aboutsummaryrefslogtreecommitdiffstats
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* crl: noout is not an output itemTomas Mraz2021-04-291-1/+1
| | | | | | | | Fixes #15034 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15044)
* runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.Pauli2021-04-291-0/+2
| | | | | | | Fixes #15054 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15055)
* Add X509 version constants.David Benjamin2021-04-283-4/+5
| | | | | | | | | | | | | | | The X509 version APIs return the numerical values of the version numbers, which are one off from the names. This is a bit confusing. Where they don't get it wrong (accidentally making an "X509v4" certificate), callers tend to try commenting every call site to explain the mismatch, including in OpenSSL itself. Define constants for these values, so code can be self-documenting and callers are nudged towards the right values. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14549)
* Prefer fetch over legacy get_digestby/get_cipherbyTomas Mraz2021-04-284-87/+65
| | | | | | | Fixes #14198 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15028)
* APPS: Improve diagnostics for string options and options expecting int >= 0Dr. David von Oheimb2021-04-2410-129/+150
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14970)
* APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()Dr. David von Oheimb2021-04-241-2/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14970)
* apps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper free() ↵Dr. David von Oheimb2021-04-223-14/+16
| | | | | | | function Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14971)
* Remove an unused parameterRich Salz2021-04-221-1/+1
| | | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14943)
* Read a REQUEST not RESPONSE in ocsp responderRich Salz2021-04-221-1/+1
| | | | | | | | Fixes: #13904 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14946)
* Force public key to be included unless explicitly excluded with -no_publicWolf2021-04-221-4/+10
| | | | | | | | Send this before the CLA was accepted, amending to re-trigger check. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14947)
* Update copyright yearMatt Caswell2021-04-222-2/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14986)
* Use build.info not file-wide ifndefRich Salz2021-04-212-31/+30
| | | | | | | | | If configured with no-cms, handle it in build.info like the other options. I guess I missed doing this file in PR #11250 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14918)
* apps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failureDr. David von Oheimb2021-04-211-10/+7
| | | | | | | | Fixes #14910 Also slightly improve further error handling of setup_request_ctx(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14929)
* Flip ordering backRich Salz2021-04-201-2/+2
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
* Fetch before get-by-nameRich Salz2021-04-201-2/+2
| | | | | | | | This causes tests to break. Pushing it to help others debug. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
* Fetch and free cipher and md'sRich Salz2021-04-2023-53/+88
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
* PKCS12 etc.: Add hints on using -legacy and -provider-path optionsDr. David von Oheimb2021-04-191-1/+2
| | | | | | | | Fixes #14790 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14891)
* Avoid more MSVC-specific C runtime library functionsTanzinul Islam2021-04-193-3/+3
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13540)
* Build resource filesTanzinul Islam2021-04-191-1/+1
| | | | | | | | | | | | | We need to compile with [brcc32.exe][1] and link with [ilink32.exe][2]. The latter expects the `.res` files to be given in the final comma- separated section in the command line (after the `.def` file). [1]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/BRCC32.EXE,_the_Resource_Compiler [2]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/Using_ILINK32_and_ILINK64_on_the_Command_Line#Command-Line_Elements Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13540)
* Add "origin" field to EVP_CIPHER, EVP_MDRich Salz2021-04-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all three origins. The flag is deliberately right before some function pointers, so that compile-time failures (int/pointer) will occur, as opposed to taking a bit in the existing "flags" field. The "global variable" flag is non-zero, so the default case of using OPENSSL_zalloc (for provider ciphers), will do the right thing. Ref-counting is a no-op for Make up_ref no-op for global MD and CIPHER objects Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add EVP_CIPHER_CTX_get1_CIPHER(). Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common evp_md_free_int() function. Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common evp_cipher_free_int() function. Also change some flags tests to explicit test == or != zero. E.g., if (flags & x) --> if ((flags & x) != 0) if (!(flags & x)) --> if ((flags & x) == 0) Only done for those lines where "get0_cipher" calls were made. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14193)
* apps/cmp.c: Fix TLS hostname checking in case -server provides more than ↵Dr. David von Oheimb2021-04-171-10/+10
| | | | | | | hostname Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14889)
* Fix naming for EVP_RAND_CTX_gettable functions.Pauli2021-04-171-1/+1
| | | | | | | | | | | | | | | Change: EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settable_params Which brings them in line with the other similar functions for other algorithm types. Fixes #14880 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14893)
