summaryrefslogtreecommitdiff
path: root/apps/lib
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright yearTomas Mraz2022-12-011-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19803)
* OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVsDr. David von Oheimb2022-11-251-1/+1
| | | | | | | | | | | Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216) (cherry picked from commit 1c04866c671db4a6db0a1784399b351ea061bc16)
* apps & al : Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY2022-11-231-2/+2
| | | | | | | | | | | | | | Mostly revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059) (cherry picked from commit 9929c81702381bff54f833d6fe0a3304f4e2b635)
* Remove duplicated #include headersJHH202022-11-211-1/+0
| | | | | | | | | | | CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220) (cherry picked from commit e257d3e76ffb848b7607b04057257323dc51c3b4)
* Drop explicit check for engines in opt_legacy_okaySimo Sorce2022-11-161-8/+0
| | | | | | | | | | | | | | | | | | The providers indication should always indicate that this is not a legacy request. This makes a check for engines redundant as the default return is that legacy is ok if there are no explicit providers. Fixes #19662 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19671) (cherry picked from commit 2fea56832780248af2aba2e4433ece2d18428515)
* APPS load_key_certs_crls(): Make file access errors much more readableDr. David von Oheimb2022-11-091-75/+68
| | | | | | | | | | This reverts part of commit ef0449135c4e4e7f using a less invasive suppression. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16452) (cherry picked from commit 6e2499474cb96b28a51df1da25cc72f1cf342fad) Reviewed-by: Hugo Landau <hlandau@openssl.org>
* Revise s_client and s_server verbiage re secure renegotiation.Felipe Gasper2022-11-091-1/+14
| | | | | | | | | | | | | | Since TLS v1.3 eschews renegotiation entirely it’s misleading to have these apps say it’s “not supported” when in fact the TLS version is new enough not to need renegotiation at all. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16937) (cherry picked from commit af5e63e1e3300f784f302a5d3309bf673cc08894)
* Checking the return of BIO_new_fp(). If it returns NULL, then it is ↵xkernel2022-10-241-1/+4
| | | | | | | | | | | unnecessary to build the BIO chain and better make the caller directly return NULL Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19445) (cherry picked from commit fb03e6145961005a6db011d2f36660d2eed734e2)
* Update copyright yearMatt Caswell2022-10-111-1/+1
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19382)
* Fix verify_callback in the openssl s_client/s_server appDmitry Belyavskiy2022-07-201-10/+16
| | | | | | | | | | | | We need to check that error cert is available before printing its data Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18805) (cherry picked from commit fad0f80eff188ef938fed614245a56ed56110deb)
* APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use ↵Dr. David von Oheimb2022-07-141-4/+14
| | | | | | | | | | | | | random serial. Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18373) (cherry picked from commit ec8a3409487c871b440fa52bff7c3ef33378494a)
* app_http_tls_cb(): fix crash on inconsistency w.r.t. use of TLSDr. David von Oheimb2022-07-061-1/+8
| | | | | | | | | | | This happens if use_ssl is not set but an SSL_CTX is provided. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18674) (cherry picked from commit 96e13a1679872d879683346c1e09ca227f77efb0)
* Fix the checks of X509_LOOKUP_* functionsPeiwei Hu2022-06-231-3/+3
| | | | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18400) (cherry picked from commit e22ea36fa8296b402348da8f5ab5e258be8402cf)
* Have set_dateopt() return 1 on success to make -dateopt workHartmut Holzgraefe2022-06-161-1/+3
| | | | | | | | Fixes #18553 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18554)
* Update copyright yearMatt Caswell2022-05-033-3/+3
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* str[n]casecmp => OPENSSL_strncasecmpDmitry Belyavskiy2022-04-215-18/+16
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18103)
* Update copyright yearMatt Caswell2022-03-153-3/+3
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* check return value of functions that call BIO_new() internallyxkernel2022-03-141-1/+7
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17821)
* Set protocol in init_client()Todd Short2022-03-101-1/+1
| | | | | | | | | | | If TCP is being used, protocol = 0 is passed to init_client(), then protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17838) (cherry picked from commit 54b6755702309487ea860e1cc3e60ccef4cf7878)
* Fix copyrightsTodd Short2022-02-031-1/+1
| | | | | | | | | | | Add copyright to files that were missing it. Update license from OpenSSL to Apache as needed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17606) (cherry picked from commit 9d987de3aabe54e65a55649a61953966f33b070b)
* coverity 1497107: dereference after null checkPauli2022-01-141-3/+6
| | | | | | | | | Add null checks to avoid dereferencing a pointer that could be null. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17488)
* app_http_tls_cb: Fix double-free in case TLS not usedDr. David von Oheimb2022-01-041-8/+11
| | | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17400) (cherry picked from commit 97b8c859c64bc60fcf5bb27ed51489c81fde41b3)
* HTTP client: Work around HTTPS proxy use bug due to callback design flawDr. David von Oheimb2022-01-041-4/+10
| | | | | | | | | | | | See discussion in #17088, where the real solution was postponed to 4.0. This preliminarily fixes the issue that the HTTP(S) proxy environment vars were neglected when determining whether a proxy should be used for HTTPS. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17310) (cherry picked from commit 068549f8db6d792a88bb888118001c4582f79074)
* HTTP client: Fix cleanup of TLS BIO via 'bio_update_fn' callback functionDr. David von Oheimb2021-12-221-13/+20
| | | | | | | | | | Make app_http_tls_cb() tidy up on disconnect the SSL BIO it pushes on connect. Make OSSL_HTTP_close() respect this. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17318) (cherry picked from commit cdaf072f90399efb9e8e19ee4f387d1425f12274)
* Update copyright yearMatt Caswell2021-12-141-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* s_cb.c: check the return value of X509_get0_pubkey()x20182021-12-021-11/+29
