summaryrefslogtreecommitdiffstats
path: root/apps (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* HMAC doesn't work with a default digestDmitry Belyavskiy2021-05-211-0/+2
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15371)
* apps: Cleanup useless bio_open_default() calls for key inputTomas Mraz2021-05-213-15/+3
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15331)
* apps/cms: Clean up order of options in help output and documentationDr. David von Oheimb2021-05-201-143/+156
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15126)
* APPS: Allow duplicate entries in options list, marking them OPT_DUPDr. David von Oheimb2021-05-202-3/+9
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15126)
* APPS: Allow non-option parameters appear anywhere in list, marking them ↵Dr. David von Oheimb2021-05-202-2/+11
| | | | | | | OPT_PARAM Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15126)
* VMS: Copy __DECC_INCLUDE_{PROLOGUE,EPILOGUE}.H to more placesRichard Levitte2021-05-202-0/+48
| | | | | | | | | | Every inclusion directory related to a library we build need these two files. That signals to any other module using anything from these libraries what to expect in terms of case sensitivity as well as how long symbol names are dealt with. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15341)
* DOC: Fix nits found by new check on SYNOPSIS and OPTIONS consistencyDr. David von Oheimb2021-05-203-11/+11
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15299)
* CMP test server: move apps/{,lib/}cmp_mock_srv.c and ↵Dr. David von Oheimb2021-05-203-1/+1
| | | | | | | apps/{,include/}cmp_mock_srv.h Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15343)
* apps/cmp.c: Move CMP server code portion to separate functionDr. David von Oheimb2021-05-201-71/+79
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15343)
* Update copyright yearMatt Caswell2021-05-203-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381)
* app: add a -store_loaders option to list.Pauli2021-05-201-1/+64
| | | | | | | | Fixes #15307 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15323)
* Complete 'no-sock' guards in apps/ocsp.cRichard Levitte2021-05-201-0/+8
| | | | | | | Modern compilers complain about variable being set but otherwise not used. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15339)
* Make apps/progs.pl not look at apps/progs.cRichard Levitte2021-05-192-3/+9
| | | | | | | | | | | | | | apps/progs.pl will have apps/progs.c as output, and on some systems, the output file of a program is locked against reading. Unfortunately, apps/progs.c is also part of the sources that make up apps/openssl, so it's necessary to mark that file in a way that makes progs.pl skip over it. Fortunately, this is easily done with a special attribute in apps/build.info and a simple adaptation of apps/progs.pl. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15332)
* apps/list: Remove obsolete -missing-help optionDr. David von Oheimb2021-05-191-28/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15329)
* Tweak apps/build.info for VMSRichard Levitte2021-05-191-2/+2
| | | | | | | A bit of quoting is all that's needed, and it doesn't hurt other platforms. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15317)
* apps/cms.c: Simplify make_receipt_request() and load_content_info(()Dr. David von Oheimb2021-05-191-36/+27
| | | | | | | Also improve adherence to code formatting rules. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)
* apps/cms.c: Make -sign and -verify handle binary inputDr. David von Oheimb2021-05-191-13/+42
| | | | | | | Fixes #8940 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)
* Move ossl_sleep() to e_os.h and use it in appsDr. David von Oheimb2021-05-183-10/+6
| | | | | | | | Fixes #15304 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15308)
* DOC: Fix nits found by improved find-doc-nits -cDr. David von Oheimb2021-05-181-2/+2
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15298)
* find-doc-nits: Make -c option (cmd-nits) independent of app build and executionDr. David von Oheimb2021-05-183-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15298)
* apps/s_server: Add -proxy and -no_proxy optionsDr. David von Oheimb2021-05-181-1/+22
| | | | | | | Strongly related to feature request #6965 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15245)
* apps/ocsp: Add -proxy and -no_proxy optionsDr. David von Oheimb2021-05-183-17/+32
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15245)
* Add -quiet flag to genpkeyRich Salz2021-05-181-8/+20
| | | | | | | | | Picking up late suggestions to PR #6909 by Philip Prindeville <philipp@redfish-solutions.com>. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15249)
* apps: use else if when checking for headers in the http server codePauli2021-05-181-1/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)
* apps: clean up the http server codePauli2021-05-181-23/+20
| | | | | | | | | | Clean up some of the null checking in the http server code. This also "fixes" the false positive from coverity CID 1484883. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)
* Add SSL_OP_ALLOW_CLIENT_RENEGOTIATIONRich Salz2021-05-174-8/+20
| | | | | | | | | | | | | | | | | | | Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app, the config code, and the documentation. Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to always enable it, but there are so many tests so this is the easiest thing to do. Add a test where client tries to renegotiate and it fails as expected. Add a test where server tries to renegotiate and it succeeds. The second test is supported by a new flag, -immediate_renegotiation, which is ignored on the client. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15184)
* APPS: Make the cmp Mock server output the accept address and portRichard Levitte2021-05-163-30/+46
| | | | | | | Fixes #14694 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15281)
