aboutsummaryrefslogtreecommitdiffstats
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* Copyright year updatesMatt Caswell2023-09-0738-38/+38
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
* Per other commands, make progress dots in req only w/ -verbosePhilip Prindeville2023-09-061-3/+10
| | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21937)
* apps/cmp.c: fix bug not allowing to reset -csr and -serial option valuesDr. David von Oheimb2023-09-051-2/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659)
* apps.c: improve warning texts of parse_name() when skipping RDN inputDr. David von Oheimb2023-09-051-3/+4
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659)
* apps.c: fix error messages (newline and needless text) in load_key_certs_crls()Dr. David von Oheimb2023-09-051-5/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659)
* Added 'saltlen' option to the OpenSSL enc command line app.slontis2023-09-041-8/+20
| | | | | | | | | | | This allows PBKDF2 to change the saltlen to something other than the new default value of 16. Previously this app hardwired the salt length to a maximum of 8 bytes. Non PBKDF2 mode uses EVP_BytesToKey() internally, which is documented to only allow 8 bytes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21858)
* Added a 'saltlen' option to the openssl pkcs8 command line app.slontis2023-09-041-5/+15
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21858)
* Changed the default value of the "ess_cert_id_alg" optionolszomal2023-08-252-4/+4
| | | | | | | | | | This is used to calculate the TSA's public key certificate identifier. The default algorithm is changed from sha1 to sha256. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21794)
* QUIC: Rename SSL_set_initial_peer_addr to SSL_set1_initial_peer_addrHugo Landau2023-08-241-1/+1
| | | | | | | | Fixes #21701 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21814)
* apps/spkac.c: Check result of ASN1_STRING_set()Tomas Mraz2023-08-181-3/+4
| | | | | | | | Fixes Coverity 1027256 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21755)
* http_server.c: allow clients to connect with IPv6Dr. David von Oheimb2023-08-151-1/+3
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21033)
* speed: Unify output messages regarding number of ops per timeIngo Franzki2023-08-011-19/+19
| | | | | | | | | | | Always report "<algo> ops in <time>", instead of "<algo>'s in <time>" or similar. Avoid the use of apostrophes and/or plural with algorithm names. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21383)
* speed: Also measure RSA encrypt/decrypt, not only RSA sign/verifyIngo Franzki2023-08-011-27/+147
| | | | | | | | | | | | While RSA encrypt/decrypt and sign/verify are basically the same mod-expo operations, the speed of the operation may still differ, due to different padding, as well as the use of implicit rejection for RSA decrypt. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21383)
* Correct spelling of databaseFatih Arslan Tugay2023-07-271-5/+5
| | | | | | | | | | | | | Apply normal sentence case to db update message CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21535)
* speed: Fix execution of EdDSA measurementIngo Franzki2023-07-211-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Running 'openssl speed eddsa' fails with Doing 253 bits sign Ed25519 ops for 10s: EdDSA sign failure 000003FF9306C7D0:error:030000BC:digital envelope routines:EVP_DigestSign: final error:crypto/evp/m_sigver.c:585: -1 253 bits Ed25519 sign ops in 0.00s Doing 253 bits verify Ed25519 ops for 10s: EdDSA verify failure 000003FF9306C7D0:error:030000BC:digital envelope routines:EVP_DigestVerify: final error:crypto/evp/m_sigver.c:694: -1 253 bits Ed25519 verify ops in 0.00s This is because the EVP_DigestSign/Verify() calls in the EdDSA_sign/verify_loop() fail because the context has already been finalized by the previous EVP_DigestSign/Verify call during the EdDSA signature test done by speed_main(). This happens since commit 3fc2b7d6b8f961144905330dfd4689f5bd515199 where the EVP_DigestSign/Verify() functions have been changed to set a flag that the context has been finalized. Fix this by re-initializing the context using EVP_DigestSign/Verify() in the EdDSA_sign/verify_loop(). Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21491)
* speed: Fix memory leakIngo Franzki2023-07-211-0/+6
| | | | | | | | | | | | Free the signature stack after iterating over all found signatures. Free the kem and signature stacks at the end of speed_main() if not NULL. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21491)
* apps/cms.c: Fix unreachable code in cms_main()atishkov2023-07-191-13/+10
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21474)
* Fix typos found by codespellDimitri Papadopoulos2023-07-182-3/+3
| | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21467)
* CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdateDr. David von Oheimb2023-07-173-99/+213
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
* rename OSSL_CMP_get{,1}_caCerts and improve OSSL_CMP_exec_certreq.podDr. David von Oheimb2023-07-171-1/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
* APPS load_key_certs_crls(): improve error string macro FAIL_NAMEDr. David von Oheimb2023-07-171-4/+4
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
* CMP: support specifying certificate to be revoked via issuer and serial numberRajeev Ranjan2023-07-101-27/+63
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21116)
* Fix typos in s_clientMatt Caswell2023-06-301-16/+0
| | | | | | | | | | | | | There was some typos of OPENSS_NO_QUIC (should be OPENSSL_NO_QUIC) in s_client Fixes #21291 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21293)
* openssl speed -multi -evp prints wrong algorithm nameJörg Sommer2023-06-281-2/+12
