#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
2292c8e1 |
| 10-Mar-2020 |
Richard Levitte |
APPS: Remove all traces of special SM2 treatment. SM2 IDs are now passed entirely as '-pkeyopt', '-sigopt' or '-vfyopt' values, just like any other valid option. Fixes #11293
APPS: Remove all traces of special SM2 treatment. SM2 IDs are now passed entirely as '-pkeyopt', '-sigopt' or '-vfyopt' values, just like any other valid option. Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11302)
show more ...
|
#
6bd4e3f2 |
| 25-Feb-2020 |
Pauli |
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option t
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
show more ...
|
#
075b1f2f |
| 10-Feb-2020 |
Shane Lontis |
Fix coverity issues CID : 1458169 RESOURCE LEAK ffc_params_generate.c - False positive, but addressed another Leak in adjacent code CID : 1458171 UNCHECKED RET apps/pkeyutl.c CID : 1
Fix coverity issues CID : 1458169 RESOURCE LEAK ffc_params_generate.c - False positive, but addressed another Leak in adjacent code CID : 1458171 UNCHECKED RET apps/pkeyutl.c CID : 1458173 DEAD CODE ffc_params_generate.c CID : 1458174 RESOURCE LEAK ssl_lib.c Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11048)
show more ...
|
#
5388f986 |
| 07-Nov-2019 |
Rich Salz |
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore s
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore section headers Reformat ts's additional help Add output section Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9953)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
5ffc3324 |
| 29-Aug-2019 |
Matt Caswell |
Fix pkeyutl -verifyrecover When performing a pkeyutl -verifyrecover operation the input file is not a hash - it is the signature itself. Therefore don't do the check to make sure it
Fix pkeyutl -verifyrecover When performing a pkeyutl -verifyrecover operation the input file is not a hash - it is the signature itself. Therefore don't do the check to make sure it looks like a hash. Fixes #9658 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9731)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
df09b6b5 |
| 07-Apr-2019 |
Shane Lontis |
coverity resource leak fixes in apps/pkeyutl Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/
coverity resource leak fixes in apps/pkeyutl Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8691)
show more ...
|
#
93b1e74c |
| 16-Mar-2019 |
Richard Levitte |
Fix no-posix-io 'openssl pkeyutl' uses stat() to determine the file size when signing using Ed25519/Ed448, and this was guarded with OPENSSL_NO_POSIX_IO. It is however arguable
Fix no-posix-io 'openssl pkeyutl' uses stat() to determine the file size when signing using Ed25519/Ed448, and this was guarded with OPENSSL_NO_POSIX_IO. It is however arguable if stat() is a POSIX IO function, considering that it doesn't use file descriptors, and even more so since we use stat() elsewhere without that guard. This will allow test/recipes/20-test_pkeyutl.t to be able to do its work for Ed25519/Ed448 signature tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8498)
show more ...
|
#
ee633ace |
| 07-Mar-2019 |
Matt Caswell |
Enable pkeyutl to use Ed448 and Ed25519 With the recent addition of the -rawin option it should be possible for pkeyutl to sign and verify with Ed448 and Ed2559. The main remaining s
Enable pkeyutl to use Ed448 and Ed25519 With the recent addition of the -rawin option it should be possible for pkeyutl to sign and verify with Ed448 and Ed2559. The main remaining stumbling block is that those algorirthms only support "oneshot" operation. This commit enables pkeyutl to handle that. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8431)
show more ...
|
#
ed86f884 |
| 28-Feb-2019 |
Matt Caswell |
Fix no-ec, no-sm2 and no-sm3 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8372)
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
a7cef52f |
| 16-Jan-2019 |
Paul Yang |
Support raw input data in apps/pkeyutl Some signature algorithms require special treatment for digesting, such as SM2. This patch adds the ability of handling raw input data in apps/
Support raw input data in apps/pkeyutl Some signature algorithms require special treatment for digesting, such as SM2. This patch adds the ability of handling raw input data in apps/pkeyutl other than accepting only pre-hashed input data. Beside, SM2 requries an ID string when signing or verifying a piece of data, this patch also adds the ability for apps/pkeyutil to specify that ID string. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8186)
show more ...
