
+ PKCS8_PRIV_KEY_INFO *p8inf)
+{
+ PKCS12_SAFEBAG *bag;
+ const EVP_CIPHER *pbe_ciph;
+ X509_SIG *p8;
+
+ pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+ if (pbe_ciph)
+ pbe_nid = -1;
+
+ p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
+ p8inf);
+
+ if (p8 == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
+
+ if (bag == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ X509_SIG_free(p8);
+ return NULL;
+ }
+
+ return bag;
+}
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index 8b7e52f..817327f 100644
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -128,35 +128,3 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
}
#endif
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
-{
- return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
- NID_x509Certificate, NID_certBag);
-}
-
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
-{
- return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
- NID_x509Crl, NID_crlBag);
-}
-
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
-{
- if (M_PKCS12_bag_type(bag) != NID_certBag)
- return NULL;
- if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
- return NULL;
- return ASN1_item_unpack(bag->value.bag->value.octet,
- ASN1_ITEM_rptr(X509));
-}
-
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
-{
- if (M_PKCS12_bag_type(bag) != NID_crlBag)
- return NULL;
- if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl)
- return NULL;
- return ASN1_item_unpack(bag->value.bag->value.octet,
- ASN1_ITEM_rptr(X509_CRL));
-}
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
index c3c0d59..0850da8 100644
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -85,14 +85,18 @@ static ERR_STRING_DATA PKCS12_str_functs[] = {
{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
- {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
- {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
+ {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF),
+ "PKCS12_SAFEBAG_create0_p8inf"},
+ {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8),
+ "PKCS12_SAFEBAG_create0_pkcs8"},
+ {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT),
+ "PKCS12_SAFEBAG_create_pkcs8_encrypt"},
{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h
index b164a00..655655a 100644
--- a/include/openssl/pkcs12.h
+++ b/include/openssl/pkcs12.h
@@ -98,82 +98,69 @@ extern "C" {
# define KEY_EX 0x10
# define KEY_SIG 0x80
-typedef struct {
- X509_SIG *dinfo;
- ASN1_OCTET_STRING *salt;
- ASN1_INTEGER *iter; /* defaults to 1 */
-} PKCS12_MAC_DATA;
-
-typedef struct {
- ASN1_INTEGER *version;
- PKCS12_MAC_DATA *mac;
- PKCS7 *authsafes;
-} PKCS12;
-
-typedef struct {
- ASN1_OBJECT *type;
- union {
- struct pkcs12_bag_st *bag; /* secret, crl and certbag */
- struct pkcs8_priv_key_info_st *keybag; /* keybag */
- X509_SIG *shkeybag; /* shrouded key bag */
- STACK_OF(PKCS12_SAFEBAG) *safes;
- ASN1_TYPE *other;
- } value;
- STACK_OF(X509_ATTRIBUTE) *attrib;
-} PKCS12_SAFEBAG;
+typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
+
+typedef struct PKCS12_st PKCS12;
+
+typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
DEFINE_STACK_OF(PKCS12_SAFEBAG)
-typedef struct pkcs12_bag_st {
- ASN1_OBJECT *type;
- union {
- ASN1_OCTET_STRING *x509cert;
- ASN1_OCTET_STRING *x509crl;
- ASN1_OCTET_STRING *octet;
- ASN1_IA5STRING *sdsicert;
- ASN1_TYPE *other; /* Secret or other bag */
- } value;
-} PKCS12_BAGS;
+typedef struct pkcs12_bag_st PKCS12_BAGS;
# define PKCS12_ERROR 0
# define PKCS12_OK 1
/* Compatibility macros */
-# define M_PKCS12_x5092certbag PKCS12_x5092certbag
-# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
-
-# define M_PKCS12_certbag2x509 PKCS12_certbag2x509
-# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
-
-# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
-# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
-# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
-# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
+#if OPENSSL_API_COMPAT < 0x10100000L
-# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
-# define M_PKCS8_decrypt PKCS8_decrypt
+# define M_PKCS12_bag_type PKCS12_bag_type
+# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
+# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
-# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert
+# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl
+# define PKCS12_get_attr PKCS12_SAFEBAG_get0_attr
+# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
+# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
+# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
+# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl
+# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf
+# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
-# define PKCS12_get_attr(bag, attr_nid) \
- PKCS12_get_attr_gen(bag->attrib, attr_nid)
-
-# define PKCS8_get_attr(p8, attr_nid) \
- PKCS12_get_attr_gen(p8->attributes, attr_nid)
-
-# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
+#endif
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
+int PKCS12_mac_present(PKCS12 *p12);
+void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg,
+ ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter,
+ PKCS12 *p12);
+
+ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid);
+ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag);
+
+X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag);
+PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag);
+X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+ const char *pass,
