wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
16151 commits 20 branches 302 tags 153 MiB
Commit graph

2173 commits

Author SHA1 Message Date
Ben Laurie
9730043fac Fix no-rc4. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-22 11:15:24 +00:00
David Benjamin
04f6b0fd91 RT4660: BIO_METHODs should be const. 
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-21 16:49:10 -04:00
Richard Levitte
149bd5d6cb Just like bio_out, bio_err needs the linebuffer filter on VMS 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-21 18:46:49 +01:00
Matt Caswell
7188f1f650 Fix no-ts with --strict-warnings 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-21 16:35:58 +00:00
Matt Caswell
f9e5503412 Fix no-sock 
Misc fixes for no-sock

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-21 16:33:59 +00:00
Matt Caswell
168c3b737e Fix no-gost 
Configure had the wrong name for the no-gost option.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-21 16:28:40 +00:00
Matt Caswell
83ae8124de Fix no-dsa 
Misc fixes for no-dsa.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-21 14:28:56 +00:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts 
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2016-03-21 11:02:00 +01:00
Rich Salz
3c27208fab Remove #error from include files. 
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-20 19:48:36 -04:00
Rich Salz
8230f6c764 GH886: CONNECT should use HTTP/1.1 
By default you get 0.9 which isn't widely available.
But we use HTTP/1.0 for now.
Courtesy beusink@users.github.com

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-03-20 19:41:40 -04:00
Richard Levitte
812e0c8d68 make update 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2016-03-19 22:19:12 +01:00
Richard Levitte
ad2c5ed74e apps/progs.pl: add back the INCLUDE_FUNCTION_TABLE wrapper 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2016-03-19 22:19:12 +01:00
Viktor Dukhovni
ffc8d605e8 Revert "Generate apps/progs.h on the fly" 
This reverts commit 04e2a52737.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-19 13:29:35 -04:00
Viktor Dukhovni
1e7e1c8d5c Revert "Include progs.h directly in openssl.c instead of via apps.h" 
This reverts commit a45d7d5388.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-19 13:29:10 -04:00
Richard Levitte
41850f6bdc The command source are files, not directories 
Therefore, they should be concatenated with the source directory using
catfile(), not catdir()

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-19 11:24:00 +01:00
Schüller Felix
c6aca19bb5 Don't free up EVP_MD_CTX. 
Don't free up passed EVP_MD_CTX in ASN1_item_sign_ctx(). This
simplifies handling and retains compatiblity with previous behaviour.

PR#4446

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-03-19 01:02:02 +00:00
Richard Levitte
04e2a52737 Generate apps/progs.h on the fly 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-19 01:49:31 +01:00
Richard Levitte
a45d7d5388 Include progs.h directly in openssl.c instead of via apps.h 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-19 01:49:31 +01:00
Richard Levitte
3850f8cb15 Make apps/progs.pl more flexible 
Make Configure write @disablables to configdata.pm and have
apps/progs.pl use that data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-19 01:49:31 +01:00
Richard Levitte
b4ae886121 make update 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-18 20:17:19 +01:00
Richard Levitte
f38526357e Implement support for no-ts 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-18 20:17:19 +01:00
Richard Levitte
03f0312936 apps/progs.pl: more consistent output for digests 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-18 20:12:27 +01:00
Matt Caswell
96bea0002b Fix no-des 
Numerous fixes for no-des.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-18 17:07:11 +00:00
Matt Caswell
40a8e9c2ef Fix no-dgram 
A few places in s_client needed some OPENSSL_NO_DTLS guards which fixes
no-dgram.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-18 17:07:11 +00:00
Rich Salz
1fbab1dc6f Remove Netware and OS/2 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-17 17:06:57 -04:00
Richard Levitte
909289dfc3 Have 'openssl version -a' output the default engines directory as well 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-17 07:11:56 +01:00
Viktor Dukhovni
b5f40eb279 Bugfix: Encode the requested length in s_cb.c:hexencode() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-17 00:19:45 -04:00
fbroda
08538fc0a5 General verify options to openssl ts 
This commit adds the general verify options of ocsp, verify,
cms, etc. to the openssl timestamping app as suggested by
Stephen N. Henson in [openssl.org #4287]. The conflicting
"-policy" option of "openssl ts" has been renamed to
"-tspolicy". Documentation and tests have been updated.

CAVE: This will break code, which currently uses the "-policy"
option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-15 18:42:53 +01:00
Dr. Stephen Henson
a6eb1ce6a9 Make X509_SIG opaque. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-11 17:40:47 +00:00
Kurt Roeckx
208527a75d Review comments 
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-11 10:39:10 -05:00
Bill Cox
2d0b441267 Add blake2 support. 
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-11 10:39:10 -05:00
Rob Percival
b536958205 Surround ctx_set_ctlog_list_file() with #ifndef OPENSSL_NO_CT 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-11 09:05:46 -05:00
Rob Percival
0d4d5ab819 check reviewer --reviewer=emilia 
Use SSL_get_SSL_CTX instead of passing SSL_CTX to s_client.c:print_stuff

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-10 14:53:04 -05:00
Rob Percival
8359b57f27 check reviewer --reviewer=emilia 
Remove 'log' field from SCT and related accessors

In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.

Improved documentation for some CT functions in openssl/ssl.h.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-10 14:53:04 -05:00
Kurt Roeckx
0d5301aff9 Use minimum and maximum protocol version instead of version fixed methods 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
 2016-03-09 19:38:56 +01:00
Kurt Roeckx
e4646a8963 Constify security callbacks 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Rob Percival
ca74c38dc8 Documentation for ctx_set_ctlog_list_file() 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 13:07:09 -05:00
Rob Percival
6bea2a72a8 Minor improvement to formatting of SCT output in s_client 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 13:07:09 -05:00
Rob Percival
328f36c5c5 Do not display a CT log error message if CT validation is disabled 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 13:07:09 -05:00
Rob Percival
70073f3e3a Treat boolean functions as booleans 
Use "!x" instead of "x <= 0", as these functions never return a negative
value.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
5da65ef23c Extensive application of __owur to CT functions that return a boolean 
Also improves some documentation of those functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Matt Caswell
2e52e7df51 Remove the old threading API 
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-09 12:41:39 +00:00
Andrea Grandi
2ea9260496 Fix names of the #define used for platform specific code 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 21:04:09 -05:00
Andrea Grandi
363a1fc602 Add empty line after local variables 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 21:04:09 -05:00
Andrea Grandi
564e10294a Fix error with wait set of fds for the select() 
It also makes the call to select blocking to reduce CPU usage

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 21:04:08 -05:00
FdaSilvaYY
049f365580 Fix cert leaks in s_server 
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-08 12:40:01 -05:00
Todd Short
817cd0d52f GH787: Fix ALPN 
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-03-08 09:03:05 -05:00
Viktor Dukhovni
ebc4815fa5 Don't free NCONF obtained values 
Bug reported by Michel Sales.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-07 18:54:16 -05:00
Matt Caswell
e2d5183d7c Fix s_server/s_client handling of the split_send_frag argument 
Ensure that a value of 0 is correctly handled for the split_send_frag
argument.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-03-07 21:39:28 +00:00
Matt Caswell
0df8088132 Add documentation for new s_server/s_client options 
Document the new split_send_frag, max_pipelines and read_buf options.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-03-07 21:39:28 +00:00