Commit graph

1528 commits

Author SHA1 Message Date
Dr. Stephen Henson
00cebd1131 To avoid possible time_t overflow use X509_time_adj_ex()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit 9aa00b187a)

Conflicts:
	apps/x509.c
2016-01-14 03:04:31 +00:00
Viktor Dukhovni
737d57d072 Fix X509_STORE_CTX_cleanup()
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-04 21:50:01 -05:00
Richard Levitte
e961c7a201 Remove the "eay" c-file-style indicators
Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.

Reviewed-by: Ben Laurie <ben@openssl.org>
2015-12-18 13:13:31 +01:00
Matt Caswell
84d0c40f3f Fix missing malloc return value checks
During work on a larger change in master a number of locations were
identified where return value checks were missing. This backports the
relevant fixes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 903738ac63)

Conflicts:
	crypto/cms/cms_sd.c
2015-11-09 23:00:37 +00:00
Alessandro Ghedini
200c8ed4f5 Remove useless code
RT#4081

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 070c23325a)
2015-10-23 20:47:53 +02:00
Alessandro Ghedini
6a3dd58678 Do not treat 0 return value from BIO_get_fd() as error
0 is a valid file descriptor.

RT#4068

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 4428c7dba8)
2015-10-23 20:38:06 +02:00
Dr. Stephen Henson
a0ba92ccde Don't try and parse boolean type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e58c4d3cdd)
2015-10-06 15:16:50 +01:00
Dr. Stephen Henson
7794c355ea SRP memory leak fix
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 92ea6fe597)
2015-09-28 14:34:47 +01:00
Dr. Stephen Henson
34a0eade7f Make SRP work with -www
PR#3817

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4e7e623012)

Conflicts:
	apps/s_server.c
2015-09-20 14:28:22 +01:00
Rich Salz
83fcd322f7 RT4044: Remove .cvsignore files.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-15 12:01:30 -04:00
Dr. Stephen Henson
421baf1862 Check for FIPS mode after loading config.
PR#3958

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2aa5a2c766)
2015-09-12 02:43:36 +01:00
Dr. Stephen Henson
8b5ac90e5e Use default field separator.
If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 03706afa30)
2015-09-11 20:52:58 +01:00
Richard Levitte
2794dec7b2 Remove extra '; \' in apps/Makefile
Fixes GH#330

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit eeb97bce75)

Conflicts:
	apps/Makefile
2015-07-13 17:15:38 +02:00
Peter Waltenberg
b5e972fdd3 Exit on error in ecparam
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 99dcd88035)
2015-07-09 15:43:34 -04:00
Richard Levitte
176b59d157 Correction of make depend merge error
$(PROGS) was mistakenly removed, adding it back.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5ef5b9ffa9)
2015-06-11 15:52:29 +02:00
Richard Levitte
cb972a4fe7 When making libcrypto from apps or test, make sure to include engines
For librypto to be complete, the stuff in both crypto/ and engines/
have to be built.  Doing 'make test' or 'make apps' from a clean
source tree failed to do so.
Corrected by using the new 'build_libcrypto' in the top Makefile.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit acaff3b797)
2015-06-10 02:12:34 +02:00
Richard Levitte
f460f050c2 Missed a couple of spots in the update change
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6f45032f67)

Conflicts:
	apps/Makefile
2015-05-23 11:22:10 +02:00
Richard Levitte
eb797fde3f Fix the update target and remove duplicate file updates
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2)

Conflicts:
	Makefile.org
	apps/Makefile
	test/Makefile
2015-05-23 11:22:10 +02:00
Matt Caswell
c6a39046f5 Add -no_alt_chains option to apps to implement the new X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>

Conflicts:
	apps/cms.c
	apps/ocsp.c
	apps/s_client.c
	apps/s_server.c
	apps/smime.c
	apps/verify.c
2015-05-20 23:14:25 +02:00
Emilia Kasper
8568170d77 dhparam: set the default to 2048 bits
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-20 15:01:36 +02:00
Emilia Kasper
f1612746ec s_server: Use 2048-bit DH parameters by default.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 15:01:36 +02:00
Robert Swiecki
e96de9822e Don't add write errors into bytecounts
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 00d565cfbe)
2015-05-19 07:20:38 -04:00
Bjoern D. Rasmussen
9dff24e43a Fix for memcpy() and strcmp() being undefined.
clang says: "s_cb.c:958:9: error: implicitly declaring library function
'memcpy'"

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 8f744cceff)

Conflicts:
	apps/s_cb.c
2015-05-11 12:05:53 +01:00
Richard Levitte
4b771121f2 RT2943: Check sizes if -iv and -K arguments
RT2943 only complains about the incorrect check of -K argument size,
we might as well do the same thing with the -iv argument.

Before this, we only checked that the given argument wouldn't give a
bitstring larger than EVP_MAX_KEY_LENGTH.  we can be more precise and
check against the size of the actual cipher used.

