Commit graph

2273 commits

Author SHA1 Message Date
Dr. Stephen Henson
f65a8c1e66 Support -no-CAfile -no-CApath in ctx2
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-23 19:15:20 +01:00
Dr. Stephen Henson
05dba8151b Support for traditional format private keys.
Add new function PEM_write_bio_PrivateKey_traditional() to enforce the
use of legacy "traditional" private key format. Add -traditional option
to pkcs8 and pkey utilities.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 16:41:34 +01:00
FdaSilvaYY
8bf780432c Indent and dead code cleanup
tofree pointer  is no more used...

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1103)
2016-05-21 08:58:27 -04:00
Rich Salz
739a1eb196 Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxx
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK
Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE
Make lhash stuff opaque.
Use typedefs for function pointers; makes the code simpler.
Remove CHECKED_xxx macros.
Add documentation; remove old X509-oriented doc.
Add API-compat names for entire old API

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-20 10:48:29 -04:00
Richard Levitte
72106aaab4 Fixup READLINE case
RT#4543

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-20 14:22:49 +02:00
Dr. Stephen Henson
2197494da6 Use correct EOL in headers.
RT#1817

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-19 22:43:00 +01:00
Matt Caswell
c223c4a9ce Check that the obtained public key is valid
In the X509 app check that the obtained public key is valid before we
attempt to use it.

Issue reported by Yuan Jochen Kang.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-19 20:46:06 +01:00
Richard Levitte
bc77651098 Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()
Also adds 'esc_2254' to the possible command line name options

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 18:30:00 +02:00
FdaSilvaYY
15b083e44e Fix ts app help message
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-18 10:44:08 +01:00
FdaSilvaYY
fba1366398 Locally declare some variables
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-18 10:44:08 +01:00
FdaSilvaYY
bde136c89f Few cleanups in s_client, s_server apps.
Discard useless static engine_id
Add a const qualifier
Fix some spelling

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-18 10:44:08 +01:00
Rich Salz
6ddbb4cd92 X509_STORE_CTX accessors.
Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 16:06:09 -04:00
Rich Salz
846e33c729 Copyright consolidation 01/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-17 14:19:19 -04:00
Kurt Cancemi
5507b9610a Fix typos in apps/enc.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-17 14:38:28 +01:00
Rich Salz
49445f21da Use OPENSSL_hexchar2int
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 15:21:10 -04:00
Rich Salz
589902b2cb Use app_malloc; two missing cases.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 15:18:22 -04:00
Dr. Stephen Henson
c821defc3f Don't load same config file twice.
RT#4215

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 18:29:27 +01:00
Dr. Stephen Henson
f47e564775 Fix signer option and support format SMIME.
Fix -signer option in smime utility to output signer certificates
when verifying.

Add support for format SMIME for -inform and -outform with cms and
smime utilities.

PR#4215

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-13 02:21:56 +01:00
Rich Salz
396ba1ca68 Fix uninitialized variable
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-12 16:08:01 -04:00
Dr. Stephen Henson
6302bbd21a Correctly check for trailing digest options.
Multiple digest options to the ocsp utility are allowed: e.g. to use
different digests for different certificate IDs. A digest option without
a following certificate is however illegal.

RT#4215

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-12 16:50:55 +01:00
Dr. Stephen Henson
d18ba3cc36 Restore support for ENGINE format keys in apps.
RT#4207

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-12 12:33:58 +01:00
Dr. Stephen Henson
7c0ef84318 Don't leak memory if realloc fails.
RT#4403

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-12 12:02:38 +01:00
Dr. Stephen Henson
8fc06e8860 Update pkcs8 defaults.
Update pkcs8 utility to use 256 bit AES using SHA256 by default.

Update documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-11 20:36:10 +01:00
Dr. Stephen Henson
c1176ebf29 Add -signcert to CA.pl usage message.
RT#4256

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-11 13:02:27 +01:00
Dr. Stephen Henson
9b5164ce77 Add a couple of checks to prime app.
RT#4402

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 22:53:39 +01:00
Dr. Stephen Henson
1480b8a9ec Add -srp option to ciphers command.
RT#4224

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 22:53:39 +01:00
Andy Polyakov
c21c7830ac IRIX fixes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 08:44:51 +02:00
Hansruedi Patzen
2e66d3d674 Fix: failed to open config file if not specified when using CA commands
Issue was introduced in
a0a82324f9

This patch fixes an issue which causes the 'openssl ca' commands to
fail if '-config' is not specified even if it says so otherwise.
Problem is that the default config is not loaded and the conf variable
is NULL which causes an exception.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-09 16:55:47 +02:00
Andrea Grandi
447402e628 Fix error in the loop of ECDH
The tests was incorrectly repeated multiple times when using the
async_jobs options

