aboutsummaryrefslogtreecommitdiffstats
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* apps: update speed to use the additional arguments to MAC_initPauli2021-02-281-9/+5
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
* apps: updates for the new additional MAC_init argumentsPauli2021-02-281-8/+2
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
* apps: update mac to work with additional MAC_init arguments. This doesn't ↵Pauli2021-02-281-3/+4
| | | | | | | include the creation of new 'key' arguments. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
* apps: update fipsinstall to work with additional MAC_init argumentsPauli2021-02-281-1/+1
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
* Don't hold a lock when calling a callback in ossl_namemap_doall_namesMatt Caswell2021-02-251-147/+159
| | | | | | | | | | | | | We don't want to hold a read lock when calling a user supplied callback. That callback could do anything so the risk of a deadlock is high. Instead we collect all the names first inside the read lock, and then subsequently call the user callback outside the read lock. Fixes #14225 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14250)
* speed: Drop deprecated <ALG>_options() callsTomas Mraz2021-02-241-135/+95
| | | | | | | | Also correction of some code format issues. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14228)
* speed: Use EVP for ciphers, cmac, ghash, rsa, dsa, and ecdsaTomas Mraz2021-02-242-1023/+656
| | | | | | | | Fixes #13909 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14228)
* speed: Adapt digests and hmac to always use non-deprecated APIsTomas Mraz2021-02-241-276/+172
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14228)
* speed: Drop code to handle platforms without SIGALRMTomas Mraz2021-02-241-283/+5
| | | | | | | | (except for Windows where a separate thread stops the looping) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14228)
* Fix -pkeyopt handling in apps/pkeyutl -rawinPetr Gotthard2021-02-221-40/+35
| | | | | | | | | | The EVP_DigestSignInit and EVP_DigestVerifyInit actually have to be initialized before EVP_PKEY_CTX_ctrl_str is invoked. Otherwise, when the ctx not initialized, the ctrl command fails. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13828)
* Handle NULL result of ERR_reason_error_string() in some appsDr. David von Oheimb2021-02-223-27/+7
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13920)
* CMP: Fix total_timeout behavior; small doc and diagnostic improvementsDr. David von Oheimb2021-02-191-13/+18
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14019)
* Fix speed sm2 bugChenglong Zhang2021-02-191-8/+8
| | | | | | | | | | Should create PKEY CTX with EVP_PKEY_SM2; each job should have its own sm2_pkey; loopargs[i].sigsize should be set after EVP_DigestSign(). Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14144)
* Don't forget the type of thing we are loadingMatt Caswell2021-02-181-12/+25
| | | | | | | | | | | | | The apps helper function load_key_certs_crls() is a general purpose function for loading different types of objects from a given URI. It sets up an OSSL_STORE and calls OSSL_STORE_expect() so that the store knows what type of thing to expect to load. Unfortunately this wasn't working and was always setting "expect" to 0 - which means "anything". Fixes #13709 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14191)
* Update copyright yearMatt Caswell2021-02-1822-22/+22
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
* apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSRDr. David von Oheimb2021-02-171-26/+28
| | | | | | | | | Also improve doc how the -reqexts option affects the CSR given with the -csr option. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14181)
* apps/ca.c: Make sure ext_ctx structure gets initializedDr. David von Oheimb2021-02-171-4/+7
| | | | | | | | | Fixes #14175 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14181)
* Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEYTomas Mraz2021-02-175-21/+21
| | | | | | | | | | Additional renames done in encoder and decoder implementation to follow the style. Fixes #13622 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14155)
* Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_clientPetr Gotthard2021-02-172-3/+3
| | | | | | | | | | The `openssl s_server` and `openssl s_client` currently ignore the `-propquery` parameter. Fix patch fixes this. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14195)
* passwd.c: use the actual ROUNDS_DEFAULT macroDisconnect3d2021-02-131-1/+1
| | | | | | | | | | | | | | Before this commit, the `ROUNDS_DEFAULT` macro was not used at all, while defined in the source code. Instead, a `unsigned int rounds = 5000;` was set, which uses the same value. This commit changes the `5000` to `ROUNDS_DEFAULT`. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14156)
* Deprecate the libssl level SRP APIsMatt Caswell2021-02-123-9/+15
| | | | | | | | The low level SRP implementation has been deprecated with no replacement. Therefore the libssl level APIs need to be similarly deprecated. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14132)
* Deprecate the low level SRP APIsMatt Caswell2021-02-126-253/+287
| | | | | | | | | The OTC decided that all low level APIs should be deprecated. This extends to SRP, even though at the current time there is no "EVP" interface to it. This could be added in a future release. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14132)
* Allow -rand to be repeatedRich Salz2021-02-121-15/+30
| | | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
* Fetch cipher after loading providersRich Salz2021-02-1212-50/+92
| | | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
* Process digest option after loading providersRich Salz2021-02-1211-36/+68
| | | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
