summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* libressl *_namespace.h: adjust *_ALIAS() to require a semicolontb2023-02-1616-93/+93
| | | | | | | | | | LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing
* Check return value of X509_digestjob2023-01-241-2/+3
| | | | OK tb@
* Make header guards of internal headers consistenttb2022-11-261-2/+2
| | | | | Not all of them, only those that didn't leak into a public header... Yes.
* Make internal header file names consistenttb2022-11-268-17/+17
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Hide symbols in libcrypto/pkcs12beck2022-11-1216-17/+93
| | | | ok jsing@
* Make structs in pkcs12.h opaquetb2022-09-114-162/+45
| | | | ok jsing
* Add an empty pkcs12_local.h and include it where it will soon be needed.tb2022-08-2011-10/+92
|
* Prepare to provide PKCS12 accessorstb2022-08-038-20/+347
| | | | | | | | | | | | | | In order to be able to make pkcs12/ opaque, we need an entire family of accessors. These are in a particularly nasty tangle since this was done in about a dozen steps while sprinkling const, renaming functions, etc. The public API also adds backward compat macros for functions that were in the tree for half a day and then renamed. Of course some of them got picked up by some ports. Some of the gruesome hacks in here will go away with the next bump, but that doesn't mean that the pkcs12 directory will be prettier afterward. ok jsing
* Eliminate the somewhat pointless Ij variabletb2022-07-301-5/+4
| | | | Requested by & ok jsing
* Transform two || chains into individually checked functionstb2022-07-301-8/+13
| | | | Requested by and ok jsing
* fix indenttb2022-07-251-2/+2
|
* Align PKCS12_key_gen_uni() with OpenSSLtb2022-07-241-58/+50
| | | | | | | | This is Dr Stephen Henson's rewrite avoiding BIGNUM (OpenSSL 54c68d35). Additionally this pulls in a < vs <= fix by Pauli Dale (OpenSSL 9d868840). There is also some minor cleanup by myself. ok jsing
* Minor fixes in PKCS12_parse()tb2022-07-241-24/+23
| | | | | | | | Pull up clearing of output parameters before first return (OpenSSL 524fdd51 by Bernd Edlinger), explicit comparisons against NULL, '\0', etc. ok jsing
* Per RFC 7292, safeContentsBag is a SEQUENCE OF, not a SET OFtb2022-07-241-2/+2
| | | | | | OpenSSL b709babb by Richard Levitte ok jsing
* Clear key on exit in PKCS12_gen_mac()tb2022-07-241-25/+38
| | | | | | | | | Also switch to heap-allocated HMAC_CTX and clean a few things up stylistically. loosely based on OpenSSL f5cee414 by Shane Lontis ok jsing
* Plug a leak in PKCS12_setup_mac()tb2022-07-241-2/+3
| | | | | | based on OpenSSL 1b8f1937 by Dmitry Belyavskiy ok jsing
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Don't pass uninitialized pointer to ASN1_STRING_to_UTF8()tb2022-05-201-2/+2
| | | | | | | Exposed by recent rewrite of ASN1_STRING_to_UTF8(). Found via grep after fixing CID 352831. ok jsing
* Simplify X509_ATTRIBUTE ASN.1 encoding.jsing2022-05-091-7/+3
| | | | | | | | | | | For some unknown historical reason, X509_ATTRIBUTE allows for a single ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF. Simplify encoding and remove support for single values - this is similar to OpenSSL e20b57270dec. This removes the last use of COMBINE in the ASN.1 decoder. ok tb@
* Add check for OBJ_nid2obj return valueinoguchi2022-01-201-2/+3
| | | | input from tb@
* Add check for ASN1_INTEGER_setinoguchi2022-01-201-2/+3
| | | | | | CID 24893 ok jsing@ millert@ tb@
* Garbage collect the app_items field of ASN1_ADBtb2022-01-141-3/+1
| | | | | | | This is unused and was removed in OpenSSL 5b70372d when it was replaced with an ASN.1 ADB callback (which we don't support). ok inoguchi jsing
* Include evp_locl.h where it will be needed once most structs fromtb2021-12-123-3/+8
| | | | | | evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
* Add a mostly empty hmac_local.h. HMAC_CTX and a few other thingstb2021-12-121-1/+2
| | | | | | | from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed. ok inoguchi
