Ything-RepoMirrors/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-25 02:56:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
38,829 Commits 37 Branches 420 Tags
master
Commit Graph

239 Commits

Author SHA1 Message Date
Nikola Pajkovsky
7e535fe6b1 apps: check OPENSSL_uni2utf8 return value 
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29590)
 2026-01-14 11:26:59 +01:00
Frederik Wedel-Heinen
9ada832a81 Fix typo in hex_prin() and make it static 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29493)
 2025-12-31 12:26:20 +01:00
Bob Beck
2fab90bb5e 4.0-POST-CLANG-FORMAT-WEBKIT 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29242)
 2025-12-09 00:28:19 -07:00
Norbert Pocs
26b1723ed4 apps/: Remove engines 
Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
 2025-12-04 07:31:05 -05:00
openssl-machine
0c679f5566 Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
 2025-03-12 13:35:59 +00:00
Frederik Wedel-Heinen
d48874ab47 Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push() 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26238)
 2025-01-09 15:23:39 +01:00
Dmitry Belyavskiy
8ad98cce41 To verify MAC, we need a MAC 
Fixes #26106

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26140)
 2024-12-11 18:27:54 +01:00
Olivier Chéron
f3652dff2f Handle PBMAC1 with absent PBKDF2 PRF 
PRF in PBKDF2-params is optional and defaults to hmacWithSHA1.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25568)
 2024-10-07 17:51:54 +02:00
Dmitry Belyavskiy
d7b659e185 Fix PBMAC1 MAC verification in FIPS mode 
The check for fetchability PKCS12KDF doesn't make sense when we have a
different MAC mechanism

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25144)
 2024-08-11 10:11:33 +02:00
Dmitry Belyavskiy
fe79159be0 Implementation of the RFC 9579, PBMAC1 in PKCS#12 
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24577)
 2024-08-07 10:00:16 +02:00
Dimitri Papadopoulos
962431d58b that open brace { should be on the previous line 
Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)
 2024-07-22 06:55:35 -04:00
naaysayer
f5462572a1 apps/pkcs12: Not writing the private key file until the import password is verified 
Fixes #904

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23729)
 2024-05-14 15:36:33 +02:00
Matt Caswell
496bc128fd Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 3764f200f9)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
 2024-04-09 13:43:27 +02:00
Viliam Lejčík
a4cbffcd89 Add NULL check before accessing PKCS7 encrypted algorithm 
Printing content of an invalid test certificate causes application crash, because of NULL dereference:

user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: Segmentation fault (core dumped)

Added test cases for pkcs12 bad certificates

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23632)
 2024-03-25 18:26:24 +01:00
Tomas Mraz
58eeb4350c pkcs12: Do not forcibly load the config file 
This was added as part of commit e869c86 but later it
was made unnecessary by commit 21f7a09.

Fixes #22994

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23005)
 2023-12-13 12:32:22 +01:00
Neil Horman
21f7a09ca2 Convert jdkTrustedKeyUsage to be a pkcs12 cmd line option 
Creating JDK compatible pkcs12 files requires a bit more than just
adding the Trusted Key Usage OID to a certbag in the pkcs12 file.
Additionally the JDK currently requires that pkcs12 files setting this
oid _not_ contain any additional keys, and in response will produce
unpredictable results.

This could be solved by implying --nokeys when the pkcs12 utility is run
and the config option is set, but thatcould confuse users who didn't
specify nokeys on the command line.  As such, remove the config file
setting for this feature, and replace it with a -jdktrust command line
option, that is documented to assert nokeys when a users specifies the
new command line option.

Fixes #22215

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22422)
 2023-10-20 16:30:43 +01:00
Matt Caswell
da1c088f59 Copyright year updates 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
 2023-09-07 09:59:15 +01:00
Tomas Mraz
ef1ed411e1 Coverity 1528486: Avoid assignment of unused value of bags 
It is used only within the loop and always initialized
 2023-06-10 19:23:59 -04:00
Dmitry Belyavskiy
4c56539cb3 Remove pointless warning on pkcs12 import 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21107)
 2023-06-03 16:15:33 +02:00
Dr. David von Oheimb
da7f81d393 APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
 2023-05-25 09:04:35 +02:00
Marco Abbadini
26cf0767a7 pkcs12: Fix macsaltlen parameter type 
It expects an integer so change it from non-argument type to positive integer type.

