Commit graph

18072 commits

Author SHA1 Message Date
FdaSilvaYY
e2562bbbe1 Update INSTALL about no-md5 removal
no-rsa is no longer an option since 7ec8de1

Fix a typo about poly1305

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1582)
2016-09-19 20:12:58 +02:00
Richard Levitte
057c676afb Fix no-ocsp
Some compilers complain about unused variables, and some tests do
not run well without OCSP.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-19 15:08:58 +02:00
FdaSilvaYY
81f9ce1e19 Constify code about X509_VERIFY_PARAM
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1594)
2016-09-18 00:22:00 -04:00
Richard Levitte
66fe388aa4 Have the configuration options 'no-err' and 'no-async' work again
In an earlier attempt to simplify the processing of disabled options,
'no-err' and 'no-async' stopped working properly.  'err' and 'async'
are directories under 'crypto/', but they are special insofar that
they can't be simply skipped, like all the algorithm directories can,
so they need special treatment among the disablable things.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-17 21:57:29 +02:00
Richard Levitte
41240e68d7 Simplify configudata.pm dependency generation
While we're at it, correct the fault in windows-makefile.tmpl

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-17 21:15:12 +02:00
FdaSilvaYY
76dc356384 Remove an useless definition.
APP_INFO is currently a field of MEM struct.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1583)
2016-09-17 12:32:37 -04:00
Alessandro Ghedini
4f8a5f4da9 Use switch instead of multiple ifs
Makes the logic a little bit clearer.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1571)
2016-09-16 11:07:08 -04:00
Richard Levitte
c5ad3076a6 Simplify the dependencies for remaking configdata.pm
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Richard Levitte
1967a42eb5 Rearrange the storage of build file template names in %config
They are now relative paths as well

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Richard Levitte
dc660c70b5 Use the registered conf file names as dependencies to build configdata.pm
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Richard Levitte
ee9b0bbb4c Register the name of the config file each config target was found in
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Matt Caswell
3c0c68ae46 Revert "Abort on unrecognised warning alerts"
This reverts commit 77a6be4dfc.

There were some unexpected side effects to this commit, e.g. in SSLv3 a
warning alert gets sent "no_certificate" if a client does not send a
Certificate during Client Auth. With the above commit this causes the
connection to abort, which is incorrect. There may be some other edge cases
like this so we need to have a rethink on this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-15 22:48:37 +01:00
Richard Levitte
d602c2b680 Finally, make sure vms_term_sock.c is built on VMS
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
51e5133d55 Refactor to avoid unnecessary preprocessor logic
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
c7bdb6a31f Reformat to fit OpenSSL source code standards
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
0d0723e813 Add copyright and license on apps/vms_term_sock.[ch]
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
0d3b65832c VSI submission: redirect terminal input through socket
This is needed, because on VMS, select() can only be used on sockets.  being
able to use select() on all kinds of file descriptors is unique to Unix.

So, the solution for VMS is to create a layer that translates input from
standard input to socket communication.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Rich Salz
6f0ac0e2f2 Make reference to other manpage more explicit
Where -curves, etc., are defined: SSL_CONF_cmd

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-14 18:25:40 -04:00
Rich Salz
c7af65c7b2 GH1536: Install empty CT log list
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-14 18:22:33 -04:00
Richard Levitte
554b4019f5 VMS: Really don't force symbol mixed case when building DSOs
This is an amendment to the september 8 commit titled "VMS: Don't
force symbol mixed case when building DSOs"

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:04:43 +02:00
Richard Levitte
3074514694 Rather than one variable for each passwd type, use one enum variable
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Richard Levitte
49681ae147 Test the new SHA256 and SHA512 based password generation options
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Richard Levitte
2e04d6cc9d Document the new SHA256 and SHA512 password generation options
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Richard Levitte
4e57a12ba7 Add SHA256 and SHA512 based output for 'openssl passwd'
RT#4674 issue 2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Rich Salz
7d959c358a Add -h and -help for c_rehash script and app
Resolves GH1515 and GH1509.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-14 08:59:48 -04:00
Matt Caswell
dd8710dc54 Fix OCSP_RESPID processing bug introduced by WPACKET changes
An OCSP_RESPID in a status request extension has 2 bytes for the length
not 1.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 10:26:36 +01:00
Matt Caswell
73f0df8331 Add some sanity checks around usage of t_fromb64()
The internal SRP function t_fromb64() converts from base64 to binary. It
does not validate that the size of the destination is sufficiently large -
that is up to the callers. In some places there was such a check, but not
in others.

