aboutsummaryrefslogtreecommitdiffstats
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* Restrict digest algorithm used in KDFspohsingwu2024-07-241-0/+70
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23889)
* unnecessary whitespace before a quoted newlineDimitri Papadopoulos2024-07-222-5/+5
| | | | | | | | | Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
* open brace '{' following struct go on the same lineDimitri Papadopoulos2024-07-221-2/+1
| | | | | | | | | Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
* that open brace { should be on the previous lineDimitri Papadopoulos2024-07-223-7/+6
| | | | | | | | | Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
* Remove trailing whitespaceDimitri Papadopoulos2024-07-221-2/+2
| | | | | | | | | Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
* Fix coverity-1604661Neil Horman2024-07-181-0/+3
| | | | | | | | | | | | | | | | | Coverity called out an error in asn1parse_main, indicating that the for(;;) loop which repeatedly reads from a bio and updates the length value num, may overflow said value prior to exiting the loop. We could probably call this a false positive, but on very large PEM file, I suppose it could happen, so just add a check to ensure that num doesn't go from a large positive to a large negative value inside the loop Fixes openssl/private#571 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24910)
* {CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for ↵Dr. David von Oheimb2024-07-172-2/+8
| | | | | | | | chain building Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18916)
* Fix coverity-1604665Neil Horman2024-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | Coverity issued an error in the opt_uintmax code, detecting a potential overflow on a cast to ossl_intmax_t Looks like it was just a typo, casting m from uintmax_t to ossl_intmax_t Fix it by correcting the cast to be ossl_uintmax_t, as would be expected Theres also some conditionals that seem like they should be removed, but I'll save that for later, as there may be some corner cases in which ossl_uintmax_t isn't equal in size to uintmax_t..maybe. Fixes openssl/private#567 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24897)
* apps/rehash.c: Add the check for the EVP_MD_get_size()Jiasheng Jiang2024-07-101-2/+5
| | | | | | | | | | | | | | | Add the check for the return value of EVP_MD_get_size() to avoid invalid negative numbers and then explicitly cast from int to size_t. Add the check to prevent that EVP_MD_get_size() returns a value greater than EVP_MAX_MD_SIZE. Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24802)
* apps/req: avoid needless hint on using -help on duplicate extensions added ↵Dr. David von Oheimb2024-07-101-1/+1
| | | | | | | | via -addext Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24792)
* Replace and Deprecate TS_VERIFY_CTX Functionserbsland-dev2024-07-101-6/+5
| | | | | | | | | | | | | | | | | | | | Fixes #18854 Replace and deprecate the functions `TS_VERIFY_CTX_set_data`, `TS_VERIFY_CTX_set_store`, `TS_VERIFY_CTX_set_certs`, `TS_VERIFY_CTX_set_imprint` with new versions: `TS_VERIFY_CTX_set0_data`, `TS_VERIFY_CTX_set0_store`, `TS_VERIFY_CTX_set0_certs` and `TS_VERIFY_CTX_set0_imprint`. The previous functions had poorly documented memory handling, potentially leading to memory leaks. The new functions improve memory management and provide clearer usage. Also, update existing code to use the new function calls instead of the deprecated ones. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24701)
* Fixes for defaults codeNeil Horman2024-07-091-1/+4
| | | | | | | | | Fix up some indenting, and ensure that the run_once routines don't get defined if OSSL_WINCTX isn't defined to avoid compiler errors Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
* Augment version.c to not display -w options on non-windowsNeil Horman2024-07-091-4/+13
| | | | | | | | Don't need the -w option on non-windows builds Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
* Allow OPENSSLDIR/ENGINESDIR/MODULESDIR to be NULLNeil Horman2024-07-092-8/+17
| | | | | | | | | | | | | To prevent inadvertent use of insecure directories, we need to be able to detect and react when our new registry keys aren't set, which implies allowing the values for the dynamic representations of OPENSSLDIR/ENGINESDIR/MODULESDIR to return NULL. This in turn requires that we detect and handle NULL string in several call sites that previously assumed they would never be NULL. This commit fixes those up Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
* Change WININSTALLCONTEXT to OSSL_WINCTXNeil Horman2024-07-091-1/+1
| | | | | | | | Make it more in line with other command line defines, and a bit shorter Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
* convert users of build time defaults to use new defaults apiNeil Horman2024-07-091-5/+11
| | | | | | | | | | | | | | | | Now that we can query for install time registry keys on windows, convert users of these macros to use the api instead Add a unit test to validate the functionality of our reg key lookups Add a test to check to make sure our registry key lookups work. note this test only runs on windows (clearly), but also only if the registry keys are set via an installer or some other manual process (to be done in the CI workflow) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
* fix: remove some odd empty linesRichard Levitte2024-07-031-2/+0
| | | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24776)
* fix: openssl speed: RSA encryption is on the pubkey, not the privkeyRichard Levitte2024-07-031-1/+1
| | | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24776)
* Fix typos found by codespellDimitri Papadopoulos2024-06-241-1/+1
| | | | | | Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/24691)
* s_client: use the full buffer for readsHubert Kario2024-06-211-2/+2
| | | | | | | | | | | | | Use full allocated buffer for reads to not call into switch() over and over; also increase the size of the buffer to 16 kiB (max for TLS records). The server side already is using 16 kiB buffers. Signed-off-by: Hubert Kario <hkario@redhat.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24688)
* CMP: add support for requesting cert template using genm/genpRajeev Ranjan2024-06-202-1/+220
| | | | | | Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24409)
* CMP app: fix combination of -certout and -chainout with equal filename argumentDr. David von Oheimb2024-06-181-6/+21
| | | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24267)
* speed: Fix regression of measuring shake with -evpIngo Franzki2024-05-281-4/+24
| | | | | | | | | | | | | | | | | | | | | | | | After commit b911fef216d1386210ec24e201d54d709528abb4 speed with shake128 or shake256 does not run anymore: # openssl speed -seconds 1 -evp shake128 -bytes 256 Doing shake128 ops for 1s on 256 size blocks: shake128 error! 000003FF9B7F2080:error:1C8000A6:Provider routines:keccak_final:invalid digest length:providers/implementations/digests/sha3_prov.c:117: version: 3.4.0-dev ... type 256 bytes shake128 0.00 Function EVP_Digest_loop() must use EVP_DigestInit_ex2(), EVP_DigestUpdate(), and EVP_DigestFinalXOF() in case of shake instead of just EVP_Digest() to get around this. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24462)
* apps/pkcs12: Not writing the private key file until the import password is ↵naaysayer2024-05-141-3/+5
| | | | | | | | | | | | verified Fixes #904 CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23729)
* CMP: Improvements of the support for requesting CRLRajeev Ranjan2024-05-012-20/+24
| | | | | | | Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23768)
* CMP: add support for genm with crlStatusList and genp with crlsDr. David von Oheimb2024-05-013-4/+232
| | | | | | | | | | | | | | | | Introduce the capability to retrieve and update Certificate Revocation Lists (CRLs) in the CMP client, as specified in section 4.3.4 of RFC 9483. To request a CRL update, the CMP client can send a genm message with the option -infotype crlStatusList. The server will respond with a genp message containing the updated CRL, using the -infoType id-it-crls. The client can then save the CRL in a specified file using the -crlout parameter. Co-authored-by: Rajeev Ranjan <ranjan.rajeev@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23768)
* Fix grammar in srp_verifier.txthrtarsia2024-04-251-2/+2
| | | | | | | | CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24237)
* Remove all references to FLOSS for NonStop Builds.Randall S. Becker2024-04-245-39/+0
| | | | | | | | | | | | | | FLOSS is no longer a dependency for NonStop as of the deprecation of the SPT thread model builds. Fixes: #24214 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24217)
* fix sending error when no root CA cert update availableRajeev Ranjan2024-04-221-3/+16
| | | | | | Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24169)
* openssl fipsinstall: fix cosmetic wartEnji Cooper2024-04-191-1/+1
| | | | | | | | | | | | | This change makes the message on failure consistent with the message on success by trimming a single space in the error message. CLA: trivial Signed-off-by: Enji Cooper <yaneurabeya@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24180)
* list_provider_info(): Fix leak on errorTomas Mraz2024-04-151-0/+1
| | | | | | | | Fixes #24110 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24117)
* APPS: Add missing OPENSSL_free() and combine the error handlerJiasheng Jiang2024-04-091-3/+6
| | | | | | | | | | | | | | | | | | | | | | Add the OPENSSL_free() in the error handler to release the "*md_value" allocated by app_malloc(). To make the code clear and avoid possible future errors, combine the error handler in the "err" tag. Then, we only need to use "goto err" instead of releasing the memory separately. Since the EVP_MD_get_size() may return negative numbers when an error occurs, create_query() may fail to catch the error since it only considers 0 as an error code. Therefore, unifying the error codes of create_digest() from non-positive numbers to 0 is better, which also benefits future programming. Fixes: c7235be ("RFC 3161 compliant time stamp request creation, response generation and response verification.") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/23873)
* Fix "Error finalizing cipher loop" when running openssl speed -evp -decryptTom Cosgrove2024-04-091-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using CCM, openssl speed uses the loop function EVP_Update_loop_ccm() which sets a (fake) tag when decrypting. When using -aead (which benchmarks a different sequence than normal, to be comparable to TLS operation), the loop function EVP_Update_loop_aead() is used, which also sets a tag when decrypting. However, when using defaults, the loop function EVP_Update_loop() is used, which does not set a tag on decryption, leading to "Error finalizing cipher loop". To fix this, set a fake tag value if we're doing decryption on an AEAD cipher in EVP_Update_loop(). We don't check the return value: this shouldn't really be able to fail, and if it does, the following EVP_DecryptUpdate() is almost certain to fail, so that can catch it. The decryption is certain to fail (well, almost certain, but with a very low probability of success), but this is no worse than at present. This minimal change means that future benchmarking data should be comparable to previous benchmarking data. (This is benchmarking code: don't write real apps like this!) Fixes #23657 Change-Id: Id581cf30503c1eb766464e315b1f33914040dcf7 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23757)
