check in v3.8.1 source

crypto/pkcs12/p12_add.c

@@ -0,0 +1,220 @@
+/* $OpenBSD: p12_add.c,v 1.22 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "pkcs12_local.h"
+
+/* Pack an object into an OCTET STRING and turn into a safebag */
+
+PKCS12_SAFEBAG *
+PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)
+{
+	PKCS12_BAGS *bag;
+	PKCS12_SAFEBAG *safebag;
+
+	if (!(bag = PKCS12_BAGS_new())) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	bag->type = OBJ_nid2obj(nid1);
+	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		PKCS12_BAGS_free(bag);
+		return NULL;
+	}
+	if (!(safebag = PKCS12_SAFEBAG_new())) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		PKCS12_BAGS_free(bag);
+		return NULL;
+	}
+	safebag->value.bag = bag;
+	safebag->type = OBJ_nid2obj(nid2);
+	return safebag;
+}
+LCRYPTO_ALIAS(PKCS12_item_pack_safebag);
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *
+PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
+{
+	PKCS7 *p7;
+
+	if (!(p7 = PKCS7_new())) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p7->type = OBJ_nid2obj(NID_pkcs7_data);
+	if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) {
+		PKCS12error(PKCS12_R_CANT_PACK_STRUCTURE);
+		goto err;
+	}
+	return p7;
+
+err:
+	PKCS7_free(p7);
+	return NULL;
+}
+LCRYPTO_ALIAS(PKCS12_pack_p7data);
+
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_unpack_p7data(PKCS7 *p7)
+{
+	if (!PKCS7_type_is_data(p7)) {
+		PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
+		return NULL;
+	}
+	return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it);
+}
+LCRYPTO_ALIAS(PKCS12_unpack_p7data);
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+
+PKCS7 *
+PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+    unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags)
+{
+	PKCS7 *p7;
+	X509_ALGOR *pbe;
+	const EVP_CIPHER *pbe_ciph;
+
+	if (!(p7 = PKCS7_new())) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+		PKCS12error(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+		goto err;
+	}
+
+	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+	if (pbe_ciph)
+		pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+	else
+		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+
+	if (!pbe) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+	p7->d.encrypted->enc_data->algorithm = pbe;
+	ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+	if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt(
+	    pbe, &PKCS12_SAFEBAGS_it, pass, passlen, bags, 1))) {
+		PKCS12error(PKCS12_R_ENCRYPT_ERROR);
+		goto err;
+	}
+
+	return p7;
+
+err:
+	PKCS7_free(p7);
+	return NULL;
+}
+LCRYPTO_ALIAS(PKCS12_pack_p7encdata);
+
+STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
+{
+	if (!PKCS7_type_is_encrypted(p7))
+		return NULL;
+	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+	    &PKCS12_SAFEBAGS_it, pass, passlen,
+	    p7->d.encrypted->enc_data->enc_data, 1);
+}
+LCRYPTO_ALIAS(PKCS12_unpack_p7encdata);
+
+PKCS8_PRIV_KEY_INFO *
+PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, const char *pass, int passlen)
+{
+	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+}
+LCRYPTO_ALIAS(PKCS12_decrypt_skey);
+
+int
+PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
+{
+	if (ASN1_item_pack(safes, &PKCS12_AUTHSAFES_it,
+	    &p12->authsafes->d.data))
+		return 1;
+	return 0;
+}
+LCRYPTO_ALIAS(PKCS12_pack_authsafes);
+
+STACK_OF(PKCS7) *
+PKCS12_unpack_authsafes(const PKCS12 *p12)
+{
+	if (!PKCS7_type_is_data(p12->authsafes)) {
+		PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
+		return NULL;
+	}
+	return ASN1_item_unpack(p12->authsafes->d.data,
+	    &PKCS12_AUTHSAFES_it);
+}
+LCRYPTO_ALIAS(PKCS12_unpack_authsafes);

