early-access version 2698

externals/libressl/crypto/pkcs12/p12_asn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_asn.c,v 1.9 2015/07/25 17:08:40 jsing Exp $ */
+/* $OpenBSD: p12_asn.c,v 1.10 2022/01/14 08:16:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -230,7 +230,6 @@ static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
 static const ASN1_ADB PKCS12_BAGS_adb = {
 	.flags = 0,
 	.offset = offsetof(PKCS12_BAGS, type),
-	.app_items = 0,
 	.tbl = PKCS12_BAGS_adbtbl,
 	.tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
 	.default_tt = &bag_default_tt,
@@ -369,7 +368,6 @@ static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
 static const ASN1_ADB PKCS12_SAFEBAG_adb = {
 	.flags = 0,
 	.offset = offsetof(PKCS12_SAFEBAG, type),
-	.app_items = 0,
 	.tbl = PKCS12_SAFEBAG_adbtbl,
 	.tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
 	.default_tt = &safebag_default_tt,

externals/libressl/crypto/pkcs12/p12_attr.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_attr.c,v 1.12 2018/08/24 20:07:41 tb Exp $ */
+/* $OpenBSD: p12_attr.c,v 1.14 2021/11/01 20:53:08 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -60,6 +60,8 @@
 
 #include <openssl/pkcs12.h>
 
+#include "x509_lcl.h"
+
 /* Add a local keyid to a safebag */
 
 int
@@ -125,10 +127,10 @@ PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
 
 	if (!attrs)
 		return NULL;
-	for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
-		attrib = sk_X509_ATTRIBUTE_value (attrs, i);
-		if (OBJ_obj2nid (attrib->object) == attr_nid) {
-			if (sk_ASN1_TYPE_num (attrib->value.set))
+	for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
+		attrib = sk_X509_ATTRIBUTE_value(attrs, i);
+		if (OBJ_obj2nid(attrib->object) == attr_nid) {
+			if (sk_ASN1_TYPE_num(attrib->value.set))
 				return sk_ASN1_TYPE_value(attrib->value.set, 0);
 			else
 				return NULL;

externals/libressl/crypto/pkcs12/p12_crpt.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_crpt.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: p12_crpt.c,v 1.15 2021/07/09 14:07:59 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -101,13 +101,13 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	}
 	salt = pbe->salt->data;
 	saltlen = pbe->salt->length;
-	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
 	    iter, EVP_CIPHER_key_length(cipher), key, md)) {
 		PKCS12error(PKCS12_R_KEY_GEN_ERROR);
 		PBEPARAM_free(pbe);
 		return 0;
 	}
-	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
+	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
 	    iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
 		PKCS12error(PKCS12_R_IV_GEN_ERROR);
 		PBEPARAM_free(pbe);

externals/libressl/crypto/pkcs12/p12_decr.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_decr.c,v 1.19 2018/05/13 14:22:34 tb Exp $ */
+/* $OpenBSD: p12_decr.c,v 1.21 2021/12/12 21:30:14 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -62,6 +62,8 @@
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
 
+#include "evp_locl.h"
+
 /* Encrypt/Decrypt a buffer based on password and algor, result in a
  * malloc'ed buffer
  */
@@ -156,7 +158,7 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
 	unsigned char *in = NULL;
 	int inlen;
 
-	if (!(oct = ASN1_OCTET_STRING_new ())) {
+	if (!(oct = ASN1_OCTET_STRING_new())) {
 		PKCS12error(ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}

externals/libressl/crypto/pkcs12/p12_init.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_init.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: p12_init.c,v 1.13 2022/01/20 11:18:49 inoguchi Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -72,8 +72,10 @@ PKCS12_init(int mode)
 		PKCS12error(ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	ASN1_INTEGER_set(pkcs12->version, 3);
-	pkcs12->authsafes->type = OBJ_nid2obj(mode);
+	if (!ASN1_INTEGER_set(pkcs12->version, 3))
+		goto err;
+	if ((pkcs12->authsafes->type = OBJ_nid2obj(mode)) == NULL)
+		goto err;
 	switch (mode) {
 	case NID_pkcs7_data:
 		if (!(pkcs12->authsafes->d.data =

externals/libressl/crypto/pkcs12/p12_key.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_key.c,v 1.26 2017/05/02 03:59:45 deraadt Exp $ */
+/* $OpenBSD: p12_key.c,v 1.28 2021/12/12 21:30:14 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -63,6 +63,8 @@
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
 
