summaryrefslogtreecommitdiffstats
path: root/apps (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Constify X509_check_akid and prefer using X509_get0_serialNumber over ↵Dr. David von Oheimb2020-07-162-3/+3
| | | | | | | X509_get_serialNumber Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12375)
* Revert "kdf: make function naming consistent."Matt Caswell2020-07-161-3/+3
| | | | | | | | | | | | The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit 765d04c9460a304c8119f57941341a149498b9db. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
* Revert "The EVP_MAC functions have been renamed for consistency. The ↵Matt Caswell2020-07-163-10/+10
| | | | | | | | | | | | | | EVP_MAC_CTX_*" The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
* apps: deprecate enginesPauli2020-07-166-0/+18
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226)
* apps/list: deprecate engine supportPauli2020-07-161-5/+18
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226)
* Add SSL_get[01]_peer_certificate()Todd Short2020-07-163-8/+4
| | | | | | | | | | | | Deprecate SSL_get_peer_certificte() and replace with SSL_get1_peer_certificate(). Add SSL_get0_peer_certificate. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8730)
* Add FIPS related configuration data to the default openssl application ↵Shane Lontis2020-07-152-8/+60
| | | | | | | configuration file Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12333)
* Make -provider_name and -section_name optionalRich Salz2020-07-151-8/+6
| | | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12311)
* Use defaults FIPSKEY if not given on command lineRich Salz2020-07-151-0/+1
| | | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12311)
* [apps/genpkey] exit status should not be 0 on output errorsNicola Tuveri2020-07-061-2/+4
| | | | | | | | | If the key is to be serialized or printed as text and the framework returns an error, the app should signal the failure to the user using a non-zero exit status. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12305)
* apps: remove NULL check imn release_engine since ENGINE_free also does it.Pauli2020-07-051-3/+2
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12309)
* cmp: remove NULL check.Pauli2020-07-051-2/+1
| | | | | | | | Instead appease coverity by marking 1464986 as a false positive. Coverity is confused by the engine reference counting. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12309)
* If an empty password is supplied still try to use itMatt Caswell2020-07-031-6/+9
| | | | | | | | | | | | | | | | | | If an empty password was supplied we ignored it and were trying to use the fallback method to read the password instead (i.e. read from stdin). However if that failed (which it always does if the cmp option -batch is used) then we were reporting that we had successfully read the password without actually setting one. Instead, if an empty password is explicitly provided we should use it. If no password is supplied explicitly and we have no fallback method then we assume the empty password. [extended tests] Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12275)
* Improve documentation, layout, and code comments regarding self-issued certs ↵Dr. David von Oheimb2020-07-012-6/+6
| | | | | | | etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587)
* Force ssl/tls protocol flags to use stream socketsBenny Baumann2020-06-301-0/+20
| | | | | | | | | | | | Prior to this patch doing something like openssl s_client -dtls1 -tls1 ... could cause s_client to speak TLS on a UDP socket which does not normally make much sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12266)
* Add --fips-key configuration parameter to fipsinstall application.Rich Salz2020-06-291-5/+15
| | | | | | | | | | | | | | Change default FIPS HMAC KEY from all-zero's Use default FIPSKEY if not given on command line. Make all -macopt in fipsinstall optional Make all tests, except fipsinstall, use the default -macopt and -mac_name flags. Define and use FIPSDIR variable on VMS/MMS. Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12235)
* apps/openssl: clean-up of unused fallback codeRichard Levitte2020-06-281-6/+0
| | | | | | | | Remove code in help_main() that duplicates the case when 'openssl' is called with no arguments, which is now handled in main(). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12295)
* Update copyright yearMatt Caswell2020-06-251-1/+1
| | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12273)
* apps/cmp.c: Add workaround for Coverity false positive; rename e -> engineDr. David von Oheimb2020-06-241-20/+21
| | | | | | | | | CID 1463570: (USE_AFTER_FREE) CID 1463570: (USE_AFTER_FREE) Passing freed pointer "e" as an argument to "release_engine". Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12231)
* apps/cmp.c: Fix memory leaks in handle_opt_geninfo() found by CoverityDr. David von Oheimb2020-06-241-3/+3
| | | | | | | | CID 1463578: Resource leaks (RESOURCE_LEAK) CID 1463575: Resource leaks (RESOURCE_LEAK) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12231)
* Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h>Dr. Matthias St. Pierre2020-06-241-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222)
* apps: avoid memory overrun.Pauli2020-06-241-1/+1
| | | | | | | | | | NULL terminate the built in "help" argv array to avoid reading beyond the end. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12258)
* app/list: add RNG list optionPauli2020-06-241-1/+80
| | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
* CMS print should support string conversionDmitry Belyavskiy2020-06-241-3/+20
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12206)
* APPS: Properly pass -no-CAstoreSebastian Andrzej Siewior2020-06-232-2/+2
| | | | | | | | | | | | | | Since its introduction the option no-CAstore maps to OPT_NOCAPATH and so behaves like -no-CApath. Map no-CAstore to OPT_NOCASTORE. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12171)