crypto/pkcs12/p12_asn.c

@@ -0,0 +1,491 @@
+/* $OpenBSD: p12_asn.c,v 1.14 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/asn1t.h>
+#include <openssl/pkcs12.h>
+
+#include "pkcs12_local.h"
+
+/* PKCS#12 ASN1 module */
+
+static const ASN1_TEMPLATE PKCS12_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PKCS12, version),
+		.field_name = "version",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PKCS12, authsafes),
+		.field_name = "authsafes",
+		.item = &PKCS7_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(PKCS12, mac),
+		.field_name = "mac",
+		.item = &PKCS12_MAC_DATA_it,
+	},
+};
+
+const ASN1_ITEM PKCS12_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = PKCS12_seq_tt,
+	.tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(PKCS12),
+	.sname = "PKCS12",
+};
+
+
+PKCS12 *
+d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len)
+{
+	return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
+	    &PKCS12_it);
+}
+LCRYPTO_ALIAS(d2i_PKCS12);
+
+int
+i2d_PKCS12(PKCS12 *a, unsigned char **out)
+{
+	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it);
+}
+LCRYPTO_ALIAS(i2d_PKCS12);
+
+PKCS12 *
+PKCS12_new(void)
+{
+	return (PKCS12 *)ASN1_item_new(&PKCS12_it);
+}
+LCRYPTO_ALIAS(PKCS12_new);
+
+void
+PKCS12_free(PKCS12 *a)
+{
+	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it);
+}
+LCRYPTO_ALIAS(PKCS12_free);
+
+static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PKCS12_MAC_DATA, dinfo),
+		.field_name = "dinfo",
+		.item = &X509_SIG_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PKCS12_MAC_DATA, salt),
+		.field_name = "salt",
+		.item = &ASN1_OCTET_STRING_it,
+	},
+	{
+		.flags = ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(PKCS12_MAC_DATA, iter),
+		.field_name = "iter",
+		.item = &ASN1_INTEGER_it,
+	},
+};
+
+const ASN1_ITEM PKCS12_MAC_DATA_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = PKCS12_MAC_DATA_seq_tt,
+	.tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(PKCS12_MAC_DATA),
+	.sname = "PKCS12_MAC_DATA",
+};
+
+
+PKCS12_MAC_DATA *
+d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
+{
+	return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
+	    &PKCS12_MAC_DATA_it);
+}
+LCRYPTO_ALIAS(d2i_PKCS12_MAC_DATA);
+
+int
+i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
+{
+	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
+}
+LCRYPTO_ALIAS(i2d_PKCS12_MAC_DATA);
+
+PKCS12_MAC_DATA *
+PKCS12_MAC_DATA_new(void)
+{
+	return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
+}
+LCRYPTO_ALIAS(PKCS12_MAC_DATA_new);
+
+void
+PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
+{
+	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
+}
+LCRYPTO_ALIAS(PKCS12_MAC_DATA_free);
+
+static const ASN1_TEMPLATE bag_default_tt = {
+	.flags = ASN1_TFLG_EXPLICIT,
+	.tag = 0,
+	.offset = offsetof(PKCS12_BAGS, value.other),
+	.field_name = "value.other",
+	.item = &ASN1_ANY_it,
+};
+
+static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
+	{
+		.value = NID_x509Certificate,
+		.tt = {
+			.flags = ASN1_TFLG_EXPLICIT,
+			.tag = 0,
+			.offset = offsetof(PKCS12_BAGS, value.x509cert),
+			.field_name = "value.x509cert",
+			.item = &ASN1_OCTET_STRING_it,
+		},
+	
+	},
+	{
+		.value = NID_x509Crl,
+		.tt = {
+			.flags = ASN1_TFLG_EXPLICIT,
+			.tag = 0,
+			.offset = offsetof(PKCS12_BAGS, value.x509crl),
+			.field_name = "value.x509crl",
+			.item = &ASN1_OCTET_STRING_it,
+		},
+	
+	},
+	{
+		.value = NID_sdsiCertificate,
+		.tt = {
+			.flags = ASN1_TFLG_EXPLICIT,
+			.tag = 0,
+			.offset = offsetof(PKCS12_BAGS, value.sdsicert),
+			.field_name = "value.sdsicert",
+			.item = &ASN1_IA5STRING_it,
+		},
+	
+	},
+};
+
+static const ASN1_ADB PKCS12_BAGS_adb = {
+	.flags = 0,
+	.offset = offsetof(PKCS12_BAGS, type),
+	.tbl = PKCS12_BAGS_adbtbl,
+	.tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
+	.default_tt = &bag_default_tt,
+	.null_tt = NULL,
+};
+
+static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PKCS12_BAGS, type),
+		.field_name = "type",
+		.item = &ASN1_OBJECT_it,
+	},
+	{
+		.flags = ASN1_TFLG_ADB_OID,
+		.tag = -1,
+		.offset = 0,
+		.field_name = "PKCS12_BAGS",
+		.item = (const ASN1_ITEM *)&PKCS12_BAGS_adb,
+	},
+};
+
+const ASN1_ITEM PKCS12_BAGS_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = PKCS12_BAGS_seq_tt,
+	.tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(PKCS12_BAGS),
+	.sname = "PKCS12_BAGS",
+};
+
+
+PKCS12_BAGS *
+d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
+{
+	return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
+	    &PKCS12_BAGS_it);
+}
+LCRYPTO_ALIAS(d2i_PKCS12_BAGS);
+
+int
+i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
+{
+	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
+}
+LCRYPTO_ALIAS(i2d_PKCS12_BAGS);
+
+PKCS12_BAGS *
+PKCS12_BAGS_new(void)
+{
+	return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
+}
+LCRYPTO_ALIAS(PKCS12_BAGS_new);
+
+void
+PKCS12_BAGS_free(PKCS12_BAGS *a)
+{
+	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
+}
+LCRYPTO_ALIAS(PKCS12_BAGS_free);
+
+static const ASN1_TEMPLATE safebag_default_tt = {
+	.flags = ASN1_TFLG_EXPLICIT,
+	.tag = 0,
+	.offset = offsetof(PKCS12_SAFEBAG, value.other),
+	.field_name = "value.other",
+	.item = &ASN1_ANY_it,
+};
+
+static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
+	{
+		.value = NID_keyBag,
+		.tt = {
+			.flags = ASN1_TFLG_EXPLICIT,
+			.tag = 0,
+			.offset = offsetof(PKCS12_SAFEBAG, value.keybag),
+			.field_name = "value.keybag",
+			.item = &PKCS8_PRIV_KEY_INFO_it,
+		},
+	
+	},
+	{
+		.value = NID_pkcs8ShroudedKeyBag,
+		.tt = {
+			.flags = ASN1_TFLG_EXPLICIT,
+			.tag = 0,
+			.offset = offsetof(PKCS12_SAFEBAG, value.shkeybag),
+			.field_name = "value.shkeybag",
+			.item = &X509_SIG_it,
+		},
+	
+	},
+	{
+		.value = NID_safeContentsBag,
+		.tt = {
+			.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF,
+			.tag = 0,
+			.offset = offsetof(PKCS12_SAFEBAG, value.safes),
+			.field_name = "value.safes",
+			.item = &PKCS12_SAFEBAG_it,
+		},
+	},
+	{
+		.value = NID_certBag,
+		.tt = {
+			.flags = ASN1_TFLG_EXPLICIT,
+			.tag = 0,
+			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
+			.field_name = "value.bag",
+			.item = &PKCS12_BAGS_it,
+		},
+	
+	},
+	{
+		.value = NID_crlBag,
+		.tt = {
+			.flags = ASN1_TFLG_EXPLICIT,
+			.tag = 0,
+			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
+			.field_name = "value.bag",
+			.item = &PKCS12_BAGS_it,
+		},
+	
+	},
+	{
+		.value = NID_secretBag,
+		.tt = {
+			.flags = ASN1_TFLG_EXPLICIT,
+			.tag = 0,
+			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
+			.field_name = "value.bag",
+			.item = &PKCS12_BAGS_it,
+		},
+	
+	},
+};
+
+static const ASN1_ADB PKCS12_SAFEBAG_adb = {
+	.flags = 0,
+	.offset = offsetof(PKCS12_SAFEBAG, type),
+	.tbl = PKCS12_SAFEBAG_adbtbl,
+	.tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
+	.default_tt = &safebag_default_tt,
+	.null_tt = NULL,
+};
+
+static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(PKCS12_SAFEBAG, type),
+		.field_name = "type",
+		.item = &ASN1_OBJECT_it,
+	},
+	{
+		.flags = ASN1_TFLG_ADB_OID,
+		.tag = -1,
+		.offset = 0,
+		.field_name = "PKCS12_SAFEBAG",
+		.item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb,
+	},
+	{
+		.flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
+		.tag = 0,
+		.offset = offsetof(PKCS12_SAFEBAG, attrib),
+		.field_name = "attrib",
+		.item = &X509_ATTRIBUTE_it,
+	},
+};
+
+const ASN1_ITEM PKCS12_SAFEBAG_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = PKCS12_SAFEBAG_seq_tt,
+	.tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(PKCS12_SAFEBAG),
+	.sname = "PKCS12_SAFEBAG",
+};
+
+
+PKCS12_SAFEBAG *
+d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
+{
+	return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
+	    &PKCS12_SAFEBAG_it);
+}
+LCRYPTO_ALIAS(d2i_PKCS12_SAFEBAG);
+
+int
+i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out)
+{
+	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);
+}
+LCRYPTO_ALIAS(i2d_PKCS12_SAFEBAG);
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_new(void)
+{
+	return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it);
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_new);
+
+void
+PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a)
+{
+	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it);
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_free);
+
+/* SEQUENCE OF SafeBag */
+static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = {
+	.flags = ASN1_TFLG_SEQUENCE_OF,
+	.tag = 0,
+	.offset = 0,
+	.field_name = "PKCS12_SAFEBAGS",
+	.item = &PKCS12_SAFEBAG_it,
+};
+
+const ASN1_ITEM PKCS12_SAFEBAGS_it = {
+	.itype = ASN1_ITYPE_PRIMITIVE,
+	.utype = -1,
+	.templates = &PKCS12_SAFEBAGS_item_tt,
+	.tcount = 0,
+	.funcs = NULL,
+	.size = 0,
+	.sname = "PKCS12_SAFEBAGS",
+};
+
+/* Authsafes: SEQUENCE OF PKCS7 */
+static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = {
+	.flags = ASN1_TFLG_SEQUENCE_OF,
+	.tag = 0,
+	.offset = 0,
+	.field_name = "PKCS12_AUTHSAFES",
+	.item = &PKCS7_it,
+};
+
+const ASN1_ITEM PKCS12_AUTHSAFES_it = {
+	.itype = ASN1_ITYPE_PRIMITIVE,
+	.utype = -1,
+	.templates = &PKCS12_AUTHSAFES_item_tt,
+	.tcount = 0,
+	.funcs = NULL,
+	.size = 0,
+	.sname = "PKCS12_AUTHSAFES",
+};

