Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

Ensure ciphers command honours -propquery

Any propquery passed via the -propquery option to the ciphers command was
being ignored.

Reviewed-by: Tomas Mraz <tomas@openssl.org>

Ensure ciphers command honours -propquery

Any propquery passed via the -propquery option to the ciphers command was
being ignored.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17595)

show more ...

APPS: Improve diagnostics on missing/extra args and unknown cipher/digest

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16450)

apps/ciphers: Fix wrong return value when using -convert parameter

Command 'openssl ciphers -convert <name>' always returns failure,
this patch set the correct return value.

Sig

apps/ciphers: Fix wrong return value when using -convert parameter

Command 'openssl ciphers -convert <name>' always returns failure,
this patch set the correct return value.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16383)

show more ...

APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)

Deprecate the libssl level SRP APIs

The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.

Re

Deprecate the libssl level SRP APIs

The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)

show more ...

Check non-option arguments

Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.

Made all error messages consistent

Check non-option arguments

Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.

Made all error messages consistent (which is to say, minimal).

Fixes: #13527

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13563)

show more ...

Fix safestack issues in ssl.h

We fix 3 problems with safestack:
- Including an openssl header file without linking against libcrypto
can cause compilation failures (even if the app

Fix safestack issues in ssl.h

We fix 3 problems with safestack:
- Including an openssl header file without linking against libcrypto
can cause compilation failures (even if the app does not otherwise need
to link against libcrypto). See issue #8102
- Recent changes means that applications in no-deprecated builds will need
to include additional macro calls in the source code for all stacks that
they need to use - which is an API break. This changes avoids that
necessity.
- It is not possible to write code using stacks that works in both a
no-deprecated and a normal build of OpenSSL. See issue #12707.

Fixes #12707
Contains a partial fix for #8102. A similar PR will be needed for hash to
fully fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...

In OpenSSL builds, declare STACK for datatypes ...

... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds

In OpenSSL builds, declare STACK for datatypes ...

... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds
and not non-deprecated builds.

Deprecate stack-of-block

Better documentation

Move some ASN1 struct typedefs to types.h

Update ParseC to handle this. Most of all, ParseC needed to be more
consistent. The handlers are "recursive", in so far that they are called
again and again until they terminate, which depends entirely on what the
"massager" returns. There's a comment at the beginning of ParseC that
explains how that works. {Richard Levtte}

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10669)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)

cmdline app: add provider commandline options.

Add a -provider option to allow providers to be loaded. This option can be
specified multiple times.

Add a -provider_path option t

cmdline app: add provider commandline options.

Add a -provider option to allow providers to be loaded. This option can be
specified multiple times.

Add a -provider_path option to allow the path to providers to be specified.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11167)

show more ...

Document command parameters.

Add documentation for all commands that have parameters.
Fix a couple of minor doc and programming bugs, too.

Fixes #10313

Reviewed-by: Pau

Document command parameters.

Add documentation for all commands that have parameters.
Fix a couple of minor doc and programming bugs, too.

Fixes #10313

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10371)

show more ...

Add "sections" to -help output

Remove "Valid options" label, since all commands have sections (and
[almost] always the first one is "General options").
Have "list --options" ignore s

Add "sections" to -help output

Remove "Valid options" label, since all commands have sections (and
[almost] always the first one is "General options").
Have "list --options" ignore section headers
Reformat ts's additional help

Add output section

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9953)

show more ...

Use fixed length for formatting standard cipher names

Example with patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SH

Use fixed length for formatting standard cipher names

Example with patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```

Example without patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```

CLA: Trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8999)

show more ...

Following the license change, modify the boilerplates in apps/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7765)

Split configuration of TLSv1.3 ciphers from older ciphers

With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites ca

Split configuration of TLSv1.3 ciphers from older ciphers

With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites causing connections to
fail. This is confusing for users.

In reality TLSv1.3 are quite different to older ciphers. They are much
simpler and there are only a small number of them so, arguably, they don't
need the same level of control that the older ciphers have.

This change splits the configuration of TLSv1.3 ciphers from older ones.
By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable
them through your existing config.

Fixes #5359

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>

apps: Don't include progs.h in apps.h

Everything in apps includes apps.h, because that one declares apps
internal library routines. However, progs.h doesn't declare library
routines

apps: Don't include progs.h in apps.h

Everything in apps includes apps.h, because that one declares apps
internal library routines. However, progs.h doesn't declare library
routines, but rather the main commands and their options, and there's
no reason why the library modules should include it.

So, remove the inclusion of progs.h from apps.h and add that inclusion
in all command source files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5222)

show more ...

Consistent formatting for sizeof(foo)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4872)

Support converting cipher name to RFC name and vice versa

Fixes: issue #3747

make SSL_CIPHER_standard_name globally available and introduce a new
function OPENSSL_cipher_name.

Support converting cipher name to RFC name and vice versa

Fixes: issue #3747

make SSL_CIPHER_standard_name globally available and introduce a new
function OPENSSL_cipher_name.

A new option '-convert' is also added to 'openssl ciphers' app.

Documentation and test cases are added.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3859)

show more ...

Clean up a bundle of codingstyle stuff in apps directory

Mostly braces and NULL pointer check and also copyright year bump

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Clean up a bundle of codingstyle stuff in apps directory

Mostly braces and NULL pointer check and also copyright year bump

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3657)

show more ...

Add the SSL_METHOD for TLSv1.3 and all other base changes required

Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

T

Add the SSL_METHOD for TLSv1.3 and all other base changes required

Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

Constify command options

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from ht

Constify command options

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1694)

show more ...

Add missing break statement

The -psk option processing was falling through to the -srp option
processing in the ciphers app.

Reviewed-by: Richard Levitte <levitte@openssl.org>