wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
23196 commits 20 branches 302 tags 153 MiB
Commit graph

231 commits

Author SHA1 Message Date
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc 
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-05-04 15:00:13 -04:00
Rich Salz
25aaa98aa2 free NULL cleanup -- coda 
After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-05-01 14:37:16 -04:00
Rich Salz
666964780a Remove goto inside an if(0) block 
There were a dozen-plus instances of this construct:
   if (0) { label: ..... }

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-05-01 14:29:48 -04:00
Rich Salz
efa7dd6444 free NULL cleanup 11 
Don't check for NULL before calling free functions. This gets:
        ERR_STATE_free
        ENGINE_free
        DSO_free
        CMAC_CTX_free
        COMP_CTX_free
        CONF_free
        NCONF_free NCONF_free_data _CONF_free_data
        A sk_free use within OBJ_sigid_free
        TS_TST_INFO_free (rest of TS_ API was okay)
        Doc update for UI_free (all uses were fine)
        X509V3_conf_free
        X509V3_section_free
        X509V3_string_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-05-01 10:15:18 -04:00
Rich Salz
b548a1f11c free null cleanup finale 
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-05-01 10:02:07 -04:00
Rich Salz
23a1d5e97c free NULL cleanup 7 
This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-04-30 21:37:06 -04:00
Rich Salz
222561fe8e free NULL cleanup 5a 
Don't check for NULL before calling a free routine.  This gets X509_.*free:
    x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
    X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
    X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-04-30 17:33:59 -04:00
Rich Salz
b196e7d936 remove malloc casts 
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-04-28 15:28:14 -04:00
Rich Salz
e0e920b1a0 free NULL cleanup 9 
Ongoing work to skip NULL check before calling free routine.  This gets:
    ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free
    nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free
    PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free
    PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free
    SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free
    ssl_sess_cert_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-04-11 16:32:54 -04:00
Rich Salz
62adbcee39 free NULL cleanup 10 
Avoid checking for NULL before calling free functions.  This gets
ssl.*free:
    ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free
    SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free
    SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-04-11 10:22:36 -04:00
Rich Salz
c5ba2d9904 free NULL cleanup 
EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-03-28 10:54:15 -04:00
Rich Salz
ca3a82c3b3 free NULL cleanup 
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-25 11:31:18 -04:00
Matt Caswell
266483d2f5 RAND_bytes updates 
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-25 12:38:07 +00:00
Rich Salz
d64070838e free NULL cleanup 
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-24 23:17:16 -04:00
Rich Salz
7aa0b02246 Dead code cleanup: crypto/*.c, x509v3, demos 
Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2015-02-02 11:08:16 -05:00
Matt Caswell
e640fa0200 Harmonise use of EVP_CTRL_GET_TAG/EVP_CTRL_SET_TAG/EVP_CTRL_SET_IVLEN 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-28 10:39:01 +00:00
Rich Salz
a2b18e657e ifdef cleanup, part 4a: '#ifdef undef' 
This removes all code surrounded by '#ifdef undef'
One case is left: memmove() replaced by open-coded for loop,
in crypto/stack/stack.c  That needs further review.

Also removed a couple of instances of /* dead code */ if I saw them
while doing the main removal.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-01-24 10:58:38 -05:00
Matt Caswell
35a1cc90bc More comment realignment 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:09 +00:00
Matt Caswell
68d39f3ce6 Move more comments that confuse indent 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:09 +00:00
Matt Caswell
dbd87ffc21 indent has problems with comments that are on the right hand side of a line. 
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:08 +00:00
Matt Caswell
e636e2acd7 Fix source where indent will not be able to cope 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:06 +00:00
Matt Caswell
28470b6095 Yet more comments 
Conflicts:
	crypto/dsa/dsa_asn1.c
	crypto/pem/pem_all.c
	fips/dh/dh_gen.c
	fips/dh/fips_dh_check.c
	fips/dh/fips_dh_gen.c
	ssl/ssl_ciph.c

Conflicts:
	ssl/d1_clnt.c

Conflicts:
	ssl/s2_pkt.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:06 +00:00
Matt Caswell
23a22b4cf7 More comments 
Conflicts:
	crypto/dsa/dsa_vrf.c
	crypto/ec/ec2_smpl.c
	crypto/ec/ecp_smpl.c

