more PKCS12 opacity
authorDr. Stephen Henson <steve@openssl.org>
Sat, 26 Sep 2015 12:24:24 +0000 (13:24 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 8 Feb 2016 18:43:48 +0000 (18:43 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/pkcs12/p12_kiss.c
crypto/pkcs12/p12_mutl.c
crypto/pkcs12/p12_npas.c

index 59c84a0..9a71581 100644 (file)
@@ -233,11 +233,12 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
     if ((attrib = PKCS12_get_attr(bag, NID_localKeyID)))
         lkid = attrib->value.octet_string;
 
-    switch (M_PKCS12_bag_type(bag)) {
+    switch (PKCS12_bag_type(bag)) {
     case NID_keyBag:
         if (!pkey || *pkey)
             return 1;
-        if ((*pkey = EVP_PKCS82PKEY(bag->value.keybag)) == NULL)
+        *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
+        if (*pkey == NULL)
             return 0;
         break;
 
@@ -253,7 +254,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
         break;
 
     case NID_certBag:
-        if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+        if (PKCS12_cert_bag_type(bag) != NID_x509Certificate)
             return 1;
         if ((x509 = PKCS12_certbag2x509(bag)) == NULL)
             return 0;
@@ -283,7 +284,8 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
         break;
 
     case NID_safeContentsBag:
-        return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts);
+        return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
+                          ocerts);
 
     default:
         return 1;
index 8ed9ac5..726e7f1 100644 (file)
@@ -62,6 +62,7 @@
 # include <openssl/hmac.h>
 # include <openssl/rand.h>
 # include <openssl/pkcs12.h>
+# include "p12_lcl.h"
 
 # define TK26_MAC_KEY_LEN 32
 
index d670624..2bd25e4 100644 (file)
@@ -62,6 +62,7 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
+#include "p12_lcl.h"
 
 /* PKCS#12 password change routine */
 
@@ -202,7 +203,7 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
     X509_SIG *p8new;
     int p8_nid, p8_saltlen, p8_iter;
 
-    if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
+    if (PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
         return 1;
 
     if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)