aboutsummaryrefslogtreecommitdiff
path: root/apps
AgeCommit message (Collapse)AuthorFilesLines
2023-10-24Copyright year updatesMatt Caswell5-5/+5
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
2023-10-19load_key_certs_crls(): There is no quiet argumentTomas Mraz1-4/+2
This fixes broken cherry-pick from the master branch where there is a quiet argument. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22434)
2023-10-19apps: Print out a proper message when a store cannot be openedTomas Mraz1-2/+8
Fixes #22306 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22318) (cherry picked from commit edc2b6e3b1950ab0fb71e2d7dca0836b43a9ec3b)
2023-10-10Added check for the return value of the RAND_bytes() functionKlavishnik1-1/+2
Call app_bail_out if RAND_bytes() fails. Also changed the output parameter of RAND_bytes() to inp as writing to encrypted output buffer does not make sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21706) (cherry picked from commit 8d120aef951d7bb7deac0b8b559f8003f5ea6384)
2023-09-21Fix some memory leaks in the openssl appBernd Edlinger8-4/+18
In some error cases the normal cleanup did not happen, but instead an exit(1) which caused some memory leaks, as reported in #22049. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22055) (cherry picked from commit 8c040c086ca11a519975c58961a5dc933aa6524a)
2023-09-20enc: "bad decrypt" only in decryptionMathieu Tortuyaux1-1/+4
CLA: trivial Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22134) (cherry picked from commit 0e138b7b591f160a50aff22f662254d1b39c9cac)
2023-09-09Fix output corruption in req commandBernd Edlinger1-4/+4
when used in conjunction with -out and -modulus options. Fixes #21403 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22026) (cherry picked from commit d2873946dfaff5537ea3d1adf3890e33a3f276ff)
2023-09-08Modify the dkeyform type to support enginewangcheng1-1/+1
The valtype value of dkeyform defined in the s_server_options structure is F, which leads to the judgment that the engine is not supported when processing parameters in the opt_next function. This the valtype value of dkeyform should be changed to "f". CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21982) (cherry picked from commit b9a189ce87fde1de4bf691031624538262f005c5)
2023-09-05apps/cmp.c: fix bug not allowing to reset -csr and -serial option valuesDr. David von Oheimb1-1/+1
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659) (cherry picked from commit 374945a9aa545d4d6f015de0b48cbed6a90258e0)
2023-09-05apps.c: improve warning texts of parse_name() when skipping RDN inputDr. David von Oheimb1-3/+4
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659) (cherry picked from commit 49e097344ba51a8b25016794d482813b9c1e137f)
2023-09-05apps.c: fix error messages (newline and needless text) in load_key_certs_crls()Dr. David von Oheimb1-4/+2
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659) (cherry picked from commit 81d037b8adb0232c8a4d4654f79c883dafb102bc)
2023-08-01Copyright year updatesMatt Caswell6-6/+6
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
2023-07-27Correct spelling of databaseFatih Arslan Tugay1-5/+5
Apply normal sentence case to db update message CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21535) (cherry picked from commit ccb2f3080d84a271f17458a60e0d7ccd77929e95)
2023-07-21speed: Fix execution of EdDSA measurementIngo Franzki1-0/+14
Running 'openssl speed eddsa' fails with Doing 253 bits sign Ed25519 ops for 10s: EdDSA sign failure 000003FF9306C7D0:error:030000BC:digital envelope routines:EVP_DigestSign: final error:crypto/evp/m_sigver.c:585: -1 253 bits Ed25519 sign ops in 0.00s Doing 253 bits verify Ed25519 ops for 10s: EdDSA verify failure 000003FF9306C7D0:error:030000BC:digital envelope routines:EVP_DigestVerify: final error:crypto/evp/m_sigver.c:694: -1 253 bits Ed25519 verify ops in 0.00s This is because the EVP_DigestSign/Verify() calls in the EdDSA_sign/verify_loop() fail because the context has already been finalized by the previous EVP_DigestSign/Verify call during the EdDSA signature test done by speed_main(). This happens since commit 3fc2b7d6b8f961144905330dfd4689f5bd515199 where the EVP_DigestSign/Verify() functions have been changed to set a flag that the context has been finalized. Fix this by re-initializing the context using EVP_DigestSign/Verify() in the EdDSA_sign/verify_loop(). Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21491) (cherry picked from commit 0c85bcbaeabe3a695831bec44ab87964725a51a6)
2023-07-19apps/cms.c: Fix unreachable code in cms_main()atishkov1-13/+10
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21474) (cherry picked from commit 8c34367e434c6b9555f21cc4fc77a18d6ef84a85)