Conflicts:
	demos/bio/saccept.c
	ssl/d1_clnt.c

Conflicts:
	bugs/dggccbug.c
	demos/tunala/cb.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:06 +00:00
Matt Caswell
c80fd6b215 Further comment changes for reformat (master) 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:19:59 +00:00
Rich Salz
6d23cf9744 RT3548: Remove unsupported platforms 
This last one for this ticket.  Removes WIN16.
So long, MS_CALLBACK and MS_FAR.  We won't miss you.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-12 17:30:54 -05:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-30 22:10:26 +00:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support 
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 11:55:03 +01:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-11-28 18:32:43 -05:00
Rich Salz
5f855569c4 RT2600: Change Win line-endings to Unix. 
For consistency.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
 2014-09-08 16:40:24 -04:00
Jeffrey Walton
a520ae3628 RT3142: Extra initialization in state_machine 
Remove extra initialization calls in the sample program.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
 2014-08-21 13:32:17 -04:00
Martin Olsson
89fb142b49 RT2847: Don't "check" uninitialized memory 
Don't check err variable until after it's been set.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
 2014-08-19 12:47:02 -04:00
Jonas Maebe
94c0a987c7 engine_md_copy: check for NULL after allocating to_md->HashBuffer 
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-08-17 18:56:44 +02:00
Rich Salz
f642ebc1e2 Undo a90081576c 
Undo unapproved commit that removed DJGPP and WATT32
 2014-08-09 08:02:20 -04:00
Rich Salz
a90081576c Remove DJGPP (and therefore WATT32) #ifdef's. 
DJGPP is no longer a supported platform.  Remove all #ifdef, etc.,
cases that refer to it.  DJGPP also #define'd WATT32, so that
is now removed as well.
 2014-08-08 16:54:14 -04:00
Geoff Thorpe
ceea4bf047 Remove demos/tunala 
This has been unmaintained for a long time. If it's still of interest
to anyone, it can be obtained easily enough by reverting this commit.
(It could join other demo code in some other repository, perhaps.) In
any case we don't want it taking up space in the baseline source
package, so <snip>.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
 2014-07-22 15:16:30 -04:00
Tim Hudson
62352b8138 Remove old unused and unmaintained demonstration code. 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-07-22 05:26:17 +10:00
Dr. Stephen Henson
0f78819c8c New ctrl to set current certificate. 
New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.
 2014-02-02 22:58:19 +00:00
Dr. Stephen Henson
9f9ab1dc66 Demo of use of errors in applications. 2014-02-02 22:58:19 +00:00
Dr. Stephen Henson
cb2182676b typo 2014-01-28 15:35:16 +00:00
Dr. Stephen Henson
717cc85895 Fix demo comment: 0.9.9 never released. 2014-01-28 15:15:26 +00:00
Dr. Stephen Henson
88c21c47a3 Update demo. 2013-12-18 13:28:44 +00:00
Dr. Stephen Henson
ea131a0644 Update demos/bio/README 2013-10-21 03:51:44 +01:00
Dr. Stephen Henson
f3efeaad54 Fix various typos. 2013-10-20 22:31:00 +01:00
Dr. Stephen Henson
d80b0eeee5 Modify sample accept.cnf 2013-10-20 22:21:52 +01:00
Dr. Stephen Henson
ebd14bfce9 Add demo for SSL server using SSL_CONF. 2013-10-20 22:21:52 +01:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
e24fd37cda Typo. 
(cherry picked from commit 1546fb780b)
 2013-03-18 14:00:39 +00:00
Dr. Stephen Henson
bcb157f07f typo 2013-03-05 21:20:00 +00:00
Dr. Stephen Henson
e942c15451 Initial CCM code. 
Simple example of CCM code use: translated from the FIPS self tests.
 2013-03-05 18:30:53 +00:00
Dr. Stephen Henson
3646578ae7 Demo code for SSL_CONF API 
Two example programs one for command line argument processing and
one for configuration file processing.
 2013-02-26 16:33:05 +00:00
Dr. Stephen Henson
92821996de oops, revert, committed in error 2012-12-14 23:29:58 +00:00
Dr. Stephen Henson
11e2957d5f apps/ocsp.c 2012-12-14 23:28:19 +00:00
Dr. Stephen Henson
24f77b34d5 remove redundant code from demo 2012-11-18 14:47:25 +00:00
Dr. Stephen Henson
226afe4956 typo 2012-10-27 18:05:56 +00:00
Dr. Stephen Henson
07a4ff79d2 add simple AES GCM code example 2012-10-16 23:03:45 +00:00
Dr. Stephen Henson
61d24f102d update README 2012-09-09 20:47:36 +00:00
Dr. Stephen Henson
79b184fb4b Extend certificate creation examples to include CRL generation and sample 
scripts running the test OCSP responder.
 2012-09-09 20:43:49 +00:00
Dr. Stephen Henson
ef6b34bec2 make EC test certificates usable for ECDH 2012-08-31 11:15:44 +00:00
Dr. Stephen Henson
18d7158809 Add certificate callback. If set this is called whenever a certificate 
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
 2012-06-29 14:24:42 +00:00
Dr. Stephen Henson
57559471bf oops, revert unrelated changes 2012-02-09 15:43:58 +00:00
Dr. Stephen Henson
f4e1169341 Modify client hello version when renegotiating to enhance interop with 
some servers.
 2012-02-09 15:42:10 +00:00
Dr. Stephen Henson
ccd395cbcc add example for DH certificate generation 2012-01-25 16:33:39 +00:00
Dr. Stephen Henson
1bfdb34f70 Add private keys and generation scripts for test certificates in apps 
directory.
 2011-12-14 22:14:47 +00:00
Dr. Stephen Henson
b6df360b9e Simple automated certificate creation demo. 2011-06-01 18:36:49 +00:00
Dr. Stephen Henson
55f39a199d fix comments 2010-01-21 01:17:17 +00:00
Dr. Stephen Henson
3ec5f38b47 Update demo 2010-01-20 14:06:21 +00:00
Dr. Stephen Henson
98c08a6312 Use SHA1 and not deprecated MD5 in demos. 2009-08-15 11:01:09 +00:00
Richard Levitte
cc8cc9a3a1 Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). 
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
 2009-05-15 16:36:56 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Lutz Jänicke
0f401ff08b Add missing 'extern "C" {' to some _err.h files in crypto/engines/ 
PR: 1609
 2008-04-18 07:43:26 +00:00
Dr. Stephen Henson
1728756255 Detached encrypt/decrypt example, fix decrypt sample. 2008-04-11 23:52:26 +00:00
Dr. Stephen Henson
f3eba36c4c Fix comments. 2008-04-11 17:50:20 +00:00
Dr. Stephen Henson
47a6d388c7 CMS compressed data examples. 2008-04-11 17:33:29 +00:00
Dr. Stephen Henson
c02b6b6b21 Fix for compression and updated CMS_final(). 2008-04-11 17:07:01 +00:00
Dr. Stephen Henson
3b28bc9910 PKCS#7 examples converted to CMS. 2008-04-11 16:52:45 +00:00
Geoff Thorpe
eb77ebe26c Update tunala so it builds ok with OPENSSL_NO_DEPRECATED, and improve the 
autoungunk.sh logic (autobits have grown since I last tried this...).
 2008-03-28 01:56:08 +00:00
Dr. Stephen Henson
be3b365a34 Sample text files for S/MIME test programs. 2007-04-13 20:41:42 +00:00
Dr. Stephen Henson
b2b2dafc28 Add a bunch of S/MIME sample programs and data. 2007-04-13 20:40:47 +00:00
Nils Larsch
90076b96df fix typos 
PR: 1280
 2006-02-15 19:42:22 +00:00
Bodo Möller
d56349a2aa update TLS-ECC code 
Submitted by: Douglas Stebila
 2005-12-13 07:33:35 +00:00
Richard Levitte
37e27219f2 From branch OpenSSL_0_9_7-stable, 2002-11-13 15:30: 
The loading functions should be static if we build a dynamic
engine.
 2005-04-30 14:34:28 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Richard Levitte
b94f886b22 Stupid casts... 2004-08-11 17:41:15 +00:00
Bodo Möller
968766cad8 updates for draft-ietf-tls-ecc-03.txt 
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
 2003-07-22 12:34:21 +00:00
Richard Levitte
c14b337570 Typo. 
PR: 593
 2003-06-11 22:45:53 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework. 
PR: 287
 2003-01-30 17:39:26 +00:00
Geoff Thorpe
e5a08ce44d Make 'tunala' link with zlib if possible (so it works if openssl was 
configured with zlib support).
 2002-12-11 19:07:03 +00:00
Richard Levitte
8d6e60486f Fix to build better with DJGPP. 
PR: 338