(cherry picked from commit 8920a7cd04)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-04 21:18:43 +02:00
Hanno Böck
cd258a84db Fix uninitialized variable.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit 539ed89f68)
2015-05-02 07:46:09 -04:00
Viktor Dukhovni
c70908d247 Code style: space after 'if'
Reviewed-by: Matt Caswell <gitlab@openssl.org>
2015-04-16 13:51:51 -04:00
John Foley
9da34ad6cb Fix intermittent s_server issues with ECDHE
Resolve a problem when using s_server with ECDHE cipher
suites in OpenSSL_1_0_1-stable.  Due to an uninitialized variable,
SSL_CTX_set_tmp_ecdh() is not always invoked within s_server. This bug
appears to have been introduced by
059907771b.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-04-07 23:37:46 +01:00
Matt Caswell
fe9b85c3cb Fix bug in s_client. Previously default verify locations would only be loaded
if CAfile or CApath were also supplied and successfully loaded first.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 70e5fd8778)
2015-03-25 13:09:31 +00:00
Matt Caswell
750190567a Fix RAND_(pseudo_)?_bytes returns
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return
value checked correctly

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 8f8e4e4f52)

Conflicts:
	crypto/evp/e_des3.c
2015-03-25 12:45:17 +00:00
Matt Caswell
636c42d747 Dead code removal from apps
Some miscellaneous removal of dead code from apps. Also fix an issue with
error handling with pkcs7.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 11abf92259)
2015-03-17 14:52:46 +00:00
Matt Caswell
6a43243d1d Fix seg fault in s_time
Passing a negative value for the "-time" option to s_time results in a seg
fault. This commit fixes it so that time has to be greater than 0.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit dfef52f6f2)
2015-03-17 13:49:32 +00:00
Matt Caswell
d3554bff69 Move malloc fail checks closer to malloc
Move memory allocation failure checks closer to the site of the malloc in
dgst app. Only a problem if the debug flag is set...but still should be
fixed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit be1477adc9)
2015-03-17 13:49:31 +00:00
Matt Caswell
3f9117e161 Add malloc failure checks
Add some missing checks for memory allocation failures in ca app.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a561bfe944)
2015-03-17 13:49:31 +00:00
Dmitry-Me
521246e608 Fix wrong numbers being passed as string lengths
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0b142f022e)
2015-03-09 21:06:30 +01:00
Matt Caswell
9f11421950 Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb86529)

Conflicts:
	crypto/bio/bss_dgram.c

Conflicts:
	apps/cms.c
	apps/s_cb.c
	apps/s_server.c
	apps/speed.c
	crypto/dh/dh_pmeth.c
	ssl/s3_pkt.c
2015-03-05 09:22:50 +00:00
Matt Caswell
059907771b Fix warning with no-ec
This fixes another warning when config'd with no-ec

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-27 08:58:02 +00:00
Dr. Stephen Henson
66aacf3872 Fix memory leak reporting.
Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 9c7a780bbe)
2015-02-09 13:01:28 +00:00
Matt Caswell
131d3fdfe2 Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit f400241251)

Conflicts:
	apps/s_client.c
	apps/s_server.c
2015-01-27 14:35:11 +00:00
Matt Caswell
cda8845ded Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 1.0.1 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:39:01 +00:00
Matt Caswell
10621efd32 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:38:39 +00:00
Matt Caswell
0f6c965823 Move more comments that confuse indent
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:38:04 +00:00
Matt Caswell
3cf9f81b09 indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
	crypto/bn/bn.h
	crypto/ec/ec_lcl.h
	crypto/rsa/rsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl.h
	ssl/ssl3.h

Conflicts:
	crypto/ec/ec_lcl.h
	ssl/tls1.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:36:16 +00:00
Andy Polyakov
b2aec696f2 apps/speed.c: make it indent-friendly.
Conflicts:
	apps/speed.c

Conflicts:
	apps/speed.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:34:53 +00:00
Matt Caswell
1566497495 Fix source where indent will not be able to cope
Conflicts:
	apps/ciphers.c
	ssl/s3_pkt.c

Conflicts:
	crypto/ec/ec_curve.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:33:54 +00:00
Matt Caswell
ac84cb4cfe Further comment changes for reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:33:38 +00:00
Tim Hudson
3e9a08ecb1 mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Conflicts:
	crypto/rc4/rc4_enc.c
	crypto/x509v3/v3_scts.c
	crypto/x509v3/v3nametest.c
	ssl/d1_both.c
	ssl/s3_srvr.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:33:23 +00:00
Dominik Neubauer
40fb8587ed typo in s_client
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-12-31 11:19:56 +01:00
Kurt Roeckx
c14a808c51 Make "run" volatile
RT#3629

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-30 17:00:47 +01:00
Thorsten Glaser
cdf42d7b43 Document openssl dgst -hmac option
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-30 17:00:23 +01:00
Kurt Roeckx
f14a6bf515 Fix memory leak in the apps
The BIO_free() allocated ex_data again that we already freed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-30 17:00:22 +01:00