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-015-5/+15
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* KNF: remove whitespace between functions and parenthesestb2021-07-096-28/+28
|
* Do not leave errors on the error stack on PKCS12_parse() success.tb2021-04-241-1/+3
| | | | | | | | Fix is the same as OpenSSL commit ffbf304d4832bd51bb0618f8ca5b7c26647ee664 Found by Alex Gaynor with a new pyca cryptography regress test. ok inoguchi
* Remove remaining error *_str_functs[]jsing2020-06-051-30/+2
| | | | | | | | | A number of years ago we dropped the concept of having function names in errors, since it is not that useful and very quickly gets out of sync when refactoring. It would seem that some new ones got imported and some missed the last clean up. ok tb@ beck@ "kill it with fire"
* Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()tb2018-08-241-8/+4
| | | | | | | | | | | Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs(). Remove the whole broken code and simplify pkcs8_priv_key_info_st accordingly. Based on OpenSSL commit 54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was added later. tested in a bulk build by sthen ok jsing
* Add a const qualifier to the `uni' argument of OPENSSL_uni2asc().tb2018-05-302-4/+4
| | | | | tested in a bulk build by sthen ok jsing
* Add const qualifiers to the X509_SIG * and char * arguments oftb2018-05-132-4/+5
| | | | | | | PKCS8_decrypt(3). tested in a bulk build by sthen ok beck, jsing
* Add const to the argument of PKCS12_pack_authsafes(3).tb2018-05-132-4/+4
| | | | | tested in a bulk by sthen ok beck, jsing
* Add const to the X509_ALGOR and other arguments oftb2018-05-133-20/+23
| | | | | | | PKCS12_item_decrypt_d2i(3), PKCS12_pbe_crypt(3), PKCS12_newpass(3). tested in a bulk by sthen ok beck, jsing
* Add const to the attr argument of PKCS12_get_attr_gen(3).tb2018-05-132-4/+5
| | | | | tested in a bulk by sthen ok beck, jsing
* Add const qualifier to the PKCS12_SAFEBAG argument oftb2018-05-132-5/+5
| | | | | | | PKCS12_decrypt_skey(3). tested in a bulk by sthen ok beck, jsing
* Add const qualifiers to the 'pass' and 'name' arguments oftb2018-05-132-9/+9
| | | | | | | PKCS12_add_key(3), PKCS12_add_safe(3), PKCS12_create(3). tested in a bulk build by sthen ok beck, jsing
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-021-5/+2
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* Send the function codes from the error functions to the bit bucket,beck2017-01-2910-96/+69
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-304-20/+20
|
* Place M_PKCS12_* compatibility macros under #ifndef LIBRESSL_INTERNAL.jsing2016-12-301-1/+5
|
* Expand M_PKCS12_* "compatibility" macros. No change to generated assembly.jsing2016-12-303-10/+10
|
* Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have beenjsing2016-12-271-2/+1
| | | | | nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
* Expand DECLARE_ASN1_ITEM macros - no change to preprocessor output.jsing2016-12-271-3/+3
|
* Stricter checks of ASN1_INTEGER to reject ASN1_NEG_INTEGER in places whenmiod2016-11-082-6/+11
| | | | | | they don't make sense. ok beck@
* Stricter validation of inputs of OPENSSL_asc2uni() and OPENSSL_uni2asc().miod2016-11-051-17/+34
| | | | | | While there, try to make these slightly less obfuscated. ok beck@ jsing@
* Do not leak the ressources possibly allocated by EVP_MD_CTX_init() in themiod2016-11-051-2/+3
| | | | | | trivial error path of PKCS12_key_gen_uni(). ok beck@ jsing@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-5/+21
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-6/+4
| | | | ok doug@
* Replace M_ASN1_OCTET_STRING_(free|new) with ASN1_OCTET_STRING_(free|new).jsing2015-09-304-10/+10
|
* Replace M_ASN1_INTEGER_(new|free) with ASN1_INTEGER_(new|free) - this isjsing2015-09-301-2/+2
| | | | | | | different from the macro expansion, but the result is the same. Also replace some ASN1_STRING_dup() with ASN1_INTEGER_dup(). ok beck@ doug@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-28 04:04:07 +0000