summaryrefslogtreecommitdiff
path: root/apps/pkcs12.c
Commit message (Collapse)AuthorAgeFilesLines
* Coverity 1515538: resource leakPauli2022-09-271-1/+3
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19275)
* Allow PKCS12 export to set arbitrary bag attributesGraham Woodward2022-09-231-4/+70
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19025)
* Fix wrong default algorithm in openssl pkcs12 helpArne Schwabe2022-08-011-1/+1
| | | | | | | | | | | | The default that pkcs12 -export uses is SHA256 and not SHA1. CLA: Trivial Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18904)
* Update the default macsaltlen and Add the configure for macsaltlenKan2022-06-301-4/+12
| | | | | | | | | Fixed #18489 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18550)
* Update copyright yearMatt Caswell2022-05-031-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* APPS: Add check for multiple 'unknown' optionsDr. David von Oheimb2022-01-111-0/+1
| | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16416)
* PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_nameDr. David von Oheimb2022-01-111-6/+5
| | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16416)
* add OSSL_STACK_OF_X509_free() for commonly used patternDr. David von Oheimb2021-12-211-3/+3
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
* APPS: Improve diagnostics on missing/extra args and unknown cipher/digestDr. David von Oheimb2021-12-071-6/+3
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16450)
* X509: Fix handling of AKID and SKID extensions according to configurationDr. David von Oheimb2021-11-111-1/+1
| | | | | | | | | Fixes #16300 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16342)
* apps/pkcs12: Do not assume null termination of ASN1_UTF8STRINGTomas Mraz2021-08-311-1/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16433)
* Don't add the first pkcs12 certificate multiple timesMatt Caswell2021-07-091-4/+7
| | | | | | | | | | | | | | This fixes a regression introduced by commit 1d6c867. When exporting a set of certificates to a PKCS12 file we shouldn't add the first one twice. Also we restore historic behaviour with respect to the canames option where we have no ee certificate with key. Fixes #15983 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16001)
* apps: use get_cipher_any() instead of get_cipher() for commands that support ↵Pauli2021-06-161-1/+1
| | | | | | | these ciphers/modes Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15747)
* pkcs12: use the app's libctx and property query when searching for algorithmsPauli2021-06-151-1/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macroDr. David von Oheimb2021-05-051-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
* remove end of line whitespacePauli2021-04-301-2/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
* Add library context and property query support into the PKCS12 APIJon Spillett2021-04-301-13/+37
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
* APPS: Improve diagnostics for string options and options expecting int >= 0Dr. David von Oheimb2021-04-241-3/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14970)
* Fetch and free cipher and md'sRich Salz2021-04-201-4/+5
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
* APPS: make apps strict on app_RAND_load() and app_RAND_write() failureDr. David von Oheimb2021-04-141-1/+3
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14840)
* apps: Add maybe_stdin argument to load_certs and set it in pkcs12Tomas Mraz2021-03-151-3/+3
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14449)
* Fix option description for PKCS#12 exportTobias Nießen2021-03-141-1/+1
| | | | | | | | Refs: https://github.com/openssl/openssl/pull/4930 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14520)
* Change default algorithms in PKCS12_create() and PKCS12_set_mac()Tomas Mraz2021-03-101-9/+11
| | | | | | | | | | | Use the modern defaults as now set in the pkcs12 app. This also allows modifying the application to not override the default values when calling the API. Fixes #14034 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14450)
* apps/pkcs12: Allow continuing on absent macTomas Mraz2021-03-091-0/+9
| | | | | | | Just print a warning in that case. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14445)
* apps/pkcs12: Detect missing PKCS12KDF support on importTomas Mraz2021-03-091-0/+10
| | | | | | | | Report error message with hint to use -nomacver if MAC verification is not required. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14445)
* apps/pkcs12: Properly detect MAC setup failureTomas Mraz2021-03-091-1/+5
| | | | | | | | | | | The MAC requires PKCS12KDF support which is not present in FIPS provider as it is not an approved KDF algorithm. Suggest using -nomac if MAC is not required. Fixes #14057 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14445)
* Update copyright yearMatt Caswell2021-02-181-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
* Fetch cipher after loading providersRich Salz2021-02-121-9/+16
| | | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
* Load rand state after loading providersRich Salz2021-02-121-0/+1
| | | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
* Check non-option argumentsRich Salz2020-12-151-2/+4
| | | | | | | | | | | | | Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent (which is to say, minimal). Fixes: #13527 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13563)
* apps/pkcs12.c: Improve user guidance, re-ordering no-export vs. export optionsDr. David von Oheimb2020-12-031-77/+106
| | | | | | | | Make the option order consistent in the help output and in the POD file. Give warnings when an option is ignored because -export is given or missing. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13588)
* apps/pkcs12.c: Correct default legacy algs and make related doc consistentDr. David von Oheimb2020-12-011-16/+22
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13534)
* apps/pkcs12: Clean up the order in which many options are presentedDr. David von Oheimb2020-11-191-24/+26
| | | | | | | Also do a minor extension on the documentation of the -passcerts option Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
* apps/pkcs12: Really do not perform MAC in case -nomacDr. David von Oheimb2020-11-191-0/+1
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
* apps/pkcs12: Do not prompt for password in case -nomac and -noenc/-nodesDr. David von Oheimb2020-11-191-1/+1
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
* Minor cleanup of error output for various appsDavid von Oheimb2020-11-191-1/+3
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
* Run the withlibctx.pl scriptMatt Caswell2020-10-011-2/+1
| | | | | | | | Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
* Fix safestack issues in pkcs12.hMatt Caswell2020-09-131-2/+0
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
* Fix safestack issues in pkcs7.hMatt Caswell2020-09-131-1/+0
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
* Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCKMatt Caswell2020-09-131-1/+0
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
* Fix safestack issues in x509.hMatt Caswell2020-09-131-2/+0
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
* Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.cShane Lontis2020-09-121-3/+5
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12847)
* apps/pkcs12.c: Add -untrusted optionDr. David von Oheimb2020-08-271-49/+114
| | | | | | | Also improve EE cert selection, user guidance, and documentation. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12643)
* apps: make use of OSSL_STORE for generalized certs and CRLs loadingDr. David von Oheimb2020-08-201-4/+17
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12647)
* Add new APIs to get PKCS12 secretBag OID and valueJon Spillett2020-08-071-0/+14
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10063)
* apps/pkcs12: Change defaults from RC2 to PBES2 with PBKDF2Sahana Prasad2020-08-061-11/+35
| | | | | | | | | | | | | | | | Fixes #11672 Add "-legacy" option to load the legacy provider and fall back to the old legacy default algorithms. doc/man1/openssl-pkcs12.pod.in: updates documentation about the new "-legacy" option Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12540)
* Deprecate -nodes in favor of -noenc in pkcs12 and req appDr. David von Oheimb2020-07-281-2/+4
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12495)
* In OpenSSL builds, declare STACK for datatypes ...Rich Salz2020-04-241-0/+6
| | | | | | | | | | | | | | | | | | | | | | ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
* Update copyright yearMatt Caswell2020-04-231-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Don't compile commands if disabledRich Salz2020-04-101-28/+23
| | | | | | | | | Rather than wrapping whole files in "ifndef OPENSSL_NO_xxx" we handle the changes in build.info Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11250)
View Lorry Controller Status