use new function names

Reviewed-by: Rich Salz <rsalz@openssl.org>

crypto/pkcs12/p12_crt.c

@@ -231,10 +231,11 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
     if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
         goto err;
     if (nid_key != -1) {
-        bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
+        bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0,
+                                                  iter, p8);
         PKCS8_PRIV_KEY_INFO_free(p8);
     } else
-        bag = PKCS12_MAKE_KEYBAG(p8);
+        bag = PKCS12_SAFEBAG_create0_p8inf(p8);
 
     if (!bag)
         goto err;

crypto/pkcs12/p12_sbag.c

@@ -145,12 +145,12 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
 
 /* Turn PKCS8 object into a keybag */
 
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8)
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
 {
-    PKCS12_SAFEBAG *bag;
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
 
-    if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
-        PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
     bag->type = OBJ_nid2obj(NID_keyBag);
@@ -160,31 +160,48 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8)
 
 /* Turn PKCS8 object into a shrouded keybag */
 
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8(int pbe_nid, const char *pass,
-                                            int passlen, unsigned char *salt,
-                                            int saltlen, int iter,
-                                            PKCS8_PRIV_KEY_INFO *p8)
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
+{
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+    /* Set up the safe bag */
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+    bag->value.shkeybag = p8;
+    return bag;
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf)
 {
     PKCS12_SAFEBAG *bag;
     const EVP_CIPHER *pbe_ciph;
-
-    /* Set up the safe bag */
-    if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
-        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-
-    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+    X509_SIG *p8;
 
     pbe_ciph = EVP_get_cipherbynid(pbe_nid);
 
     if (pbe_ciph)
         pbe_nid = -1;
 
-    if (!(bag->value.shkeybag =
-          PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
-                        p8))) {
-        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+    p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
+                       p8inf);
+
+    if (p8 == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
+
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        X509_SIG_free(p8);
         return NULL;
     }
 

crypto/pkcs12/pk12err.c

@@ -85,14 +85,18 @@ static ERR_STRING_DATA PKCS12_str_functs[] = {
     {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
     {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
     {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
-    {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
-    {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
     {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
     {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
     {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
     {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
     {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
     {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF),
+     "PKCS12_SAFEBAG_create0_p8inf"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8),
+     "PKCS12_SAFEBAG_create0_pkcs8"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT),
+     "PKCS12_SAFEBAG_create_pkcs8_encrypt"},
     {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
     {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
     {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},

include/openssl/pkcs12.h

@@ -138,9 +138,9 @@ typedef struct pkcs12_bag_st PKCS12_BAGS;
 # define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
 # define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
 # define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
-# define PKCS12_crl2certbag PKCS12_SAFEBAG_create_crl
-# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create_p8inf
-# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8
+# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl
+# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf
+# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
 
 ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
 int PKCS12_mac_present(PKCS12 *p12);
@@ -161,11 +161,14 @@ X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag);
 
 PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
 PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8(int pbe_nid, const char *pass,
-                                            int passlen, unsigned char *salt,
-                                            int saltlen, int iter,
-                                            PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf);
 
 PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
                                          int nid1, int nid2);
@@ -287,14 +290,15 @@ void ERR_load_PKCS12_strings(void);
 # define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG                117
 # define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
 # define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
-# define PKCS12_F_PKCS12_MAKE_KEYBAG                      112
-# define PKCS12_F_PKCS12_MAKE_SHKEYBAG                    113
 # define PKCS12_F_PKCS12_NEWPASS                          128
 # define PKCS12_F_PKCS12_PACK_P7DATA                      114
 # define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
 # define PKCS12_F_PKCS12_PARSE                            118
 # define PKCS12_F_PKCS12_PBE_CRYPT                        119
 # define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF            112
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8            113
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT     133
 # define PKCS12_F_PKCS12_SETUP_MAC                        122
 # define PKCS12_F_PKCS12_SET_MAC                          123
 # define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 130