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 10:32:18 +01:00
FdaSilvaYY
dccd20d1b5 fix tab-space mixed indentation
No code change

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:09:55 +01:00
Matt Caswell
fc7f190c73 Handle no async jobs in libssl
If the application has limited the size of the async pool using
ASYNC_init_thread() then we could run out of jobs while trying to start a
libssl io operation. However libssl was failing to handle this and treating
it like a fatal error. It should not be fatal...we just need to retry when
there are jobs available again.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-05 19:39:14 +01:00
J Mohan Rao Arisankala
c3d93da03b remove unused macros in list -disabled
list -disabled was checking OPENSSL_NO_SSL/OPENSSL_NO_TLS, which are
not used to disable SSL/TLS respectively.
Building with these macros wrongly show as SSL/TLS disabled, hence
removing this code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-05 14:25:41 +01:00
Richard Levitte
c73aa30904 Check return of PEM_write_* functions and report possible errors
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1025)
2016-05-04 14:56:58 +02:00
FdaSilvaYY
16e1b281b2 GH932: Add more help messages to some apps options.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-04 07:44:21 -04:00
Matt Caswell
ea837d79f9 Remove stale errors from early connection attempts in a client
The init_client() function in the apps sets up the client connection. It
may try multiple addresses until it finds one that works. We should clear
the error queue if we eventually get a successful connection because
otherwise we get stale errors hanging around. This can cause problems in
subsequent calls to SSL_get_error(), i.e. non-fatal NBIO events appear as
fatal.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-04 10:16:39 +01:00
Christian Bundy
fb015ca6f0 Update Diffie-Hellman parameters to IANA standards
This replaces the old SKIP primes with the most current Diffie-Hellman
MODP groups defined by RFC 7296 and RFC 3526.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from GitHub https://github.com/openssl/openssl/pull/775)
2016-05-03 10:32:01 -04:00
Matt Caswell
9d7ec8090e Don't use an uninitialised variable in srp application
The srp application created an uninitialised DB_ATTR object and then
passed it to the load_index function which attempted to read it. A
DB_ATTR object only contains a single field called "unique_subject".
AFAICT this attribute is unused in the SRP case, and therefore it would be
better to pass a NULL DB_ATTR to load_index (which handles that case
gracefully).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 16:47:41 +01:00
Matt Caswell
7001571330 Check for a NULL return value from a call to X509_STORE_CTX_new()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 16:47:41 +01:00
Matt Caswell
5fd1478df3 Fix building with -DCHARSET_EBCDIC
Building with -DCHARSET_EBCDIC and using --strict-warnings resulted in
lots of miscellaneous errors. This fixes it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-04-29 15:04:15 +01:00
Richard Levitte
1f644005ac make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-29 09:09:46 +02:00
Richard Levitte
08590a8647 apps/progs.pl: don't make digests disablable by default
Some digest algorithms can't be disabled, don't pretend they can.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-29 09:08:06 +02:00
FdaSilvaYY
8483a003bf various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)
2016-04-28 14:22:26 -04:00
Ben Laurie
e93836b95e Fix no-engine no-ui.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-27 12:36:30 +01:00
Matt Caswell
97b04399b6 Fix passwd seg fault
Passing the -stdin arg to the passwd command line app *and* supply a
password on the command line causes a seg fault.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-27 09:17:37 +01:00
Benjamin Kaduk
42a9f38613 Remove the never-functional no-sct
It was added as part of 2df84dd329
but has never actually been used for anything; presumably it was
a typo for one of SCTP or CT.

This removes the last '??' entry from INSTALL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-26 08:32:10 -04:00
Benjamin Kaduk
1e8ead8688 Remove some OPENSSL_NO_SHA that snuck in
Commit d064e6ab52 removed all the
OPENSSL_NO_SHA guards, but commit
a50ad1daaa regenerated some due to the
sha entries in the %md_disabler table in apps/progs.pl.

Update %md_disabler to reflect that sha is not disableable, and
remove OPENSSL_NO_SHA for good.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-26 08:32:10 -04:00
Rich Salz
79356a83b7 Fix NULL deref in apps/pkcs7
Thanks to Brian Carpenter for finding and reporting this.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-25 11:44:24 -04:00
Matt Caswell
5951e840d9 Fix no-ocsp on Windows (and probably VMS)
The ocsp.h file did not have appropriate guards causing link failures on
Windows.

GH Issue 900

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 17:03:02 +01:00
Matt Caswell
5d94e5b65a Remove some unneccessary assignments to argc
openssl.c and ts.c assign the value of opt_num_rest() to argc, but then
only use the value once.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00
Matt Caswell
3ad4af89cf Remove some unused argc assignments
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-21 10:51:57 +01:00