crypto/pkcs12/p12_attr.c

@@ -0,0 +1,164 @@
+/* $OpenBSD: p12_attr.c,v 1.20 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/pkcs12.h>
+
+#include "pkcs12_local.h"
+#include "x509_local.h"
+
+/* Add a local keyid to a safebag */
+
+int
+PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
+{
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+	    V_ASN1_OCTET_STRING, name, namelen))
+		return 1;
+	else
+		return 0;
+}
+LCRYPTO_ALIAS(PKCS12_add_localkeyid);
+
+/* Add key usage to PKCS#8 structure */
+
+int
+PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+{
+	unsigned char us_val = (unsigned char)usage;
+
+	return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, V_ASN1_BIT_STRING,
+	    &us_val, 1);
+}
+LCRYPTO_ALIAS(PKCS8_add_keyusage);
+
+/* Add a friendlyname to a safebag */
+
+int
+PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
+{
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+	    MBSTRING_ASC, (unsigned char *)name, namelen))
+		return 1;
+	else
+		return 0;
+}
+LCRYPTO_ALIAS(PKCS12_add_friendlyname_asc);
+
+
+int
+PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
+    int namelen)
+{
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+	    MBSTRING_BMP, name, namelen))
+		return 1;
+	else
+		return 0;
+}
+LCRYPTO_ALIAS(PKCS12_add_friendlyname_uni);
+
+int
+PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
+{
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+	    MBSTRING_ASC, (unsigned char *)name, namelen))
+		return 1;
+	else
+		return 0;
+}
+LCRYPTO_ALIAS(PKCS12_add_CSPName_asc);
+
+ASN1_TYPE *
+PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
+{
+	X509_ATTRIBUTE *attrib;
+	int i;
+
+	if (!attrs)
+		return NULL;
+	for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
+		attrib = sk_X509_ATTRIBUTE_value(attrs, i);
+		if (OBJ_obj2nid(attrib->object) == attr_nid)
+			return sk_ASN1_TYPE_value(attrib->set, 0);
+	}
+	return NULL;
+}
+LCRYPTO_ALIAS(PKCS12_get_attr_gen);
+
+char *
+PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
+{
+	const ASN1_TYPE *atype;
+
+	if (!(atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
+		return NULL;
+	if (atype->type != V_ASN1_BMPSTRING)
+		return NULL;
+	return OPENSSL_uni2asc(atype->value.bmpstring->data,
+	    atype->value.bmpstring->length);
+}
+LCRYPTO_ALIAS(PKCS12_get_friendlyname);
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
+{
+	return bag->attrib;
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_attrs);

crypto/pkcs12/p12_crpt.c

@@ -0,0 +1,123 @@
+/* $OpenBSD: p12_crpt.c,v 1.17 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 PBE algorithms now in static table */
+
+void
+PKCS12_PBE_add(void)
+{
+}
+LCRYPTO_ALIAS(PKCS12_PBE_add);
+
+int
+PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
+{
+	PBEPARAM *pbe;
+	int saltlen, iter, ret;
+	unsigned char *salt;
+	const unsigned char *pbuf;
+	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+
+	/* Extract useful info from parameter */
+	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+	    param->value.sequence == NULL) {
+		PKCS12error(PKCS12_R_DECODE_ERROR);
+		return 0;
+	}
+
+	pbuf = param->value.sequence->data;
+	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+		PKCS12error(PKCS12_R_DECODE_ERROR);
+		return 0;
+	}
+
+	if (!pbe->iter)
+		iter = 1;
+	else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
+		PKCS12error(PKCS12_R_DECODE_ERROR);
+		PBEPARAM_free(pbe);
+		return 0;
+	}
+	salt = pbe->salt->data;
+	saltlen = pbe->salt->length;
+	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+	    iter, EVP_CIPHER_key_length(cipher), key, md)) {
+		PKCS12error(PKCS12_R_KEY_GEN_ERROR);
+		PBEPARAM_free(pbe);
+		return 0;
+	}
+	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
+	    iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+		PKCS12error(PKCS12_R_IV_GEN_ERROR);
+		PBEPARAM_free(pbe);
+		return 0;
+	}
+	PBEPARAM_free(pbe);
+	ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+	explicit_bzero(key, EVP_MAX_KEY_LENGTH);
+	explicit_bzero(iv, EVP_MAX_IV_LENGTH);
+	return ret;
+}
+LCRYPTO_ALIAS(PKCS12_PBE_keyivgen);

crypto/pkcs12/p12_crt.c

@@ -0,0 +1,357 @@
+/* $OpenBSD: p12_crt.c,v 1.23 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "pkcs12_local.h"
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+    PKCS12_SAFEBAG *bag);
+
+static int
+copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
+{
+	int idx;
+	X509_ATTRIBUTE *attr;
+
+	idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
+	if (idx < 0)
+		return 1;
+	attr = EVP_PKEY_get_attr(pkey, idx);
+	if (!X509at_add1_attr(&bag->attrib, attr))
+		return 0;
+	return 1;
+}
+
+PKCS12 *
+PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
+    STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
+    int keytype)
+{
+	PKCS12 *p12 = NULL;
+	STACK_OF(PKCS7) *safes = NULL;
+	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+	PKCS12_SAFEBAG *bag = NULL;
+	int i;
+	unsigned char keyid[EVP_MAX_MD_SIZE];
+	unsigned int keyidlen = 0;
+
+	/* Set defaults */
+	if (!nid_cert) {
+		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+	}
+	if (!nid_key)
+		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+	if (!iter)
+		iter = PKCS12_DEFAULT_ITER;
+	if (!mac_iter)
+		mac_iter = 1;
+
+	if (!pkey && !cert && !ca) {
+		PKCS12error(PKCS12_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+	}
+
+	if (pkey && cert) {
+		if (!X509_check_private_key(cert, pkey))
+			return NULL;
+		if (!X509_digest(cert, EVP_sha1(), keyid, &keyidlen))
+			return NULL;
+	}
+
+	if (cert) {
+		bag = PKCS12_add_cert(&bags, cert);
+		if (name && !PKCS12_add_friendlyname(bag, name, -1))
+			goto err;
+		if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+			goto err;
+	}
+
+	/* Add all other certificates */
+	for (i = 0; i < sk_X509_num(ca); i++) {
+		if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+			goto err;
+	}
+
+	if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+		goto err;
+
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	bags = NULL;
+
+	if (pkey) {
+		bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+
+		if (!bag)
+			goto err;
+
+		if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
+			goto err;
+		if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
+			goto err;
+
+		if (name && !PKCS12_add_friendlyname(bag, name, -1))
+			goto err;
+		if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+			goto err;
+	}
+
+	if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+		goto err;
+
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	bags = NULL;
+
+	p12 = PKCS12_add_safes(safes, 0);
+
+	if (!p12)
+		goto err;
+
+	sk_PKCS7_pop_free(safes, PKCS7_free);
+
+	safes = NULL;
+
+	if ((mac_iter != -1) &&
+	    !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
+		goto err;
+
+	return p12;
+
+err:
+	if (p12)
+		PKCS12_free(p12);
+	if (safes)
+		sk_PKCS7_pop_free(safes, PKCS7_free);
+	if (bags)
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	return NULL;
+}
+LCRYPTO_ALIAS(PKCS12_create);
+
+PKCS12_SAFEBAG *
+PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+{
+	PKCS12_SAFEBAG *bag = NULL;
+	char *name;
+	int namelen = -1;
+	unsigned char *keyid;
+	int keyidlen = -1;
+
+	/* Add user certificate */
+	if (!(bag = PKCS12_x5092certbag(cert)))
+		goto err;
+
+	/* Use friendlyName and localKeyID in certificate.
+	 * (if present)
+	 */
+	name = (char *)X509_alias_get0(cert, &namelen);
+	if (name && !PKCS12_add_friendlyname(bag, name, namelen))
+		goto err;
+
+	keyid = X509_keyid_get0(cert, &keyidlen);
+
+	if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+		goto err;
+
+	if (!pkcs12_add_bag(pbags, bag))
+		goto err;
+
+	return bag;
+
+err:
+	if (bag)
+		PKCS12_SAFEBAG_free(bag);
+
+	return NULL;
+}
+LCRYPTO_ALIAS(PKCS12_add_cert);
+
+PKCS12_SAFEBAG *
+PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,
+    int iter, int nid_key, const char *pass)
+{
+	PKCS12_SAFEBAG *bag = NULL;
+	PKCS8_PRIV_KEY_INFO *p8 = NULL;
+
+	/* Make a PKCS#8 structure */
+	if (!(p8 = EVP_PKEY2PKCS8(key)))
+		goto err;
+	if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
+		goto err;
+	if (nid_key != -1) {
+		bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1,
+		    NULL, 0, iter, p8);
+		PKCS8_PRIV_KEY_INFO_free(p8);
+		p8 = NULL;
+	} else {
+		bag = PKCS12_SAFEBAG_create0_p8inf(p8);
+		if (bag != NULL)
+			p8 = NULL;
+	}
+
+	if (!bag)
+		goto err;
+
+	if (!pkcs12_add_bag(pbags, bag))
+		goto err;
+
+	return bag;
+
+err:
+	if (bag)
+		PKCS12_SAFEBAG_free(bag);
+	if (p8)
+		PKCS8_PRIV_KEY_INFO_free(p8);
+
+	return NULL;
+}
+LCRYPTO_ALIAS(PKCS12_add_key);
+
+int
+PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+    int nid_safe, int iter, const char *pass)
+{
+	PKCS7 *p7 = NULL;
+	int free_safes = 0;
+
+	if (!*psafes) {
+		*psafes = sk_PKCS7_new_null();
+		if (!*psafes)
+			return 0;
+		free_safes = 1;
+	} else
+		free_safes = 0;
+
+	if (nid_safe == 0)
+		nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
+	if (nid_safe == -1)
+		p7 = PKCS12_pack_p7data(bags);
+	else
+		p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
+		    iter, bags);
+	if (!p7)
+		goto err;
+
+	if (!sk_PKCS7_push(*psafes, p7))
+		goto err;
+
+	return 1;
+
+err:
+	if (free_safes) {
+		sk_PKCS7_free(*psafes);
+		*psafes = NULL;
+	}
+
+	if (p7)
+		PKCS7_free(p7);
+
+	return 0;
+}
+LCRYPTO_ALIAS(PKCS12_add_safe);
+
+static int
+pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
+{
+	int free_bags;
+
+	if (!pbags)
+		return 1;
+	if (!*pbags) {
+		*pbags = sk_PKCS12_SAFEBAG_new_null();
+		if (!*pbags)
+			return 0;
+		free_bags = 1;
+	} else
+		free_bags = 0;
+
+	if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
+		if (free_bags) {
+			sk_PKCS12_SAFEBAG_free(*pbags);
+			*pbags = NULL;
+		}
+		return 0;
+	}
+
+	return 1;
+}
+
+PKCS12 *
+PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
+{
+	PKCS12 *p12;
+
+	if (nid_p7 <= 0)
+		nid_p7 = NID_pkcs7_data;
+	p12 = PKCS12_init(nid_p7);
+
+	if (!p12)
+		return NULL;
+
+	if (!PKCS12_pack_authsafes(p12, safes)) {
+		PKCS12_free(p12);
+		return NULL;
+	}
+
+	return p12;
+}
+LCRYPTO_ALIAS(PKCS12_add_safes);