Here's the description, submitted by Gisle Vanem <giva@bgnett.no>:

1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due
   to name-clash with Watt-32.

2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash
   with <stdlib.h>

3. Added calls to dbug_init()/sock_init() in some demo programs.

4. Changed cflags/lflags in configure. Watt-32 install root now taken
   from $WATT_ROOT.
 2002-11-14 11:22:01 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
c0d64de660 Make internal functions static. 2002-11-13 14:34:53 +00:00
Richard Levitte
c1ce8cf3b8 Name the flag files correctly. 2002-11-13 14:31:34 +00:00
Richard Levitte
bd1fb77245 There's a name clash between OpenSSL and RSAref. Since this engine handles 
RSAref data, pretend we don't care for OpenSSL's MD2 and MD5 structures or
implementation.
Remove all kinds of silly warning
 2002-10-24 17:02:27 +00:00
Dr. Stephen Henson
5aa3429c5d Typo: v3 is represented by 2. 2002-10-21 00:10:10 +00:00
Richard Levitte
fa4bde98d2 Add a few more target platforms, to see how well the shared library 
linking works on them.
 2002-10-10 12:46:05 +00:00
Richard Levitte
27bad5ad3d Don't fuss with the demo binaries 2002-10-09 13:57:55 +00:00
Bodo Möller
7cc6ec7af7 add URL for Internet Draft 2002-09-16 13:45:14 +00:00
Bodo Möller
c2bbf275b2 1. switch from "-newkey ecdsa:..." to "-newkey ec:..." 
2. automatically create required sub-directories

Submitted by: Vipul Gupta <Vipul.Gupta@sun.com>
 2002-09-10 07:36:52 +00:00
Richard Levitte
629d860cbc Some files deserve to be ignored 2002-08-13 22:41:18 +00:00