| | | | | | | | | | | | When running `openssl speed -evp md5` the result shows `md5` as algorithm name. But when adding the option `-multi 2` it gives `evp` as algorithm name. Signed-off-by: Jörg Sommer <joerg@jo-so.de> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21216)
* Don't truncate the input when decrypting in pkeyutlMatt Caswell2023-06-262-2/+3
| | | | | | | | | | | The pkeyutl app was truncating the input file for decryption leading to incorrect results. This was probably ok historically when RSA was being used for decryption which has short maximum sizes. This is not ok with SM2. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21272)
* Remove restriction to only cross-sign self-signed certificatesYannik Sembritzki2023-06-201-10/+3
| | | | | | | | | CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21137)
* Fix new typos found by codespellDimitri Papadopoulos2023-06-181-1/+1
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21210)
* apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"Richard Levitte2023-06-151-3/+8
| | | | | | | | | | EVP_PKEY_get_default_digest_name() may return 1 with the returned digest name "UNDEF". This case hasn't been documented, and the meaning has been left undefined, until now. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20460)
* Fix typos found by codespellDimitri Papadopoulos2023-06-151-2/+2
| | | | | | | | Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20910)
* configure: introduce no-ecx to remove ECX related featureYi Li2023-06-142-1/+38
| | | | | | | | | | | This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20781)
* Coverity 1528486: Avoid assignment of unused value of bagsTomas Mraz2023-06-101-3/+3
| | | | It is used only within the loop and always initialized
* Coverity 1528490: Avoid assignment of unused value of iTomas Mraz2023-06-101-5/+2
| | | | It is used only within the loop and initialized at the beginning
* Cast the argument to unsigned char when calling isspace()Michael Baentsch2023-06-093-6/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21151)
* apps/asn1parse: improve RFC7462 complianceDr. Matthias St. Pierre2023-06-092-12/+29
| | | | | | | | | | | | | | | | | | | | | | | The asn1parse command now supports three different input formats: openssl asn1parse -inform PEM|DER|B64 PEM: base64 encoded data enclosed by PEM markers (RFC7462) DER: der encoded binary data B64: raw base64 encoded data The PEM input format is the default format. It is equivalent to the former `-strictpem` option which is now marked obsolete and kept for backward compatibility only. The B64 is equivalent to the former default input format of the asn1parse command (without `-strictpem`) Fixes #7317 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7320)
* apps/opt: refactor input format parsingDr. Matthias St. Pierre2023-06-092-29/+47
| | | | | | | | | - split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER - add OPT_FMT_B64 option (`-inform b64`) Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7320)
* Cast the argument to unsigned char when calling isdigit()Michael Baentsch2023-06-061-1/+1
| | | | | | | | | Fixes #21123 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21127)
* allow to disable httpVladimír Kotal2023-06-063-34/+43
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21108)
* Remove pointless warning on pkcs12 importDmitry Belyavskiy2023-06-031-1/+1
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21107)
* cmp_mock_srv.c: improve comment on cert to be produced from request templateDr. David von Oheimb2023-06-011-1/+1
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
* apps.c: add comment to do_X509_sign() referring to question #19805Dr. David von Oheimb2023-06-011-0/+1
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
* apps/cmp.c: make management of http_cb_arg pointer more robustDr. David von Oheimb2023-06-011-0/+2
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
* apps/cmp.c: improve warnings on option useDr. David von Oheimb2023-06-011-3/+13
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
* CMP: add support for genm/genp messages with id-it-caCertsDr. David von Oheimb2023-06-012-30/+82
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19231)
* QUIC: Rename SSL_tick etc. in s_clientHugo Landau2023-05-291-19/+9
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20879)
* Fix a bug where the result of rehash is unstableminyong.ha2023-05-251-1/+6
| | | | | | | | | | The root cause is that the file entries targeted for rehash are not actually sorted. Sort was skipped because the compare function was null. So a compare function has been implemented to allow file entries to be sorted. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21013)
* APPS: replace awkward and error-prone pattern by calls to new ↵Dr. David von Oheimb2023-05-254-24/+25
| | | | | | | | | app_conf_try_number() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
* APPS: replace awkward and error-prone pattern by calls to new ↵Dr. David von Oheimb2023-05-259-154/+86
| | | | | | | | | app_conf_try_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
* APPS/ca: remove spurious errors when certain config file entries are not ↵Dr. David von Oheimb2023-05-251-11/+22
| | | | | | | | | provided Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
* pkcs12: Fix macsaltlen parameter typeMarco Abbadini2023-05-181-1/+1
| | | | | | | | | | | | It expects an integer so change it from non-argument type to positive integer type. Fixes #20969 CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20979)
* Add support for --version and synonymsMarc Brooks2023-05-181-6/+16
| | | | | | | | | | Just like --help is explicitly supported, we should support --version. This will greatly ease people adopting openssl. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20936)
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-19 09:54:23 +0000