summaryrefslogtreecommitdiffstats
path: root/apps
AgeCommit message (Collapse)Author
2021-12-07APPS: Improve diagnostics on missing/extra args and unknown cipher/digestDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16450)
2021-12-02s_cb.c: check the return value of X509_get0_pubkey()x2018
Check is done to prevent wrong memory access by EVP_PKEY_get0_asn1() Also fix wrong coding style in the s_cb.c file. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17176)
2021-11-29Return -1 properly from do_X509_REQ_verify and do_X509_verifyPW Hu
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17001)
2021-11-25check the return value of OPENSSL_strdup(CRYPTO_strdup) in ↵x2018
apps/lib/app_rand.c:32 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17124)
2021-11-25check the return value of OPENSSL_strdup(CRYPTO_strdup) to prevent potential ↵x2018
memory access error Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17113)
2021-11-25check the return value of OPENSSL_strdup to prevent potential memory access ↵x2018
error Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17110)
2021-11-24x509: Return a nonzero exit code on error when checking ip/email/hostRami Khaldi
In the x509 app when doing the ip/email/host validation of a certificate we return nonzero exit code if the validation fails. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17022)
2021-11-22Fix HTTP server port output and allow dynamic verbosity settingDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16061)
2021-11-22SSL_export_keying_material: fix return checkPeiwei Hu
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17028)
2021-11-17Move more general parts of internal/cryptlib.h to new internal/common.hDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
2021-11-17Add and use HAS_CASE_PREFIX(), CHECK_AND_SKIP_CASE_PREFIX(), and ↵Dr. David von Oheimb
HAS_CASE_SUFFIX() Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
2021-11-17Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string ↵Dr. David von Oheimb
has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
2021-11-17Fix verbosity of CMP client diagnosticsDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16051)
2021-11-16EVP_PKEY_keygen_init: fix return checkPeiwei Hu
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17031)
2021-11-16EVP_PKEY_paramgen_init: fix return checkPeiwei Hu
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17030)
2021-11-16Abstract out policy and extensions in CA.plAndrew Galante
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13819)
2021-11-11X509: Fix handling of AKID and SKID extensions according to configurationDr. David von Oheimb
Fixes #16300 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16342)
2021-11-09Fix sigsize usage in apps/speed.cXiaofei Bai
In a recent upstream change (43da9a14f0e73f42f28ae34219929b44df5d1a11) the parameter sigsize become a read/write input in EVP_PKEY_sign(), and after signing, sigsize will be overwritten with the actual size and used in the verify step. As the speed program calls EVP_PKEY_sign() on the same context repeatedly, sigsize value is no longer the initial available size, and may fail in later buffer size checks. This fix adds a new buflen member in struct loopargs (which is only used within apps/speed.c), to save available buffer size and to be used as sigsize input in EVP_PKEY_sign() calls. Sigsize still contains the signature size for the verify step. Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16991)
2021-11-08APPS/x509: Fix generation of AKID via v2i_AUTHORITY_KEYID()Dr. David von Oheimb
Fixes #16300 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16442)
2021-11-08APPS/cmp: make the -sans option support email addresses (type rfc822Name)Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16960)
2021-11-02Revise s_client and s_server verbiage re secure renegotiation.Felipe Gasper
Since TLS v1.3 eschews renegotiation entirely it’s misleading to have these apps say it’s “not supported” when in fact the TLS version is new enough not to need renegotiation at all. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16937)
2021-10-28fix some code with obvious wrong coding stylex2018
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
2021-10-27speed: range check the argument given to -multiPauli
For machines where sizeof(size_t) == sizeof(int) there is a possible overflow which could cause a crash. For machines where sizeof(size_t) > sizeof(int), the existing checks adequately detect the situation. Fixes #16899 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16904)
2021-10-25cmp.c: Avoid dereference with negative index and use memcpyTomas Mraz
This prevents a compile-time warning on newer gcc. Also fix the related warning message. Fixes #16814 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16821)
