diff --git a/CHANGES.md b/CHANGES.md index 1f6c72a1a02956665aa00ff6587de8074052b839..e93d5df75a17235bb6eb2762a0e0b408f18e4834 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -59,7 +59,7 @@ OpenSSL 3.0 PKCS5_pbe_set0_algor_ex(), PKCS5_pbe_set_ex(), PKCS5_pbkdf2_set_ex(), PKCS5_v2_PBE_keyivgen_ex(), PKCS5_v2_scrypt_keyivgen_ex(), PKCS8_decrypt_ex(), PKCS8_encrypt_ex(), PKCS8_set0_pbe_ex(). - + As part of this change the EVP_PBE_xxx APIs can also accept a library context and property query and will call an extended version of the key/IV derivation function which supports these parameters. This includes diff --git a/apps/pkcs12.c b/apps/pkcs12.c index c5a8fcdeda1eaecba8843da9a07c174e902537fb..c2508163f0cd7d7193e439844747f83b9d7a704a 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -67,7 +67,7 @@ typedef enum OPTION_choice { OPT_NAME, OPT_CSP, OPT_CANAME, OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE, - OPT_R_ENUM, OPT_PROV_ENUM, + OPT_R_ENUM, OPT_PROV_ENUM, #ifndef OPENSSL_NO_DES OPT_LEGACY_ALG #endif @@ -962,7 +962,7 @@ int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag, break; case NID_secretBag: - if (options & INFO) + if (options & INFO) BIO_printf(bio_err, "Secret bag\n"); print_attribs(out, attrs, "Bag Attributes"); BIO_printf(bio_err, "Bag Type: "); diff --git a/doc/man3/PKCS12_PBE_keyivgen.pod b/doc/man3/PKCS12_PBE_keyivgen.pod index b0edb81c6c2380510e7c0647785f43fa2e807e47..2cbaa8ed812e80e3e58781f7fd688a7113d9c590 100644 --- a/doc/man3/PKCS12_PBE_keyivgen.pod +++ b/doc/man3/PKCS12_PBE_keyivgen.pod @@ -2,7 +2,7 @@ =head1 NAME -PKCS12_PBE_keyivgen, PKCS12_PBE_keyivgen_ex, +PKCS12_PBE_keyivgen, PKCS12_PBE_keyivgen_ex, PKCS12_pbe_crypt, PKCS12_pbe_crypt_ex - PKCS#12 Password based encryption =head1 SYNOPSIS diff --git a/doc/man3/PKCS12_add_cert.pod b/doc/man3/PKCS12_add_cert.pod index 39d4779d1115db5120e9f6d347614756b24fb8ab..ae3b21a13c6c1d75eeeef3d82d158106f0729b4f 100644 --- a/doc/man3/PKCS12_add_cert.pod +++ b/doc/man3/PKCS12_add_cert.pod @@ -2,7 +2,7 @@ =head1 NAME -PKCS12_add_cert, PKCS12_add_key, PKCS12_add_key_ex, +PKCS12_add_cert, PKCS12_add_key, PKCS12_add_key_ex, PKCS12_add_secret - Add an object to a set of PKCS#12 safeBags =head1 SYNOPSIS diff --git a/doc/man3/PKCS12_decrypt_skey.pod b/doc/man3/PKCS12_decrypt_skey.pod index 79296c681a6990b4e206e86fc6d006a6ddf8091c..a376ddc50257fabb3ee88482aecca6e7db09ac10 100644 --- a/doc/man3/PKCS12_decrypt_skey.pod +++ b/doc/man3/PKCS12_decrypt_skey.pod @@ -21,7 +21,7 @@ decrypt functions PKCS12_decrypt_skey() Decrypt the PKCS#8 shrouded keybag contained within I using the supplied password I of length I. -PKCS12_decrypt_skey_ex() is similar to the above but allows for a library context +PKCS12_decrypt_skey_ex() is similar to the above but allows for a library contex I and property query I to be used to select algorithm implementations. =head1 RETURN VALUES diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod index 21854627a509f9e41bde360c5761c6b508f61e3c..53b55e8703030dcf2150ba4c00ca1afd89a60c76 100644 --- a/doc/man3/PKCS12_gen_mac.pod +++ b/doc/man3/PKCS12_gen_mac.pod @@ -2,7 +2,7 @@ =head1 NAME -PKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, +PKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure =head1 SYNOPSIS diff --git a/doc/man3/PKCS12_item_decrypt_d2i.pod b/doc/man3/PKCS12_item_decrypt_d2i.pod index cd5a993c7ee3f1d97cb6b8dbfb8c67213ef634ab..5bf498e8a8946190a5c5d83b783f104913bcd707 100644 --- a/doc/man3/PKCS12_item_decrypt_d2i.pod +++ b/doc/man3/PKCS12_item_decrypt_d2i.pod @@ -32,7 +32,7 @@ encrypt/decrypt functions =head1 DESCRIPTION PKCS12_item_decrypt_d2i() and PKCS12_item_decrypt_d2i_ex() decrypt an octet -string containing an ASN.1 encoded object using the algorithm I and +string containing an ASN.1 encoded object using the algorithm I and password I of length I. If I is nonzero then the output buffer will zeroed after the decrypt. diff --git a/test/helpers/pkcs12.c b/test/helpers/pkcs12.c index 4d3abe06c7fa1f777496daee6b7d2c5a0eccaa6d..bdc8585535a991f11cfff9827b22f4d48b5f65b7 100644 --- a/test/helpers/pkcs12.c +++ b/test/helpers/pkcs12.c @@ -651,13 +651,13 @@ void check_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret, con if (!pb->success) return; - + bag = sk_PKCS12_SAFEBAG_value(pb->bags, pb->bag_idx++); if (!TEST_ptr(bag)) { pb->success = 0; return; - } - + } + if (!check_attrs(PKCS12_SAFEBAG_get0_attrs(bag), attrs) || !TEST_int_eq(PKCS12_SAFEBAG_get_nid(bag), NID_secretBag) || !TEST_int_eq(PKCS12_SAFEBAG_get_bag_nid(bag), secret_nid) @@ -693,13 +693,13 @@ void start_check_pkcs12_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac) if (!pb->success) return; - p12 = from_bio_p12(pb->p12bio, mac); + p12 = from_bio_p12(pb->p12bio, mac); if (!TEST_ptr(p12)) { pb->success = 0; return; } - pb->safes = PKCS12_unpack_authsafes(p12); - if (!TEST_ptr(pb->safes)) + pb->safes = PKCS12_unpack_authsafes(p12); + if (!TEST_ptr(pb->safes)) pb->success = 0; pb->safe_idx = 0; @@ -724,8 +724,8 @@ void start_check_pkcs12_file(PKCS12_BUILDER *pb) pb->safe_idx = 0; PKCS12_free(p12); -} - +} + void start_check_pkcs12_file_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac) { PKCS12 *p12;