openbsd/src/lib/libcrypto/pkcs7, branch libressl-v3.9.1

openbsd/src/lib/libcrypto/pkcs7, branch libressl-v3.9.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.9.1 2024-02-19T15:37:44+00:00 pk7_attr.c: tidy includes 2024-02-19T15:37:44+00:00 tb 2024-02-19T15:37:44+00:00 urn:sha1:ba75d785d11bc2d4cd808be68b8aa03ff79cab79 Use EVP_MD_CTX_legacy_clear() internally 2024-02-18T15:45:42+00:00 tb 2024-02-18T15:45:42+00:00 urn:sha1:ff3e386de60f6149938edb124d31bc2fd7ae04f6 ok jsing Fix various NULL dereferences in PKCS #12 2024-01-25T13:44:08+00:00 tb 2024-01-25T13:44:08+00:00 urn:sha1:26fee542e65d530cdacb9282bf510602c1e2b5fd The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing Drop some unnecessary parentheses 2023-11-15T00:55:43+00:00 tb 2023-11-15T00:55:43+00:00 urn:sha1:3eab11b039ccf9e5a83480f4974c83fb6d83fe86 Shuffle getters and adders down a bit 2023-11-15T00:52:44+00:00 tb 2023-11-15T00:52:44+00:00 urn:sha1:43b6d8a7eb229e4edf4cb7593f9a3a4d24349355 These use static helper functions which don't need prototypes this way. Forgot to fix the RFC number in the new comment 2023-11-09T19:08:07+00:00 tb 2023-11-09T19:08:07+00:00 urn:sha1:6663cdc1da1880b08eb1e374997c22892bd0e407 Convert PKCS7_SIGNER_INFO_set() to X509_ALGOR_set0_by_nid() 2023-11-09T19:00:53+00:00 tb 2023-11-09T19:00:53+00:00 urn:sha1:efa83e8b7e6299bbebd3ad2f680ed137acfca9e7 This is a straightforward conversion because I'm not going to start a cleanup here. Explain why this is not using X509_ALGOR_set_md(). See below. ok jca Let me include a beautiful note from RFC 5754 in its entirety: NOTE: There are two possible encodings for the AlgorithmIdentifier parameters field associated with these object identifiers. The two alternatives arise from the loss of the OPTIONAL associated with the algorithm identifier parameters when the 1988 syntax for AlgorithmIdentifier was translated into the 1997 syntax. Later, the OPTIONAL was recovered via a defect report, but by then many people thought that algorithm parameters were mandatory. Because of this history, some implementations encode parameters as a NULL element while others omit them entirely. The correct encoding is to omit the parameters field; however, when some uses of these algorithms were defined, it was done using the NULL parameters rather than absent parameters. For example, PKCS#1 [RFC3447] requires that the padding used for RSA signatures (EMSA-PKCS1-v1_5) MUST use SHA2 AlgorithmIdentifiers with NULL parameters (to clarify, the requirement "MUST generate SHA2 AlgorithmIdentifiers with absent parameters" in the previous paragraph does not apply to this padding). Style tweaks for SMIME_write_PKCS7() 2023-05-02T09:56:12+00:00 tb 2023-05-02T09:56:12+00:00 urn:sha1:1a9695cb54834ca3da0b7428227de4eafbb0b307 Initialize the mdalgs stack at the top and test and assign for ctype_nid. Use an empty line to separate variable declarations from the actual code and zap an extra empty line. ok jsing Unwrap a line 2023-05-02T09:38:33+00:00 tb 2023-05-02T09:38:33+00:00 urn:sha1:e5bd7ef5a9364394735d48fa47d57d5c17a9b937 Remove the now unused bio_pk7.c 2023-04-26T14:27:40+00:00 tb 2023-04-26T14:27:40+00:00 urn:sha1:641f3e7af5c9b200ce8812feeaa92a4478c53f28