crypto/pkcs12/p12_decr.c

@@ -0,0 +1,189 @@
+/* $OpenBSD: p12_decr.c,v 1.24 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "evp_local.h"
+
+/* Encrypt/Decrypt a buffer based on password and algor, result in a
+ * malloc'ed buffer
+ */
+
+unsigned char *
+PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen,
+    const unsigned char *in, int inlen, unsigned char **data, int *datalen,
+    int en_de)
+{
+	unsigned char *out;
+	int outlen, i;
+	EVP_CIPHER_CTX ctx;
+
+	EVP_CIPHER_CTX_init(&ctx);
+	/* Decrypt data */
+	if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
+	    algor->parameter, &ctx, en_de)) {
+		out = NULL;
+		PKCS12error(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+		goto err;
+	}
+
+	if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
+		free(out);
+		out = NULL;
+		PKCS12error(ERR_R_EVP_LIB);
+		goto err;
+	}
+
+	outlen = i;
+	if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
+		free(out);
+		out = NULL;
+		PKCS12error(PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+		goto err;
+	}
+	outlen += i;
+	if (datalen)
+		*datalen = outlen;
+	if (data)
+		*data = out;
+
+err:
+	EVP_CIPHER_CTX_cleanup(&ctx);
+	return out;
+
+}
+LCRYPTO_ALIAS(PKCS12_pbe_crypt);
+
+/* Decrypt an OCTET STRING and decode ASN1 structure
+ * if zbuf set zero buffer after use.
+ */
+
+void *
+PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+    const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf)
+{
+	unsigned char *out;
+	const unsigned char *p;
+	void *ret;
+	int outlen;
+
+	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+	    &out, &outlen, 0)) {
+		PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+		return NULL;
+	}
+	p = out;
+	ret = ASN1_item_d2i(NULL, &p, outlen, it);
+	if (zbuf)
+		explicit_bzero(out, outlen);
+	if (!ret)
+		PKCS12error(PKCS12_R_DECODE_ERROR);
+	free(out);
+	return ret;
+}
+LCRYPTO_ALIAS(PKCS12_item_decrypt_d2i);
+
+/* Encode ASN1 structure and encrypt, return OCTET STRING
+ * if zbuf set zero encoding.
+ */
+
+ASN1_OCTET_STRING *
+PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
+    const char *pass, int passlen,
+    void *obj, int zbuf)
+{
+	ASN1_OCTET_STRING *oct;
+	unsigned char *in = NULL;
+	int inlen;
+
+	if (!(oct = ASN1_OCTET_STRING_new())) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	inlen = ASN1_item_i2d(obj, &in, it);
+	if (!in) {
+		PKCS12error(PKCS12_R_ENCODE_ERROR);
+		goto err;
+	}
+	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
+	    &oct->length, 1)) {
+		PKCS12error(PKCS12_R_ENCRYPT_ERROR);
+		goto err;
+	}
+	if (zbuf)
+		explicit_bzero(in, inlen);
+	free(in);
+	return oct;
+
+err:
+	free(in);
+	ASN1_OCTET_STRING_free(oct);
+	return NULL;
+}
+LCRYPTO_ALIAS(PKCS12_item_i2d_encrypt);
+
+IMPLEMENT_PKCS12_STACK_OF(PKCS7)

crypto/pkcs12/p12_init.c

@@ -0,0 +1,101 @@
+/* $OpenBSD: p12_init.c,v 1.16 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "pkcs12_local.h"
+
+/* Initialise a PKCS12 structure to take data */
+
+PKCS12 *
+PKCS12_init(int mode)
+{
+	PKCS12 *pkcs12;
+
+	if (!(pkcs12 = PKCS12_new())) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if (!ASN1_INTEGER_set(pkcs12->version, 3))
+		goto err;
+	if ((pkcs12->authsafes->type = OBJ_nid2obj(mode)) == NULL)
+		goto err;
+	switch (mode) {
+	case NID_pkcs7_data:
+		if (!(pkcs12->authsafes->d.data =
+		    ASN1_OCTET_STRING_new())) {
+			PKCS12error(ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		break;
+	default:
+		PKCS12error(PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+		goto err;
+	}
+
+	return pkcs12;
+
+err:
+	if (pkcs12 != NULL)
+		PKCS12_free(pkcs12);
+	return NULL;
+}
+LCRYPTO_ALIAS(PKCS12_init);