* apps: ca,req,x509: Add explicit start and end dates optionsStephan Wurm2024-04-095-39/+105
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Added options `-not_before` (start date) and `-not-after` (end date) for explicit setting of the validity period of a certificate in the apps `ca`, `req` and `x509` - The new options accept time strings or "today" - In app `ca`, use the new options as aliases of the already existing options `-startdate` and `-enddate` - When used in apps `req` and `x509`, the end date must be >= the start date, in app `ca` end date < start date is also accepted - In any case, `-not-after` overrides the `-days` option - Added helper function `check_cert_time_string` to validate given certificate time strings - Use the new helper function in apps `ca`, `req` and `x509` - Moved redundant code for time string checking into `set_cert_times` helper function. - Added tests for explicit start and end dates in apps `req` and `x509` - test: Added auxiliary functions for parsing fields from `-text` formatted output to `tconversion.pl` - CHANGES: Added to new section 3.4 Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21716)
* Copyright year updatesMatt Caswell2024-04-092-2/+2
| | | | | | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 3764f200f9d44622faa8ac1b15d2f3eb7c39e473) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
* Copyright year updatesRichard Levitte2024-04-0910-10/+10
| | | | | | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
* Diverse small VMS build fixupsRichard Levitte2024-04-041-1/+1
| | | | | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24008) (cherry picked from commit 1a4b029af51ba6128a37959796381ca5b8b7ac00)
* Remove receiving of unused return valueDrokov Pavel2024-04-041-22/+22
| | | | | | | | CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23276)
* Fix openssl req with -addext subjectAltName=dirNameBernd Edlinger2024-04-021-1/+1
| | | | | | | | | | | | | | | | The syntax check of the -addext fails because the X509V3_CTX is used to lookup the referenced section, but the wrong configuration file is used, where only a default section with all passed in -addext lines is available. Thus it was not possible to use the subjectAltName=dirName:section as an -addext parameter. Probably other extensions as well. This change affects only the syntax check, the real extension was already created with correct parameters. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23669)
* apps/req,crl: exit with 1 on verification failureVladimir Kotal2024-03-262-4/+6
| | | | | | | | Fixes #23771 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23773)
* Add NULL check before accessing PKCS7 encrypted algorithmViliam Lejčík2024-03-251-1/+5
| | | | | | | | | | | | | | | Printing content of an invalid test certificate causes application crash, because of NULL dereference: user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info MAC: sha256, Iteration 2048 MAC length: 32, salt length: 8 PKCS7 Encrypted data: Segmentation fault (core dumped) Added test cases for pkcs12 bad certificates Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23632)
* apps/x509.c: No warning reading from stdin if redirectedTomas Mraz2024-03-151-2/+3
| | | | | | | | | Fixes #22893 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23526)
* Use the untrusted certificate chain to create a valid certificate ID for ↵olszomal2024-03-121-14/+30
| | | | | | | | OCSP_request Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22192)
* apps/cmp: improve -reqin option to read fallback public key from first ↵Dr. David von Oheimb2024-03-061-2/+48
| | | | | | | | | request message file given Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)
* apps/cmp: extend documentation and diagnostics for using -reqin in special ↵Dr. David von Oheimb2024-03-061-5/+7
| | | | | | | | | situations Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)
* apps/cmp: add -reqout_only option for dumping/saving just the initial CMP ↵Dr. David von Oheimb2024-03-061-15/+52
| | | | | | | | | request message Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)
* apps/cmp.c: refactor to fix some coding style nits and more convenient ↵Dr. David von Oheimb2024-03-061-14/+21
| | | | | | | | | source-level debugging Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)
* apps/engine: add EC to list of capabilitiesMartin Oliveira2024-02-251-0/+3
| | | | | | | | | | openssl engine -c wasn't showing if an engine implemented EC cla: trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23538)
* s_cb.c: Add missing return value checksMrRurikov2024-02-221-2/+4
| | | | | | | | | | | | | | Return value of function 'SSL_CTX_ctrl', that is called from SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(), is not checked, but it is usually checked for this function. CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23647) (cherry picked from commit 6f794b461c6e16c8afb996ee190e084cbbddb6b8)
* Add a missing space in an error messageVincent Lefèvre2024-02-061-1/+1
| | | | | | | | CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23481)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 16:29:18 +0000