summaryrefslogtreecommitdiff
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* CMP client: fix error response on -csr without private key, also in docsDr. David von Oheimb2023-05-121-2/+17
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
* apps/openssl.cnf: fix reference to insta.ca.crtDr. David von Oheimb2023-05-122-4/+4
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
* restrict rsaBITS algorithm name check in speedMichael Baentsch2023-05-111-13/+19
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20898)
* CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFODr. David von Oheimb2023-05-101-3/+9
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034)
* CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port)Dr. David von Oheimb2023-05-102-3/+7
| | | | | | | | | Fixes #20031 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034)
* Don't attempt a QUIC connection without specifying ALPNMatt Caswell2023-05-081-0/+4
| | | | | | | | | ALPN is required for a successful QUIC connection, so do not allow the -quic option for s_client without -alpn Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20580)
* Add the ability to send FIN on a QUIC stream from s_clientMatt Caswell2023-05-081-4/+25
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20580)
* Add QUIC support to s_clientMatt Caswell2023-05-083-30/+125
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20580)
* feature: openssl req -verify output to stderr instead of stdout #20728Rajarshi Karmakar2023-05-041-1/+1
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20858)
* apps: silent warning when loading CSR files with vfyopt optionTianjia Zhang2023-05-036-9/+12
| | | | | | | | | | | | | | | | | When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear: Warning: CSR self-signature does not match the contents This happens especially when the SM2 algorithm is used and the distid parameter is added. Pass the vfyopts parameter to the do_X509_REQ_verify() function to eliminate the warning message. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20799)
* speed.c: remove unused num print_message argsReinhard Urban2023-05-031-95/+44
| | | | | | | | | | these num args went unused with the removal of the ifndef SIGALRM branches, commit ee1d7f1d25ef24f111f13dc742474cd9c39c2753 Feb 2021 PR #14228 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20795)
* APPS/cmp: prevent HTTP client failure on -rspin option with too few filenamesDr. David von Oheimb2023-04-281-22/+47
| | | | | | | | | | | | | | The logic for handling inconsistent use of -rspin etc., -port, -server, and -use_mock_srv options proved faulty. This is fixed here, updating and correcting also the documentation and diagnostics of the involved options. In particular, the case that -rspin (or -rspout. reqin, -reqout) does not provide enough message file names was not properly described and handled. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20295)
* APPS: make sure the -CAfile argument can be in DER formatDr. David von Oheimb2023-04-271-2/+6
| | | | | | | | Note that PKCS#12 input is still not supported here- Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18917)
* apps/smime: Point out that the six operations are mutually exclusive and add ↵Dr. David von Oheimb2023-04-271-8/+40
| | | | | | | | check Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18917)
* apps/ocsp: Tweak some places to make clear they refer to *lists* of certsDr. David von Oheimb2023-04-271-6/+6
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18917)
* Replace use of strstr with strchrMatt Caswell2023-04-241-3/+3
| | | | | | | | It is better to use strchr where we are looking for a single character. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20788)
* Coverity 1524619: unexpected control flowMatt Caswell2023-04-241-2/+3
| | | | | | | | | Using "continue" in a do...while(0) loop is pointless. The original intent was that the loop would continue to a second iteration in this case. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20788)
* fipsinstall: add -pedantic optionPauli2023-04-201-39/+64
| | | | | | | | | | This adds a -pedantic option to fipsinstall that adjusts the various settings to ensure strict FIPS compliance rather than backwards compatibility. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20752)
* crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210Dr. David von Oheimb2023-04-181-12/+5
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20298)
* List also non-fetchable hashes in openssl dgst -listGauriSpears2023-04-141-2/+5
| | | | | | | | CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20651)
* Provider-based KEM and SIG alg speed testing addedMichael Baentsch2023-03-311-27/+895
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19968)
* Add a new advanced command mode to s_clientMatt Caswell2023-03-301-36/+329
| | | | | | | | | | | | | | | | | | | | | | | | | The s_client command mode just looks at the first letter on a line and if it is one that maps to a "command" then that command is executed and everything else on the line is ignored. This means it is impossible to send anything over s_client that starts with one of the "magic" letters unless you switch off command processing entirely. With the forthcoming quic support that will be added to s_client we expect a significant new number of commands being added (for example to send fin on a stream, or to list or swap between different streams, etc). This will use up more "letters" and reduces the usability of s_client. This PR adds a new "advanced" command processing mode. Commands are enclosed in braces {}, and can appear anywhere in the text typed into s_client. A brace can be escaped by sending a double {{. This gives much more flexibility without reducing the usability of s_client. Commands can also have "arguments" which also extends the scope of what they can be used for. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20566)