crypto/pkcs12/p12_key.c

@@ -0,0 +1,197 @@
+/* $OpenBSD: p12_key.c,v 1.34 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "evp_local.h"
+
+/* PKCS12 compatible key/IV generation */
+#ifndef min
+#define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+int
+PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+    int saltlen, int id, int iter, int n, unsigned char *out,
+    const EVP_MD *md_type)
+{
+	int ret;
+	unsigned char *unipass;
+	int uniplen;
+
+	if (!pass) {
+		unipass = NULL;
+		uniplen = 0;
+	} else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+	    id, iter, n, out, md_type);
+	if (ret <= 0)
+		return 0;
+	freezero(unipass, uniplen);
+	return ret;
+}
+LCRYPTO_ALIAS(PKCS12_key_gen_asc);
+
+int
+PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+    int saltlen, int id, int iter, int n, unsigned char *out,
+    const EVP_MD *md_type)
+{
+	EVP_MD_CTX *ctx = NULL;
+	unsigned char *B = NULL, *D = NULL, *I = NULL, *Ai = NULL;
+	unsigned char *p;
+	int Slen, Plen, Ilen;
+	int i, j, u, v;
+	int ret = 0;
+
+	if ((ctx = EVP_MD_CTX_new()) == NULL)
+		goto err;
+
+	if ((v = EVP_MD_block_size(md_type)) <= 0)
+		goto err;
+	if ((u = EVP_MD_size(md_type)) <= 0)
+		goto err;
+
+	if ((D = malloc(v)) == NULL)
+		goto err;
+	if ((Ai = malloc(u)) == NULL)
+		goto err;
+	if ((B = malloc(v + 1)) == NULL)
+		goto err;
+
+	Slen = v * ((saltlen + v - 1) / v);
+
+	Plen = 0;
+	if (passlen)
+		Plen = v * ((passlen + v - 1) / v);
+
+	Ilen = Slen + Plen;
+
+	if ((I = malloc(Ilen)) == NULL)
+		goto err;
+
+	for (i = 0; i < v; i++)
+		D[i] = id;
+
+	p = I;
+	for (i = 0; i < Slen; i++)
+		*p++ = salt[i % saltlen];
+	for (i = 0; i < Plen; i++)
+		*p++ = pass[i % passlen];
+
+	for (;;) {
+		if (!EVP_DigestInit_ex(ctx, md_type, NULL))
+			goto err;
+		if (!EVP_DigestUpdate(ctx, D, v))
+			goto err;
+		if (!EVP_DigestUpdate(ctx, I, Ilen))
+			goto err;
+		if (!EVP_DigestFinal_ex(ctx, Ai, NULL))
+			goto err;
+		for (j = 1; j < iter; j++) {
+			if (!EVP_DigestInit_ex(ctx, md_type, NULL))
+				goto err;
+			if (!EVP_DigestUpdate(ctx, Ai, u))
+				goto err;
+			if (!EVP_DigestFinal_ex(ctx, Ai, NULL))
+				goto err;
+		}
+		memcpy(out, Ai, min(n, u));
+		if (u >= n) {
+			ret = 1;
+			goto end;
+		}
+		n -= u;
+		out += u;
+		for (j = 0; j < v; j++)
+			B[j] = Ai[j % u];
+
+		for (j = 0; j < Ilen; j += v) {
+			uint16_t c = 1;
+			int k;
+
+			/* Work out I[j] = I[j] + B + 1. */
+			for (k = v - 1; k >= 0; k--) {
+				c += I[j + k] + B[k];
+				I[j + k] = (unsigned char)c;
+				c >>= 8;
+			}
+		}
+	}
+
+ err:
+	PKCS12error(ERR_R_MALLOC_FAILURE);
+
+ end:
+	free(Ai);
+	free(B);
+	free(D);
+	free(I);
+	EVP_MD_CTX_free(ctx);
+
+	return ret;
+}
+LCRYPTO_ALIAS(PKCS12_key_gen_uni);

crypto/pkcs12/p12_kiss.c

@@ -0,0 +1,299 @@
+/* $OpenBSD: p12_kiss.c,v 1.27 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "pkcs12_local.h"
+
+/* Simplified PKCS#12 routines */
+
+static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
+    EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+    int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+    EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+/* Parse and decrypt a PKCS#12 structure returning user key, user cert
+ * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
+ * or it should point to a valid STACK structure. pkey and cert can be
+ * passed unitialised.
+ */
+
+int
+PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+    STACK_OF(X509) **ca)
+{
+	STACK_OF(X509) *ocerts = NULL;
+	X509 *x = NULL;
+
+	if (pkey != NULL)
+		*pkey = NULL;
+	if (cert != NULL)
+		*cert = NULL;
+
+	if (p12 == NULL) {
+		PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+		goto err;
+	}
+
+	/* Check the mac */
+
+	/* If password is zero length or NULL then try verifying both cases
+	 * to determine which password is correct. The reason for this is that
+	 * under PKCS#12 password based encryption no password and a zero length
+	 * password are two different things...
+	 */
+
+	if (pass == NULL || *pass == '\0') {
+		if (PKCS12_verify_mac(p12, NULL, 0))
+			pass = NULL;
+		else if (PKCS12_verify_mac(p12, "", 0))
+			pass = "";
+		else {
+			PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
+			goto err;
+		}
+	} else if (!PKCS12_verify_mac(p12, pass, -1)) {
+		PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
+		goto err;
+	}
+
+	/* Allocate stack for other certificates */
+	if ((ocerts = sk_X509_new_null()) == NULL) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
+		PKCS12error(PKCS12_R_PARSE_ERROR);
+		goto err;
+	}
+
+	while ((x = sk_X509_pop(ocerts)) != NULL) {
+		if (pkey != NULL && *pkey != NULL &&
+		    cert != NULL && *cert == NULL) {
+			ERR_set_mark();
+			if (X509_check_private_key(x, *pkey)) {
+				*cert = x;
+				x = NULL;
+			}
+			ERR_pop_to_mark();
+		}
+
+		if (ca != NULL && x != NULL) {
+			if (*ca == NULL)
+				*ca = sk_X509_new_null();
+			if (*ca == NULL)
+				goto err;
+			if (!sk_X509_push(*ca, x))
+				goto err;
+			x = NULL;
+		}
+		X509_free(x);
+		x = NULL;
+	}
+
+	sk_X509_pop_free(ocerts, X509_free);
+
+	return 1;
+
+err:
+	if (pkey != NULL)
+		EVP_PKEY_free(*pkey);
+	if (cert != NULL)
+		X509_free(*cert);
+	X509_free(x);
+	sk_X509_pop_free(ocerts, X509_free);
+
+	return 0;
+}
+LCRYPTO_ALIAS(PKCS12_parse);
+
+/* Parse the outer PKCS#12 structure */
+
+static int
+parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey,
+    STACK_OF(X509) *ocerts)
+{
+	STACK_OF(PKCS7) *asafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
+	int i, bagnid;
+	PKCS7 *p7;
+
+	if (!(asafes = PKCS12_unpack_authsafes(p12)))
+		return 0;
+	for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+		p7 = sk_PKCS7_value(asafes, i);
+		bagnid = OBJ_obj2nid(p7->type);
+		if (bagnid == NID_pkcs7_data) {
+			bags = PKCS12_unpack_p7data(p7);
+		} else if (bagnid == NID_pkcs7_encrypted) {
+			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+		} else
+			continue;
+		if (!bags) {
+			sk_PKCS7_pop_free(asafes, PKCS7_free);
+			return 0;
+		}
+		if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
+			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+			sk_PKCS7_pop_free(asafes, PKCS7_free);
+			return 0;
+		}
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	}
+	sk_PKCS7_pop_free(asafes, PKCS7_free);
+	return 1;
+}
+
+static int
+parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen,
+    EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+	int i;
+
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+		if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), pass, passlen,
+		    pkey, ocerts))
+			return 0;
+	}
+	return 1;
+}
+
+static int
+parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey,
+    STACK_OF(X509) *ocerts)
+{
+	PKCS8_PRIV_KEY_INFO *p8;
+	X509 *x509;
+	const ASN1_TYPE *attrib;
+	ASN1_BMPSTRING *fname = NULL;
+	ASN1_OCTET_STRING *lkid = NULL;
+
+	if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
+		fname = attrib->value.bmpstring;
+
+	if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
+		lkid = attrib->value.octet_string;
+
+	switch (OBJ_obj2nid(bag->type)) {
+	case NID_keyBag:
+		if (!pkey || *pkey)
+			return 1;
+		if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
+			return 0;
+		break;
+
+	case NID_pkcs8ShroudedKeyBag:
+		if (!pkey || *pkey)
+			return 1;
+		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+			return 0;
+		*pkey = EVP_PKCS82PKEY(p8);
+		PKCS8_PRIV_KEY_INFO_free(p8);
+		if (!(*pkey))
+			return 0;
+		break;
+
+	case NID_certBag:
+		if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate )
+			return 1;
+		if (!(x509 = PKCS12_certbag2x509(bag)))
+			return 0;
+		if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
+			X509_free(x509);
+			return 0;
+		}
+		if (fname) {
+			int len, r;
+			unsigned char *data = NULL;
+			len = ASN1_STRING_to_UTF8(&data, fname);
+			if (len >= 0) {
+				r = X509_alias_set1(x509, data, len);
+				free(data);
+				if (!r) {
+					X509_free(x509);
+					return 0;
+				}
+			}
+		}
+
+		if (!sk_X509_push(ocerts, x509)) {
+			X509_free(x509);
+			return 0;
+		}
+
+		break;
+
+	case NID_safeContentsBag:
+		return parse_bags(bag->value.safes, pass, passlen,
+		    pkey, ocerts);
+		break;
+
+	default:
+		return 1;
+		break;
+	}
+	return 1;
+}