* Add more negative checks for integers passed to OPENSSL_malloc().Shane Lontis2021-04-161-1/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14830)
* Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_nameTomas Mraz2021-04-151-1/+1
| | | | | | | | | | | | | | | We use type elsewhere and documenting the 'first' in the name of the call is a little bit superfluous making the name too mouthful. Also rename EVP_PKEY_typenames_do_all to EVP_PKEY_type_names_do_all to keep the words separated by underscore. Fixes #14701 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14868)
* apps/cmp: Add generic random state options, e.g., for nonce generationDr. David von Oheimb2021-04-141-9/+18
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14842)
* APPS and TEST: Make sure prog name is set for usage outputDr. David von Oheimb2021-04-142-1/+4
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14841)
* APPS: make apps strict on app_RAND_load() and app_RAND_write() failureDr. David von Oheimb2021-04-1428-32/+75
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14840)
* apps: call ERR_print_errors when OSSL_PROVIDER_load failsPetr Gotthard2021-04-131-0/+1
| | | | | | | | | The ERR_print_errors often displays the reason why the provider couldn't be loaded. Hence it is quite important for debugging. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14818)
* Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free().Shane Lontis2021-04-122-2/+2
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14785)
* apps: fix warning about size_t / int conversionArmin Fuerst2021-04-092-3/+3
| | | | | | | | | | | Windows builds show the following warning: (..\apps\ca.c(2643): warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14453)
* crl2pkcs7 shouldn't include empty optional setsDave Coombs2021-04-091-7/+9
| | | | | | | | | | If using crl2pkcs7 -nocrl and with no -certfiles, we shouldn't include the implicitly tagged [0] certs and [1] crls sets as they are marked optional and would be empty. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14781)
* apps: fix Camellia CBC performance loopPauli2021-04-081-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14786)
* Update copyright yearMatt Caswell2021-04-082-2/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801)
* apps: fix AES CBC performance loopPauli2021-04-081-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14778)
* Fix more certificate related lib_ctx settings.Shane Lontis2021-04-083-7/+8
| | | | | | | | | | | | Fixes #13732 Fix a few places that were not using the '_ex' variants of ASN1_item_sign/verify. Added X509_CRL_new_ex(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14752)
* Remove unnecessary setting SSL_MODE_AUTO_RETRYNan Xiao2021-04-073-4/+0
| | | | | | | | | Since SSL_MODE_AUTO_RETRY is enabled by default, no need to set it explicitly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14742)
* APPS: Replace the use of OBJ_nid2ln() with name or description callsRichard Levitte2021-04-021-6/+58
| | | | | | | | | | | | | | | | With new provided algorithms added, we'd rather rely on the names and descriptions that we get from the providers. Specifically with the 'openssl list' command, we now display the description of all algorithms. For '-public-key-algorithms', we additionally print key type information a bit more like we do for legacy methods. We also add descriptions to all our keymgmt functions, because the built in EVP_PKEY_ASN1_METHODs had them. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14656)
* Avoid going through NID when unnecessaryTomas Mraz2021-04-015-9/+8
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14703)
* doc: fix enc -z option documentationMohamed Akram2021-03-301-1/+1
| | | | | | | | CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14499)
* apps: fix coverity 1474463, 1474465 & 1474467: resource leaksPauli2021-03-301-3/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14716)
* apps: fix coverity 1455340: unchecked return valuePauli2021-03-261-3/+5
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14615)
* apps: fix coverity 1358776, 1451513, 1451519, 1451531 & 1473387: unchecked ↵Pauli2021-03-261-17/+28
| | | | | | | return values Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14615)
* apps: fix coverity 1470781: explicit null dereferencePauli2021-03-261-4/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14618)
* Make fipsinstall -out flag optionalRich Salz2021-03-241-5/+5
| | | | | | | | | | If -out is not specified, send output to stdout. Fix documentation errors. Remove "-out -" from an invocation. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14623)
* apps: fix coverity 1451544: improper use of negative valuePauli2021-03-241-1/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14638)
* apps: fix coverity 271258: improper use of negative valuePauli2021-03-241-3/+5
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14638)
* APPS: fix load_certs_multifile() interpreting backslashesDr. David von Oheimb2021-03-221-5/+1
| | | | | | | Fixes #14622 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14636)
* apps: fix Coverity 1472670 & 1472685: resource leaksPauli2021-03-201-7/+3
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14596)
* apps: fix coverity 966560: division by zeroPauli2021-03-181-1/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14586)
* TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS funcDr. David von Oheimb2021-03-181-3/+3
| | | | | | | Also constify related CMS/PKCS7 functions and improve error codes thrown. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14503)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-29 14:52:31 +0000