summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12/p12_mutl.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use timingsafe_memcmp when comparing authenticatorskenjiro2025-06-031-4/+4
| | | | | | | | | | | Replace memcmp() with timingsafe_memcmp() for authentication tag comparison in AES-CCM, GCM, PKCS12 and AES key unwrap code paths to ensure constant-time behavior and avoid potential timing side channels. This aligns with OpenSSL 1e4a355. ok tb@
* Use err_local.h rather than err.h in most placestb2025-05-101-2/+2
| | | | ok jsing
* Fix namespace buildtb2024-03-241-2/+1
| | | | noticed/ok beck
* Remove a lot of PKCS12 garbage from the public APItb2024-03-021-2/+1
| | | | | | | | PKCS12 is a hot mess. Please participate in the survey at the end of https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html to increase its credibility and unanimity. ok jsing
* Fix various NULL dereferences in PKCS #12tb2024-01-251-3/+7
| | | | | | | | | | The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing
* libressl *_namespace.h: adjust *_ALIAS() to require a semicolontb2023-02-161-7/+7
| | | | | | | | | | LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing
* Make internal header file names consistenttb2022-11-261-3/+3
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Hide symbols in libcrypto/pkcs12beck2022-11-121-1/+7
| | | | ok jsing@
* Add an empty pkcs12_local.h and include it where it will soon be needed.tb2022-08-201-1/+2
|
* Prepare to provide PKCS12 accessorstb2022-08-031-1/+34
| | | | | | | | | | | | | | In order to be able to make pkcs12/ opaque, we need an entire family of accessors. These are in a particularly nasty tangle since this was done in about a dozen steps while sprinkling const, renaming functions, etc. The public API also adds backward compat macros for functions that were in the tree for half a day and then renamed. Of course some of them got picked up by some ports. Some of the gruesome hacks in here will go away with the next bump, but that doesn't mean that the pkcs12 directory will be prettier afterward. ok jsing
* fix indenttb2022-07-251-2/+2
|
* Clear key on exit in PKCS12_gen_mac()tb2022-07-241-25/+38
| | | | | | | | | Also switch to heap-allocated HMAC_CTX and clean a few things up stylistically. loosely based on OpenSSL f5cee414 by Shane Lontis ok jsing
* Plug a leak in PKCS12_setup_mac()tb2022-07-241-2/+3
| | | | | | based on OpenSSL 1b8f1937 by Dmitry Belyavskiy ok jsing
* Include evp_locl.h where it will be needed once most structs fromtb2021-12-121-1/+2
| | | | | | evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
* Add a mostly empty hmac_local.h. HMAC_CTX and a few other thingstb2021-12-121-1/+2
| | | | | | | from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed. ok inoguchi
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-011-1/+3
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* KNF: remove whitespace between functions and parenthesestb2021-07-091-2/+2
|
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-21/+14
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Stricter checks of ASN1_INTEGER to reject ASN1_NEG_INTEGER in places whenmiod2016-11-081-3/+5
| | | | | | they don't make sense. ok beck@
* Replace M_ASN1_INTEGER_(new|free) with ASN1_INTEGER_(new|free) - this isjsing2015-09-301-2/+2
| | | | | | | different from the macro expansion, but the result is the same. Also replace some ASN1_STRING_dup() with ASN1_INTEGER_dup(). ok beck@ doug@
* Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generatedjsing2015-07-291-2/+2
| | | | | | assembly. ok bcook@
* In PKCS12_setup_mac(), do not assign p12->mac->salt->length until the allocationmiod2014-10-221-8/+9
| | | | | of p12->mac->salt->data has actually succeeded. In one of my trees for a long time already...
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-221-6/+5
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-3/+4
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+3
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-2/+4
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* KNF.jsing2014-07-081-49/+64
|
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-1/+1
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* resolve conflictsdjm2012-10-131-4/+8
|
* resolve conflicts, fix local changesdjm2010-10-011-2/+6
|
* resolve conflictsdjm2009-01-091-1/+1
|
* resolve conflictsdjm2008-09-061-10/+10
|
* resolve conflictsdjm2006-06-271-0/+6
|
* resolve conflictsdjm2005-04-291-1/+4
|
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-6/+9
|
* openssl-engine-0.9.6 mergebeck2000-12-151-5/+2
|
* OpenSSL 0.9.5a mergebeck2000-04-151-1/+1
|
* OpenSSL 0.9.5 mergebeck2000-03-191-5/+8
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* new files for OpenSSL 0.9.4beck1999-09-291-0/+170
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-23 20:06:37 +0000