crypto/pkcs12/p12_mutl.c

@@ -0,0 +1,263 @@
+/* $OpenBSD: p12_mutl.c,v 1.35 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_HMAC
+
+#include <openssl/err.h>
+#include <openssl/hmac.h>
+#include <openssl/pkcs12.h>
+
+#include "evp_local.h"
+#include "hmac_local.h"
+#include "pkcs12_local.h"
+#include "x509_local.h"
+
+int
+PKCS12_mac_present(const PKCS12 *p12)
+{
+	return p12->mac != NULL;
+}
+LCRYPTO_ALIAS(PKCS12_mac_present);
+
+void
+PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg,
+    const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter,
+    const PKCS12 *p12)
+{
+	if (p12->mac == NULL) {
+		if (pmac != NULL)
+			*pmac = NULL;
+		if (pmacalg != NULL)
+			*pmacalg = NULL;
+		if (psalt != NULL)
+			*psalt = NULL;
+		if (piter != NULL)
+			*piter = NULL;
+		return;
+	}
+
+	if (pmac != NULL)
+		*pmac = p12->mac->dinfo->digest;
+	if (pmacalg != NULL)
+		*pmacalg = p12->mac->dinfo->algor;
+	if (psalt != NULL)
+		*psalt = p12->mac->salt;
+	if (piter != NULL)
+		*piter = p12->mac->iter;
+}
+LCRYPTO_ALIAS(PKCS12_get0_mac);
+
+/* Generate a MAC */
+int
+PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+    unsigned char *mac, unsigned int *maclen)
+{
+	const EVP_MD *md_type;
+	HMAC_CTX *hmac = NULL;
+	unsigned char key[EVP_MAX_MD_SIZE], *salt;
+	int saltlen, iter;
+	int md_size;
+	int ret = 0;
+
+	if (!PKCS7_type_is_data(p12->authsafes)) {
+		PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
+		goto err;
+	}
+
+	salt = p12->mac->salt->data;
+	saltlen = p12->mac->salt->length;
+
+	iter = 1;
+	if (p12->mac->iter != NULL) {
+		if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
+			PKCS12error(PKCS12_R_DECODE_ERROR);
+			goto err;
+		}
+	}
+
+	md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm);
+	if (md_type == NULL) {
+		PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+		goto err;
+	}
+
+	if ((md_size = EVP_MD_size(md_type)) < 0)
+		goto err;
+
+	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+	    md_size, key, md_type)) {
+		PKCS12error(PKCS12_R_KEY_GEN_ERROR);
+		goto err;
+	}
+
+	if ((hmac = HMAC_CTX_new()) == NULL)
+		goto err;
+	if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL))
+		goto err;
+	if (!HMAC_Update(hmac, p12->authsafes->d.data->data,
+	    p12->authsafes->d.data->length))
+		goto err;
+	if (!HMAC_Final(hmac, mac, maclen))
+		goto err;
+
+	ret = 1;
+
+ err:
+	explicit_bzero(key, sizeof(key));
+	HMAC_CTX_free(hmac);
+
+	return ret;
+}
+LCRYPTO_ALIAS(PKCS12_gen_mac);
+
+/* Verify the mac */
+int
+PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
+{
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen;
+
+	if (p12->mac == NULL) {
+		PKCS12error(PKCS12_R_MAC_ABSENT);
+		return 0;
+	}
+	if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+		PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
+		return 0;
+	}
+	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ||
+	    memcmp(mac, p12->mac->dinfo->digest->data, maclen))
+		return 0;
+	return 1;
+}
+LCRYPTO_ALIAS(PKCS12_verify_mac);
+
+/* Set a mac */
+
+int
+PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt,
+    int saltlen, int iter, const EVP_MD *md_type)
+{
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen;
+
+	if (!md_type)
+		md_type = EVP_sha1();
+	if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) ==
+	    PKCS12_ERROR) {
+		PKCS12error(PKCS12_R_MAC_SETUP_ERROR);
+		return 0;
+	}
+	if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+		PKCS12error(PKCS12_R_MAC_GENERATION_ERROR);
+		return 0;
+	}
+	if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
+		PKCS12error(PKCS12_R_MAC_STRING_SET_ERROR);
+		return 0;
+	}
+	return 1;
+}
+LCRYPTO_ALIAS(PKCS12_set_mac);
+
+/* Set up a mac structure */
+int
+PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+    const EVP_MD *md_type)
+{
+	PKCS12_MAC_DATA_free(p12->mac);
+	if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
+		return PKCS12_ERROR;
+	if (iter > 1) {
+		if (!(p12->mac->iter = ASN1_INTEGER_new())) {
+			PKCS12error(ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+			PKCS12error(ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+	}
+	if (!saltlen)
+		saltlen = PKCS12_SALT_LEN;
+	if (!(p12->mac->salt->data = malloc(saltlen))) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	p12->mac->salt->length = saltlen;
+	if (!salt)
+		arc4random_buf(p12->mac->salt->data, saltlen);
+	else
+		memcpy(p12->mac->salt->data, salt, saltlen);
+	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
+	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
+
+	return 1;
+}
+LCRYPTO_ALIAS(PKCS12_setup_mac);
+#endif

