summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use timingsafe_memcmp when comparing authenticatorskenjiro2025-06-031-4/+4
| | | | | | | | | | | Replace memcmp() with timingsafe_memcmp() for authentication tag comparison in AES-CCM, GCM, PKCS12 and AES key unwrap code paths to ensure constant-time behavior and avoid potential timing side channels. This aligns with OpenSSL 1e4a355. ok tb@
* Increase default PKCS12_SALT_LEN from 8 to 16 bytestb2025-05-101-2/+2
| | | | | | | | | | | | | | Currently PKCS12_setup_mac() function uses salt length of 8 bytes / 64 bits when no salt length is specified. Increase this fallback default to 16 bytes / 128 bits, as recommended by NIST SP 800-132. Note this is for interoperability purposes. Some FIPS implementations enforce minimum salt length of 16 bytes. Examples of such FIPS implemenations are Bouncycastle FIPS Java API and Chainguard FIPS Provider for OpenSSL. Also future v3.6 release of OpenSSL will also increase the default salt length to 16 bytes. From Dimitri John Ledkov, thanks
* Use err_local.h rather than err.h in most placestb2025-05-1010-20/+20
| | | | ok jsing
* Reinstate PKCS12_key_gen_uni()tb2025-03-093-6/+7
| | | | | | | Unfortunately, this is used in acsm-calibre-plugin, via oscrypto. Fixes https://github.com/Leseratte10/acsm-calibre-plugin/issues/112 ok jsing
* unitialized -> uninitializedtb2025-01-061-2/+2
|
* Remove copy_bag_attr()tb2024-08-221-33/+1
| | | | | | | It is no longer possible to set an attribute on an EVP_PKEY, so this code is dead. ok miod
* Fix PKCS12_create()tb2024-07-151-6/+21
| | | | | | | | | | This tries to copy some microsoft attributes which are not usually present and chokes on the now disabled EVP_PKEY_*attr* API. Instead of reviving about four layers of traps and indirection, just inline the two functions in a way that should be more obvious. found by anton via the ruby-openssl tests ok jsing
* Hide global _it symbols in pkcs12.hbeck2024-07-091-1/+3
| | | | ok tb@
* libcrypto: constify most error string tablestb2024-06-241-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing
* Fix namespace buildtb2024-03-245-22/+5
| | | | noticed/ok beck
* Remove more PBE stuff from the public APItb2024-03-021-1/+2
| | | | | | | This is still needed internally for CMS and its predecessors. This removal will enable disentangling some of its innards. ok jsing
* Remove a lot of PKCS12 garbage from the public APItb2024-03-029-95/+88
| | | | | | | | PKCS12 is a hot mess. Please participate in the survey at the end of https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html to increase its credibility and unanimity. ok jsing
* Use EVP_CIPHER_CTX_legacy_clear() internallytb2024-02-181-2/+2
| | | | ok jsing
* Fold keyivgen functions into evp_pbe.ctb2024-01-271-123/+0
| | | | | These are only used by the EVP_PBE routines and will become internal in the next major bump.
* Plug a few leaks and perform some other code hygienetb2024-01-251-34/+59
| | | | | | Closing this directory now until the daily Coverity run throws a hissy fit. ok jsing
* p12_npas.c: hoist some helpers from the bottom to the top in reverse ordertb2024-01-251-64/+53
|
* p12_npas.c: maclen -> mac_lentb2024-01-251-4/+4
|
* p12_npas.c: Use slightly less awkward variable namestb2024-01-251-21/+21
|
* Fix various NULL dereferences in PKCS #12tb2024-01-253-11/+30
| | | | | | | | | | The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing
* Merge PKCS12_newpass() and newpass_p12()tb2024-01-251-37/+20
| | | | | | | | With the previous refactoring, newpass_p12() became simple enough that it doesn't require a separate function anymore. Merge the public API into it and move it below (most of) the things it calls. ok jsing
* Rename pkcs12_repack_safe() into pkcs12_repack_authsafes()tb2024-01-251-3/+3
| | | | discussed with jsing
* Rework newpass_p12() a bit moretb2024-01-251-34/+49
| | | | | | | | | Split the bottom half that repacks the authsafes into a helper function. This simplifies the curly exit path and makes it clearer what is being done. PKCS12_pack_authsafes() is a very inconvenient API and there are some extra dances needed due to it. ok jsing
* newpass_p12(): factor for loop body into helperstb2024-01-251-35/+72
| | | | | | | | | | Since newpass_bags() and sk_PKCS7_push() could be shared between two otherwise entirely unrelated code paths, it was decided to dedup the code in about the ugliest possible way. Untangle the spaghetti and split the code paths into helper functions, so we can easily error check and avoid a bunch of leaks. ok jsing
* Fix a memleak and a double free in newpass_p12()tb2024-01-251-6/+8
| | | | | | | | If the allocation of newsafes fails, asafes is leaked. And if the ASN1_OCTET_STRING_new() after the freeing of asafes fails, asafes is freed a second time. ok jsing
* libressl *_namespace.h: adjust *_ALIAS() to require a semicolontb2023-02-1616-93/+93
| | | | | | | | | | LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing
* Check return value of X509_digestjob2023-01-241-2/+3
| | | | OK tb@
* Make header guards of internal headers consistenttb2022-11-261-2/+2
| | | | | Not all of them, only those that didn't leak into a public header... Yes.