2023-06-28openssl speed -multi -evp prints wrong algorithm nameJörg Sommer1-2/+12
When running `openssl speed -evp md5` the result shows `md5` as algorithm name. But when adding the option `-multi 2` it gives `evp` as algorithm name. Signed-off-by: Jörg Sommer <joerg@jo-so.de> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21216) (cherry picked from commit 33c09341bb081682535be0450ff6032df47ea141)
2023-06-26Don't truncate the input when decrypting in pkeyutlMatt Caswell2-2/+3
The pkeyutl app was truncating the input file for decryption leading to incorrect results. This was probably ok historically when RSA was being used for decryption which has short maximum sizes. This is not ok with SM2. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21272) (cherry picked from commit 849450746f38a5658ef783abb0a8c79ae2861464)
2023-06-15apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"Richard Levitte1-3/+8
EVP_PKEY_get_default_digest_name() may return 1 with the returned digest name "UNDEF". This case hasn't been documented, and the meaning has been left undefined, until now. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20460) (cherry picked from commit af99d55078582fb2ac35787043d56e0c10b1fe97)
2023-06-14APPS: remove spurious errors when certain config file entries are not providedDr. David von Oheimb4-8/+29
This backports the functional essence of #20971. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21050) (cherry picked from commit 1737fb8f455963b0956c81504a2bec4304bd902d)
2023-06-09Cast the argument to unsigned char when calling isspace()Michael Baentsch3-6/+6
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21151) (cherry picked from commit 8a2e74d0536c91585fbe789e0ab7b06cab0289c2)
2023-06-06Cast the argument to unsigned char when calling isdigit()Michael Baentsch1-1/+1
Fixes #21123 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21127) (cherry picked from commit 8229874476cc2955e6947cf6d3fee09e13b8c160)
2023-05-30Update copyright yearTomas Mraz6-6/+6
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2023-05-25Fix a bug where the result of rehash is unstableminyong.ha1-1/+6
The root cause is that the file entries targeted for rehash are not actually sorted. Sort was skipped because the compare function was null. So a compare function has been implemented to allow file entries to be sorted. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21013) (cherry picked from commit 31c94b5e1159b5435b2354e6525355ec33683ecc)
2023-05-12CMP client: fix error response on -csr without private key, also in docsDr. David von Oheimb1-2/+17
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832) (cherry picked from commit 2d6585986f3b754750b25e7a296a08e7129a5320)
2023-05-12apps/openssl.cnf: fix reference to insta.ca.crtDr. David von Oheimb2-4/+4
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832) (cherry picked from commit 14ca1b6f4694ad27b1163bcafda1683f4dd05a30)
2023-05-10CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFODr. David von Oheimb1-3/+9
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034) (cherry picked from commit 20d4dc8898edc12806ead2100ac09b907662aff6)
2023-05-10CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port)Dr. David von Oheimb2-3/+7
Fixes #20031 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034) (cherry picked from commit 30b9a6ec89d97152b5a564b3acf3a94ee57185a7)
2023-04-28APPS/cmp: prevent HTTP client failure on -rspin option with too few filenamesDr. David von Oheimb1-22/+47
The logic for handling inconsistent use of -rspin etc., -port, -server, and -use_mock_srv options proved faulty. This is fixed here, updating and correcting also the documentation and diagnostics of the involved options. In particular, the case that -rspin (or -rspout. reqin, -reqout) does not provide enough message file names was not properly described and handled. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20295) (cherry picked from commit 1f757df1f3de0c18cc22a4992d66e9a7b113f61d)
2023-04-20fipsinstall: add -pedantic optionPauli1-39/+64
This adds a -pedantic option to fipsinstall that adjusts the various settings to ensure strict FIPS compliance rather than backwards compatibility. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20752) (cherry picked from commit bc2a4225a4a03f70bb0154a72c2889aa80c1b0f6)
2023-04-18cmp_client_test.c: add tests for errors reported by server on subsequent ↵Dr. David von Oheimb3-12/+20
requests in a transaction Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20257) (cherry picked from commit 154625e1090b18c8c306a6b7a6970dbab185c49d)
2023-04-18crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210Dr. David von Oheimb1-12/+6
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20298) (cherry picked from commit 25b18e629d5cab40f88b33fd9ecf0d69e08c7707)
