wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10924 commits 20 branches 302 tags 153 MiB
Commit graph

1501 commits

Author SHA1 Message Date
Tim Hudson
50522642a0 Add option to generate old hash format. 
New -hash_old to generate CRL hashes using old
(before OpenSSL 1.0.0) algorithm.
(cherry picked from commit de2d97cd79)
 2014-04-03 13:37:04 +01:00
Dr. Stephen Henson
caf55bfacf Avoid Windows 8 Getversion deprecated errors. 
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041)
 2014-02-25 13:42:25 +00:00
Kurt Roeckx
e420060ac9 Use defaults bits in req when not given 
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file.  However the value isn't used to generate the key, but it does
print it's generating such a key.  The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024).  Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.

We now read the config first and use the value from the config file when no size
is given.

PR: 2592
(cherry picked from commit 3343220327)
 2014-02-14 22:35:39 +00:00
Scott Schaefer
040ed7b4d0 Fix various spelling errors 
(cherry picked from commit 2b4ffc659e)
 2014-02-14 22:35:39 +00:00
Dr. Stephen Henson
4eedf86a16 Use default digest implementation in dgst.c 
Use default instead of ENGINE version of digest. Without this
errors will occur if you use an ENGINE for a private key and
it doesn't implement the digest in question.
 2014-01-23 18:36:33 +00:00
Dr. Stephen Henson
c776a3f398 make update 2014-01-06 13:33:27 +00:00
Dr. Stephen Henson
60df657b3a make update 2013-12-08 13:23:14 +00:00
Dr. Stephen Henson
25370e93c6 Typo: don't call RAND_cleanup during app startup. 
(cherry picked from commit 90e7f983b5)
 2013-06-12 21:18:47 +01:00
Dr. Stephen Henson
cdb6c48445 Don't use RC2 with PKCS#12 files in FIPS mode. 2013-05-30 21:39:50 +01:00
Dr. Stephen Henson
944bc29f90 Call RAND_cleanup in openssl application. 2013-03-28 14:28:06 +00:00
Andy Polyakov
0898147090 ssl/*: fix linking errors with no-srtp. 2013-02-09 19:52:07 +01:00
Dr. Stephen Henson
1dcf520fe2 Change default bits to 1024 2013-01-07 16:18:57 +00:00
Dr. Stephen Henson
3ea1e13569 add missing \n 2012-12-23 18:19:28 +00:00
Ben Laurie
5bb6d96558 Make verify return errors. 2012-12-13 15:48:42 +00:00
Dr. Stephen Henson
a650314f72 check mval for NULL too 2012-12-04 17:26:13 +00:00
Dr. Stephen Henson
54fdc39a08 fix leak 2012-12-03 16:33:24 +00:00
Dr. Stephen Henson
eb3a3911fc PR: 2908 
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.
 2012-11-21 14:02:21 +00:00
Dr. Stephen Henson
540f7c75ef fix leaks 2012-11-20 00:28:56 +00:00
Dr. Stephen Henson
f929f201fb fix memory leak 2012-09-11 13:44:38 +00:00
Bodo Möller
12c1621523 Enable message names for TLS 1.1, 1.2 with -msg. 2012-08-16 13:43:37 +00:00
Dr. Stephen Henson
25da47c3c8 Fix memory leak. 
Always perform nexproto callback argument initialisation in s_server
otherwise we use uninitialised data if -nocert is specified.
 2012-07-03 16:36:10 +00:00
Dr. Stephen Henson
36b0719793 oops, add -debug_decrypt option which was accidenatally left out 2012-06-19 13:39:03 +00:00
Ben Laurie
af454b5bb0 Reduce version skew. 2012-06-08 09:18:47 +00:00
Dr. Stephen Henson
3bf4e14cc3 Always use SSLv23_{client,server}_method in s_client.c and s_server.c, 
the old code came from SSLeay days before TLS was even supported.
 2012-03-18 18:16:05 +00:00
Richard Levitte
49f6cb968f cipher should only be set to PSK if JPAKE is used. 2012-03-14 12:39:00 +00:00
Dr. Stephen Henson
267c950c5f Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Add more extension names in s_cb.c extension printing code.
 2012-03-09 18:37:41 +00:00
Dr. Stephen Henson
c714e43c8d PR: 2717 
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
 2012-02-11 23:38:49 +00:00
Dr. Stephen Henson
cdf9d6f6ed PR: 2716 
Submitted by: Adam Langley <agl@google.com>

Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
 2012-02-11 23:21:09 +00:00
Andy Polyakov
69e9c69e70 apps/s_cb.c: recognize latest TLS versions [from HEAD]. 2012-02-11 13:31:16 +00:00
Dr. Stephen Henson
26c6857a59 PR: 2710 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.
 2012-02-10 19:54:46 +00:00
Dr. Stephen Henson
508bd3d1aa PR: 2714 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Make no-srp work.
 2012-02-10 19:44:00 +00:00
Dr. Stephen Henson
c944a9696e add fips hmac option and fips blocking overrides to command line utilities 2012-02-10 16:46:19 +00:00
Andy Polyakov
9b2a29660b Sanitize usage of <ctype.h> functions. It's important that characters 
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
 2012-01-12 16:28:03 +00:00
Andy Polyakov
b9cbcaad58 speed.c: typo in pkey_print_message [from HEAD]. 
PR: 2681
Submitted by: Annie Yousar
 2012-01-11 21:49:16 +00:00
Bodo Möller
767d3e0054 Update for 0.9.8s and 1.0.0f. 
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
 2012-01-05 13:46:27 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
5c05f69450 make update 2011-12-27 14:38:27 +00:00
Dr. Stephen Henson
b300fb7734 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.

- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
 2011-12-27 14:23:22 +00:00
Andy Polyakov
1d05ff2779 apps/speed.c: fix typo in last commit. 2011-12-19 14:33:37 +00:00
Andy Polyakov
941811ccb9 apps/speed.c: Cygwin alarm() fails sometimes. 
PR: 2655
 2011-12-15 22:30:11 +00:00
Dr. Stephen Henson
b8a22c40e0 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
 2011-12-14 22:18:03 +00:00
Dr. Stephen Henson
8173960305 remove old -attime code, new version includes all old functionality 2011-12-10 00:42:48 +00:00
Dr. Stephen Henson
f2e590942e implement -attime option as a verify parameter then it works with all relevant applications 2011-12-10 00:37:42 +00:00
Dr. Stephen Henson
97d0c596a1 Replace expired test server and client certificates with new ones. 2011-12-08 14:45:15 +00:00
Dr. Stephen Henson
5713411893 The default CN prompt message can be confusing when often the CN needs to 
be the server FQDN: change it.
[Reported by PSW Group]
 2011-12-06 00:00:51 +00:00
Ben Laurie
825e1a7c56 Fix warnings. 2011-12-02 14:39:41 +00:00
Dr. Stephen Henson
a310428527 Workaround so "make depend" works for fips builds. 2011-11-22 12:50:59 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0 Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
Andy Polyakov
db896db5a7 speed.c: add ghash benchmark [from HEAD]. 2011-11-14 21:09:30 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Ben Laurie
4c02cf8ecc make depend. 2011-11-13 20:23:34 +00:00
Dr. Stephen Henson
efbb7ee432 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
 2011-11-13 13:13:14 +00:00
Dr. Stephen Henson
6bd173fced Don't disable TLS v1.2 by default any more. 2011-10-09 23:28:25 +00:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
dc100d87b5 Backport of password based CMS support from HEAD. 2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
1fe83b4afe use keyformat for -x509toreq, don't hard code PEM 2011-09-23 21:48:50 +00:00
Dr. Stephen Henson
370385571c PR: 2347 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.
 2011-09-23 13:12:41 +00:00
Dr. Stephen Henson
e34a303ce1 make depend 2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5 Improved error checking for DRBG calls. 
New functionality to allow default DRBG type to be set during compilation
or during runtime.
 2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
4a18d5c89b Don't add trailing slash to FIPSDIR: it causes problems with Windows builds. 2011-06-18 19:02:12 +00:00
Ben Laurie
be23b71e87 Add -attime. 2011-06-09 17:09:31 +00:00
Ben Laurie
78ef9b0205 Fix warnings. 2011-06-09 16:03:18 +00:00
Dr. Stephen Henson
c6fa97a6d6 FIPS low level blocking for AES, RC4 and Camellia. This is complicated by 
use of assembly language routines: rename the assembly language function
to the private_* variant unconditionally and perform tests from a small
C wrapper.
 2011-06-05 17:36:44 +00:00
Dr. Stephen Henson
916bcab28e Prohibit low level cipher APIs in FIPS mode. 
Not complete: ciphers with assembly language key setup are not
covered yet.
 2011-06-01 16:54:06 +00:00
Dr. Stephen Henson
7207eca1ee The first of many changes to make OpenSSL 1.0.1 FIPS capable. 
Add static build support to openssl utility.

Add new "fips" option to Configure.

Make use of installed fipsld and fips_standalone_sha1

Initialise FIPS error callbacks, locking and DRBG.

Doesn't do anything much yet: no crypto is redirected to the FIPS module.