+#include "evp_locl.h"
+
 /* PKCS12 compatible key/IV generation */
 #ifndef min
 #define min(a,b) ((a) < (b) ? (a) : (b))
@@ -143,7 +145,7 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 			    !EVP_DigestFinal_ex(&ctx, Ai, NULL))
 				goto err;
 		}
-		memcpy (out, Ai, min (n, u));
+		memcpy(out, Ai, min(n, u));
 		if (u >= n) {
 			ret = 1;
 			goto end;
@@ -153,9 +155,9 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 		for (j = 0; j < v; j++)
 			B[j] = Ai[j % u];
 		/* Work out B + 1 first then can use B as tmp space */
-		if (!BN_bin2bn (B, v, Bpl1))
+		if (!BN_bin2bn(B, v, Bpl1))
 			goto err;
-		if (!BN_add_word (Bpl1, 1))
+		if (!BN_add_word(Bpl1, 1))
 			goto err;
 		for (j = 0; j < Ilen; j += v) {
 			if (!BN_bin2bn(I + j, v, Ij))
@@ -164,12 +166,12 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 				goto err;
 			if (!BN_bn2bin(Ij, B))
 				goto err;
-			Ijlen = BN_num_bytes (Ij);
+			Ijlen = BN_num_bytes(Ij);
 			/* If more than 2^(v*8) - 1 cut off MSB */
 			if (Ijlen > v) {
-				if (!BN_bn2bin (Ij, B))
+				if (!BN_bn2bin(Ij, B))
 					goto err;
-				memcpy (I + j, B + 1, v);
+				memcpy(I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
 				/* If less than v bytes pad with zeroes */
 			} else if (Ijlen < v) {
@@ -177,7 +179,7 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 				if (!BN_bn2bin(Ij, I + j + v - Ijlen))
 					goto err;
 #endif
-			} else if (!BN_bn2bin (Ij, I + j))
+			} else if (!BN_bn2bin(Ij, I + j))
 				goto err;
 		}
 	}

externals/libressl/crypto/pkcs12/p12_kiss.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: p12_kiss.c,v 1.21 2021/07/09 14:08:00 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -125,17 +125,19 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 		return 0;
 	}
 
-	if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) {
+	if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
 		PKCS12error(PKCS12_R_PARSE_ERROR);
 		goto err;
 	}
 
 	while ((x = sk_X509_pop(ocerts))) {
 		if (pkey && *pkey && cert && !*cert) {
+			ERR_set_mark();
 			if (X509_check_private_key(x, *pkey)) {
 				*cert = x;
 				x = NULL;
 			}
+			ERR_pop_to_mark();
 		}
 
 		if (ca && x) {
@@ -177,11 +179,11 @@ parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey,
 	int i, bagnid;
 	PKCS7 *p7;
 
-	if (!(asafes = PKCS12_unpack_authsafes (p12)))
+	if (!(asafes = PKCS12_unpack_authsafes(p12)))
 		return 0;
-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-		p7 = sk_PKCS7_value (asafes, i);
-		bagnid = OBJ_obj2nid (p7->type);
+	for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+		p7 = sk_PKCS7_value(asafes, i);
+		bagnid = OBJ_obj2nid(p7->type);
 		if (bagnid == NID_pkcs7_data) {
 			bags = PKCS12_unpack_p7data(p7);
 		} else if (bagnid == NID_pkcs7_encrypted) {
@@ -227,10 +229,10 @@ parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey,
 	ASN1_BMPSTRING *fname = NULL;
 	ASN1_OCTET_STRING *lkid = NULL;
 
-	if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
+	if ((attrib = PKCS12_get_attr(bag, NID_friendlyName)))
 		fname = attrib->value.bmpstring;
 
-	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
+	if ((attrib = PKCS12_get_attr(bag, NID_localKeyID)))
 		lkid = attrib->value.octet_string;
 
 	switch (OBJ_obj2nid(bag->type)) {

externals/libressl/crypto/pkcs12/p12_mutl.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_mutl.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: p12_mutl.c,v 1.27 2021/12/12 21:30:14 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -68,6 +68,10 @@
 #include <openssl/hmac.h>
 #include <openssl/pkcs12.h>
 
+#include "evp_locl.h"
+#include "hmac_local.h"
+#include "x509_lcl.h"
+
 /* Generate a MAC */
 int
 PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
@@ -192,7 +196,7 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
 	if (!salt)
 		arc4random_buf(p12->mac->salt->data, saltlen);
 	else
-		memcpy (p12->mac->salt->data, salt, saltlen);
+		memcpy(p12->mac->salt->data, salt, saltlen);
 	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
 	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
 		PKCS12error(ERR_R_MALLOC_FAILURE);

externals/libressl/crypto/pkcs12/p12_npas.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_npas.c,v 1.13 2018/05/13 14:22:34 tb Exp $ */
+/* $OpenBSD: p12_npas.c,v 1.14 2021/11/01 20:53:08 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -63,6 +63,8 @@
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
 
+#include "x509_lcl.h"
+
 /* PKCS#12 password change routine */
 
 static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);

externals/libressl/crypto/pkcs12/p12_p8d.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_p8d.c,v 1.7 2018/05/13 14:28:14 tb Exp $ */
+/* $OpenBSD: p12_p8d.c,v 1.8 2021/11/01 20:53:08 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -60,6 +60,8 @@
 
 #include <openssl/pkcs12.h>
 
+#include "x509_lcl.h"
+
 PKCS8_PRIV_KEY_INFO *
 PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen)
 {

externals/libressl/crypto/pkcs12/p12_p8e.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_p8e.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: p12_p8e.c,v 1.9 2021/11/01 20:53:08 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -61,6 +61,8 @@
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
 
+#include "x509_lcl.h"
+
 X509_SIG *
 PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
     int passlen, unsigned char *salt, int saltlen, int iter,