crypto/pkcs12/p12_npas.c

@@ -0,0 +1,249 @@
+/* $OpenBSD: p12_npas.c,v 1.18 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "pkcs12_local.h"
+#include "x509_local.h"
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+    const char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+    const char *newpass);
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
+
+/*
+ * Change the password on a PKCS#12 structure.
+ */
+
+int
+PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+	/* Check for NULL PKCS12 structure */
+
+	if (!p12) {
+		PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+		return 0;
+	}
+
+	/* Check the mac */
+
+	if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+		PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE);
+		return 0;
+	}
+
+	if (!newpass_p12(p12, oldpass, newpass)) {
+		PKCS12error(PKCS12_R_PARSE_ERROR);
+		return 0;
+	}
+
+	return 1;
+}
+LCRYPTO_ALIAS(PKCS12_newpass);
+
+/* Parse the outer PKCS#12 structure */
+
+static int
+newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+	STACK_OF(PKCS7) *asafes, *newsafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
+	int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
+	PKCS7 *p7, *p7new;
+	ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen;
+
+	if (!(asafes = PKCS12_unpack_authsafes(p12)))
+		return 0;
+	if (!(newsafes = sk_PKCS7_new_null()))
+		return 0;
+	for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+		p7 = sk_PKCS7_value(asafes, i);
+		bagnid = OBJ_obj2nid(p7->type);
+		if (bagnid == NID_pkcs7_data) {
+			bags = PKCS12_unpack_p7data(p7);
+		} else if (bagnid == NID_pkcs7_encrypted) {
+			bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+			if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+			    &pbe_nid, &pbe_iter, &pbe_saltlen)) {
+				sk_PKCS12_SAFEBAG_pop_free(bags,
+				    PKCS12_SAFEBAG_free);
+				bags = NULL;
+			}
+		} else
+			continue;
+		if (bags == NULL)
+			goto err;
+		if (!newpass_bags(bags, oldpass, newpass)) {
+			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+			goto err;
+		}
+		/* Repack bag in same form with new password */
+		if (bagnid == NID_pkcs7_data)
+			p7new = PKCS12_pack_p7data(bags);
+		else
+			p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1,
+			    NULL, pbe_saltlen, pbe_iter, bags);
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+		if (p7new == NULL)
+			goto err;
+		if (sk_PKCS7_push(newsafes, p7new) == 0)
+			goto err;
+	}
+	sk_PKCS7_pop_free(asafes, PKCS7_free);
+
+	/* Repack safe: save old safe in case of error */
+
+	p12_data_tmp = p12->authsafes->d.data;
+	if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) {
+		p12->authsafes->d.data = p12_data_tmp;
+		goto err;
+	}
+	if (!PKCS12_pack_authsafes(p12, newsafes))
+		goto saferr;
+
+	if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
+		goto saferr;
+	if (!(macnew = ASN1_OCTET_STRING_new()))
+		goto saferr;
+	if (!ASN1_OCTET_STRING_set(macnew, mac, maclen))
+		goto saferr;
+	ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
+	p12->mac->dinfo->digest = macnew;
+	ASN1_OCTET_STRING_free(p12_data_tmp);
+
+	return 1;
+
+saferr:
+	/* Restore old safe */
+	ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+	ASN1_OCTET_STRING_free(macnew);
+	p12->authsafes->d.data = p12_data_tmp;
+	return 0;
+
+err:
+	sk_PKCS7_pop_free(asafes, PKCS7_free);
+	sk_PKCS7_pop_free(newsafes, PKCS7_free);
+	return 0;
+}
+
+
+static int
+newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+    const char *newpass)
+{
+	int i;
+
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+		if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+		    oldpass, newpass))
+			return 0;
+	}
+	return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int
+newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, const char *newpass)
+{
+	PKCS8_PRIV_KEY_INFO *p8;
+	X509_SIG *p8new;
+	int p8_nid, p8_saltlen, p8_iter;
+
+	if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
+		return 1;
+
+	if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
+		return 0;
+	if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
+	    &p8_saltlen))
+		return 0;
+	if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+	    p8_iter, p8))) return 0;
+	X509_SIG_free(bag->value.shkeybag);
+	bag->value.shkeybag = p8new;
+	return 1;
+}
+
+static int
+alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
+{
+	PBEPARAM *pbe;
+	const unsigned char *p;
+
+	p = alg->parameter->value.sequence->data;
+	pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+	if (!pbe)
+		return 0;
+	*pnid = OBJ_obj2nid(alg->algorithm);
+	*piter = ASN1_INTEGER_get(pbe->iter);
+	*psaltlen = pbe->salt->length;
+	PBEPARAM_free(pbe);
+	return 1;
+}

crypto/pkcs12/p12_p8d.c

@@ -0,0 +1,71 @@
+/* $OpenBSD: p12_p8d.c,v 1.11 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/pkcs12.h>
+
+#include "x509_local.h"
+
+PKCS8_PRIV_KEY_INFO *
+PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen)
+{
+	return PKCS12_item_decrypt_d2i(p8->algor,
+	    &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8->digest, 1);
+}
+LCRYPTO_ALIAS(PKCS8_decrypt);

crypto/pkcs12/p12_p8e.c

@@ -0,0 +1,103 @@
+/* $OpenBSD: p12_p8e.c,v 1.12 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "x509_local.h"
+
+X509_SIG *
+PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
+    int passlen, unsigned char *salt, int saltlen, int iter,
+    PKCS8_PRIV_KEY_INFO *p8inf)
+{
+	X509_SIG *p8 = NULL;
+	X509_ALGOR *pbe;
+
+	if (!(p8 = X509_SIG_new())) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	if (pbe_nid == -1)
+		pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+	else
+		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+	if (!pbe) {
+		PKCS12error(ERR_R_ASN1_LIB);
+		goto err;
+	}
+	X509_ALGOR_free(p8->algor);
+	p8->algor = pbe;
+	ASN1_OCTET_STRING_free(p8->digest);
+	p8->digest = PKCS12_item_i2d_encrypt(pbe,
+	    &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8inf, 1);
+	if (!p8->digest) {
+		PKCS12error(PKCS12_R_ENCRYPT_ERROR);
+		goto err;
+	}
+
+	return p8;
+
+err:
+	X509_SIG_free(p8);
+	return NULL;
+}
+LCRYPTO_ALIAS(PKCS8_encrypt);

crypto/pkcs12/p12_sbag.c

@@ -0,0 +1,240 @@
+/* $OpenBSD: p12_sbag.c,v 1.8 2023/02/16 08:38:17 tb Exp $ */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999-2018.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "pkcs12_local.h"
+#include "x509_local.h"
+
+const ASN1_TYPE *
+PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
+{
+	return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_attr);
+
+ASN1_TYPE *
+PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
+{
+	return PKCS12_get_attr_gen(p8->attributes, attr_nid);
+}
+LCRYPTO_ALIAS(PKCS8_get_attr);
+
+const PKCS8_PRIV_KEY_INFO *
+PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
+{
+	if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
+		return NULL;
+
+	return bag->value.keybag;
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_p8inf);
+
+const X509_SIG *
+PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
+{
+	if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
+		return NULL;
+
+	return bag->value.shkeybag;
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_pkcs8);
+
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
+{
+	if (PKCS12_SAFEBAG_get_nid(bag) != NID_safeContentsBag)
+		return NULL;
+
+	return bag->value.safes;
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_safes);
+
+const ASN1_OBJECT *
+PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
+{
+	return bag->type;
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get0_type);
+
+int
+PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
+{
+	return OBJ_obj2nid(bag->type);
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get_nid);
+
+int
+PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
+{
+	int bag_type;
+
+	bag_type = PKCS12_SAFEBAG_get_nid(bag);
+
+	if (bag_type == NID_certBag || bag_type == NID_crlBag ||
+	    bag_type == NID_secretBag)
+		return OBJ_obj2nid(bag->value.bag->type);
+
+	return -1;
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get_bag_nid);
+
+X509 *
+PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
+{
+	if (OBJ_obj2nid(bag->type) != NID_certBag)
+		return NULL;
+	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
+		return NULL;
+	return ASN1_item_unpack(bag->value.bag->value.octet, &X509_it);
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get1_cert);
+
+X509_CRL *
+PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
+{
+	if (OBJ_obj2nid(bag->type) != NID_crlBag)
+		return NULL;
+	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
+		return NULL;
+	return ASN1_item_unpack(bag->value.bag->value.octet, &X509_CRL_it);
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_get1_crl);
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create_cert(X509 *x509)
+{
+	return PKCS12_item_pack_safebag(x509, &X509_it,
+	    NID_x509Certificate, NID_certBag);
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_create_cert);
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
+{
+	return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
+	    NID_x509Crl, NID_crlBag);
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_create_crl);
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
+{
+	PKCS12_SAFEBAG *bag;
+
+	if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	bag->type = OBJ_nid2obj(NID_keyBag);
+	bag->value.keybag = p8;
+
+	return bag;
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_create0_p8inf);
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
+{
+	PKCS12_SAFEBAG *bag;
+
+	/* Set up the safe bag */
+	if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
+		PKCS12error(ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+	bag->value.shkeybag = p8;
+
+	return bag;
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_create0_pkcs8);
+
+PKCS12_SAFEBAG *
+PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen,
+    unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8info)
+{
+	const EVP_CIPHER *pbe_ciph;
+	X509_SIG *p8;
+	PKCS12_SAFEBAG *bag;
+
+	if ((pbe_ciph = EVP_get_cipherbynid(pbe_nid)) != NULL)
+		pbe_nid = -1;
+
+	if ((p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen,
+	    iter, p8info)) == NULL)
+		return NULL;
+
+	if ((bag = PKCS12_SAFEBAG_create0_pkcs8(p8)) == NULL) {
+		X509_SIG_free(p8);
+		return NULL;
+	}
+
+	return bag;
+}
+LCRYPTO_ALIAS(PKCS12_SAFEBAG_create_pkcs8_encrypt);

