Commit Graph

15276 Commits

Author SHA1 Message Date
Dr. Stephen Henson
e8503762da Rename PKCS12 function
Rename ancient PKCS12 functions to use more logical names. Include
defines from old to new name.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
776cfa9bfb Use accessors in pkcs12 app.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
1387a2ecb8 pkcs12 accessors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
03922a635b more PKCS12 opacity
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
a40d594984 New PKCS12 accessors, change macros to functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
54c38b7f0d Make PKCS12 structures opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 18:43:48 +00:00
Dr. Stephen Henson
b577fd0b81 Deprecate undocumented SSL_cache_hit().
Deprecate undocumented SSL_cache_hit(). Make SSL_session_reused() into a
real function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 16:57:07 +00:00
Rich Salz
43ecb9c35c GH641: Don't care openssl_zmalloc
Don't cast malloc-family return values.
Also found some places where (a) blank line was missing; and (b)
the *wrong* return value was checked.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 11:09:16 -05:00
Richard Levitte
4500a4cd4d Use File::Path::rmtree rather than File::Path::remove_tree
Just like File::Path::make_path, File::Path::remove_tree didn't show
up before File::Path 2.06 / perl v5.10.1, so we prefer the legacy
function here as well.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-08 17:03:37 +01:00
Richard Levitte
dca99383c2 Use File::Path::mkpath rather than File::Path::make_path
File::Path::make_path didn't show up before File::Path 2.06 / perl v5.10.1.
Because we're trying to stay compatible with perl v5.10.0 and up,
it's better to use the legacy interface.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-08 17:03:37 +01:00
Dr. Stephen Henson
dd9589740d Fix engine key support in utilities.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 15:11:08 +00:00
Andy Polyakov
2f0c9d5cdf bio/b_sock.c: cleanup obsolete stuff.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 15:59:16 +01:00
Andy Polyakov
6bc1dfd651 bn/Makefile.in: remove obsolete rules.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 15:54:36 +01:00
Andy Polyakov
c7c3c8b917 Configurations/00-base-templates.conf: harmonize extensions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 15:53:22 +01:00
Roumen Petrov
8092650298 avoid crash if hostserv is with host part only
(if priority is set to host)

Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 15:41:36 +01:00
Rich Salz
895ffe41c2 GH322 revisited: remove unused function.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-08 09:21:17 -05:00
Rob Percival
b00387a0a3 Make TESTS= work with "nmake -f ms/ntdll.mak tests"
This works on Linux with Make already, and allows running only specified
tests.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 13:57:29 +01:00
Richard Levitte
6b9686e694 dtlsv1listentest includes e_os.h, reflect that in include dirs
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-08 12:05:41 +01:00
Matt Caswell
64f9f40696 Handle SSL_shutdown while in init more appropriately #2
Previous commit 7bb196a71 attempted to "fix" a problem with the way
SSL_shutdown() behaved whilst in mid-handshake. The original behaviour had
SSL_shutdown() return immediately having taken no action if called mid-
handshake with a return value of 1 (meaning everything was shutdown
successfully). In fact the shutdown has not been successful.

Commit 7bb196a71 changed that to send a close_notify anyway and then
return. This seems to be causing some problems for some applications so
perhaps a better (much simpler) approach is revert to the previous
behaviour (no attempt at a shutdown), but return -1 (meaning the shutdown
was not successful).

This also fixes a bug where SSL_shutdown always returns 0 when shutdown
*very* early in the handshake (i.e. we are still using SSLv23_method).

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-08 09:29:29 +00:00
Rich Salz
a173a7ee3f more doc fixes
dgst: using digest instead of specific digest commands
the digest list specified in man dgst may be inaccurate, hence using
digest and referring to the list in digest-commands

'sha' as a digest name is no longer supported

dgst,pkeyutl cmds help cleanup
- In dgst, pkeyutl cmds, some options help was missing.
- fixed a minor typo in openssl.pod, that fixes make install.
- digest-commands was showing ‘sha’, which is not a supported digest
anymore.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-07 23:14:12 -05:00
Dr. Stephen Henson
99978d51d6 Clarify resumed sessions and NULL return.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-08 02:35:51 +00:00
Kurt Roeckx
026e012b3d Fix memory leak in dtlsv1listentest
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #1879
2016-02-06 21:45:24 +01:00
Viktor Dukhovni
d1b105827a Allocate bio_err before turning on memleak checks
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-06 15:39:48 -05:00
Dr. Stephen Henson
48cc4ad020 Stack documentation.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-06 19:24:14 +00:00
A J Mohan Rao
6755ff1128 commands help cleanup
opt_valtype 0 is same as '-' while printing cmd usage
asn1parse/ca/ciphers help cleanup

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-06 14:06:52 -05:00
Dr. Stephen Henson
0ca2e82ab1 if no comparison function set make sk_sort no op
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-06 18:49:10 +00:00
Dr. Stephen Henson
8a07e27cd8 make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-06 18:18:28 +00:00
Dr. Stephen Henson
cf4462daaf Add documenation for X509_chain_up_ref()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-06 18:18:28 +00:00
Dr. Stephen Henson
696178edff Add SSL_get0_verified_chain() to return verified chain of peer
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-06 18:18:28 +00:00
Richard Levitte
f3ac50038d Display the linking commands that are performed
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-06 17:57:19 +01:00
Richard Levitte
c86ddbe613 Enhance and clear the support of linker flags
Some time ago, we had a ex_libs configuration setting that could be
divided into lflags and ex_libs.  These got divided in two settings,
lflags and ex_libs, and the former was interpreted to be general
linking flags.

