aboutsummaryrefslogtreecommitdiffstats
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* Check for the presence of _WIN32 rather than its value.Richard Levitte2017-02-231-2/+2
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2727)
* In apps/rehash.c, decorate the inclusion of internal/o_dir.h for VMSRichard Levitte2017-02-231-0/+16
| | | | | | | | | | | | | | | | | The library files are built with symbol names as is, while the application is built with the default uppercase-all-symbols mode. That's fine for public APIs, because we have __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H automatically telling the compiler how to treat the public header files. However, we don't have the same setup for internal library APIs, since they are usually only used by the libraries. Because apps/rehash.c uses a library internal header file, we have to surround that inclusion with the same kind of pragmas found in __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, or we get unresolved symbols when building no-shared. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2725)
* On VMS, massage the fetch file names to remove the generation numberRichard Levitte2017-02-231-0/+19
| | | | | | | | | | The generation number is ';nnn' at the end of the file name fetched with readdir(). Because rehash checks for specific extensions and doesn't expect an additional generation number, the easiest is to massage the received file name early by simply removing the generation number. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2717)
* Let the output from 'openssl enc -ciphers' go to stdoutRichard Levitte2017-02-231-3/+4
| | | | | | Also, don't exit with an error code Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2716)
* Make "openssl rehash" work on VMS 8.3 and upRichard Levitte2017-02-221-2/+16
| | | | | | | | A spelling error prevented it from building correctly. Furthermore, we need to be more careful when to add a / at the end of the dirname and when not. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2706)
* apps/req.c: flag "-new" is implied by "-precert"Rob Percival2017-02-222-5/+4
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
* Change CA.pl flag from --newprecert to --precertRob Percival2017-02-221-1/+1
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
* Adds a "-precert" flag to "openssl req" for creating pre-certificatesRob Percival2017-02-222-1/+19
| | | | | | | This makes it a little easier to create a pre-certificate. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
* Fix some more memory leaks with TXT_DB_insert.Bernd Edlinger2017-02-212-8/+12
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2684)
* Fix a few memleaks in TXT_DB.Bernd Edlinger2017-02-211-5/+7
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2684)
* Provided support for the -nameopt flag in s_client, s_server and s_timeDmitry Belyavskiy2017-02-215-7/+30
| | | | | | | commands. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2695)
* Implementation of the ARIA cipher as described in RFC 5794.Pauli2017-02-211-1/+4
| | | | | | | | | | | | | | This implementation is written in endian agnostic C code. No attempt at providing machine specific assembly code has been made. This implementation expands the evptests by including the test cases from RFC 5794 and ARIA official site rather than providing an individual test case. Support for ARIA has been integrated into the command line applications, but not TLS. Implemented modes are CBC, CFB1, CFB8, CFB128, CTR, ECB and OFB128. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2337)
* Added '-nameopt' option to the verify command.Dmitry Belyavskiy2017-02-201-3/+14
| | | | | | | | It makes possible to print the certificate's DN correctly in case of verification errors. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2656)
* Updates following review feedbackMatt Caswell2017-02-171-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
* Add the ability for s_client to send a KeyUpdate messageMatt Caswell2017-02-171-1/+11
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
* Add a capability to s_server to send KeyUpdate messagesMatt Caswell2017-02-171-0/+14
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
* Change req_check_len error message, it also accepts 20 bytes, but states ↵lrns2017-02-161-1/+1
| | | | | | | 'less than' in the error message Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2648)
* Handle negative reply for NNTP STARTTLS in s_clientRobert Scheck2017-02-151-4/+14
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2629)
* Add Sieve support (RFC 5804) to s_client ("-starttls sieve")Robert Scheck2017-02-144-13/+81
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2300)
* Make -xcert work again.Dr. Stephen Henson2017-02-141-0/+1
| | | | | | When a certificate is prepended update the list pointer. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2628)
* mem leak on error path and error propagation fixYuchi2017-02-141-1/+7
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2559)
* speed.c: simplify aggregation of ecdh --multi resultsCristian Stoica2017-02-101-7/+3
| | | | | | | | | CLA: trivial Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> Reviewed-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1377)
* speed.c: simplify aggregation of ecdsa --multi resultsCristian Stoica2017-02-101-12/+6
| | | | | | | | | CLA: trivial Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> Reviewed-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1377)
* speed.c: simplify aggregation of dsa --multi resultsCristian Stoica2017-02-101-12/+6
| | | | | | | | | CLA: trivial Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> Reviewed-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1377)
* speed.c: simplify aggregation of rsa --multi resultsCristian Stoica2017-02-101-12/+6
