aboutsummaryrefslogtreecommitdiff
path: root/crypto/pkcs12
AgeCommit message (Collapse)AuthorFilesLines
2023-09-19Copyright year updatesRichard Levitte1-1/+1
Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes
2023-09-15Fix PKCS#12 creation error when certificate contains auxiliary dataOlga Batyshkina1-20/+42
Prefer friendly name passed by the caller and calculated local key id to ones found in certificate auxiliary data when creating PKCS#12. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21675) (cherry picked from commit 388a8e731445d190a46ec27b2ff5b4bf334d526b)
2023-08-01Copyright year updatesMatt Caswell1-1/+1
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
2023-06-01Ignore the fetch error when a legacy algorithm is foundYuri Penkin1-0/+5
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/21035) (cherry picked from commit cb1f87f59d0b290eca9207ec4ef36d8073e6feec)
2022-10-11Update copyright yearMatt Caswell1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19382)
2022-07-18Fix memleak in PKCS12_pbe_crypt_ex()Roberto Hueso Gomez1-0/+2
Makes sure that the variable 'out' is free on every error path. Fixes #18689 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18808) (cherry picked from commit af801ec89205aaf6ebf8522d510d0b1fc29e3233)
2021-06-17Update copyright yearMatt Caswell1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
2021-06-08pkcs12: fix Coverity 1485667 logically dead codePauli1-6/+5
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15635)
2021-06-01Rename all getters to use get/get0 in nameTomas Mraz4-12/+15
For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
2021-06-01crypto: updates to pass size_t to RAND_bytes_ex()Pauli1-1/+3
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15540)
2021-05-29add zero strenght arguments to BN and RAND RNG callsPauli1-1/+1
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
2021-05-28Fix PKCS12_create() so that a fetch error is not added to the error stack.Shane Lontis1-0/+2
Fixes #15392 PBE algorithms such as NID_pbe_WithSHA1And3_Key_TripleDES_CBC will currently always fail to the EVP_CIPHER_fetch() call, so the fallback to a legacy algorithm always happens. In this case the error stack should ignore the fetch error. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15473)
2021-05-26err: rename err_load_xxx_strings_int functionsPauli1-1/+1
The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15446)
2021-05-13Replace some of the ERR_clear_error() calls with mark callsTomas Mraz2-10/+15
Fixes #15219 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15253)
2021-05-06Update copyright yearMatt Caswell6-6/+6
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15181)
2021-05-06coverity: fix 1478169: dereference after NULL checkPauli1-3/+11
The code path shouldn't occur in our code but could in an application. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15128)
2021-04-30Add library context and property query support into the PKCS12 APIJon Spillett10-147/+363
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
2021-04-22Update copyright yearMatt Caswell1-1/+1
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14986)
2021-04-18Add "origin" field to EVP_CIPHER, EVP_MDRich Salz1-2/+4
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all three origins. The flag is deliberately right before some function pointers, so that compile-time failures (int/pointer) will occur, as opposed to taking a bit in the existing "flags" field. The "global variable" flag is non-zero, so the default case of using OPENSSL_zalloc (for provider ciphers), will do the right thing. Ref-counting is a no-op for Make up_ref no-op for global MD and CIPHER objects Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add EVP_CIPHER_CTX_get1_CIPHER(). Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common evp_md_free_int() function. Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common evp_cipher_free_int() function. Also change some flags tests to explicit test == or != zero. E.g., if (flags & x) --> if ((flags & x) != 0) if (!(flags & x)) --> if ((flags & x) == 0) Only done for those lines where "get0_cipher" calls were made. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14193)
2021-04-16Add more negative checks for integers passed to OPENSSL_malloc().Shane Lontis2-0/+7
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14830)
2021-03-11Update copyright yearMatt Caswell5-5/+5
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
2021-03-10Change default algorithms in PKCS12_create() and PKCS12_set_mac()Tomas Mraz2-11/+10
Use the modern defaults as now set in the pkcs12 app. This also allows modifying the application to not override the default values when calling the API. Fixes #14034 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14450)
2021-03-04OSSL_STORE: restore diagnostics on decrypt error; provide password hintsDr. David von Oheimb1-1/+3
Fixes #13493 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13525)
2021-02-28crypto: add additional argument to KDF derive callsPauli1-1/+1
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-18Rename internal X509_add_cert_new() to ossl_x509_add_cert_new()Dr. David von Oheimb1-2/+2
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14039)
2020-11-26Update copyright yearMatt Caswell5-5/+5
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13533)
2020-11-24ERR: Rebuild all generated error headers and source filesRichard Levitte1-1/+2
This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
2020-11-19Allow for PKCS#12 input without MAC in p12_kiss.c and e_loader_attic.cDr. David von Oheimb1-1/+2
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
2020-11-13Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() callRichard Levitte12-76/+69
This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
2020-10-15Update copyright yearMatt Caswell3-3/+3
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13144)
2020-10-15Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'Dr. Matthias St. Pierre1-1/+1
This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
2020-09-24Prune low-level ASN.1 parse errors from error queue in decoder_process()Dr. David von Oheimb3-13/+7
Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
2020-09-16PKCS#8: free data on error path in newpass_bagPauli1-1/+3
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12870)
2020-09-13Fix safestack issues in pkcs12.hMatt Caswell3-6/+0
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13Fix safestack issues in pkcs7.hMatt Caswell3-3/+0
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13Fix safestack issues in x509.hMatt Caswell2-2/+0
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-08New GOST PKCS12 standard supportDmitry Belyavskiy1-5/+45
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12780)
2020-08-20Fix mem leaks on PKCS#12 read error in PKCS12_key_gen_{asc,utf8}Dr. David von Oheimb1-6/+2
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12639)
2020-08-19PKCS12_parse(): Clean up code and correct documentationDr. David von Oheimb1-19/+26
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12641)
2020-08-19PKCS12_parse(): Fix reversed order of certs parsed and output via *caDr. David von Oheimb1-1/+1
Fixes #6698 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12641)
2020-08-14Move PKCS#12 KDF to provider.Pauli1-83/+41
This KDF is defined in RFC7292 in appendix B. It is widely used in PKCS#12 and should be provided. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12624)
2020-08-12Introduce X509_add_cert[s] simplifying various additions to cert listsDr. David von Oheimb1-6/+3
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12615)
2020-08-07Add new APIs to get PKCS12 secretBag OID and valueJon Spillett4-7/+108
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10063)
2020-05-15Update copyright yearMatt Caswell2-2/+2
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11839)
2020-04-24In OpenSSL builds, declare STACK for datatypes ...Rich Salz3-0/+11
... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
2020-04-23Update copyright yearMatt Caswell1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
2020-03-21Fix error handling in x509v3_cache_extensions and related functionsBernd Edlinger1-2/+3
Basically we use EXFLAG_INVALID for all kinds of out of memory and all kinds of parse errors in x509v3_cache_extensions. [extended tests] Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10755)
2020-01-29Deprecate the low level HMAC functionsPauli1-0/+6
Use of the low level HMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
2019-11-07Update source files for pre-3.0 deprecationRichard Levitte1-1/+1
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)
2019-10-09Explicitly test against NULL; do not use !p or similarRich Salz8-31/+32
Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
generated by cgit v1.1 at 2024-08-08 13:45:04 +0000