* remove DSA512 from speed testingMichael Baentsch2023-03-301-3/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20603)
* Let fipsinstall know about DRBG digiest limitingPauli2023-03-291-5/+19
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20521)
* RFC7250 (RPK) supportTodd Short2023-03-283-17/+105
| | | | | | | | | | | | | | Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
* apps/lib/http_server.c: improve diagnostics, e.g., on port number already in useDr. David von Oheimb2023-03-251-31/+32
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19947)
* CMP add: fix -reqin option, which requires adding ↵Dr. David von Oheimb2023-03-251-1/+8
| | | | | | | | | OSSL_CMP_MSG_update_recipNonce() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
* apps/cmp.c: make sure that last -reqin argument is actually usedDr. David von Oheimb2023-03-251-6/+8
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
* CMP app: improve doc and help output on -{req,rsp}{in,out} optionsDr. David von Oheimb2023-03-251-3/+6
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
* Added tests and updated helpAleksey Sanin2023-03-231-4/+3
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19898)
* Add an option to specify number of bits in the subprime (q) when generating ↵Aleksey Sanin2023-03-231-3/+16
| | | | | | | | DSA keys Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19898)
* Include the default iteration count in the help for the enc commandPauli2023-03-201-3/+12
| | | | | | | | | | The only way to discover this otherwise is looking at the code. Fixes #20466 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20471)
* providers: add Argon2 KDFČestmír Kalina2023-03-171-0/+3
| | | | | | | | | | https://datatracker.ietf.org/doc/rfc9106/ Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12256)
* Avoid erroneous diagnostics in speed measuringDmitry Belyavskiy2023-03-151-2/+2
| | | | | | | | Fixes #20291 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20306)
* apps/x509 etc.: allow private key input when public key is expectedDr. David von Oheimb2023-03-145-62/+62
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19076)
* apps/{dsa,ec,rsa,pkey}.c: harmonize coding w.r.t. 'pubin' variableDr. David von Oheimb2023-03-143-7/+3
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19076)
* Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.slontis2023-03-071-5/+19
| | | | | | | | Fixes #19989 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20241)
* first cut at sigalg loadingMichael Baentsch2023-02-241-1/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19312)
* Add help for pkeyopt values for the genpkey commandline app.slontis2023-02-231-0/+45
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19931)
* OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled certDr. David von Oheimb2023-02-131-1/+3
| | | | | | | | | Also add corresponding tests and to this end update credentials Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20160)
* cmp_client_test.c: add tests for errors reported by server on subsequent ↵Dr. David von Oheimb2023-02-083-10/+19
| | | | | | | | requests in a transaction Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
* CMP app and doc: improve texts on (un-)trusted certs, srvCert, etc.Dr. David von Oheimb2023-02-081-2/+2
| | | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19946)
* Fix a potential memory leak in apps/s_server.cbesher2023-02-081-0/+1
| | | | | | | | | | | | | | | | | Allocate memory for a new SSL session. If any of these steps fail, free the key memory and the tmpsess object before returning 0 to prevent a memory leak. Fixes: #20110 CLA: trivial Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20213)
* Enable some disabled __owursDmitry Belyavskiy2023-02-072-32/+45
| | | | | | | | | Fixes #15902 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/15905)
* APPS/{storeutl,gendsa}: give error on extra arguments, improve docDr. David von Oheimb2023-02-021-2/+7
| | | | | | | | Point out that options must be given before the final file/URI arg. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20156)
* APPS load_key_certs_crls(): improve diagnostics on not finding expected ↵Dr. David von Oheimb2023-02-021-1/+3
| | | | | | | | types of contents Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20156)
* APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is givenDr. David von Oheimb2023-01-245-12/+15
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
* apps/req.c: properly report parse errors by duplicated(); simplify the functionDr. David von Oheimb2023-01-241-11/+14
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
* Typos fixingFdaSilvaYY2023-01-241-3/+3
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20109)
* Fix windows buildsFdaSilvaYY2023-01-243-11/+11
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20109)
View Lorry Controller Status