| | | | | | | | | CLA: trivial Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> Reviewed-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1377)
* SSL_get_shared_sigalgs: handle negative idx parameterPeter Wu2017-02-091-1/+1
| | | | | | | | | | | | | | When idx is negative (as is the case with do_print_sigalgs in apps/s_cb.c), AddressSanitizer complains about a buffer overflow (read). Even if the pointer is not dereferenced, this is undefined behavior. Change the user not to use "-1" as index since the function is documented to return 0 on out-of-range values. Tested with `openssl s_server` and `curl -k https://localhost:4433`. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2349)
* apps: Add support for writing a keylog filePeter Wu2017-02-074-0/+68
| | | | | | | | | | The server and client demos (s_client and s_server) are extended with a -keylogfile option. This is similar as setting the SSLKEYLOGFILE environment variable for NSS and creates a keylog file which is suitable for Wireshark. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2343)
* Remove unused variablePauli2017-02-071-3/+0
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2566)
* Fix parsing of serial# in reqRich Salz2017-02-061-1/+1
| | | | | | Reported by Jakub Wilk. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2556)
* Add NNTP support (RFC 4642) to s_client ("-starttls nntp")Robert Scheck2017-02-031-1/+30
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2310)
* fix style issuesDr. Stephen Henson2017-01-301-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
* Add SSL_get_peer_signature_type_nid() function.Dr. Stephen Henson2017-01-301-11/+28
| | | | | | | | Add function to retrieve signature type: in the case of RSA keys the signature type can be EVP_PKEY_RSA or EVP_PKEY_RSA_PSS. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
* More complete PSS support.Dr. Stephen Henson2017-01-301-0/+2
| | | | | | | | | | | Extend support for PSS key signatures by using the EVP_PKEY_RSA_PSS type to distinguish them from PKCS1 signature types. Allow setting of PSS signature algorithms using the string "PSS" or "RSA-PSS". Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
* Miscellaneous style tweaks based on feedback receivedMatt Caswell2017-01-301-3/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
* Update the s_client -sess_out feature to work for TLSv1.3Matt Caswell2017-01-301-10/+31
| | | | | | | | | Previously "-sess_out" wrote out the session as soon as the handshake finished. In TLSv1.3 this won't work because the NewSessionTicket message arrives post-handshake. Instead we use the session callback mechanism to do this. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
* Fix a few double ;FdaSilvaYY2017-01-251-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
* Fix some style and indent issueFdaSilvaYY2017-01-251-21/+16
| | | | | | | simplify some code. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
* Fix some extra or missing whitespaces...FdaSilvaYY2017-01-253-3/+3
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
* s_client: Better response success check for CONNECTRichard Levitte2017-01-251-10/+30
| | | | | | | | | Instead of looking for "200" and "established" (and failing all other 2xx responses or "Established"), let's look for a line that's not a header (i.e. doesn't contain a ':') and where the first space is followed by a '2'. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1664)
* Cleanup EVP_CIPH/EP_CTRL duplicate definesTodd Short2017-01-241-2/+0
| | | | | | | | | | | Remove duplicate defines from EVP source files. Most of them were in evp.h, which is always included. Add new ones evp_int.h EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK is now always defined in evp.h, so remove conditionals on it Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2201)
* Fix use before assignmentFdaSilvaYY2017-01-231-5/+4
| | | | | | | it was getting the SerialNumber of a previous cert. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2272)
* 'openssl passwd' command can now compute AIX MD5-based passwords hashes.Gaétan Njinang2017-01-211-16/+38
| | | | | | | | | | | | | The difference between the AIX MD5 password algorithm and the standard MD5 password algorithm is that in AIX there is no magic string while in the standard MD5 password algorithm the magic string is "$1$" Documentation of '-aixmd5' option of 'openssl passwd' command is added. 1 test is added in test/recipes/20-test-passwd.t Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2251)
* Fix list -disabled for blake2 algEasySec2017-01-171-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2241)
* Enable apps to get a UI_METHOD for the default prompterRichard Levitte2017-01-112-0/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2204)
* print errors in pkey utilityDr. Stephen Henson2017-01-081-0/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2177)
* Make sure that password_callback exercises UIRichard Levitte2016-12-081-17/+11
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2040)
* Fix some style issues with TLSv1.3 state machine PRMatt Caswell2016-11-231-0/+4
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix some style issues identified during reviewMatt Caswell2016-11-231-4/+4
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add an s_server capability to read an OCSP Response from a fileMatt Caswell2016-11-231-31/+80
| | | | | | | | | | Current s_server can only get an OCSP Response from an OCSP responder. This provides the capability to instead get the OCSP Response from a DER encoded file. This should make testing of OCSP easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Avoid warnings like unused enum value (as suggested by Rich Salz)Robert Scheck2016-11-181-6/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1945)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-29 05:06:03 +0000