Add an argument to t_fromb64() to provide the size of the destination
buffer and validate that we don't write too much data. Also add some sanity
checks to the callers where appropriate.

With thanks to Shi Lei for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-14 10:06:41 +01:00
Matt Caswell
869d0a37cf Encourage use of the macros for the various "sub" functions
Don't call WPACKET_sub_memcpy(), WPACKET_sub_allocation_bytes() and
WPACKET_start_sub_packet_len() directly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
c9216d1485 Make wpackettest conform to style rules
Remove extra indentation at the start of an "if".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
b2b3024e0e Add a WPACKET_sub_allocate_bytes() function
Updated the construction code to use the new function. Also added some
convenience macros for WPACKET_sub_memcpy().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
f1ec23c0bc Convert CKE construction to use the WPACKET API
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Richard Levitte
497f3bf9a7 Add a test for 'openssl passwd'
Also, enlarge test group 20 to include openssl commands that aren't
tested otherwise

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:30:50 +02:00
Richard Levitte
9f9f962d96 Fix 'openssl passwd' with arguments -1 or -apr1
RT#4674

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:30:50 +02:00
FdaSilvaYY
06a79af200 Fix some magic values about revocation info type...
Add comments, document -valid option.
Add some const qualifiers.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1560)
2016-09-13 11:42:57 -04:00
Rich Salz
77297115cb Add --missing-help to list command
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-13 10:14:01 -04:00
Andy Grundman
fa4618a280 Remove -xtarget=ultra from solaris(64)-sparcv9-cc builds.
This flag got moved after -xarch=v9 in 1.1.0 and had the unexpected
side effect of the compiler building for 32-bit v8plusa instead of v9.

GH#1521
CLA: none; trivial

Signed-off-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-13 15:27:04 +02:00
Viktor Szakats
c2efa78309 bio.h: fix number of arguments passed to BIO_ptr_ctrl()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1520)
2016-09-13 09:19:24 -04:00
Viktor Szakats
d485640b80 s_client: avoid warning on Windows/MS-DOS systems
it appears when using gcc/mingw:
```
apps/s_client.c:815:9: warning: variable 'at_eof' set but not used [-Wunused-but-set-variable]
     int at_eof = 0;
         ^~~~~~
```
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1512)
2016-09-13 09:14:15 -04:00
Andy Polyakov
35c11bfc69 Configure: detect gcc's dependency generation capability more accurately.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 14:03:36 +02:00
Andy Polyakov
cc2cb7bf63 bn/bn_lcl.h: improve interoperability with clang and Android NDK.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 13:34:12 +02:00
Andy Polyakov
758baa3dc2 Configure: impose ^X on whole build procedure.
Traditionally Configure passed $ENV{PERL} to Makefile. But this
resulted in ambiguilty as Configure script could be executed by
interpreter different from one executing remaining scripts. Since
we separate compile- and run-time interpreters with HASHBANGPERL
variable, there is no reason to segment the build procedure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 13:22:28 +02:00
Matt Caswell
77a6be4dfc Abort on unrecognised warning alerts
A peer continually sending unrecognised warning alerts could mean that we
make no progress on a connection. We should abort rather than continuing if
we receive an unrecognised warning alert.

Thanks to Shi Lei for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 11:51:00 +01:00
Matt Caswell
c0f9e23c6b Fix a few style nits in the wpacket code
Addressing more feedback comments.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
df065a2b3b Remove else after a return in packet code
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
826573559d Pull out some common packet code into a function
Two locations had the same loop for writing out a value. Pull it out into
a function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
c39609aa6a Add some soft asserts where applicable
This is an internal API. Some of the tests were for programmer erorr and
"should not happen" situations, so a soft assert is reasonable.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
de451856f0 Address WPACKET review comments
A few style tweaks here and there. The main change is that curr and
packet_len are now offsets into the buffer to account for the fact that
the pointers can change if the buffer grows. Also dropped support for the
WPACKET_set_packet_len() function. I thought that was going to be needed
but so far it hasn't been. It doesn't really work any more due to the
offsets change.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
6ae4f5e087 Simplify the overflow checks in WPACKET_allocate_bytes()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
9bf85bf9c5 Move the WPACKET documentation comments to packet_locl.h
The PACKET documentation is already in packet_locl.h so it makes sense to
have the WPACKET documentation there as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
d6c4cc2939 Add tests for the WPACKET implementation
The tests will only work in no-shared builds because WPACKET is an
internal only API that does not get exported by the shared library.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00