* Add OSSL_ prefix to HTTP_DEFAULT_MAX_{LINE_LENGTH,RESP_LEN}Dr. David von Oheimb2021-05-141-2/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* http_client.c: Rename internal fields and functions for consistencyDr. David von Oheimb2021-05-141-0/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* HTTP client API: Generalize to arbitrary request and response contentsDr. David von Oheimb2021-05-143-1/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* HTTP: Implement persistent connections (keep-alive)Dr. David von Oheimb2021-05-144-35/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Both at API and at CLI level (for the CMP app only, so far) there is a new parameter/option: keep_alive. * 0 means HTTP connections are not kept open after receiving a response, which is the default behavior for HTTP 1.0. * 1 means that persistent connections are requested. * 2 means that persistent connections are required, i.e., in case the server does not grant them an error occurs. For the CMP app the default value is 1, which means preferring to keep the connection open. For all other internal uses of the HTTP client (fetching an OCSP response, a cert, or a CRL) it does not matter because these operations just take one round trip. If the client application requested or required a persistent connection and this was granted by the server, it can keep the OSSL_HTTP_REQ_CTX * as long as it wants to send further requests and OSSL_HTTP_is_alive() returns nonzero, else it should call OSSL_HTTP_REQ_CTX_free() or OSSL_HTTP_close(). In case the client application keeps the OSSL_HTTP_REQ_CTX * but the connection then dies for any reason at the server side, it will notice this obtaining an I/O error when trying to send the next request. This requires extending the HTTP header parsing and rearranging the high-level HTTP client API. In particular: * Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(), OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close(). * Split the timeout functionality accordingly and improve default behavior. * Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected(). * Extend struct ossl_http_req_ctx_st accordingly. Use the new feature for the CMP client, which requires extending related transaction management of CMP client and test server. Update the documentation and extend the tests accordingly. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* CMP test server: Extend error reporting on cert rejected for revocationDr. David von Oheimb2021-05-141-1/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* HTTP test server: Improve connection management and loggingDr. David von Oheimb2021-05-143-28/+54
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* apps: improve hygeine for SET_EXPECT macroBenjamin Kaduk2021-05-121-8/+8
| | | | | | | | | | Wrap all parameters in parentheses in the expansion, make explicit the use of the 'expect' input, wrap the whole expression in parentheses, and remove duplicate semicolon. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15203)
* HTTP client: Minimal changes that include the improved APIDr. David von Oheimb2021-05-121-10/+23
| | | | | | | | | | | | | | | | | | | | This is a minimal version of pull request #15053 including all the proposed improvements to the HTTP client API and its documentation but only those code adaptations strictly needed for it. The proposed new features include * support for persistent connections (keep-alive), * generalization to arbitrary request and response types, and * support for streaming BIOs for request and response data. The related API changes include: * Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(), OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close(). * Split the timeout functionality accordingly and improve default behavior. * Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15147)
* apps: make list -help not continue with listingPauli2021-05-121-1/+1
| | | | | | | | All the commands return after printing their help. List doesn't. This brings them in line. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15211)
* apps: change list command to only list fetchable algorithms.Pauli2021-05-121-41/+101
| | | | | | | | | | | | The -propquery option will work with this change. By default the output will be the same. Also address some inconsistencies in the code with respects to error checking. Fixes #15196 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15211)
* coverity: fix 1484540 resource leakPauli2021-05-121-1/+2
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15208)
* coverity: fix 1484539 resource leakPauli2021-05-121-1/+2
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15208)
* Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC ↵Dr. David von Oheimb2021-05-081-29/+6
| | | | | | | | | | | | | | functions This helps compensating for deprecated functions such as HMAC() and reduces clutter in the crypto lib, apps, and tests. Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c. and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod Partially fixes #14628. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14664)
* apps/mac: Add digest and cipher command line optionsPauli2021-05-081-0/+37
| | | | | | | | Add -cipher and -digest as short forms of -macopt cipher: and -macopt digest: respectively. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15189)
* apps/mac: avoid need for two ^D when using stdin from a terminalPauli2021-05-081-1/+2
| | | | | | | Fixes #13246 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15189)
* apps: remove initial newline from mac outputPauli2021-05-081-2/+0
| | | | | | | Fixes #13247 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15189)
* apps: add mac, cipher and digest arguments to the kdf applet.Pauli2021-05-081-0/+44
| | | | | | | | This adds -digest, -mac and -cipher which correspond to -kdfopt digest: and -kdfopt mac: and -kdfopt cipher: respectively. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15190)
* Update copyright yearMatt Caswell2021-05-0610-10/+10
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15181)
* Make the -inform option to be respected if possibleTomas Mraz2021-05-0627-95/+134
| | | | | | | | | | | | | | | | Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
* change salt handling, way 1EasySec2021-05-061-33/+41
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4486)
* APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macroDr. David von Oheimb2021-05-0552-51/+57
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
* APPS: Slightly extend and improve documentation of the opt_ APIDr. David von Oheimb2021-05-055-45/+43
| | | | | | | Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
* Fetch cipher-wrap after loading providers.Rich Salz2021-05-051-14/+7
| | | | | | | | Use official (first) names for wrapping algorithms. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14182)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-14 04:25:46 +0100