summaryrefslogtreecommitdiffstats
path: root/apps
AgeCommit message (Collapse)Author
2023-03-15Avoid erroneous diagnostics in speed measuringDmitry Belyavskiy
Fixes #20291 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20306)
2023-03-14apps/x509 etc.: allow private key input when public key is expectedDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19076)
2023-03-14apps/{dsa,ec,rsa,pkey}.c: harmonize coding w.r.t. 'pubin' variableDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19076)
2023-03-07Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.slontis
Fixes #19989 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20241)
2023-02-24first cut at sigalg loadingMichael Baentsch
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19312)
2023-02-23Add help for pkeyopt values for the genpkey commandline app.slontis
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19931)
2023-02-13OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled certDr. David von Oheimb
Also add corresponding tests and to this end update credentials Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20160)
2023-02-08cmp_client_test.c: add tests for errors reported by server on subsequent ↵Dr. David von Oheimb
requests in a transaction Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08CMP app and doc: improve texts on (un-)trusted certs, srvCert, etc.Dr. David von Oheimb
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19946)
2023-02-08Fix a potential memory leak in apps/s_server.cbesher
Allocate memory for a new SSL session. If any of these steps fail, free the key memory and the tmpsess object before returning 0 to prevent a memory leak. Fixes: #20110 CLA: trivial Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20213)
2023-02-07Enable some disabled __owursDmitry Belyavskiy
Fixes #15902 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/15905)
2023-02-02APPS/{storeutl,gendsa}: give error on extra arguments, improve docDr. David von Oheimb
Point out that options must be given before the final file/URI arg. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20156)
2023-02-02APPS load_key_certs_crls(): improve diagnostics on not finding expected ↵Dr. David von Oheimb
types of contents Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20156)
2023-01-24APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is givenDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
2023-01-24apps/req.c: properly report parse errors by duplicated(); simplify the functionDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
2023-01-24Typos fixingFdaSilvaYY
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20109)
2023-01-24Fix windows buildsFdaSilvaYY
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20109)
2023-01-17pkey: Imply public check if -pubin is specifiedTomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20044)
2023-01-16CMP app: fix file output of certs and cert lists on non-existing cert(s)Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20035)
2022-12-15Coverity: fix 272011 resource leakPauli
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19900)
2022-12-14Fix openssl storeutl to allow serial + issuerSimo Sorce
storeutl wants to enforce the use of issuer and serial together, however the current code prevents to use them together and returns an error if only one of them is specified. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19856)
2022-12-12unbuffer stdin before get passwd from stdinwangyuhang
commond LD_LIBRARY_PATH= openssl rsa -aes256 -passout stdin <<< "xxxxxx” will get pass(fun app_get_pass()) from stdin first, and then load key(fun load_key()). but it unbuffer stdin before load key, this will cause the load key to fail. now unbuffer stdin before get pass, this will solve https://github.com/openssl/openssl/issues/19835 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19851)
2022-12-07Compensate for CMP-related TODOs removed by PR #15539Dr. David von Oheimb
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/16006)
2022-12-05Fix the check of BIO_set_write_buffer_size and BIO_set_read_buffer_sizePeiwei Hu
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19819)
2022-12-05Fix the checks in rsautl_mainPeiwei Hu
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19819)
2022-12-05Fix build on NonStopTomas Mraz
Fixes #19810 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19811)
2022-11-25OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVsDr. David von Oheimb
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-24CMP: fix status held in OSSL_CMP_CTX, in particular for genp messagesDr. David von Oheimb
On this occasion, replace magic constants by mnemonic ones; update doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205)
2022-11-24Add support for KTLS zerocopy sendfile on LinuxMaxim Mikityanskiy
