Commit graph

1429 commits

Author SHA1 Message Date
Matt Caswell
5011589a0b Move more comments that confuse indent
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Conflicts:
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/ec/ecp_oct.c
	crypto/modes/gcm128.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:45:45 +00:00
Matt Caswell
e16db4b3d7 indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
	crypto/bn/bn.h
	crypto/ec/ec_lcl.h
	crypto/rsa/rsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl.h
	ssl/ssl3.h

Conflicts:
	crypto/ec/ec_lcl.h
	ssl/tls1.h

Conflicts:
	crypto/ec/ecp_nistp224.c
	crypto/evp/evp.h
	ssl/d1_both.c
	ssl/ssl.h
	ssl/ssl_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:44:02 +00:00
Andy Polyakov
1a9c746696 apps/speed.c: make it indent-friendly.
Conflicts:
	apps/speed.c

Conflicts:
	apps/speed.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:42:56 +00:00
Matt Caswell
65f1d188c5 Fix source where indent will not be able to cope
Conflicts:
	apps/ciphers.c
	ssl/s3_pkt.c

Conflicts:
	crypto/ec/ec_curve.c

Conflicts:
	crypto/ec/ec_curve.c
	ssl/s3_clnt.c
	ssl/s3_srvr.c
	ssl/ssl_sess.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:41:47 +00:00
Matt Caswell
a25d0527b7 Additional comment changes for reformat of 1.0.0
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:41:42 +00:00
Matt Caswell
89f6c5b492 Further comment amendments to preserve formatting prior to source reformat
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)

Conflicts:
	crypto/x509v3/pcy_tree.c

Conflicts:
	apps/apps.c
	ssl/ssltest.c

Conflicts:
	apps/apps.c
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	ssl/s3_cbc.c
	ssl/ssl_sess.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:41:33 +00:00
Tim Hudson
f326f6544d mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Conflicts:
	crypto/rc4/rc4_enc.c
	crypto/x509v3/v3_scts.c
	crypto/x509v3/v3nametest.c
	ssl/d1_both.c
	ssl/s3_srvr.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_lib.c

Conflicts:
	crypto/asn1/a_sign.c
	crypto/bn/bn_div.c
	crypto/dsa/dsa_asn1.c
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/modes/gcm128.c
	crypto/opensslv.h
	ssl/d1_both.c
	ssl/heartbeat_test.c
	ssl/s3_clnt.c
	ssl/s3_srvr.c
	ssl/ssl_sess.c
	ssl/t1_lib.c
	test/testutil.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:41:18 +00:00
Matt Caswell
82d7247fc5 Updates to s_client and s_server to remove the constant 28 (for IPv4 header
and UDP header) when setting an mtu. This constant is not always correct (e.g.
if using IPv6). Use the new DTLS_CTRL functions instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 464ce92026)
2014-12-03 09:43:49 +00:00
Matt Caswell
4e73dc5b76 Remove duplicated code
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:33:55 +00:00
Matt Caswell
67eb85d7d4 Tidy up ocsp help output
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5e31a40f47)

Conflicts:
	apps/ocsp.c

(cherry picked from commit e164582690)
2014-11-27 14:21:42 +00:00
André Guerreiro
915a3b1c21 Add documentation on -timeout option in the ocsp utility
PR#3612

