From 03922a635b363643cfaa28e282a090e593530d2a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 26 Sep 2015 13:24:24 +0100
Subject: [PATCH] more PKCS12 opacity

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/pkcs12/p12_kiss.c | 10 ++++++----
 crypto/pkcs12/p12_mutl.c |  1 +
 crypto/pkcs12/p12_npas.c |  3 ++-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 59c84a0493..9a71581513 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -233,11 +233,12 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
     if ((attrib = PKCS12_get_attr(bag, NID_localKeyID)))
         lkid = attrib->value.octet_string;
 
-    switch (M_PKCS12_bag_type(bag)) {
+    switch (PKCS12_bag_type(bag)) {
     case NID_keyBag:
         if (!pkey || *pkey)
             return 1;
-        if ((*pkey = EVP_PKCS82PKEY(bag->value.keybag)) == NULL)
+        *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
+        if (*pkey == NULL)
             return 0;
         break;
 
@@ -253,7 +254,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
         break;
 
     case NID_certBag:
-        if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+        if (PKCS12_cert_bag_type(bag) != NID_x509Certificate)
             return 1;
         if ((x509 = PKCS12_certbag2x509(bag)) == NULL)
             return 0;
@@ -283,7 +284,8 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
         break;
 
     case NID_safeContentsBag:
-        return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts);
+        return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
+                          ocerts);
 
     default:
         return 1;
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 8ed9ac520b..726e7f1360 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -62,6 +62,7 @@
 # include <openssl/hmac.h>
 # include <openssl/rand.h>
 # include <openssl/pkcs12.h>
+# include "p12_lcl.h"
 
 # define TK26_MAC_KEY_LEN 32
 
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index d670624b4e..2bd25e47ef 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -62,6 +62,7 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
+#include "p12_lcl.h"
 
 /* PKCS#12 password change routine */
 
@@ -202,7 +203,7 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
     X509_SIG *p8new;
     int p8_nid, p8_saltlen, p8_iter;
 
-    if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
+    if (PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
         return 1;
 
     if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
-- 
GitLab