TLS device offload allows to perform zerocopy sendfile transmissions. FreeBSD provides this feature by default, and Linux 5.19 introduced it as an opt-in. Zerocopy improves the TX rate significantly, but has a side effect: if the underlying file is changed while being transmitted, and a TCP retransmission happens, the receiver may get a TLS record containing both new and old data, which leads to an authentication failure and termination of connection. This effect is the reason Linux makes a copy on sendfile by default. This commit adds support for TLS zerocopy sendfile on Linux disabled by default to avoid any unlikely backward compatibility issues on Linux, although sacrificing consistency in OpenSSL's behavior on Linux and FreeBSD. A new option called KTLSTxZerocopySendfile is added to enable the new zerocopy behavior on Linux. This option should be used when the the application guarantees that the file is not modified during transmission, or it doesn't care about breaking the connection. The related documentation is also added in this commit. The unit test added doesn't test the actual functionality (it would require specific hardware and a non-local peer), but solely checks that it's possible to set the new option flag. Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Reviewed-by: Boris Pismenny <borisp@nvidia.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18650)
2022-11-24Make parsing of piped data in `speed.c` more robustDaniel Fiala
Fixes openssl#19050 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19238)
2022-11-23Cleanup : directly include of `internal/nelem.h` when required.FdaSilvaYY
And so clean a few useless includes Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19721)
2022-11-16Drop explicit check for engines in opt_legacy_okaySimo Sorce
The providers indication should always indicate that this is not a legacy request. This makes a check for engines redundant as the default return is that legacy is ok if there are no explicit providers. Fixes #19662 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19671)
2022-11-16apps/speed.c: fix the wrong checksPeiwei Hu
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19678)
2022-11-15apps/ocsp.c: Add missing test if make_ocsp_response failedGW
CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19660)
2022-11-14apps/speed.c: add verifying if fdopen returns NULLVinz2008
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19651)
2022-11-07apps/dgst.c: Set digestname from argv[0] if it is a builtin hash nameTomas Mraz
Fixes #19589 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19606)
2022-11-02fipsinstall: add -self_test_oninstall option.Pauli
This option runs the self tests at installation time. It fails for the 3.1 module. Also changed the default behaviour to that set by the -self_test_onload option. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19510)
2022-10-24openssl list: Fix help text about -cipher-algorithms optionDaniel Fiala
Fixes openssl#19133 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19370)
2022-10-24Checking the return of BIO_new_fp(). If it returns NULL, then it is ↵xkernel
unnecessary to build the BIO chain and better make the caller directly return NULL Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19445)
2022-10-21Replace BIO_free(bio_err) with BIO_free_all(bio_err)xkernel
dup_bio_err() can return a BIO chain when 'OPENSSL_SYS_VMS' is defined. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19446)
2022-10-21openssl list: add an empty row at the end of each printed list of commands ↵Daniel Fiala
and algorithms Fixes openssl#19140 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19372)
2022-10-18Add support for compressed certificates (RFC8879)Todd Short
* Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18Convert ZLIB defines to OPENSSL_NO_ZLIBTodd Short
Use the normal OPENSSL_NO_ prefix to enable/disable ZLIB Make `BIO_f_zlib()` always available. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18Add ZSTD compression support (RFC8478bis)Todd Short
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18Add brotli compression support (RFC7924)Todd Short
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-12apps & al : Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY
Mostly revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-06Rename ossl_sleep calls to OSSL_sleep everywhereRichard Levitte
Also, remove inclusions of internal/e_os.h where it seems no longer necessary. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19330)
2022-10-04s_client: Support interactive reconnect commandSteven Collison
This change adds the 'C' command character to allow a user to drop the current session and reconnect to the server. It has the same behavior as the `-reconnect` option except this allows reconnect to be triggered at an arbitrary point in the session. The primary use case for this change is to provide a way for the user to probe a server for TLS1.3 session resumption support. This is not currently reliably supported by the `-reconnect` option. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18683)
2022-09-29apps/speed.c: Lock buffer in memoryJuergen Christ
Lock the buffers used for throughput measurements into memory. This removes some side effects of paging. Errors from the memory locking functions are ignored since they are not critical to the application. This feature is limited to Linux and Windows. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19091)
2022-09-27Coverity 1515538: resource leakPauli
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19275)