#
51e5df0e |
| 08-Feb-2021 |
Rich Salz |
Load rand state after loading providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
Load rand state after loading providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
#
33720392 |
| 07-Jan-2021 |
Dr. David von Oheimb |
APPS: Fix confusion between program and app/command name used in diagnostic/help output Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/
APPS: Fix confusion between program and app/command name used in diagnostic/help output Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13799)
show more ...
|
#
021410ea |
| 28-Nov-2020 |
Rich Salz |
Check non-option arguments Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent
Check non-option arguments Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent (which is to say, minimal). Fixes: #13527 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13563)
show more ...
|
#
c39f4353 |
| 26-Oct-2020 |
Daiki Ueno |
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewe
openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13245)
show more ...
|
#
50eb2a50 |
| 16-Sep-2020 |
Dr. David von Oheimb |
load_key_certs_crls(): Restore output of fatal errors Also improve credentials loading diagnostics for many apps. Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.
load_key_certs_crls(): Restore output of fatal errors Also improve credentials loading diagnostics for many apps. Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
show more ...
|
#
d8025f4a |
| 13-Sep-2020 |
Matt Caswell |
Correctly display the signing/hmac algorithm in the dgst app In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce output like this: HMAC-SHA1(README.md)= 55315
Correctly display the signing/hmac algorithm in the dgst app In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce output like this: HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1 Prior to this change master would instead display this like so: SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1 The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get the algorithm name from the EVP_PKEY. This doesn't work with provider based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name() function, and an equivalent EVP_KEYMGMT_get0_first_name() function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12850)
show more ...
|
#
b8e56228 |
| 10-Sep-2020 |
Matt Caswell |
Don't send -1 as the length of the hmac key The dgst app was using an undocumented behaviour in the EVP_PKEY_new_raw_private_key() function when setting a key length for a MAC. The o
Don't send -1 as the length of the hmac key The dgst app was using an undocumented behaviour in the EVP_PKEY_new_raw_private_key() function when setting a key length for a MAC. The old EVP_PKEY to MAC bridge, probably by accident, converts a -1 length to a strlen() call, by virtue of the fact that it eventually calls ASN1_STRING_set() which has this feature. As noted above this is undocumented, and unexpected since the len parameter to EVP_PKEY_new_raw_private_key() is an unsigned value (size_t). In the old bridge it was later (silently) cast to an int, and therefore the original -1 value was restored. This only works because sizeof(int) <= sizeof(size_t). If we ever run on a platform where sizeof(int) > sizeof(size_t) then it would have failed. The behaviour also doesn't hold for EVP_PKEY_new_raw_private_key() in general - only when the old MAC bridge was in use. Rather than restore the original behaviour I think it is best to simply fix the dgst app to not assume it exists. We should not bake in this backwards and inconsistent behaviour. Fixes #12837 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12850)
show more ...
|
#
24c4ea95 |
| 03-Sep-2020 |
Matt Caswell |
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
7c9a7cf1 |
| 16-Jun-2020 |
Shane Lontis |
Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 Fixes #11863 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 Fixes #11863 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12162)
show more ...
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
6d382c74 |
| 06-May-2020 |
Dr. David von Oheimb |
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755)
show more ...
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
852c2ed2 |
| 19-Dec-2019 |
Rich Salz |
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
6bd4e3f2 |
| 25-Feb-2020 |
Pauli |
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option t
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
show more ...
|
#
0a054d2a |
| 09-Jan-2020 |
Richard Levitte |
APPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible Some uses were going against documented recommendations. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged f
APPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible Some uses were going against documented recommendations. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10798)
show more ...
|
#
92de469f |
| 20-Sep-2019 |
Rich Salz |
Document command parameters. Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: Pau
Document command parameters. Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10371)
show more ...
|
#
5388f986 |
| 07-Nov-2019 |
Rich Salz |
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore s
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore section headers Reformat ts's additional help Add output section Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9953)
show more ...
|
#
7c2d95d4 |
| 28-Oct-2019 |
Pavel Karagodin |
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick St
apps/dgst.c: allocate a new signature buffer ... if the fixed-size buffer is too small. Fixes #9732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/10276)
show more ...
|
#
f62d67b6 |
| 16-Sep-2019 |
agnosticdev |
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Me
Update dgst.c to show a list of message digests Fixes #9893 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9912)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
8ed7bbb4 |
| 22-Aug-2019 |
Richard Levitte |
openssl dgst, openssl enc: check for end of input The input reading loop in 'openssl dgst' and 'openssl enc' doesn't check for end of input, and because of the way BIO works, it thereby
openssl dgst, openssl enc: check for end of input The input reading loop in 'openssl dgst' and 'openssl enc' doesn't check for end of input, and because of the way BIO works, it thereby won't detect that the end is reached before the read is an error. With the FILE BIO, an error occurs when trying to read past EOF, which is fairly much ok, except when the command is used interactively, at least on Unix. The result in that case is that the user has to press Ctrl-D twice for the command to terminate. The issue is further complicated because both these commands use filter BIOs on top of the FILE BIO, so a naïve attempt to check BIO_eof() doesn't quite solve it, since that only checks the state of the source/sink BIO, and the filter BIO may have some buffered data that still needs to be read. Fortunately, there's BIO_pending() that checks exactly that, if any filter BIO has pending data that needs to be processed. We end up having to check both BIO_pending() and BIO_eof(). Thanks to Zsigmond Lőrinczy for the initial effort and inspiration. Fixes #9355 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9668)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
f3448f54 |
| 30-Mar-2019 |
Pauli |
issue-8493: Fix for filenames with newlines using openssl dgst The output format now matches coreutils *dgst tools. [ edited to remove trailing white space ] Reviewed-by: R
issue-8493: Fix for filenames with newlines using openssl dgst The output format now matches coreutils *dgst tools. [ edited to remove trailing white space ] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8578)
show more ...
|
#
7ed4b97b |
| 29-Mar-2019 |
Richard Levitte |
openssl dgst: show MD name at all times When 'openssl dgst' is called with a MD alias (such as sha256) and no further arguments (i.e. input is taken from stdin), the MD name wasn't s
openssl dgst: show MD name at all times When 'openssl dgst' is called with a MD alias (such as sha256) and no further arguments (i.e. input is taken from stdin), the MD name wasn't shown. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8609)
show more ...
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
dffa7520 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in apps/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7765)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5 |
|
#
e65c959f |
| 05-Apr-2018 |
Matt Caswell |
Add a note and better error if using Ed25519/Ed448 in dgst Fixes #5873 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5880)
|
Revision tags: OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
#
f929439f |
| 15-Mar-2018 |
Matt Caswell |
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key() Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by: Richard Levitte <lev
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key() Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
show more ...
|