summaryrefslogtreecommitdiffstats
path: root/crypto/pkcs12 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use secure_getenv(3) when available.Pauli2018-09-241-9/+9
| | | | | | | | | | | | | Change all calls to getenv() inside libcrypto to use a new wrapper function that use secure_getenv() if available and an issetugid then getenv if not. CPU processor override flags are unchanged. Extra checks for OPENSSL_issetugid() have been removed in favour of the safe getenv. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7047)
* Update copyright yearMatt Caswell2018-09-113-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7176)
* Check the return value from ASN1_INTEGER_setMatt Caswell2018-09-101-1/+2
| | | | | | | Found by Coverity Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7169)
* key zeroisation fix for p12Shane Lontis2018-09-041-5/+9
| | | | | | Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7109)
* PKCS12: change safeContentsBag from a SET OF to a SEQUENCE OFRichard Levitte2018-07-221-1/+1
| | | | | | | | | As per RFC 7292. Fixes #6665 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6708)
* Update copyright yearMatt Caswell2018-06-201-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6538)
* remove needless and misleading malloc failure error messages of ↵David von Oheimb2018-06-181-10/+2
| | | | | | | | PKCS12_SAFEBAG_create_pkcs8_encrypt Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6217)
* Update copyright yearMatt Caswell2018-05-011-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6145)
* Fix mixed indentation (and other whitespace issues)Dr. Matthias St. Pierre2018-04-261-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6094)
* Add missing error code when alloc-return-nullFdaSilvaYY2018-04-262-6/+19
| | | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6085)
* Add checks for alloc failing.Rich Salz2017-09-061-2/+2
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4341)
* Clear outputs in PKCS12_parse error handling.Bernd Edlinger2017-08-171-8/+13
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4145)
* make error tables const and separate header fileRich Salz2017-06-071-63/+79
| | | | | | | | | | | | | | | | | | | Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3392)
* Fix memory leak in pkcs12 -exportDmitry Belyavskiy2017-02-211-0/+3
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2676)
* Simplify PKCS#12 PBE algorithm.Dr. Stephen Henson2016-11-151-34/+12
| | | | | | | Simplify PKCS#12 PBE algorithm by working out Ij + B + 1 directly instead of using BIGNUMs. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Don't switch password formats using global state.Andy Polyakov2016-08-253-77/+3
| | | | | | | To avoid possible race conditions don't switch password format using global state in crypto/pkcs12 Reviewed-by: Richard Levitte <levitte@openssl.org>
* crypto/pkcs12: facilitate accessing data with non-interoperable password.Andy Polyakov2016-08-224-14/+119
| | | | | | | | | | | Originally PKCS#12 subroutines treated password strings as ASCII. It worked as long as they were pure ASCII, but if there were some none-ASCII characters result was non-interoperable. But fixing it poses problem accessing data protected with broken password. In order to make asscess to old data possible add retry with old-style password. Reviewed-by: Richard Levitte <levitte@openssl.org>
* crypto/pkcs12: default to UTF-8.Andy Polyakov2016-08-221-2/+12
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* crypto/pkcs12: add UTF8 support.Andy Polyakov2016-08-223-1/+174
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add X509_getm_notBefore, X509_getm_notAfterDr. Stephen Henson2016-08-212-3/+3
| | | | | | | | Add mutable versions of X509_get0_notBefore and X509_get0_notAfter. Rename X509_SIG_get0_mutable to X509_SIG_getm. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Convert PKCS12* functions to use const gettersMatt Caswell2016-08-195-17/+27
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Constify X509_SIG.Dr. Stephen Henson2016-08-174-24/+28
| | | | | | | | | Constify X509_SIG_get0() and order arguments to mactch new standard. Add X509_SIG_get0_mutable() to support modification or initialisation of an X509_SIG structure. Reviewed-by: Matt Caswell <matt@openssl.org>
* constify X509_ALGOR_get0()Dr. Stephen Henson2016-08-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Convert PKCS8* functions to use const gettersMatt Caswell2016-08-171-1/+2
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().Dr. Stephen Henson2016-08-161-1/+1
| | | | | | | | Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Sanity check input length in OPENSSL_uni2asc().Dr. Stephen Henson2016-08-051-1/+3
| | | | | | Thanks to Hanno Böck for reporting this bug. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Check for errors allocating the error strings.Kurt Roeckx2016-07-201-1/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330
* Constify PKCS12_create, PKCS12_add_key, PKCS12_add_safe.FdaSilvaYY2016-06-151-3/+3
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1215)
* Remove unused error/function codes.Rich Salz2016-05-231-17/+2
