Commit graph

1728 commits

Author SHA1 Message Date
Matt Caswell
be1477adc9 Move malloc fail checks closer to malloc
Move memory allocation failure checks closer to the site of the malloc in
dgst app. Only a problem if the debug flag is set...but still should be
fixed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-17 13:39:53 +00:00
Matt Caswell
a561bfe944 Add malloc failure checks
Add some missing checks for memory allocation failures in ca app.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-17 13:39:53 +00:00
Dr. Stephen Henson
9b0a453190 Make X509_ATTRIBUTE opaque.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-16 15:54:19 +00:00
Rich Salz
10bf4fc2c3 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Dmitry-Me
0b142f022e Fix wrong numbers being passed as string lengths
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-09 21:02:41 +01:00
Dr. Stephen Henson
6ef869d7d0 Make OCSP structures opaque.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-05 14:47:48 +00:00
Matt Caswell
918bb86529 Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-05 09:09:57 +00:00
Dr. Stephen Henson
35313768c7 Make OpenSSL compile with no-rc4
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-27 00:18:10 +00:00
Matt Caswell
7a4dadc3a6 Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed
the "-hack" option from s_server that set this option.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-26 23:22:46 +00:00
Matt Caswell
25690b7f5f Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25 09:15:02 +00:00
Emilia Kasper
0923e7df9e Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-10 15:35:20 +01:00
Dr. Stephen Henson
9c7a780bbe Fix memory leak reporting.
Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 12:53:36 +00:00
Rich Salz
05c3234ddf ui_compat cleanup; makefiles and vms
Remove ui_compat.h from Makefile dependencies
And from two VMS build/install scripts.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-06 16:49:17 -05:00
Rich Salz
6f91b017bb Live code cleanup: remove #if 1 stuff
For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:54:20 -05:00
Dr. Stephen Henson
a283d2a80a Remove OPENSSL_NO_HMAC
Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 12:16:58 +00:00
Rich Salz
24956ca00f Remove old DES API
Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 18:46:01 -05:00
Matt Caswell
0c2837564c Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals
previously protected by this have been moved into non-public headers

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-31 18:07:11 +00:00
Rich Salz
75d0ebef2a Dead code clean: #if 0 removal in apps
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-30 14:52:57 -05:00
Richard Levitte
c6ef15c494 clang on Linux x86_64 complains about unreachable code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-29 01:54:09 +01:00
Rich Salz
68fd6dce73 Remove support for opaque-prf
An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-28 15:37:16 -05:00
Rich Salz
daa48704cc OPENSSL_NO_XXX cleanup: NO_TLS, NO_TLS1
TLS and TLS1 are no longer optional.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 15:14:12 -05:00
Rich Salz
474e469bbd OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 12:34:45 -05:00
Rich Salz
a00ae6c46e OPENSSL_NO_xxx cleanup: many removals
The following compile options (#ifdef's) are removed:
    OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
    OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
    OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
    OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY

This diff is big because of updating the indents on preprocessor lines.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:06:22 -05:00
Matt Caswell
f400241251 Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-27 14:28:41 +00:00
Rich Salz
a2b18e657e ifdef cleanup, part 4a: '#ifdef undef'
This removes all code surrounded by '#ifdef undef'
One case is left: memmove() replaced by open-coded for loop,
in crypto/stack/stack.c  That needs further review.

Also removed a couple of instances of /* dead code */ if I saw them
while doing the main removal.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-24 10:58:38 -05:00
Rich Salz
68b00c2372 ifdef cleanup part 3: OPENSSL_SYSNAME
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
Remove MS_STATIC; it's a relic from platforms <32 bits.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 11:58:26 -05:00
Rich Salz
27c7609cf8 ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF
Use setbuf(fp, NULL) instead of setvbuf().  This removes some
ifdef complexity because all of our platforms support setbuf.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-22 12:57:29 -05:00
Matt Caswell
35a1cc90bc More comment realignment
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
50e735f9e5 Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
68d39f3ce6 Move more comments that confuse indent
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
dbd87ffc21 indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
a7b1eed566 More indent fixes for STACK_OF
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Andy Polyakov
6e81b27012 apps/srp.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Andy Polyakov
e751bba4ac apps/speed.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Matt Caswell
e636e2acd7 Fix source where indent will not be able to cope
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:06 +00:00
Matt Caswell
c80fd6b215 Further comment changes for reformat (master)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:19:59 +00:00
Rich Salz
4b618848f9 Cleanup OPENSSL_NO_xxx, part 1
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
	OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
	OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Rich Salz
6d23cf9744 RT3548: Remove unsupported platforms
This last one for this ticket.  Removes WIN16.
So long, MS_CALLBACK and MS_FAR.  We won't miss you.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 17:30:54 -05:00
Rich Salz
9405a9a2e1 RT478: Add uninstall make target
Add INSTALLDIRS variable, list of directories where things get
installed. Change install_html_docs to use perl mkdir-p script.

Add uninstall, uninstall_sw, uninstall_docs, uninstall_html_docs
to Makefile.org.  The actions of these targets were figured out
by "inverting" the install target.

Recurse into subdirs to do uninstall as needed.  Added uninstall
targets whose actions were similarly figured out by "inverting"
the install target.

Also remove some 'space before tab' complaints in Makefile.org

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-12 10:28:05 -05:00
Matt Caswell
3a83462dfe Further comment amendments to preserve formatting prior to source reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Piotr Sikora
e783bae26a Fix building with no-srtp
RT3638

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-01-05 14:17:22 +00:00
Dominik Neubauer
2a9338ee31 typo in s_client
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-12-31 11:13:48 +01:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Kurt Roeckx
aa8a9266f9 Make "run" volatile
RT#3629

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-30 16:46:46 +01:00
Thorsten Glaser
5075e52e6f Document openssl dgst -hmac option
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-30 16:46:46 +01:00
Kurt Roeckx
8c00f4cfd2 Fix memory leak in the apps
The BIO_free() allocated ex_data again that we already freed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-30 16:46:46 +01:00
Rich Salz
5ad4fdce41 RT3548: Remove unsupported platforms.
This commit removes MPE/iX

Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-12-22 17:47:28 -05:00
Matt Caswell
6385043fa1 make update following changes to default config settings
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:22 +00:00
Matt Caswell
5bafb04d2e Remove redundant OPENSSL_NO_DEPRECATED suppression
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:05 +00:00