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit de87dd46c1)
(cherry picked from commit 4d3df37bc7)
2014-11-27 14:21:42 +00:00
Richard Levitte
7e29be228e Make sure that disabling the MAYLOSEDATA3 warning is only done when the compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings.
Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	ssl/ssl-lib.com
2014-10-15 11:32:15 +02:00
Bodo Moeller
8745c0815c Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv
handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 11:14:34 +02:00
Bodo Moeller
59dcfa21e5 Support TLS_FALLBACK_SCSV.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 04:05:57 +02:00
Dr. Stephen Henson
1a80d39021 Fix warnings about ignored return values.
(cherry picked from commit 27131fe8f7)
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-08-06 21:04:08 +01:00
Dr. Stephen Henson
ed1de3810d Don't allow -www etc options with DTLS.
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
2014-07-15 12:27:03 +01:00
Dr. Stephen Henson
df35da266d Use case insensitive compare for servername.
PR#3445
(cherry picked from commit 1c3e9a7c67)
2014-07-15 00:00:14 +01:00
Dr. Stephen Henson
3fe4fc4774 Usage for -hack and -prexit -verify_return_error
(cherry picked from commit a07f514fc0)
2014-07-06 22:59:03 +01:00
Dr. Stephen Henson
d8426e6b7d s_server usage for certificate status requests 2014-07-06 22:58:58 +01:00
Dr. Stephen Henson
2e7124497d Show errors on CSR verification failure.
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55d1)
2014-06-29 13:35:01 +01:00
Dr. Stephen Henson
c0eae35b3d Make no-ssl3 no-ssl2 do more sensible things.
(cherry picked from commit 7ae6a4b659)
2014-06-29 03:05:54 +01:00
Dr. Stephen Henson
50c9141d00 Typo.
PR#3107
(cherry picked from commit 7c206db928)
2014-06-28 12:43:36 +01:00
Dr. Stephen Henson
14247e4f59 Memory leak and NULL dereference fixes.
PR#3403
(cherry picked from commit d2aea03829)
2014-06-27 14:53:21 +01:00
Dr. Stephen Henson
ead6774804 Fix compilation with no-comp
(cherry picked from commit 7239a09c7b5757ed8d0e9869f3e9b03c0e11f4d1)
2014-06-11 14:33:47 +01:00
Dr. Stephen Henson
92e2dc11f3 Change default cipher in smime app to des3.
PR#3357
(cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58)
2014-05-29 14:12:12 +01:00
Viktor Dukhovni
f9f6befa1f Fix infinite loop. PR#3347 2014-05-11 21:15:57 +01:00
Tim Hudson
9f4a47b3ed coverity 966576 - close socket in error path 2014-05-08 23:24:56 +01:00
Tim Hudson
51080676f1 PR#3342 fix resource leak coverity issue 966577 2014-05-08 23:24:51 +01:00
Dr. Stephen Henson
06e17142fc Fix free errors in ocsp utility.
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd35)
2014-04-09 15:45:46 +01:00
Dr. Stephen Henson
f16fede1cd Use correct length when prompting for password.
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73)
2014-04-04 13:08:42 +01:00
Tim Hudson
75c3073bbf Add option to generate old hash format.
New -hash_old to generate CRL hashes using old
(before OpenSSL 1.0.0) algorithm.
(cherry picked from commit de2d97cd79)
2014-04-03 13:37:56 +01:00
Dr. Stephen Henson
910b3a81fd Avoid Windows 8 Getversion deprecated errors.
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041)
2014-02-25 13:43:04 +00:00
Kurt Roeckx
d43301b77a Use defaults bits in req when not given
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file.  However the value isn't used to generate the key, but it does
print it's generating such a key.  The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024).  Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.

We now read the config first and use the value from the config file when no size
is given.

PR: 2592
(cherry picked from commit 3343220327)
2014-02-14 22:36:05 +00:00
Scott Schaefer
b815ab2101 Fix various spelling errors
(cherry picked from commit 2b4ffc659e)
2014-02-14 22:36:04 +00:00
Dr. Stephen Henson
16d616756f Use default digest implementation in dgst.c
Use default instead of ENGINE version of digest. Without this
errors will occur if you use an ENGINE for a private key and
it doesn't implement the digest in question.
(cherry picked from commit 4eedf86a16)
2014-01-23 18:38:51 +00:00
Dr. Stephen Henson
d985a68c89 add missing \n 2012-12-23 18:19:47 +00:00
Dr. Stephen Henson
d38c549e60 check mval for NULL too 2012-12-04 17:26:26 +00:00
Dr. Stephen Henson
558189183f fix leak 2012-12-03 16:33:35 +00:00
Dr. Stephen Henson
04fde2025b PR: 2908
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.
2012-11-21 14:01:55 +00:00
Dr. Stephen Henson
6bd61198fb fix leaks 2012-11-20 00:29:09 +00:00
Dr. Stephen Henson
ca461ecd11 fix memory leak 2012-09-11 13:45:11 +00:00
Dr. Stephen Henson
652ac3e93a oops, add -debug_decrypt option which was accidenatally left out 2012-06-19 13:38:47 +00:00
Dr. Stephen Henson
6b7887b0ab Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
the old code came from SSLeay days before TLS was even supported.
2012-03-18 18:14:46 +00:00
Richard Levitte
9ad1b440ae cipher should only be set to PSK if JPAKE is used. 2012-03-14 12:38:55 +00:00
Dr. Stephen Henson
276eb93218 PR: 2717
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
2012-02-12 18:25:11 +00:00
Dr. Stephen Henson
fd2d78e70b PR: 2710
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.
2012-02-10 19:54:37 +00:00
Andy Polyakov
27b1f137ff Sanitize usage of <ctype.h> functions. It's important that characters
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
2012-01-12 16:37:20 +00:00
Bodo Möller
a99b6fcb7c Fix usage indentation 2012-01-05 13:15:50 +00:00
Dr. Stephen Henson
7200b39ecd make update 2012-01-04 16:52:53 +00:00
Dr. Stephen Henson
2a4adf19c8 The default CN prompt message can be confusing when often the CN needs to
be the server FQDN: change it.
[Reported by PSW Group]
2011-12-06 00:01:00 +00:00