2021-10-22Fix the s_server psk_server_cb for use in DTLSMatt Caswell
Commit 0007ff257c added a protocol version check to psk_server_cb but failed to take account of DTLS causing DTLS based psk connections to fail. Fixes #16707 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/16838)
2021-10-22Clean up on failed BIO creationyuanjungong
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16316)
2021-10-22APPS/req.c: Make -reqexts option an alias of -extensions optionDr. David von Oheimb
This simplifies code, doc, and use. Fixes issue ignoring one or the other. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16865)
2021-10-11req: Do not warn about using stdin when generating new requestTomas Mraz
Fixes #16773 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16774)
2021-10-11Bugfix: unsafe return check of EVP_PKEY_fromdataPW Hu
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16783)
2021-10-11Bugfix: unsafe return check of EVP_PKEY_fromdata_initPW Hu
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16783)
2021-10-09Bindhost/bindport should be freedDmitry Belyavskiy
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16775)
2021-10-08Fix unsafe BIO_get_md_ctx checkPW Hu
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16768)
2021-10-07apps/x509: Fix self-signed check to happen before setting issuer nameDr. David von Oheimb
Fixes #16720 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16747)
2021-10-06s_socket.c: Avoid possible NULL pointer dereferenceTomas Mraz
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16736)
2021-10-04apps/lib/s_socket.c: Fix mem leak on host name in init_client()Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16688)
2021-10-01Fully initialise cipher/digest app handlesViktor Dukhovni
This avoids a crash in e.g. `openssl chacha20` as reported by Steffen Nurpmeso on openssl-users. Resolves: #16713 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16714)
2021-09-21Use -nameopt utf8 by defaultDmitry Belyavskiy
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16583)
2021-09-19apps/s_client: Add ktls optionTianjia Zhang
From openssl-3.0.0-alpha15, KTLS is turned off by default, even if KTLS feature in compilation, which makes it difficult to use KTLS through s_server/s_client, so a parameter option 'ktls' is added to enable KTLS through cmdline. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16609)
2021-09-19apps/s_server: Add ktls optionTianjia Zhang
From openssl-3.0.0-alpha15, KTLS is turned off by default, even if KTLS feature in compilation, which makes it difficult to use KTLS through s_server/s_client, so a parameter option 'ktls' is added to enable KTLS through cmdline. At the same time, SSL_sendfile() depends on KTLS feature to work properly, make parameters sendfile depend on parameters ktls. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16609)
2021-09-17APPS/cmp.c: Move warning on overlong section name to make it effective againDr. David von Oheimb
Fixes #16585 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16586)
2021-09-14convert tabs to spaces in two distributed Perl scriptsViktor Szakats
Also fix indentation in c_rehash.in to 4 spaces, where a mixture of 4 and 8 spaces was used before, in addition to tabs. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16459)
2021-09-11APPS/{x509,req}: Fix description and diagnostics of -key, -in, etc. optionsDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16440)
2021-09-10Fix 'openssl speed' information printoutRichard Levitte
Most of all, this reduces the following: built on: built on: Wed Sep 8 19:41:55 2021 UTC to: built on: Wed Sep 8 19:41:55 2021 UTC Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16563) (cherry picked from commit c1dc3536a89d71f8545f3c70bee2332f389a871d)
2021-09-08Socket now displays what address it is connecting toZengit
CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16392)
2021-08-31apps/pkcs12: Do not assume null termination of ASN1_UTF8STRINGTomas Mraz
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16433)
2021-08-26APPS/req: Fix AKID generation in case -CA option is usedDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16420)
2021-08-26APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now ↵Dr. David von Oheimb
implies -x509 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16420)
2021-08-26APPS/x509: fix -extfile option, which was ignored with -x509toreqDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16417)
2021-08-25CMS app: Fix new -wrap optionDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16396)
2021-08-25Avoid using undefined value in generate_stateless_cookie_callbackBernd Edlinger
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16384)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-27 06:51:18 +0000