summaryrefslogtreecommitdiffstats
path: root/apps/pkcs12.c
AgeCommit message (Collapse)Author
2023-06-10Coverity 1528486: Avoid assignment of unused value of bagsTomas Mraz
It is used only within the loop and always initialized
2023-06-03Remove pointless warning on pkcs12 importDmitry Belyavskiy
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21107)
2023-05-25APPS: replace awkward and error-prone pattern by calls to new ↵Dr. David von Oheimb
app_conf_try_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
2023-05-18pkcs12: Fix macsaltlen parameter typeMarco Abbadini
It expects an integer so change it from non-argument type to positive integer type. Fixes #20969 CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20979)
2022-09-27Coverity 1515538: resource leakPauli
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19275)
2022-09-23Allow PKCS12 export to set arbitrary bag attributesGraham Woodward
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19025)
2022-08-01Fix wrong default algorithm in openssl pkcs12 helpArne Schwabe
The default that pkcs12 -export uses is SHA256 and not SHA1. CLA: Trivial Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18904)
2022-06-30Update the default macsaltlen and Add the configure for macsaltlenKan
Fixed #18489 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18550)
2022-05-03Update copyright yearMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
2022-01-11APPS: Add check for multiple 'unknown' optionsDr. David von Oheimb
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16416)
2022-01-11PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_nameDr. David von Oheimb
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16416)
2021-12-21add OSSL_STACK_OF_X509_free() for commonly used patternDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
2021-12-07APPS: Improve diagnostics on missing/extra args and unknown cipher/digestDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16450)
2021-11-11X509: Fix handling of AKID and SKID extensions according to configurationDr. David von Oheimb
Fixes #16300 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16342)
2021-08-31apps/pkcs12: Do not assume null termination of ASN1_UTF8STRINGTomas Mraz
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16433)
2021-07-09Don't add the first pkcs12 certificate multiple timesMatt Caswell
This fixes a regression introduced by commit 1d6c867. When exporting a set of certificates to a PKCS12 file we shouldn't add the first one twice. Also we restore historic behaviour with respect to the canames option where we have no ee certificate with key. Fixes #15983 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16001)
2021-06-16apps: use get_cipher_any() instead of get_cipher() for commands that support ↵Pauli
these ciphers/modes Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15747)
2021-06-15pkcs12: use the app's libctx and property query when searching for algorithmsPauli
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
2021-05-05APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macroDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
2021-04-30remove end of line whitespacePauli
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
2021-04-30Add library context and property query support into the PKCS12 APIJon Spillett
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
2021-04-24APPS: Improve diagnostics for string options and options expecting int >= 0Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14970)
2021-04-20Fetch and free cipher and md'sRich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
2021-04-14APPS: make apps strict on app_RAND_load() and app_RAND_write() failureDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14840)
2021-03-15apps: Add maybe_stdin argument to load_certs and set it in pkcs12Tomas Mraz
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14449)
2021-03-14Fix option description for PKCS#12 exportTobias Nießen
Refs: https://github.com/openssl/openssl/pull/4930 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14520)
2021-03-10Change default algorithms in PKCS12_create() and PKCS12_set_mac()Tomas Mraz
Use the modern defaults as now set in the pkcs12 app. This also allows modifying the application to not override the default values when calling the API. Fixes #14034 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14450)
2021-03-09apps/pkcs12: Allow continuing on absent macTomas Mraz
Just print a warning in that case. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14445)
2021-03-09apps/pkcs12: Detect missing PKCS12KDF support on importTomas Mraz
Report error message with hint to use -nomacver if MAC verification is not required. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14445)
2021-03-09apps/pkcs12: Properly detect MAC setup failureTomas Mraz
The MAC requires PKCS12KDF support which is not present in FIPS provider as it is not an approved KDF algorithm. Suggest using -nomac if MAC is not required. Fixes #14057 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14445)
2021-02-18Update copyright yearMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
2021-02-12Fetch cipher after loading providersRich Salz
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
2021-02-12Load rand state after loading providersRich Salz
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
2020-12-15Check non-option argumentsRich Salz
Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent (which is to say, minimal). Fixes: #13527 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13563)
2020-12-03apps/pkcs12.c: Improve user guidance, re-ordering no-export vs. export optionsDr. David von Oheimb
Make the option order consistent in the help output and in the POD file. Give warnings when an option is ignored because -export is given or missing. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13588)
2020-12-01apps/pkcs12.c: Correct default legacy algs and make related doc consistentDr. David von Oheimb
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13534)
2020-11-19apps/pkcs12: Clean up the order in which many options are presentedDr. David von Oheimb
Also do a minor extension on the documentation of the -passcerts option Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
2020-11-19apps/pkcs12: Really do not perform MAC in case -nomacDr. David von Oheimb
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
2020-11-19apps/pkcs12: Do not prompt for password in case -nomac and -noenc/-nodesDr. David von Oheimb
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
2020-11-19Minor cleanup of error output for various appsDavid von Oheimb
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
2020-10-01Run the withlibctx.pl scriptMatt Caswell
Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
2020-09-13Fix safestack issues in pkcs12.hMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13Fix safestack issues in pkcs7.hMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCKMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13Fix safestack issues in x509.hMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-12Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.cShane Lontis
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12847)
2020-08-27apps/pkcs12.c: Add -untrusted optionDr. David von Oheimb
Also improve EE cert selection, user guidance, and documentation. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12643)
2020-08-20apps: make use of OSSL_STORE for generalized certs and CRLs loadingDr. David von Oheimb
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12647)
2020-08-07Add new APIs to get PKCS12 secretBag OID and valueJon Spillett
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10063)
2020-08-06apps/pkcs12: Change defaults from RC2 to PBES2 with PBKDF2Sahana Prasad
Fixes #11672 Add "-legacy" option to load the legacy provider and fall back to the old legacy default algorithms. doc/man1/openssl-pkcs12.pod.in: updates documentation about the new "-legacy" option Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12540)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 16:37:44 +0000