2023-04-14List also non-fetchable hashes in openssl dgst -listGauriSpears1-2/+5
CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20651) (cherry picked from commit 7eab7680ee61c64b2ae7acd9dd199ab6734f3d1f)
2023-03-29Let fipsinstall know about DRBG digiest limitingPauli1-5/+19
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20521) (cherry picked from commit b345dbed28701f8aab06b0271603186127499928)
2023-03-25CMP add: fix -reqin option, which requires adding ↵Dr. David von Oheimb1-1/+8
OSSL_CMP_MSG_update_recipNonce() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204) (cherry picked from commit b75d56dee09ac6f1fdb75169da891668cf181066)
2023-03-25apps/cmp.c: make sure that last -reqin argument is actually usedDr. David von Oheimb1-6/+8
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204) (cherry picked from commit d27f73ad31691d81715b4affe01264fa10f5da9e)
2023-03-25CMP app: improve doc and help output on -{req,rsp}{in,out} optionsDr. David von Oheimb1-3/+6
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204) (cherry picked from commit 44190234e4f65038f5b093306779a04e79fbd8cd)
2023-03-25CMP app and doc: improve texts on (un-)trusted certs, srvCert, etc.Dr. David von Oheimb1-2/+2
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20277) (cherry picked from commit d5e50bdf87053d99e8fce50ac57d94bbed571b56)
2023-03-20Include the default iteration count in the help for the enc commandPauli1-3/+12
The only way to discover this otherwise is looking at the code. Fixes #20466 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20471) (cherry picked from commit dc43f080c5d60ef76df4087c1cf53a4bbaad93bd)
2023-03-14Update copyright yearMatt Caswell4-4/+4
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/20508)
2023-03-07Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.slontis1-5/+19
Fixes #19989 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20241) (cherry picked from commit 50ea5cdcb735916591e35a04c1f5a659bf253ddc)
2023-02-13OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled certDr. David von Oheimb1-1/+3
Also add corresponding tests and to this end update credentials Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20160) (cherry picked from commit 6b58f498b3f5d8e4c9197c3c5228fb450e33aaaf)
2023-02-08Fix a potential memory leak in apps/s_server.cbesher1-0/+1
Allocate memory for a new SSL session. If any of these steps fail, free the key memory and the tmpsess object before returning 0 to prevent a memory leak. Fixes: #20110 CLA: trivial Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20213) (cherry picked from commit 8e2552b1eac4957214fed55457f64d7d5164ca37)
2023-01-17pkey: Imply public check if -pubin is specifiedTomas Mraz1-1/+1
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20044) (cherry picked from commit 3b1c0c8f3cd66e80f81a9b7c9810bdada39363f2)
2022-12-21Update copyright yearTomas Mraz2-2/+2
Reviewed-by: Hugo Landau <hlandau@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19944)
2022-12-15Coverity: fix 272011 resource leakPauli1-0/+1
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19900) (cherry picked from commit a167e048a40151f9884014680c9a765ef79c3b44)
2022-12-14Fix openssl storeutl to allow serial + issuerSimo Sorce1-4/+2
storeutl wants to enforce the use of issuer and serial together, however the current code prevents to use them together and returns an error if only one of them is specified. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19856) (cherry picked from commit abdf35158e4398deedcf160c28bd07c7080edf47)
2022-12-12unbuffer stdin before get passwd from stdinwangyuhang1-0/+1
commond LD_LIBRARY_PATH= openssl rsa -aes256 -passout stdin <<< "xxxxxx” will get pass(fun app_get_pass()) from stdin first, and then load key(fun load_key()). but it unbuffer stdin before load key, this will cause the load key to fail. now unbuffer stdin before get pass, this will solve https://github.com/openssl/openssl/issues/19835 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19851) (cherry picked from commit efec0f4611ee854f2b0b3da0c135e839bf8e7d04)
2022-12-05Fix the check of BIO_set_write_buffer_size and BIO_set_read_buffer_sizePeiwei Hu1-2/+2
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19819) (cherry picked from commit 25d02f333b9a5531fa88db294f69a8347f275858)
2022-12-05Fix the checks in rsautl_mainPeiwei Hu1-12/+12
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19819) (cherry picked from commit 4c3fadfe57b94f71fa83786726046b8833997c7c)
2022-12-05Fix build on NonStopTomas Mraz1-2/+2
Fixes #19810 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19811) (cherry picked from commit d861bc03ee2ea9945f2a52f04548398ea0b92f94)
generated by cgit v1.1 at 2024-07-13 09:35:25 +0000