|
#
dffa7520 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in apps/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7765)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
9d1bf5f7 |
| 01-Aug-2017 |
Johannes Bauer |
Add option to read pkeyopts interactively This patch adds the ability to interactively enter passphrases for the pkeyutl application. For example, you could use $ openssl pkeyut
Add option to read pkeyopts interactively This patch adds the ability to interactively enter passphrases for the pkeyutl application. For example, you could use $ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5 -pkeyopt_passin secret -pkeyopt_passin seed To have the "secret" and "seed" values read interactively from keyboard (with hidden input). Alternatively, the pass phrase argument syntax is also supported, e.g.: $ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5 -pkeyopt_passin secret:stdin -pkeyopt_passin seed:env:SEEDVAR To have "secret" read from stdin and "seed" from the environment variable SEEDVAR. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5697)
show more ...
|
#
a0abb6a1 |
| 17-May-2018 |
Matt Caswell |
Add a sanity check on the length of pkeyutl inputs When signing or verifying a file using pkeyutl the input is supposed to be a hash. Some algorithms sanity check the length of the input
Add a sanity check on the length of pkeyutl inputs When signing or verifying a file using pkeyutl the input is supposed to be a hash. Some algorithms sanity check the length of the input, while others don't and silently truncate. To avoid accidents we check that the length of the input looks sane. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6284)
show more ...
|
#
f6add6ac |
| 21-Jul-2017 |
Johannes Bauer |
Make pkeyutl a bit more user-friendly Give meaningful error messages when the user incorrectly uses pkeyutl. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt
Make pkeyutl a bit more user-friendly Give meaningful error messages when the user incorrectly uses pkeyutl. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3987)
show more ...
|
#
6738bf14 |
| 13-Feb-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
dab2cd68 |
| 31-Jan-2018 |
Richard Levitte |
apps: Don't include progs.h in apps.h Everything in apps includes apps.h, because that one declares apps internal library routines. However, progs.h doesn't declare library routines
apps: Don't include progs.h in apps.h Everything in apps includes apps.h, because that one declares apps internal library routines. However, progs.h doesn't declare library routines, but rather the main commands and their options, and there's no reason why the library modules should include it. So, remove the inclusion of progs.h from apps.h and add that inclusion in all command source files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5222)
show more ...
|
#
b15d5ab6 |
| 02-Aug-2017 |
Dr. Stephen Henson |
Allow use of long name for KDFs Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4079)
|
#
3ee1eac2 |
| 05-Jul-2017 |
Rich Salz |
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file Always writes to the file on exit For apps that use a config file, the RANDFILE config parameter reads the file at startup (to seed the RNG) and write to it on exit if the -writerand flag isn't used. Ensured that every app that took -rand also took -writerand, and made sure all of that agreed with all the documentation. Fix error reporting in write_file and -rand Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3862)
show more ...
|
#
2234212c |
| 12-Jun-2017 |
Paul Yang |
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c |
|
#
dd1abd44 |
| 28-Sep-2016 |
Richard Levitte |
If an engine comes up explicitely, it must also come down explicitely In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately
If an engine comes up explicitely, it must also come down explicitely In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it's a built in engine), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1643)
show more ...
|
Revision tags: OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13, OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4 |
|
#
44c83ebd |
| 13-Mar-2016 |
FdaSilvaYY |
Constify command options Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from ht
Constify command options Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1694)
show more ...
|
#
cc696296 |
| 04-Aug-2016 |
FdaSilvaYY |
Constify char* input parameters in apps code Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
846e33c7 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 01/10 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
#
16e1b281 |
| 20-Mar-2016 |
FdaSilvaYY |
GH932: Add more help messages to some apps options. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
|