| Age | Commit message (Collapse) | Author |
|---|
|
The HEADER_X509_H check is redundant, because <openssl/x509.h>
is already included.
Instead of of checking for HEADER_SSL_H, include <openssl/ssl.h>
explicitly in "s_apps.h" and don't include "s_apps.h" where it's
not necessary.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9364)
|
|
They now display both legacy and provided algorithms.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)
|
|
This avoids leaking bit 0 of the private key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9363)
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9072)
|
|
Change SYSerr to have the function name; remove SYS_F_xxx defines
Add a test and documentation.
Use get_last_socket_err, which removes some ifdef's in OpenSSL code.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9072)
|
|
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/9397)
|
|
Some have been creeping into the source code.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/9397)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Deprecate all xxx_F_ defines.
Removed some places that tested for a specific function.
Use empty field for the function names in output.
Update documentation.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9058)
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9362)
|
|
That makes it easier to work with than going through apps/openssl.c
This also moves the implementation of calculate_columns() and makes it
generally accessible.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9340)
|
|
This makes for a cleaner apps/progs.h as well as as cleaner
apps/build.info.
We also break out the type declarations to apps/include/function.h
apps/progs.c and apps/progs.h are NOT regenerated when 'apps' is
disabled.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9340)
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9059)
|
|
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9288)
|
|
Because of that we can remove OPENSSL_UNISTD and some other
macros from e_os2.h and opensslconf.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9204)
|
|
If the key is too long we now return an error.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)
|
|
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9275)
|
|
SM2 certificate signing request can be created and signed by OpenSSL
now, both in library and apps.
Documentation and test cases are added.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9085)
|
|
Remove the union that effectively cast thread IDs to long integers before
display and instead print a hex dump of the entire object.
Refer #9191
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9194)
|
|
It turned out that the internal trace cleanup handler was added too
late, so it would be executed before OPENSSL_cleanup().
This results in address errors, as the trace code that's executed in
OPENSSL_cleanup() itself tries to reach for data that's been freed at
that point.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9196)
|
|
This file information was hidden in config target files, when they
should really be part of build.info like any other file we build
from. With build.info variables, the task became much easier.
We take the opportunity to move apps_init_src and apps_aux_src to
apps/build.info as well, and to clean up apps/build.info.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7900)
|
|
opt.c uses functions that are only available if inttypes.h exists.
It now checks a define which is unavailable if
inttypes.h is included. The include is done automagically inside e_os2.h.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8986)
|
|
covID 1445689 Resource leak (in error path)
covID 1445318 Resource leak (in test - minor)
covID 1443705 Unchecked return value (Needed if CRYPTO_atomic_add() was used)
covID 1443691 Resource leak (in app - minor)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9071)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8117)
|
|
Example with patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```
Example without patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```
CLA: Trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8999)
|
|
e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8963)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8963)
|
|
Add new option '-http_server_binmode' which allows the server to open and send
binary files as well as text.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8811)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8023)
|
|
If the `openssl cms` command is called without specifying an
operation option, it replies with the following laconic error message:
cms: Use -help for summary.
This commit adds a helpful error message:
No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8861)
|
|
Other commands like 'req' support -verbose, so why not gendsa and dsaparam?
Part of a larger and more ambitious effort to add -verbose to all apps
that might be used in scripts and need to otherwise run silently (well,
without belching out anything that isn't a warning or error... which ties
into a later scrub of using STDOUT were appropriate for informative
messages instead of STDERR)... so that scripts also have the option of
doing >/dev/null without losing anything critical.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6908)
|
|
Other commands like 'req' support -verbose, so why not genrsa?
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6897)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8762)
|
|
OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for
display, but if all you really want is the directory itself, you were
forced to parsed the string.
This introduces a new function to get diverse configuration data from
the library, OPENSSL_info(). This works the same way as
OpenSSL_version(), but has its own series of types, currently
including:
OPENSSL_INFO_CONFIG_DIR returns OPENSSLDIR
OPENSSL_INFO_ENGINES_DIR returns ENGINESDIR
OPENSSL_INFO_MODULES_DIR returns MODULESDIR
OPENSSL_INFO_DSO_EXTENSION returns DSO_EXTENSION
OPENSSL_INFO_DIR_FILENAME_SEPARATOR returns directory/filename separator
OPENSSL_INFO_LIST_SEPARATOR returns list separator
For scripting purposes, this also adds the command 'openssl info'.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8709)
|
|
This adds the flag OPENSSL_MODULES_DIR for OpenSSL_version(), and the
flag '-m' for 'openssl version'.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8709)
|
|
|str| was used for multiple conflicting purposes. When using
'-strictpem', it's used to uniquely hold a reference to the loaded
payload. However, when using '-strparse', |str| was re-used to hold
the position from where to start parsing.
So when '-strparse' and '-strictpem' are were together, |str| ended up
pointing into data pointed at by |at|, and was yet being freed, with
the result that the payload it held a reference to became a memory
leak, and there was a double free conflict when both |str| and |at|
were being freed.
The situation is resolved by always having |buf| hold the pointer to
the file data, and always and only use |str| to hold the position to
start parsing from. Now, we only need to free |buf| properly and not
|str|.
Fixes #8752
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8753)
|
|
These undocumented functions were never integrated into the EVP layer
and implement the AES Infinite Garble Extension (IGE) mode and AES
Bi-directional IGE mode. These modes were never formally standardised
and usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only
one is ever used. The security implications are believed to be minimal,
but this issue was never fixed for backwards compatibility reasons.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8710)
|
|
usage: openssl speed -cmac aes128
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8721)
|
|
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
|
|
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8714)
|
|
This commit makes the X509_set_sm2_id to 'set0' behaviour, which means
the memory management is passed to X509 and user doesn't need to free
the sm2_id parameter later. API name also changes to X509_set0_sm2_id.
Document and test case are also updated.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8626)
|
|
Fixes #8645
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8654)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8691)
|
|
Modify openssl OCSP utility to produce certIDs in responses using other
hash algorithms (e.g. SHA256).
Added option -rcid for this purpose.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5274)
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
|
|
"warning: iv not use by this cipher" -> "warning: iv not used by this cipher"
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8608)
|
|
The output format now matches coreutils *dgst tools.
[ edited to remove trailing white space ]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8578)
|