Fixes #20969

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20979)
 2023-05-18 13:25:28 +02:00
Pauli
8bc703c288 Coverity 1515538: resource leak 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19275)
 2022-09-27 13:58:13 +02:00
Graham Woodward
e869c867c1 Allow PKCS12 export to set arbitrary bag attributes 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19025)
 2022-09-23 17:40:02 +01:00
Arne Schwabe
72a85c17aa Fix wrong default algorithm in openssl pkcs12 help 
The default that pkcs12 -export uses is SHA256 and not SHA1.

CLA: Trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18904)
 2022-08-01 11:54:36 +02:00
Kan
e393064ee7 Update the default macsaltlen and Add the configure for macsaltlen 
Fixed #18489

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18550)
 2022-06-30 09:01:54 +01:00
Matt Caswell
fecb3aae22 Update copyright year 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
 2022-05-03 13:34:51 +01:00
Dr. David von Oheimb
2c2724476e APPS: Add check for multiple 'unknown' options 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
 2022-01-11 12:45:33 +01:00
Dr. David von Oheimb
870871e5df PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
 2022-01-11 12:45:12 +01:00
Dr. David von Oheimb
79b2a2f2ee add OSSL_STACK_OF_X509_free() for commonly used pattern 
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
 2021-12-21 12:11:49 +01:00
Dr. David von Oheimb
d9f073575f APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16450)
 2021-12-07 15:26:40 +01:00
Dr. David von Oheimb
adbd77f6d7 X509: Fix handling of AKID and SKID extensions according to configuration 
Fixes #16300

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16342)
 2021-11-11 20:18:55 +01:00
Tomas Mraz
2bdab81198 apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
 2021-08-31 12:20:12 +02:00
Matt Caswell
be618c7cc1 Don't add the first pkcs12 certificate multiple times 
This fixes a regression introduced by commit 1d6c867. When exporting a set
of certificates to a PKCS12 file we shouldn't add the first one twice. Also
we restore historic behaviour with respect to the canames option where we
have no ee certificate with key.

Fixes #15983

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16001)
 2021-07-09 10:24:32 +10:00
Pauli
a89835f7e0 apps: use get_cipher_any() instead of get_cipher() for commands that support these ciphers/modes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
 2021-06-16 18:32:30 +10:00
Pauli
09495e4301 pkcs12: use the app's libctx and property query when searching for algorithms 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
 2021-06-15 18:26:47 +10:00
Dr. David von Oheimb
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
 2021-05-05 20:48:20 +02:00
Pauli
c7d848e220 remove end of line whitespace 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14434)
 2021-04-30 09:15:50 +10:00
Jon Spillett
b536880c45 Add library context and property query support into the PKCS12 API 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14434)
 2021-04-30 09:15:50 +10:00
Dr. David von Oheimb
d830526c71 APPS: Improve diagnostics for string options and options expecting int >= 0 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)
 2021-04-24 18:54:32 +02:00
Rich Salz
606a417fb2 Fetch and free cipher and md's 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14219)
 2021-04-20 10:12:29 +02:00
Dr. David von Oheimb
3ad6030948 APPS: make apps strict on app_RAND_load() and app_RAND_write() failure 
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14840)
 2021-04-14 16:48:27 +02:00
Tomas Mraz
ea51096e51 apps: Add maybe_stdin argument to load_certs and set it in pkcs12 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14449)
 2021-03-15 13:29:57 +01:00
Tobias Nießen
3711f4c3fb Fix option description for PKCS#12 export 
Refs: https://github.com/openssl/openssl/pull/4930

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14520)
 2021-03-14 15:42:29 +10:00
Tomas Mraz
762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 
Use the modern defaults as now set in the pkcs12 app. This also
allows modifying the application to not override the default values
when calling the API.

Fixes #14034

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14450)
 2021-03-10 17:12:48 +01:00
Tomas Mraz
889ad4ef81 apps/pkcs12: Allow continuing on absent mac 
Just print a warning in that case.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)
 2021-03-09 11:12:07 +10:00
Tomas Mraz
5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 
Report error message with hint to use -nomacver if
MAC verification is not required.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)
 2021-03-09 11:12:07 +10:00
Tomas Mraz
913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 
The MAC requires PKCS12KDF support which is not present
in FIPS provider as it is not an approved KDF algorithm.
Suggest using -nomac if MAC is not required.

Fixes #14057

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)
 2021-03-09 11:12:07 +10:00
Matt Caswell
a28d06f3e9 Update copyright year 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
 2021-02-18 15:05:17 +00:00
Rich Salz
03bbd346f4 Fetch cipher after loading providers 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
 2021-02-12 08:34:17 +10:00
Rich Salz
51e5df0ed0 Load rand state after loading providers 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
 2021-02-12 08:34:17 +10:00