summaryrefslogtreecommitdiffstats
path: root/apps (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Support CLI and API setting of provider configuration parametersViktor Dukhovni13 days2-0/+78
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26427)
* genpkey: Avoid leaving empty file if encryption passphrase does not matchshridhar kalavagunta2025-01-153-18/+58
| | | | | | | | Fixes #25440 Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26081)
* speed: Pass IV to EVP_CipherInit_ex for -evp runs with non-AEAD ciphersIngo Franzki2025-01-131-1/+1
| | | | | | | | | | | | | | | | | | Some (non-AEAD) ciphers require an IV to be used. Always pass a (dummy) IV when setting the key. It is ignored by ciphers that do not use an IV. Commit 607a46d003f472d4bce646f3df6e85725094d68a corrected the use of AEAD ciphers, but removed the IV from being passed to EVP_CipherInit_ex() for non-AEAD ciphers. Fixes: https://github.com/openssl/openssl/commit/607a46d003f472d4bce646f3df6e85725094d68a Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26346)
* Fix memory leaks from missing checks of return value from ↵Frederik Wedel-Heinen2025-01-095-19/+38
| | | | | | | | sk_OPENSSL_STRING_push() Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26238)
* Check returns of various sk_*_push functionsFrederik Wedel-Heinen2025-01-084-7/+16
| | | | | | | | | | | | Check returns of sk_POLICY_MAPPING_push, sk_GENERAL_NAME_push, sk_ACCESS_DESCRIPTION_push, sk_X509_push, sk_X509_NAME_push, sk_OPENSSL_CSTRING_push, sk_SCT_push, sk_DIST_POINT_push, sk_OSSL_CMP_CRLSTATUS_push, sk_ASN1_UTF8STRING_push and sk_ASN1_OBJECT_push and handle appropriately. Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26240)
* Fix CMS encryption with key agreement when originator setJakub Zelenka2025-01-061-1/+8
| | | | | | | | | | OpenSSL currently does not support encryption with originator flag so it should fail nicely instead of segfaulting. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26014)
* Fix originator cert leak in cms appJakub Zelenka2025-01-061-0/+1
| | | | | | | Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26014)
* apps/pkeyutl: Fix checks and documentation regarding -peerkeyDr. David von Oheimb2025-01-061-5/+16
| | | | | | Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25958)
* Add CMS_NO_SIGNING_TIME flag to CMS_sign(), CMS_add1_signer()Peter Juhasz2024-12-261-1/+7
| | | | | | | | | | | | | | | | Previously there was no way to create a CMS SignedData signature without a signing time attribute, because CMS_SignerInfo_sign added it unconditionally. However, there is a use case (PAdES signatures) where this attribute is not allowed, so this commit introduces a new flag to the CMS API that causes this attribute to be omitted at signing time. Also add -no_signing_time option to cms command. Fixes #15777 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15783)
* To verify MAC, we need a MACDmitry Belyavskiy2024-12-111-0/+6
| | | | | | | | Fixes #26106 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26140)
* speed.c: Changed the declaration of aead_ivlen to a #defineMohammed Alhabib2024-12-101-6/+6
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26109)
* apps/passwd.c: Convert a redundant check to assertBartel Artem2024-11-291-2/+1
| | | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26053)
* Fix wrong return value checks for some functionsPeiwei Hu2024-11-222-2/+2
| | | | | | | | | - in particular in use of X509_LOOKUP_load_file, EVP_PKEY_print_params, EVP_PKEY_keygen, X509_CRL_add1_ext_i2d, EVP_PKEY_keygen_init Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
* Fix multiple wrong use of BN_check_primePeiwei Hu2024-11-221-2/+6
| | | | | | Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
* apps/lib/apps.c: fix the wrong check in check_cert_attributesPeiwei Hu2024-11-221-3/+3
| | | | | | Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
* pkeyutl.c: Avoid freeing pkey at multiple placesTomas Mraz2024-11-201-13/+4
| | | | | | | | Also fixes a leak of pkey in error case for -verifyrecover. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25987)
* s_cb.c: Move the negotiated group outputMichael Baentsch2024-11-201-6/+7
| | | | | | | | It needs to be always displayed not just with -brief. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25959)
* APPS/load_key_certs_crls(): refactor to clean up the code a little and add ↵Dr. David von Oheimb2024-11-121-8/+38
| | | | | | | | | clarifying comments Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/22528)
* openssl-pkeyutl.pod.in: improve description of -rawin and -digest optionsDr. David von Oheimb2024-11-091-2/+3
| | | | | | | | Fixes #25827 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25831)
* APPS/pkeyutl: add missing high-level check for -verifyrecover being usable ↵Dr. David von Oheimb2024-11-091-3/+13
| | | | | | | | only with RSA Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25903)
* APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long ↵Dr. David von Oheimb2024-11-091-2/+1
| | | | | | | | | | sign/verify input Fixed #25898 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25903)
* APPS/pkeyutl: strengthen error message on too long sign/verify inputDr. David von Oheimb2024-11-041-6/+8
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22910)
* APPS/pkeyutl: -digest implies -rawin and can only be used with -sign and -verifyDr. David von Oheimb2024-11-041-10/+8
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22910)
* APPS/pkeyutl: improve -rawin usability (implied by Ed25519 and Ed448) and docDr. David von Oheimb2024-11-041-47/+80
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22910)
* apps/speed.c: Fix the benchmarking for AEAD ciphersMohammed Alhabib2024-11-041-75/+285