Unfortunately, that conclusion wasn't entirely accurate.  Most of
those linking were meant to end up in a very precise position on the
linking command line, just before the spec of libraries the linking
depends on.

Back to the drawing board, we're diving things further, now having
lflags, which are linking flags that aren't depending on command line
position, plib_lflags, which are linking flags that should show up just
before the spec of libraries to depend on, and finally ex_libs, which
is the spec of extra libraries to depend on.

Also, documentation is changed in Configurations/README.  This was
previously forgotten.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-06 17:57:19 +01:00
Billy Brumley
b438f0ed8f GH587: Extend ECDH tests to more curves. Add more ECDH KATs.
squelch sign-compare warning

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-06 10:59:26 -05:00
Kurt Roeckx
e6f601cef5 Add BIO_ADDR_clear to libeay.num
Reviewed-by: Matt Caswell <matt@openssl.org>

MR: #1874
2016-02-06 15:27:19 +01:00
Insu Yun
69ac182d15 GH634: fix potential memory leak
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-06 09:25:54 -05:00
Rich Salz
0d1e003f84 RT4194: Restore old engine parameter parsing.
Allow initial engine names as first parameters before flags.
Also add engine param to help summary

Wrote manpage

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-06 09:19:04 -05:00
Richard Levitte
04949088bd Add build.info lines for dtlsv1listentest
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-06 13:11:27 +01:00
Kurt Roeckx
7ee0ccec37 Don't include sys/socket.h
It's not available on all OSs, e_os.h already does the right thing

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #1870
2016-02-06 12:28:13 +01:00
Viktor Dukhovni
8143aa6f34 Add missing static declarations in dtlsv1listentest.c
Clang rightly does not like extern symbols that are not declared
in any header file, as typically these are not intended for global
visibility and are exposed in error.  This was indeed the case with
various file-scope objects in dtlsv1listentest.c.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-05 23:22:02 -05:00
Matt Caswell
a9052bed9e Update DTLSv1_listen documentation
Make it clear that if we are unable to get hold of the peer address then
*peer is cleared and the family set to AF_UNSPEC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 20:47:36 +00:00
Matt Caswell
ce0865d8dc Add tests for DTLSv1_listen
Adds a set of tests for the newly rewritten DTLSv1_listen function.
The test pokes various packets at the function and then checks
the return value and the data written out to ensure it is what we
would have expected.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 20:47:36 +00:00
Matt Caswell
4b1043ef1b Provide partial support for fragmented DTLS ClientHellos
The recently rewriten DTLSv1_listen code does not support fragmented
ClientHello messages because fragment reassembly requires server state
which is against the whole point of DTLSv1_listen. This change adds some
partial support for fragmented ClientHellos. It requires that the cookie
must be within the initial fragment. That way any non-initial ClientHello
fragments can be dropped and fragment reassembly is not required.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 20:47:36 +00:00
Matt Caswell
7d1d48a2d0 Add a BIO_ADDR_clear function
Adds a new function BIO_ADDR_clear to reset a BIO_ADDR back to an
unitialised state, and to set the family to AF_UNSPEC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 20:47:36 +00:00
FdaSilvaYY
0d4fb84390 GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Ellinger, Wesley M
2b52de9a37 RT4070: Improve struct/union regexp
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-05 14:26:50 -05:00
Matt Caswell
3edeb622ba Make DTLSv1_listen a first class function and change its type
The DTLSv1_listen function exposed details of the underlying BIO
abstraction and did not properly allow for IPv6. This commit changes the
"peer" argument to be a BIO_ADDR and makes it a first class function
(rather than a ctrl) to ensure proper type checking.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-05 19:12:18 +00:00
Rich Salz
0dc225577c RT4292: Remove ===== line
Also remove two mistakenly checked-in files.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-05 12:47:46 -05:00
Rich Salz
724a1d273e RT1596: Add clarifying doc.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 12:45:59 -05:00
A J Mohan Rao
169394d456 GH628: Add -help to all apps docs.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 11:59:54 -05:00
Rich Salz
0ae9e29266 GH628: Add -help to all apps docs.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 11:17:00 -05:00
Viktor Dukhovni
3921ded79a Ensure correct chain depth for policy checks with DANE bare key TA
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-05 11:13:11 -05:00