* Load rand state after loading providersRich Salz2021-02-1225-11/+38
| | | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
* Fetch alg, etc., after loading providersRich Salz2021-02-121-34/+42
| | | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
* Fetch algorithm after loading providersRich Salz2021-02-121-19/+19
| | | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
* Simplify the EVP_PKEY_XXX_fromdata_XX methods.Shane Lontis2021-02-081-2/+2
| | | | | | | | | | | | | | | | | | The existing names such as EVP_PKEY_param_fromdata_settable were a bit confusing since the 'param' referred to key params not OSSL_PARAM. To simplify the interface a 'selection' parameter will be passed instead. The changes are: (1) EVP_PKEY_fromdata_init() replaces both EVP_PKEY_key_fromdata_init() and EVP_PKEY_param_fromdata_init(). (2) EVP_PKEY_fromdata() has an additional selection parameter. (3) EVP_PKEY_fromdata_settable() replaces EVP_PKEY_key_fromdata_settable() and EVP_PKEY_param_fromdata_settable(). EVP_PKEY_fromdata_settable() also uses a selection parameter. Fixes #12989 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14076)
* Switch to BIO_snprintf to avoid missing symbol problems on WindowsJon Spillett2021-02-051-1/+1
| | | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14063)
* apps/openssl: add -propquery command line optionPetr Gotthard2021-02-0511-41/+47
| | | | | | | | | | | | | | | | | Fixes #13656. Right now all openssl commands use a NULL propq. This patch adds a possibility to specify a custom propq. The implementation follows the example of set_nameopt/get_nameopt. Various tools had to be modified to call app_get0_propq after it has been populated. Otherwise the -propquery has no effect. The tests then verify the -propquery affects the tool behaviour by requesting a non-existing property. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13707)
* apps/cmp.c: check and exit on engine load errorDr. David von Oheimb2021-02-041-1/+6
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13551)
* apps/ecparam: Avoid crash when parameters fail to loadTomas Mraz2021-02-031-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14043)
* apps/ca: Properly handle certificate expiration times in do_updatedbArmin Fuerst2021-02-031-31/+20
| | | | | | | | | | | | | | Fixes #13944 + changed ASN1_UTCTIME to ASN1_TIME + removed all Y2K code from do_updatedb + changed compare to ASN1_TIME_compare Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14026) (cherry picked from commit dabea5447dc487983a50a40856f731db0db17a8e)
* Update copyright yearRichard Levitte2021-01-2825-25/+25
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
* APPS: Restore inclusionsRichard Levitte2021-01-282-0/+2
| | | | | | | | | | | An '#include <string.h>' was mistakenly removed from apps/ec.c and apps/ecparam.c Fixes #13986 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13989)
* Deprecate EC_KEY + Update ec apps to use EVP_PKEYShane Lontis2021-01-268-304/+304
| | | | | | | | | Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
* CMP: Allow PKCS#10 input also for ir, cr, kur, and rr messagesDr. David von Oheimb2021-01-212-30/+43
| | | | | | | | | Also update documentation regarding sources of certs and keys, improve type of OSSL_CMP_exec_RR_ses(), add tests for CSR-based cert revocation Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13841)
* apps/cmp.c: Check self-signature on CSR input and warn on failureDr. David von Oheimb2021-01-211-0/+8
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13841)
* apps/cmp.c: Improve diagnostics on loading private vs. public key for cert ↵Dr. David von Oheimb2021-01-211-2/+8
| | | | | | | request Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13841)
* apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile optionsDr. David von Oheimb2021-01-202-127/+125
| | | | | | | | | Also prevent copying SKID and AKID extension, which make no sense in CSRs and extend the use -ext to select with extensions are copied. Further simplifiy the overall structure of the code. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
* apps/x509.c: Add -copy_extensions option, used when transforming x509 <-> reqDr. David von Oheimb2021-01-201-10/+52
| | | | | | | | | | | Fixes #3638 Fixes #6481 Fixes #10458 Partly fixes #13708 Supersedes #9449 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
* apps.c: Clean up copy_extensions()Dr. David von Oheimb2021-01-201-13/+13
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
* apps/x509.c: Major code, user guidance, and documentation cleanupDr. David von Oheimb2021-01-201-225/+253
| | | | | | | | This brings the options in help output and doc in reasonable order and fixes various corner cases of option use combinations Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
* apps/x509.c: Take the -signkey arg as default pubkey with -newDr. David von Oheimb2021-01-201-22/+10
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
* apps/genpkey.c: Use PEM_read_bio_Parameters_ex when reading parametersJon Spillett2021-01-201-1/+1
| | | | | | | | Needed to be able to set the libctx and propq. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13894)
* Remove pkey_downgrade from PKCS7 codeShane Lontis2021-01-201-15/+0
| | | | | | | Fixes #12991 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13435)
* apps/req.c: Make sure -verify option takes effect also with -x509Dr. David von Oheimb2021-01-131-2/+2
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
* apps/req.c: Cosmetic improvements of code and documentationDr. David von Oheimb2021-01-131-6/+5
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
* apps/req.c: Add -copy_extensions option for use with -x509; default: noneDr. David von Oheimb2021-01-131-3/+24
| | | | | | | Fixes #13708 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-18 07:50:39 +0000