| | | | | | | | | | | | | | | | Fixed the benchmarking for the evp aead interface for ccm, gcm, ocb, and siv, where decryption fails when executing `openssl speed -evp aes-128-ccm -decrypt` and `openssl speed -evp aes-128-gcm -decrypt`. Related issues are [24686](https://github.com/openssl/openssl/issues/24686) and [24250](https://github.com/openssl/openssl/issues/24250). Now both encryption and decryption, with or without AAD, executes correctly without issues. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25823)
* apps: Change default cipher to aes-256-cbc for req, cms and smime appsAditya2024-11-043-20/+5
| | | | | | | | | | | | Update `CHANGES.md` and `NEWS.md`; remove `no-des` guard from req, cms, and smime apps Update MAN pages for default cipher; fix styling by removing braces around single statements Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25839)
* speed.c: Check for 0 block sizeTomas Mraz2024-10-311-1/+6
| | | | | | | | | | | | | Although this cannot really happen check for 0 block size to avoid division by 0. Fixes Coverity 1633936 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25822)
* req: Add -cipher option to specify private key encryption cipherAditya2024-10-301-1/+10
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25796)
* output negotiated TLS1.3 groupMichael Baentsch2024-10-301-5/+6
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25808)
* speed.c: Check block size before running EVP_Cipher_loop()Tomas Mraz2024-10-281-0/+23
| | | | | | | | Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/25792)
* Fix ambiguous output of Signature AlgorithmsBernd Edlinger2024-10-281-2/+22
| | | | | | | | | | | Signature Algorithms are printed in a SIG+HASH format. In some cases this is ambiguous like brainpool and RSA-PSS. And the name of ed25519 and ed448 must be spelled in lower case, so that the output can be used as a -sigalgs parameter value. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25797)
* Revert API change of OPENSSL_version()Tomas Mraz2024-10-171-14/+7
| | | | | | | | | | | There was an API change done as part of PR #24450. This patch reverts it. Fixes #25690 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25692)
* Add 'openssl info' item for the Windows install contextRichard Levitte2024-10-161-1/+6
| | | | | | | | This information is already present as an 'openssl version' item. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25694)
* replace various calls to sprintf() by BiO_snprintf() to avoid compiler ↵Dr. David von Oheimb2024-10-123-12/+13
| | | | | | | | warnings, e.g., on MacOS Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25534)
* fipsinstall: Save the 'status indicator' if the FIPS provider is 3.0.X.slontis2024-10-111-15/+40
| | | | | | | | | | | | | | | | | | | | Fixes #23400 The 3.1 FIPS provider no longer writes out the 'status indicator' by default due to changes related to FIPS 140-3 requirements. For Backwards compatability if the fipsinstall detects it is loading a 3.0.X FIPS provider then it will save the 'status indicator' by default. Disclaimer: Using a fipsinstall command line utility that is not supplied with the FIPS provider tarball source is not recommended. This PR deliberately does not attempt to exclude any additional options that were added after 3.0.X. These additional options will be ignored by older providers. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/23689)
* APPS/storeutl: fix case where uri and outfile are the sameDr. David von Oheimb2024-10-091-9/+13
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25559)
* Handle PBMAC1 with absent PBKDF2 PRFOlivier Chéron2024-10-071-4/+8
| | | | | | | | | | PRF in PBKDF2-params is optional and defaults to hmacWithSHA1. CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25568)
* APPS/pkey: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-041-4/+4
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/pkcs8: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-041-3/+5
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/ocsp: fix case where reqin and outfile are the sameDr. David von Oheimb2024-10-041-4/+4
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/{ecparam,pkeyparam}: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-042-13/+13
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/dsaparam: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-041-4/+4
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/dhparam: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-041-4/+4
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* kdfs: implement key length check in X9.42Dimitri John Ledkov2024-09-301-0/+11
| | | | | | | | | Similar to other KDFs, the input key should be 112 bits long. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25529)
* http_server.{c,h}: make clear that IPv4 or IPv6 is used by http_server_init()David von Oheimb2024-09-231-0/+1
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25010)
* http_server.c: fix checks of error return code in http_server_init()David von Oheimb2024-09-231-2/+2
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25010)
* s_server: Support reading HTTP request from early dataDaiki Ueno2024-09-121-5/+40
| | | | | | | | | | | This would be useful when testing with browsers / downloaders which support 0-RTT only through HTTP. Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16055)
* rehash.c: handle possible null pointer returned by OPENSSL_strdupXZ-X2024-09-091-0/+5
| | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24980)
* apps: directly inclusion of "e_os.h when neededFdaSilvaYY2024-09-0514-4/+23
| | | | | | Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14344)
* Copyright year updatesTomas Mraz2024-09-0524-24/+24
| | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 20:24:04 +0100