aboutsummaryrefslogtreecommitdiffstats
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* Fix typos in s_clientMatt Caswell2023-06-301-16/+0
| | | | | | | | | | | | | There was some typos of OPENSS_NO_QUIC (should be OPENSSL_NO_QUIC) in s_client Fixes #21291 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21293)
* openssl speed -multi -evp prints wrong algorithm nameJörg Sommer2023-06-281-2/+12
| | | | | | | | | | | | When running `openssl speed -evp md5` the result shows `md5` as algorithm name. But when adding the option `-multi 2` it gives `evp` as algorithm name. Signed-off-by: Jörg Sommer <joerg@jo-so.de> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21216)
* Don't truncate the input when decrypting in pkeyutlMatt Caswell2023-06-262-2/+3
| | | | | | | | | | | The pkeyutl app was truncating the input file for decryption leading to incorrect results. This was probably ok historically when RSA was being used for decryption which has short maximum sizes. This is not ok with SM2. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21272)
* Remove restriction to only cross-sign self-signed certificatesYannik Sembritzki2023-06-201-10/+3
| | | | | | | | | CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21137)
* Fix new typos found by codespellDimitri Papadopoulos2023-06-181-1/+1
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21210)
* apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"Richard Levitte2023-06-151-3/+8
| | | | | | | | | | EVP_PKEY_get_default_digest_name() may return 1 with the returned digest name "UNDEF". This case hasn't been documented, and the meaning has been left undefined, until now. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20460)
* Fix typos found by codespellDimitri Papadopoulos2023-06-151-2/+2
| | | | | | | | Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20910)
* configure: introduce no-ecx to remove ECX related featureYi Li2023-06-142-1/+38
| | | | | | | | | | | This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20781)
* Coverity 1528486: Avoid assignment of unused value of bagsTomas Mraz2023-06-101-3/+3
| | | | It is used only within the loop and always initialized
* Coverity 1528490: Avoid assignment of unused value of iTomas Mraz2023-06-101-5/+2
| | | | It is used only within the loop and initialized at the beginning
* Cast the argument to unsigned char when calling isspace()Michael Baentsch2023-06-093-6/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21151)
* apps/asn1parse: improve RFC7462 complianceDr. Matthias St. Pierre2023-06-092-12/+29
| | | | | | | | | | | | | | | | | | | | | | | The asn1parse command now supports three different input formats: openssl asn1parse -inform PEM|DER|B64 PEM: base64 encoded data enclosed by PEM markers (RFC7462) DER: der encoded binary data B64: raw base64 encoded data The PEM input format is the default format. It is equivalent to the former `-strictpem` option which is now marked obsolete and kept for backward compatibility only. The B64 is equivalent to the former default input format of the asn1parse command (without `-strictpem`) Fixes #7317 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7320)
* apps/opt: refactor input format parsingDr. Matthias St. Pierre2023-06-092-29/+47
| | | | | | | | | - split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER - add OPT_FMT_B64 option (`-inform b64`) Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7320)
* Cast the argument to unsigned char when calling isdigit()Michael Baentsch2023-06-061-1/+1
| | | | | | | | | Fixes #21123 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21127)
* allow to disable httpVladimír Kotal2023-06-063-34/+43
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21108)
* Remove pointless warning on pkcs12 importDmitry Belyavskiy2023-06-031-1/+1
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21107)
* cmp_mock_srv.c: improve comment on cert to be produced from request templateDr. David von Oheimb2023-06-011-1/+1
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
* apps.c: add comment to do_X509_sign() referring to question #19805Dr. David von Oheimb2023-06-011-0/+1
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
* apps/cmp.c: make management of http_cb_arg pointer more robustDr. David von Oheimb2023-06-011-0/+2
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
* apps/cmp.c: improve warnings on option useDr. David von Oheimb2023-06-011-3/+13
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
* CMP: add support for genm/genp messages with id-it-caCertsDr. David von Oheimb2023-06-012-30/+82
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19231)
* QUIC: Rename SSL_tick etc. in s_clientHugo Landau2023-05-291-19/+9
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20879)
* Fix a bug where the result of rehash is unstableminyong.ha2023-05-251-1/+6
| | | | | | | | | | The root cause is that the file entries targeted for rehash are not actually sorted. Sort was skipped because the compare function was null. So a compare function has been implemented to allow file entries to be sorted. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21013)
* APPS: replace awkward and error-prone pattern by calls to new ↵Dr. David von Oheimb2023-05-254-24/+25
| | | | | | | | | app_conf_try_number() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
* APPS: replace awkward and error-prone pattern by calls to new ↵Dr. David von Oheimb2023-05-259-154/+86
| | | | | | | | | app_conf_try_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
* APPS/ca: remove spurious errors when certain config file entries are not ↵Dr. David von Oheimb2023-05-251-11/+22
| | | | | | | | | provided Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
* pkcs12: Fix macsaltlen parameter typeMarco Abbadini2023-05-181-1/+1
| | | | | | | | | | | | It expects an integer so change it from non-argument type to positive integer type. Fixes #20969 CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20979)
* Add support for --version and synonymsMarc Brooks2023-05-181-6/+16
