| #
d7b659e1 |
| 08-Aug-2024 |
Dmitry Belyavskiy |
Fix PBMAC1 MAC verification in FIPS mode
The check for fetchability PKCS12KDF doesn't make sense when we have a
different MAC mechanism
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Fix PBMAC1 MAC verification in FIPS mode
The check for fetchability PKCS12KDF doesn't make sense when we have a
different MAC mechanism
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25144)
show more ...
|
| #
fe79159b |
| 07-Jun-2024 |
Dmitry Belyavskiy |
Implementation of the RFC 9579, PBMAC1 in PKCS#12
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openss
Implementation of the RFC 9579, PBMAC1 in PKCS#12
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24577)
show more ...
|
| #
962431d5 |
| 13-Sep-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
that open brace { should be on the previous line
Found by running the checkpatch.pl Linux script to enforce coding style.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed
that open brace { should be on the previous line
Found by running the checkpatch.pl Linux script to enforce coding style.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)
show more ...
|
| #
f5462572 |
| 02-Mar-2024 |
naaysayer |
apps/pkcs12: Not writing the private key file until the import password is verified
Fixes #904
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-
apps/pkcs12: Not writing the private key file until the import password is verified
Fixes #904
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23729)
show more ...
|
| #
496bc128 |
| 29-Mar-2024 |
Matt Caswell |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 3764f200f9d44622faa8ac1b15d2f3eb7c39e473)
Reviewed-by: Hugo Lan
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 3764f200f9d44622faa8ac1b15d2f3eb7c39e473)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
| #
a4cbffcd |
| 19-Feb-2024 |
Viliam Lejčík |
Add NULL check before accessing PKCS7 encrypted algorithm
Printing content of an invalid test certificate causes application crash, because of NULL dereference:
user@user:~/openssl$
Add NULL check before accessing PKCS7 encrypted algorithm
Printing content of an invalid test certificate causes application crash, because of NULL dereference:
user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: Segmentation fault (core dumped)
Added test cases for pkcs12 bad certificates
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23632)
show more ...
|
| #
58eeb435 |
| 11-Dec-2023 |
Tomas Mraz |
pkcs12: Do not forcibly load the config file
This was added as part of commit e869c86 but later it
was made unnecessary by commit 21f7a09.
Fixes #22994
Reviewed-by: Nei
pkcs12: Do not forcibly load the config file
This was added as part of commit e869c86 but later it
was made unnecessary by commit 21f7a09.
Fixes #22994
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23005)
show more ...
|
| #
21f7a09c |
| 18-Oct-2023 |
Neil Horman |
Convert jdkTrustedKeyUsage to be a pkcs12 cmd line option
Creating JDK compatible pkcs12 files requires a bit more than just
adding the Trusted Key Usage OID to a certbag in the pkcs12 f
Convert jdkTrustedKeyUsage to be a pkcs12 cmd line option
Creating JDK compatible pkcs12 files requires a bit more than just
adding the Trusted Key Usage OID to a certbag in the pkcs12 file.
Additionally the JDK currently requires that pkcs12 files setting this
oid _not_ contain any additional keys, and in response will produce
unpredictable results.
This could be solved by implying --nokeys when the pkcs12 utility is run
and the config option is set, but thatcould confuse users who didn't
specify nokeys on the command line. As such, remove the config file
setting for this feature, and replace it with a -jdktrust command line
option, that is documented to assert nokeys when a users specifies the
new command line option.
Fixes #22215
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22422)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
ef1ed411 |
| 07-Jun-2023 |
Tomas Mraz |
Coverity 1528486: Avoid assignment of unused value of bags
It is used only within the loop and always initialized
|
| #
4c56539c |
| 01-Jun-2023 |
Dmitry Belyavskiy |
Remove pointless warning on pkcs12 import
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Remove pointless warning on pkcs12 import
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21107)
show more ...
|
| #
da7f81d3 |
| 16-May-2023 |
Dr. David von Oheimb |
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
show more ...
|
| #
26cf0767 |
| 16-May-2023 |
Marco Abbadini <39488007+marcoabbadini@users.noreply.github.com> |
pkcs12: Fix macsaltlen parameter type
It expects an integer so change it from non-argument type to positive integer type.
Fixes #20969
CLA: trivial
Reviewed-by: Pa
pkcs12: Fix macsaltlen parameter type
It expects an integer so change it from non-argument type to positive integer type.
Fixes #20969
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20979)
show more ...
|
| #
8bc703c2 |
| 26-Sep-2022 |
Pauli |
Coverity 1515538: resource leak
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19275)
|
| #
e869c867 |
| 19-Aug-2022 |
Graham Woodward |
Allow PKCS12 export to set arbitrary bag attributes
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/op
Allow PKCS12 export to set arbitrary bag attributes
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19025)
show more ...
|
| #
72a85c17 |
| 28-Jul-2022 |
Arne Schwabe |
Fix wrong default algorithm in openssl pkcs12 help
The default that pkcs12 -export uses is SHA256 and not SHA1.
CLA: Trivial
Reviewed-by: Todd Short <todd.short@me.com>
Fix wrong default algorithm in openssl pkcs12 help
The default that pkcs12 -export uses is SHA256 and not SHA1.
CLA: Trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18904)
show more ...
|
| #
e393064e |
| 14-Jun-2022 |
Kan |
Update the default macsaltlen and Add the configure for macsaltlen
Fixed #18489
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by
Update the default macsaltlen and Add the configure for macsaltlen
Fixed #18489
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18550)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
2c272447 |
| 24-Aug-2021 |
Dr. David von Oheimb |
APPS: Add check for multiple 'unknown' options
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
|
| #
870871e5 |
| 24-Aug-2021 |
Dr. David von Oheimb |
PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
|
| #
79b2a2f2 |
| 18-Dec-2021 |
Dr. David von Oheimb |
add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
|
| #
d9f07357 |
| 27-Aug-2021 |
Dr. David von Oheimb |
APPS: Improve diagnostics on missing/extra args and unknown cipher/digest
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16450)
|
| #
adbd77f6 |
| 17-Aug-2021 |
Dr. David von Oheimb |
X509: Fix handling of AKID and SKID extensions according to configuration
Fixes #16300
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.o
X509: Fix handling of AKID and SKID extensions according to configuration
Fixes #16300
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16342)
show more ...
|
| #
2bdab811 |
| 31-Aug-2021 |
Tomas Mraz |
apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https:/
apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
show more ...
|
| #
be618c7c |
| 05-Jul-2021 |
Matt Caswell |
Don't add the first pkcs12 certificate multiple times
This fixes a regression introduced by commit 1d6c867. When exporting a set
of certificates to a PKCS12 file we shouldn't add the fir
Don't add the first pkcs12 certificate multiple times
This fixes a regression introduced by commit 1d6c867. When exporting a set
of certificates to a PKCS12 file we shouldn't add the first one twice. Also
we restore historic behaviour with respect to the canames option where we
have no ee certificate with key.
Fixes #15983
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16001)
show more ...
|