| | | | | | | | | | | | Check is done to prevent wrong memory access by EVP_PKEY_get0_asn1() Also fix wrong coding style in the s_cb.c file. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17176) (cherry picked from commit 5fae09f3d8da7c182c6cfb6a295dcfd15ae828ae)
* Return -1 properly from do_X509_REQ_verify and do_X509_verifyPW Hu2021-11-291-3/+15
| | | | | | | | Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17001) (cherry picked from commit bc42cf51c8b2a22282bb3cdf6303e230dc7b7873)
* check the return value of OPENSSL_strdup(CRYPTO_strdup) in ↵x20182021-11-251-1/+7
| | | | | | | | | | apps/lib/app_rand.c:32 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17124) (cherry picked from commit 3e0441520b9a349dc50662919ea18f03dfc0d624)
* check the return value of OPENSSL_strdup(CRYPTO_strdup) to prevent potential ↵x20182021-11-251-0/+2
| | | | | | | | | | memory access error Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17113) (cherry picked from commit b9648f31a4917b8594caebda3e6d8d313514fe24)
* check the return value of OPENSSL_strdup to prevent potential memory access ↵x20182021-11-251-1/+1
| | | | | | | | | | | error Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17110) (cherry picked from commit dc7e42c6a12637bae1660561d3f4cef039001475)
* Avoid using undefined value in generate_stateless_cookie_callbackBernd Edlinger2021-08-251-1/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16384)
* APPS: Fix result type of dump_cert_text() and behavior of print_name() on ↵Dr. David von Oheimb2021-08-251-5/+3
| | | | | | | | out==NULL Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16344)
* Redefine getpid() -> _getpid() only for MSVCTanzinul Islam2021-07-311-5/+5
| | | | | | | | | This was introduced in 814b5133e for MSVC. C++Builder doesn't need it. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16192)
* apps: Use the first detected address family if IPv6 is not availableDaiki Ueno2021-07-161-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | This is a follow up of 15729bef385211bc2a0497e2d53a45c45d677d2c. Even when the host does not support IPv6 at all, BIO_lookup_ex may now return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of the ai_next field. After eee8a40aa5e06841eed6fa8eb4f6109238d59aea, the do_server function prefers the IPv6 address and fails on the BIO_socket call. This adds a fallback code to retry with the IPv4 address returned as the first element to avoid the error. The failure had been partially avoided in the previous code with AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no IPv6 address is associated with external interface. However, it would be still a problem if the external interface has an IPv6 address assigned, while the loopback interface doesn't. Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16074)
* apps: avoid using POSIX IO macros and functions when built without them.Pauli2021-07-141-13/+23
| | | | | | | | | | Fall back to stdio functions if not available. Fixes a daily run-checker failure (no-posix-io) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16073)
* app: add library context and propq arguments to opt_md() and opt_cipher()Pauli2021-07-121-5/+14
| | | | | | | Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* apps: add a function opt_legacy_okay() that indicates if legacy paths are ↵Pauli2021-07-121-0/+32
| | | | | | | | | | | permitted or not By default they are. However, if a provider, provider path or a property query has been specified they are not. Likewise, if a library context or a property query has been specified by the command, they are not. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* apps: add query to allow a command to know of a provider command line option ↵Pauli2021-07-121-0/+13
| | | | | | | | | | | | | | | | | was processed Better fixing: Fixing #15683 Fixing #15686 Replacing rather than fixing: Fixing #15414 Since that claims to fix another: Fixing #15372 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* load_key_certs_crls: Avoid reporting any spurious errorsTomas Mraz2021-07-021-9/+3
| | | | | | | | | | | When there is other PEM data in between certs the OSSL_STORE_load returns NULL and reports error. Avoid printing that error unless there was nothing read at all. Fixes #15945 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15949)
* cmp_mock_srv.c: Add missing OldCertID check for 'kur' cert update requestsDr. David von Oheimb2021-06-301-0/+23
| | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15790)
* Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()Richard Levitte2021-06-231-14/+14
| | | | | | | | | Fixes #15839 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15861)
* cmp_mock_srv.c: Fix polling mode such that it can be done multiple timesDr. David von Oheimb2021-06-231-6/+22
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15848)
* APPS: Make fallback opt_[u]intmax() implementations based on longRichard Levitte2021-06-221-5/+40
| | | | | | | | Also ensure that opt_intmax() and opt_uintmax() does the right thing if sizeof([u]intmax_t) is smaller than sizeof(ossl_[u]intmax_t). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15825)
* Update copyright yearMatt Caswell2021-06-171-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
* X509_digest_sig(): Improve default hash for EdDSA and allow to return the ↵Dr. David von Oheimb2021-06-161-1/+1
| | | | | | | | chosen default Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15762)
* apps: limit get_cipher() to not return AEAD or XTS ciphersPauli2021-06-161-6/+37
| | | | | | | | | Add a get_cipher_any() function to access these in addition to more normal ciphers Fixes #7720 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15747)
* apps: move global libctx and property query into their own filePauli2021-06-153-42/+51
| | | | | | | The header has been split out so the functions should be as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* add libctx and property query to fetch functionsPauli2021-06-151-0/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* Add support for ISO 8601 datetime formatWilliam Edmisten2021-06-111-0/+9
| | | | | | | | | | | | | | Fixes #5430 Added the configuration file option "date_opt" to the openssl applications ca, crl and x509. Added ASN1_TIME_print_ex which supports the new datetime format using the flag ASN1_DTFLGS_ISO8601 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14384)
* apps/lib/s_socket.c: Alias getpid with _getpid for _WIN32Richard Levitte2021-06-111-0/+9
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15710)
View Lorry Controller Status