crypto/pkcs12/p12_utl.c

@@ -0,0 +1,157 @@
+/* $OpenBSD: p12_utl.c,v 1.21 2023/02/16 08:38:17 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/pkcs12.h>
+
+#include "pkcs12_local.h"
+
+/* Cheap and nasty Unicode stuff */
+
+unsigned char *
+OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
+{
+	size_t ulen, i;
+	unsigned char *unitmp;
+
+	if (asclen < 0)
+		ulen = strlen(asc);
+	else
+		ulen = (size_t)asclen;
+	ulen++;
+	if (ulen == 0) /* unlikely overflow */
+		return NULL;
+	if ((unitmp = reallocarray(NULL, ulen, 2)) == NULL)
+		return NULL;
+	ulen *= 2;
+	/* XXX This interface ought to use unsigned types */
+	if (ulen > INT_MAX) {
+		free(unitmp);
+		return NULL;
+	}
+	for (i = 0; i < ulen - 2; i += 2) {
+		unitmp[i] = 0;
+		unitmp[i + 1] = *asc++;
+	}
+	/* Make result double-NUL terminated */
+	unitmp[ulen - 2] = 0;
+	unitmp[ulen - 1] = 0;
+	if (unilen)
+		*unilen = ulen;
+	if (uni)
+		*uni = unitmp;
+	return unitmp;
+}
+LCRYPTO_ALIAS(OPENSSL_asc2uni);
+
+char *
+OPENSSL_uni2asc(const unsigned char *uni, int unilen)
+{
+	size_t asclen, u16len, i;
+	char *asctmp;
+
+	if (unilen < 0)
+		return NULL;
+
+	asclen = u16len = (size_t)unilen / 2;
+	/* If no terminating NUL, allow for one */
+	if (unilen == 0 || uni[unilen - 1] != '\0')
+		asclen++;
+	if ((asctmp = malloc(asclen)) == NULL)
+		return NULL;
+	/* Skip first zero byte */
+	uni++;
+	for (i = 0; i < u16len; i++) {
+		asctmp[i] = *uni;
+		uni += 2;
+	}
+	asctmp[asclen - 1] = '\0';
+	return asctmp;
+}
+LCRYPTO_ALIAS(OPENSSL_uni2asc);
+
+int
+i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+{
+	return ASN1_item_i2d_bio(&PKCS12_it, bp, p12);
+}
+LCRYPTO_ALIAS(i2d_PKCS12_bio);
+
+int
+i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
+{
+	return ASN1_item_i2d_fp(&PKCS12_it, fp, p12);
+}
+LCRYPTO_ALIAS(i2d_PKCS12_fp);
+
+PKCS12 *
+d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+{
+	return ASN1_item_d2i_bio(&PKCS12_it, bp, p12);
+}
+LCRYPTO_ALIAS(d2i_PKCS12_bio);
+
+PKCS12 *
+d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+{
+	    return ASN1_item_d2i_fp(&PKCS12_it, fp, p12);
+}
+LCRYPTO_ALIAS(d2i_PKCS12_fp);

crypto/pkcs12/pk12err.c

@@ -0,0 +1,111 @@
+/* $OpenBSD: pk12err.c,v 1.14 2023/02/16 08:38:17 tb Exp $ */
+/* ====================================================================
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/opensslconf.h>
+
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
+
+static ERR_STRING_DATA PKCS12_str_functs[]= {
+	{ERR_FUNC(0xfff), "CRYPTO_internal"},
+	{0, NULL}
+};
+
+static ERR_STRING_DATA PKCS12_str_reasons[]= {
+	{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"},
+	{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"},
+	{ERR_REASON(PKCS12_R_DECODE_ERROR)       , "decode error"},
+	{ERR_REASON(PKCS12_R_ENCODE_ERROR)       , "encode error"},
+	{ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      , "encrypt error"},
+	{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), "error setting encrypted data type"},
+	{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
+	{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER), "invalid null pkcs12 pointer"},
+	{ERR_REASON(PKCS12_R_IV_GEN_ERROR)       , "iv gen error"},
+	{ERR_REASON(PKCS12_R_KEY_GEN_ERROR)      , "key gen error"},
+	{ERR_REASON(PKCS12_R_MAC_ABSENT)         , "mac absent"},
+	{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
+	{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR)    , "mac setup error"},
+	{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
+	{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR)   , "mac verify error"},
+	{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) , "mac verify failure"},
+	{ERR_REASON(PKCS12_R_PARSE_ERROR)        , "parse error"},
+	{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), "pkcs12 algor cipherinit error"},
+	{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR), "pkcs12 cipherfinal error"},
+	{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"},
+	{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), "unknown digest algorithm"},
+	{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"},
+	{0, NULL}
+};
+
+#endif
+
+void
+ERR_load_PKCS12_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+	if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
+		ERR_load_strings(0, PKCS12_str_functs);
+		ERR_load_strings(0, PKCS12_str_reasons);
+	}
+#endif
+}
+LCRYPTO_ALIAS(ERR_load_PKCS12_strings);

crypto/pkcs12/pkcs12_local.h

@@ -0,0 +1,101 @@
+/* $OpenBSD: pkcs12_local.h,v 1.3 2022/11/26 17:23:18 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PKCS12_LOCAL_H
+#define HEADER_PKCS12_LOCAL_H
+
+__BEGIN_HIDDEN_DECLS
+
+struct PKCS12_MAC_DATA_st {
+	X509_SIG *dinfo;
+	ASN1_OCTET_STRING *salt;
+	ASN1_INTEGER *iter;	/* defaults to 1 */
+};
+
+struct PKCS12_st {
+	ASN1_INTEGER *version;
+	PKCS12_MAC_DATA *mac;
+	PKCS7 *authsafes;
+};
+
+struct PKCS12_SAFEBAG_st {
+	ASN1_OBJECT *type;
+	union {
+	struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+	struct pkcs8_priv_key_info_st	*keybag; /* keybag */
+	X509_SIG *shkeybag; /* shrouded key bag */
+		STACK_OF(PKCS12_SAFEBAG) *safes;
+		ASN1_TYPE *other;
+	} value;
+	STACK_OF(X509_ATTRIBUTE) *attrib;
+};
+
+struct pkcs12_bag_st {
+	ASN1_OBJECT *type;
+	union {
+		ASN1_OCTET_STRING *x509cert;
+		ASN1_OCTET_STRING *x509crl;
+		ASN1_OCTET_STRING *octet;
+		ASN1_IA5STRING *sdsicert;
+		ASN1_TYPE *other; /* Secret or other bag */
+	} value;
+};
+
+__END_HIDDEN_DECLS
+
+#endif /* !HEADER_PKCS12_LOCAL_H */