| | | | | | | | Add script to find unused err/reason codes Remove unused reason codes. Remove entries for unused functions Reviewed-by: Matt Caswell <matt@openssl.org>
* Copyright consolidation 09/10Rich Salz2016-05-1717-916/+86
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify PKCS12_newpass()Dr. Stephen Henson2016-05-061-9/+11
| | | | | | PR#4449 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Tidy up PKCS12_newpass() fix memory leaks.Dr. Stephen Henson2016-05-061-37/+36
| | | | | | PR#4466 Reviewed-by: Rich Salz <rsalz@openssl.org>
* reject zero block length in PKCS12 keygenDr. Stephen Henson2016-05-041-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Don't leak memory on error in PKCS12_key_gen_uniMatt Caswell2016-04-281-1/+1
| | | | | | | The PKCS12_key_gen_uni() had one error path which did not free memory correctly. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove --classic build entirelyRichard Levitte2016-04-201-49/+0
| | | | | | | | The Unix build was the last to retain the classic build scheme. The new unified scheme has matured enough, even though some details may need polishing. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove the remainder of util/mk1mf.pl and companion scriptsRichard Levitte2016-03-211-3/+0
| | | | | | | This removes all scripts that deal with MINFO as well, since that's only used by mk1mf. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Make X509_SIG opaque.Dr. Stephen Henson2016-03-114-25/+34
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make PKCS8_PRIV_KEY_INFO opaque.Dr. Stephen Henson2016-03-072-8/+4
| | | | | | | | | | Make PKCS8_PRIV_KEY_INFO opaque. Several accessor functions already exist for this structure. Two new ones were added to handle attributes. The old handling of broken formats has been removed and the corresponding structures simplified. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Always build library object files with shared library cflagsRichard Levitte2016-02-201-1/+1
| | | | | | | | | | | | | | | | This takes us away from the idea that we know exactly how our static libraries are going to get used. Instead, we make them available to build shareable things with, be it other shared libraries or DSOs. On the other hand, we also have greater control of when the shared library cflags. They will never be used with object files meant got binaries, such as apps/openssl or test/test*. With unified, we take this a bit further and prepare for having to deal with extra cflags specifically to be used with DSOs (dynamic engines), libraries and binaries (applications). Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPENDRichard Levitte2016-02-181-1/+1
| | | | | | | | | | All those flags existed because we had all the dependencies versioned in the repository, and wanted to have it be consistent, no matter what the local configuration was. Now that the dependencies are gone from the versioned Makefile.ins, it makes much more sense to use the exact same flags as when compiling the object files. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove outdated DEBUG flags.Rich Salz2016-02-182-8/+8
| | | | | | | | | | | | | | | | | Add -DBIO_DEBUG to --strict-warnings. Remove comments about outdated debugging ifdef guards. Remove md_rand ifdef guarding an assert; it doesn't seem used. Remove the conf guards in conf_api since we use OPENSSL_assert, not assert. For pkcs12 stuff put OPENSSL_ in front of the macro name. Merge TLS_DEBUG into SSL_DEBUG. Various things just turned on/off asserts, mainly for checking non-NULL arguments, which is now removed: camellia, bn_ctx, crypto/modes. Remove some old debug code, that basically just printed things to stderr: DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG, RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG. Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Typo: only return error if unrecognise bag type.Dr. Stephen Henson2016-02-121-1/+1
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* add missing file p12_lcl.hDr. Stephen Henson2016-02-082-1/+94
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Following the PKCS#12 update, update crypto/pkcs12/build.info as wellRichard Levitte2016-02-081-1/+1
| | | | Reviewed-by: Stephen Henson <steve@openssl.org>
* fix various formatting issuesDr. Stephen Henson2016-02-082-1/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* use new function namesDr. Stephen Henson2016-02-083-22/+44
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add p12_sbag.c to Makefile.inDr. Stephen Henson2016-02-081-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Reorganise functions.Dr. Stephen Henson2016-02-085-162/+223
| | | | | | | | Move all PKCS12_SAFEBAG functions into new file p12_sbag.c. Move MAC functions into p12_mutl.c Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use new namesDr. Stephen Henson2016-02-084-8/+8
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Rename PKCS12 functionDr. Stephen Henson2016-02-081-22/+23
| | | | | | | Rename ancient PKCS12 functions to use more logical names. Include defines from old to new name. Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 16:15:57 +0100