openbsd/src/lib/libcrypto/pkcs12, branch OPENBSD_7

openbsd/src/lib/libcrypto/pkcs12, branch OPENBSD_7_5 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_5 2024-03-02T10:20:27+00:00 Remove more PBE stuff from the public API 2024-03-02T10:20:27+00:00 tb 2024-03-02T10:20:27+00:00 urn:sha1:207b3a197be2d83ff1333f7fa2dccd6d5271b120 This is still needed internally for CMS and its predecessors. This removal will enable disentangling some of its innards. ok jsing Remove a lot of PKCS12 garbage from the public API 2024-03-02T10:15:16+00:00 tb 2024-03-02T10:15:16+00:00 urn:sha1:3660b6a445c7a10167a56fab6d7e882cdf782d91 PKCS12 is a hot mess. Please participate in the survey at the end of https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html to increase its credibility and unanimity. ok jsing Use EVP_CIPHER_CTX_legacy_clear() internally 2024-02-18T15:44:10+00:00 tb 2024-02-18T15:44:10+00:00 urn:sha1:f941ba215d7859bf6c6225e88cbbe13260428b8c ok jsing Fold keyivgen functions into evp_pbe.c 2024-01-27T17:14:33+00:00 tb 2024-01-27T17:14:33+00:00 urn:sha1:680fb50105f63be549a32bfec49bd0a023a09d82 These are only used by the EVP_PBE routines and will become internal in the next major bump. Plug a few leaks and perform some other code hygiene 2024-01-25T15:33:35+00:00 tb 2024-01-25T15:33:35+00:00 urn:sha1:8e3bd1f5107b38d2fddb407a32ad1da33da96688 Closing this directory now until the daily Coverity run throws a hissy fit. ok jsing p12_npas.c: hoist some helpers from the bottom to the top in reverse order 2024-01-25T14:15:05+00:00 tb 2024-01-25T14:15:05+00:00 urn:sha1:7a375dd140c22e6ca97aa47dd5babb32a24b1290 p12_npas.c: maclen -> mac_len 2024-01-25T14:09:26+00:00 tb 2024-01-25T14:09:26+00:00 urn:sha1:1a31e924d6855ac9c7889be7eb243fb7d3b6eb76 p12_npas.c: Use slightly less awkward variable names 2024-01-25T14:08:30+00:00 tb 2024-01-25T14:08:30+00:00 urn:sha1:31775d73af76ef18e0ec9823ced68db3ce2bc611 Fix various NULL dereferences in PKCS #12 2024-01-25T13:44:08+00:00 tb 2024-01-25T13:44:08+00:00 urn:sha1:26fee542e65d530cdacb9282bf510602c1e2b5fd The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing Merge PKCS12_newpass() and newpass_p12() 2024-01-25T13:32:49+00:00 tb 2024-01-25T13:32:49+00:00 urn:sha1:7b054f5ebd9c9a69573a9698ba3ef9e1a6677d0a With the previous refactoring, newpass_p12() became simple enough that it doesn't require a separate function anymore. Merge the public API into it and move it below (most of) the things it calls. ok jsing