* Make internal header file names consistenttb2022-11-268-17/+17
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Hide symbols in libcrypto/pkcs12beck2022-11-1216-17/+93
| | | | ok jsing@
* Make structs in pkcs12.h opaquetb2022-09-114-162/+45
| | | | ok jsing
* Add an empty pkcs12_local.h and include it where it will soon be needed.tb2022-08-2011-10/+92
|
* Prepare to provide PKCS12 accessorstb2022-08-038-20/+347
| | | | | | | | | | | | | | In order to be able to make pkcs12/ opaque, we need an entire family of accessors. These are in a particularly nasty tangle since this was done in about a dozen steps while sprinkling const, renaming functions, etc. The public API also adds backward compat macros for functions that were in the tree for half a day and then renamed. Of course some of them got picked up by some ports. Some of the gruesome hacks in here will go away with the next bump, but that doesn't mean that the pkcs12 directory will be prettier afterward. ok jsing
* Eliminate the somewhat pointless Ij variabletb2022-07-301-5/+4
| | | | Requested by & ok jsing
* Transform two || chains into individually checked functionstb2022-07-301-8/+13
| | | | Requested by and ok jsing
* fix indenttb2022-07-251-2/+2
|
* Align PKCS12_key_gen_uni() with OpenSSLtb2022-07-241-58/+50
| | | | | | | | This is Dr Stephen Henson's rewrite avoiding BIGNUM (OpenSSL 54c68d35). Additionally this pulls in a < vs <= fix by Pauli Dale (OpenSSL 9d868840). There is also some minor cleanup by myself. ok jsing
* Minor fixes in PKCS12_parse()tb2022-07-241-24/+23
| | | | | | | | Pull up clearing of output parameters before first return (OpenSSL 524fdd51 by Bernd Edlinger), explicit comparisons against NULL, '\0', etc. ok jsing
* Per RFC 7292, safeContentsBag is a SEQUENCE OF, not a SET OFtb2022-07-241-2/+2
| | | | | | OpenSSL b709babb by Richard Levitte ok jsing
* Clear key on exit in PKCS12_gen_mac()tb2022-07-241-25/+38
| | | | | | | | | Also switch to heap-allocated HMAC_CTX and clean a few things up stylistically. loosely based on OpenSSL f5cee414 by Shane Lontis ok jsing
* Plug a leak in PKCS12_setup_mac()tb2022-07-241-2/+3
| | | | | | based on OpenSSL 1b8f1937 by Dmitry Belyavskiy ok jsing
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Don't pass uninitialized pointer to ASN1_STRING_to_UTF8()tb2022-05-201-2/+2
| | | | | | | Exposed by recent rewrite of ASN1_STRING_to_UTF8(). Found via grep after fixing CID 352831. ok jsing
* Simplify X509_ATTRIBUTE ASN.1 encoding.jsing2022-05-091-7/+3
| | | | | | | | | | | For some unknown historical reason, X509_ATTRIBUTE allows for a single ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF. Simplify encoding and remove support for single values - this is similar to OpenSSL e20b57270dec. This removes the last use of COMBINE in the ASN.1 decoder. ok tb@
* Add check for OBJ_nid2obj return valueinoguchi2022-01-201-2/+3
| | | | input from tb@
* Add check for ASN1_INTEGER_setinoguchi2022-01-201-2/+3
| | | | | | CID 24893 ok jsing@ millert@ tb@
* Garbage collect the app_items field of ASN1_ADBtb2022-01-141-3/+1
| | | | | | | This is unused and was removed in OpenSSL 5b70372d when it was replaced with an ASN.1 ADB callback (which we don't support). ok inoguchi jsing
* Include evp_locl.h where it will be needed once most structs fromtb2021-12-123-3/+8
| | | | | | evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
* Add a mostly empty hmac_local.h. HMAC_CTX and a few other thingstb2021-12-121-1/+2
| | | | | | | from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed. ok inoguchi
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-015-5/+15
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* KNF: remove whitespace between functions and parenthesestb2021-07-096-28/+28
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-08 16:34:22 +0000