| | | | | | | | | | Just like --help is explicitly supported, we should support --version. This will greatly ease people adopting openssl. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20936)
* CMP client: fix error response on -csr without private key, also in docsDr. David von Oheimb2023-05-121-2/+17
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
* apps/openssl.cnf: fix reference to insta.ca.crtDr. David von Oheimb2023-05-122-4/+4
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
* restrict rsaBITS algorithm name check in speedMichael Baentsch2023-05-111-13/+19
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20898)
* CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFODr. David von Oheimb2023-05-101-3/+9
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034)
* CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port)Dr. David von Oheimb2023-05-102-3/+7
| | | | | | | | | Fixes #20031 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034)
* Don't attempt a QUIC connection without specifying ALPNMatt Caswell2023-05-081-0/+4
| | | | | | | | | ALPN is required for a successful QUIC connection, so do not allow the -quic option for s_client without -alpn Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20580)
* Add the ability to send FIN on a QUIC stream from s_clientMatt Caswell2023-05-081-4/+25
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20580)
* Add QUIC support to s_clientMatt Caswell2023-05-083-30/+125
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20580)
* feature: openssl req -verify output to stderr instead of stdout #20728Rajarshi Karmakar2023-05-041-1/+1
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20858)
* apps: silent warning when loading CSR files with vfyopt optionTianjia Zhang2023-05-036-9/+12
| | | | | | | | | | | | | | | | | When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear: Warning: CSR self-signature does not match the contents This happens especially when the SM2 algorithm is used and the distid parameter is added. Pass the vfyopts parameter to the do_X509_REQ_verify() function to eliminate the warning message. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20799)
* speed.c: remove unused num print_message argsReinhard Urban2023-05-031-95/+44
| | | | | | | | | | these num args went unused with the removal of the ifndef SIGALRM branches, commit ee1d7f1d25ef24f111f13dc742474cd9c39c2753 Feb 2021 PR #14228 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20795)
* APPS/cmp: prevent HTTP client failure on -rspin option with too few filenamesDr. David von Oheimb2023-04-281-22/+47
| | | | | | | | | | | | | | The logic for handling inconsistent use of -rspin etc., -port, -server, and -use_mock_srv options proved faulty. This is fixed here, updating and correcting also the documentation and diagnostics of the involved options. In particular, the case that -rspin (or -rspout. reqin, -reqout) does not provide enough message file names was not properly described and handled. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20295)
* APPS: make sure the -CAfile argument can be in DER formatDr. David von Oheimb2023-04-271-2/+6
| | | | | | | | Note that PKCS#12 input is still not supported here- Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18917)
* apps/smime: Point out that the six operations are mutually exclusive and add ↵Dr. David von Oheimb2023-04-271-8/+40
| | | | | | | | check Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18917)
* apps/ocsp: Tweak some places to make clear they refer to *lists* of certsDr. David von Oheimb2023-04-271-6/+6
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18917)
* Replace use of strstr with strchrMatt Caswell2023-04-241-3/+3
| | | | | | | | It is better to use strchr where we are looking for a single character. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20788)
* Coverity 1524619: unexpected control flowMatt Caswell2023-04-241-2/+3
| | | | | | | | | Using "continue" in a do...while(0) loop is pointless. The original intent was that the loop would continue to a second iteration in this case. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20788)
* fipsinstall: add -pedantic optionPauli2023-04-201-39/+64
| | | | | | | | | | This adds a -pedantic option to fipsinstall that adjusts the various settings to ensure strict FIPS compliance rather than backwards compatibility. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20752)
* crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210Dr. David von Oheimb2023-04-181-12/+5
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20298)
* List also non-fetchable hashes in openssl dgst -listGauriSpears2023-04-141-2/+5
| | | | | | | | CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20651)
* Provider-based KEM and SIG alg speed testing addedMichael Baentsch2023-03-311-27/+895
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19968)
* Add a new advanced command mode to s_clientMatt Caswell2023-03-301-36/+329
| | | | | | | | | | | | | | | | | | | | | | | | | The s_client command mode just looks at the first letter on a line and if it is one that maps to a "command" then that command is executed and everything else on the line is ignored. This means it is impossible to send anything over s_client that starts with one of the "magic" letters unless you switch off command processing entirely. With the forthcoming quic support that will be added to s_client we expect a significant new number of commands being added (for example to send fin on a stream, or to list or swap between different streams, etc). This will use up more "letters" and reduces the usability of s_client. This PR adds a new "advanced" command processing mode. Commands are enclosed in braces {}, and can appear anywhere in the text typed into s_client. A brace can be escaped by sending a double {{. This gives much more flexibility without reducing the usability of s_client. Commands can also have "arguments" which also extends the scope of what they can be used for. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20566)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-16 03:00:56 +0000