Doesn't completely build either but the openssl utility can enter FIPS mode:
which doesn't do anything much either.
 2011-05-26 14:19:19 +00:00
Dr. Stephen Henson
565c15363c PR: 2527 
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Set cnf to NULL to avoid possible double free.
 2011-05-25 15:05:56 +00:00
Dr. Stephen Henson
57dd2ea808 add FIPS support to openssl utility (backport from HEAD) 2011-05-19 18:23:24 +00:00
Dr. Stephen Henson
7f9ef5621a Oops, add missing declaration. 2011-05-12 13:02:25 +00:00
Dr. Stephen Henson
39348038df make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD. 
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
 2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
ae17b9ecd5 Typo. 2011-05-11 13:22:54 +00:00
Dr. Stephen Henson
74096890ba Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.

The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.

(backport from HEAD).
 2011-05-11 12:56:38 +00:00
Richard Levitte
ecff2e5ce1 Corrections to the VMS build system. 
Submitted by Steven M. Schweda <sms@antinode.info>
 2011-03-25 16:21:08 +00:00
Richard Levitte
d135906dbc For VMS, implement the possibility to choose 64-bit pointers with 
different options:
"64"		The build system will choose /POINTER_SIZE=64=ARGV if
		the compiler supports it, otherwise /POINTER_SIZE=64.
"64="		The build system will force /POINTER_SIZE=64.
"64=ARGV"	The build system will force /POINTER_SIZE=64=ARGV.
 2011-03-25 09:39:46 +00:00
Richard Levitte
9f427a52cb make update (1.0.1-stable) 
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable.  However, since there's been no release on
this branch yet, it should be harmless.
 2011-03-23 00:06:04 +00:00
Richard Levitte
013f3d999f * apps/makeapps.com: Add srp. 2011-03-20 17:34:06 +00:00
Richard Levitte
64d30d7adc * apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV 
with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
  here.
* test/clean-test.com: A new script for cleaning up.
 2011-03-20 14:01:49 +00:00
Richard Levitte
9d57828d66 * apps/openssl.c: For VMS, take care of copying argv if needed much earlier, 
directly in main().  'if needed' also includes when argv is a 32 bit
  pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
  =ARGV, but only if it's supported.  Fortunately, DCL is very helpful
  telling us in this case.
 2011-03-20 13:15:37 +00:00
Richard Levitte
01d2e27a2b Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:47:47 +00:00
Dr. Stephen Henson
3393e0c02c Fix SRP error codes (from HEAD). 2011-03-16 16:55:12 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
13e230d505 PR: 2469 
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve

Check mac is present before trying to retrieve mac iteration count.
 2011-03-13 18:20:23 +00:00
Dr. Stephen Henson
2eab92f8e3 make no-dsa work again 2011-03-10 18:27:13 +00:00
Richard Levitte
a5c5eb77b5 Part of the IF structure didn't get pasted here... 
PR: 2393
 2010-12-14 21:44:33 +00:00
Richard Levitte
90d02be7c5 First attempt at adding the possibility to set the pointer size for the builds on VMS. 
PR: 2393
 2010-12-14 19:18:58 +00:00
Dr. Stephen Henson
981c0de27a fix no SIGALRM case in speed.c 2010-11-18 13:22:42 +00:00
Dr. Stephen Henson
251431ff4f add TLS v1.1 options to s_server 2010-11-13 12:44:17 +00:00
Dr. Stephen Henson
84fbc56fd0 PR: 2366 
Submitted by: Damien Miller <djm@mindrot.org>
Reviewed by: steve

Stop pkeyutl crashing if some arguments are missing. Also make str2fmt
tolerate NULL parameter.
 2010-11-11 14:42:34 +00:00
Dr. Stephen Henson
497b4f92d2 i variable is used on some platforms 2010-07-05 11:03:50 +00:00
Dr. Stephen Henson
1eb1cf452b Backport TLS v1.1 support from HEAD 2010-06-27 14:15:02 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
6938440d68 PR: 2262 
Submitted By: Victor Wagner <vitus@cryptocom.ru>

Fix error reporting in load_key function.
 2010-05-27 14:09:13 +00:00
Richard Levitte
1cf12a6350 No need to look for the file if none was entered. 2010-04-13 14:39:58 +00:00
Richard Levitte
d2f098b33d Spelling 2010-04-13 14:34:48 +00:00
Dr. Stephen Henson
5b0a79a27a PR: 2220 
Fixes to make OpenSSL compile with no-rc4
 2010-04-06 11:18:32 +00:00
Dr. Stephen Henson
75ece4b5cf don't leave bogus errors in the queue 2010-03-10 13:48:21 +00:00
Dr. Stephen Henson
3b3f71121b PR: 2183 
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
 2010-03-03 19:56:17 +00:00
Dr. Stephen Henson
2e630b1847 use supplied ENGINE in genrsa 2010-03-01 14:22:02 +00:00
Dr. Stephen Henson
7366f0b304 PR: 2170 
Submitted by: Magnus Lilja <lilja.magnus@gmail.com>

Make -c option in dgst work again.
 2010-02-12 17:07:24 +00:00