+ int passlen,
+ unsigned char *salt,
+ int saltlen, int iter,
+ PKCS8_PRIV_KEY_INFO *p8inf);
PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
int nid1, int nid2);
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
int passlen);
PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
@@ -183,10 +170,6 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
- int passlen, unsigned char *salt,
- int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8);
PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
@@ -209,6 +192,7 @@ int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(PKCS12_SAFEBAG *bag);
unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
int passlen, unsigned char *in, int inlen,
unsigned char **data, int *datalen,
@@ -295,14 +279,15 @@ void ERR_load_PKCS12_strings(void);
# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117
# define PKCS12_F_PKCS12_KEY_GEN_ASC 110
# define PKCS12_F_PKCS12_KEY_GEN_UNI 111
-# define PKCS12_F_PKCS12_MAKE_KEYBAG 112
-# define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
# define PKCS12_F_PKCS12_NEWPASS 128
# define PKCS12_F_PKCS12_PACK_P7DATA 114
# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
# define PKCS12_F_PKCS12_PARSE 118
# define PKCS12_F_PKCS12_PBE_CRYPT 119
# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133
# define PKCS12_F_PKCS12_SETUP_MAC 122
# define PKCS12_F_PKCS12_SET_MAC 123
# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
diff --git a/util/libeay.num b/util/libeay.num
index 8c532fb..e0f9559 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1235,9 +1235,9 @@ ASN1_seq_pack 1259 1_1_0 NOEXIST::FUNCTION:
ASN1_unpack_string 1260 1_1_0 NOEXIST::FUNCTION:
ASN1_pack_string 1261 1_1_0 NOEXIST::FUNCTION:
PKCS12_pack_safebag 1262 1_1_0 NOEXIST::FUNCTION:
-PKCS12_MAKE_KEYBAG 1263 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_create0_p8inf 1263 1_1_0 EXIST::FUNCTION:
PKCS8_encrypt 1264 1_1_0 EXIST::FUNCTION:
-PKCS12_MAKE_SHKEYBAG 1265 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_create_pkcs8_encrypt 1265 1_1_0 EXIST::FUNCTION:
PKCS12_pack_p7data 1266 1_1_0 EXIST::FUNCTION:
PKCS12_pack_p7encdata 1267 1_1_0 EXIST::FUNCTION:
PKCS12_add_localkeyid 1268 1_1_0 EXIST::FUNCTION:
@@ -2113,7 +2113,7 @@ SXNETID_it 2669 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
SXNETID_it 2669 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
d2i_OCSP_SINGLERESP 2670 1_1_0 EXIST::FUNCTION:
EDIPARTYNAME_new 2671 1_1_0 EXIST::FUNCTION:
-PKCS12_certbag2x509 2672 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get1_cert 2672 1_1_0 EXIST::FUNCTION:
_ossl_old_des_ofb64_encrypt 2673 1_1_0 NOEXIST::FUNCTION:
d2i_EXTENDED_KEY_USAGE 2674 1_1_0 EXIST::FUNCTION:
ERR_print_errors_cb 2675 1_1_0 EXIST::FUNCTION:
@@ -2192,7 +2192,7 @@ UI_dup_error_string 2736 1_1_0 EXIST::FUNCTION:
RSAPublicKey_it 2737 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
RSAPublicKey_it 2737 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
i2d_OCSP_REQUEST 2738 1_1_0 EXIST::FUNCTION:
-PKCS12_x509crl2certbag 2739 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_create_crl 2739 1_1_0 EXIST::FUNCTION:
OCSP_SERVICELOC_it 2740 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
OCSP_SERVICELOC_it 2740 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ASN1_item_sign 2741 1_1_0 EXIST::FUNCTION:
@@ -2211,7 +2211,7 @@ PKCS7_ISSUER_AND_SERIAL_it 2752 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
PKCS7_ISSUER_AND_SERIAL_it 2752 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PBE2PARAM_it 2753 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PBE2PARAM_it 2753 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_certbag2x509crl 2754 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get1_crl 2754 1_1_0 EXIST::FUNCTION:
PKCS7_SIGNED_it 2755 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_SIGNED_it 2755 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ENGINE_get_cipher 2756 1_1_0 EXIST::FUNCTION:ENGINE
@@ -2625,7 +2625,7 @@ DSO_set_name_converter 3105 1_1_0 EXIST::FUNCTION:
AES_set_decrypt_key 3106 1_1_0 EXIST::FUNCTION:AES
PKCS7_DIGEST_it 3107 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_DIGEST_it 3107 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_x5092certbag 3108 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_create_cert 3108 1_1_0 EXIST::FUNCTION:
EVP_DigestInit_ex 3109 1_1_0 EXIST::FUNCTION:
i2a_ACCESS_DESCRIPTION 3110 1_1_0 EXIST::FUNCTION:
OCSP_RESPONSE_it 3111 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -4800,3 +4800,15 @@ EC_KEY_oct2priv 5194 1_1_0 EXIST::FUNCTION:EC
ASN1_buf_print 5195 1_1_0 EXIST::FUNCTION:
EC_KEY_priv2buf 5196 1_1_0 EXIST::FUNCTION:EC
BIO_ADDR_clear 5197 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_safes 5198 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_p8inf 5199 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get_nid 5200 1_1_0 EXIST::FUNCTION:
+PKCS12_mac_present 5201 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_attrs 5202 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get_bag_nid 5203 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_type 5204 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_create0_pkcs8 5205 1_1_0 EXIST::FUNCTION:
+PKCS8_get_attr 5206 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_attr 5207 1_1_0 EXIST::FUNCTION:
+PKCS12_get0_mac 5208 1_1_0 EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_pkcs8 5209 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list