* APPS: Fix invoking openssl without a commandSebastian Andrzej Siewior2020-06-231-1/+3
| | | | | | | | | | | | | | Invoking help with "empty" argc leads to a segfault. Invoke do_cmd() with help as argument which invokes help_main() with proper argv. Fixes #12069 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12070)
* Fix CMP -days option range checking and test failing with enable-ubsanDr. David von Oheimb2020-06-221-3/+6
| | | | | Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12175)
* Return the cookie_len value from generate_cookie_callbackMatt Caswell2020-06-191-2/+5
| | | | | | | | | The generate_cookie_callback was failing to pass back the generated cookie length to the caller. This results in DTLS connection failures from s_server. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12179)
* Remove whitespace from 'white space'haykam8212020-06-191-1/+1
| | | | | | | | CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12161)
* Fix segfault in openssl app called with no args.Shane Lontis2020-06-181-2/+7
| | | | | | | | This is a result of removal of interactive mode. Redirected it to now use 'openssl help'. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12164)
* coverity 1464213: API usage errors (PRINTF_ARGS)Pauli2020-06-171-1/+1
| | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12149)
* coverity 1464212, 1464214 & 1464215: Resource leaksPauli2020-06-171-0/+3
| | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12149)
* Fix nits detected by make cmd-nitsNicola Tuveri2020-06-141-1/+1
| | | | | Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12127)
* Remove extra newline from CMP mock server error and add TODO on using ↵Dr. David von Oheimb2020-06-132-1/+2
| | | | | | | request template Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
* Improve description of CMP untrusted certs and msg 'sender' fieldDr. David von Oheimb2020-06-131-3/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
* Extend error output of apps/opt_format() to all error casesDr. David von Oheimb2020-06-131-0/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
* Remove meanwhile redundant error output of apps/opt_next(void) parsing numbersDr. David von Oheimb2020-06-131-18/+7
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
* Fix use of -no-proxy option of CMP appDr. David von Oheimb2020-06-131-0/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
* Add request URL path checking and status responses to HTTP serverDr. David von Oheimb2020-06-134-40/+130
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
* Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.cDr. David von Oheimb2020-06-132-7/+8
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
* Improve description of -trusted, -srvcert, -recipient, and -expect_sender ↵Dr. David von Oheimb2020-06-131-4/+4
| | | | | | | CMP options Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
* APPS: Use a second EVP_MD_CTX for EdDSA verifySebastian Andrzej Siewior2020-06-111-4/+18
| | | | | | | | | | | | | | | | Verify for the two EdDSA algorithms fails in "speed eddsa". It appears that the same ctx can not be used for the sign and verify process. Create a second EVP_MD_CTX for the verify purpose. Fixes #11650 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12074)
* APPS: Exclude legacy algorighms from speedSebastian Andrzej Siewior2020-06-111-0/+9
| | | | | | | | | | | | | | | | Legacy crypto algorithms are not provided by the default "provider" leading to a warning. Remove legacy algorithms from the set that is tested by default. The algorihms can be tested manually if selected manually and using the legacy provider. Fixes #11650 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12074)
* The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*Pauli2020-06-113-10/+10
| | | | | | | | | | | | | functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mutable and this prevents more inconsistencies being introduced. There are no functional or code changes. Just the renaming and a little reformatting. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11997)
* kdf: make function naming consistent.Pauli2020-06-111-3/+3
| | | | | | | | The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace for consistency. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11996)
* Make error output of dhparams and dsaparams app more consistentDr. David von Oheimb2020-06-102-37/+19
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12062)
* Update RSA keygen to use sp800-56b by defaultShane Lontis2020-06-101-4/+11
| | | | | | | | | | | | | Fixes #11742 Fixes #11764 The newer RSA sp800-56b algorithm is being used for the normal case of a non multiprime key of at least length 2048. Insecure key lengths and mutltiprime RSA will use the old method. Bad public exponents are no longer allowed (i.e values less than 65537 or even). Values such as 2 that would cause a infinite loop now result in an error. The value of 3 has been marked as deprecated but is still allowed for legacy purposes. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11765)
* APPS: Fix 'openssl dhparam'Richard Levitte2020-06-081-6/+8
| | | | | | | | | 'dhparam' can't be completely rewritten in terms of EVP_PKEY functions yet, because we lack X9.42 support. However, we do when generating, but forgot to extract a DH pointer with EVP_PKEY_get0_DH(). Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/12048)
* APPS: Fix 'openssl dsaparam -genkey'Richard Levitte2020-06-081-43/+16
| | | | | | | | | | | | Using a parameter EVP_PKEY for key generation with EVP_PKEY routines works a little differently than the raw DSA routines that were used before. While fixing that, clean away all remaining use of the DSA type, which simplifies the code a bit more. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/12048)
* APPS: Remove unnecessary NULL check of uri in load_cert_pass()Richard Levitte2020-06-061-4/+0
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11873)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 07:44:40 +0100