Commit Graph

2542 Commits

Author SHA1 Message Date
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
Andy Polyakov
a4c74e88e4 apps/passwd.c: 32 bits are sufficient to hold ROUNDS_MAX.
Even though C standard defines 'z' modifier, recent mingw compilers break
the contract by defining __STDC_VERSION__ with non-compliant MSVCRT.DLL.
In other words we can't use %zu with mingw, but insteadl of cooking

Reviewed-by: Tim Hudson <tjh@openssl.org>
2017-03-27 21:09:06 +02:00
Matt Caswell
9998b32cb6 Fix no-dtls builds
Commits f2ff1432f in master and 14d4d7eda in 1.1.0 broke the no-dtls build
by moving the position of a "#endif" for OPENSSL_NO_DTLS in a change
which is otherwise unrelated to DTLS. This puts it back to where it was.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2974)
2017-03-17 12:32:59 +00:00
Todd Short
07518cfb38 Add TLSv1.3 draft-19 messages to trace
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2970)
2017-03-16 13:16:51 -04:00
FdaSilvaYY
f2ff1432fc Simplify code around next_proto.len by changing 'len' data type.
clean an useless static qualifier and a dead comment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2278)
2017-03-16 11:43:39 +01:00
Benjamin Kaduk
96a5d7fdba Fix a -Wsign-compare warning
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2940)
2017-03-14 11:44:34 -05:00
Todd Short
f282e954ec Add HelloRetryRequest text to s_client/s_server
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2900)
2017-03-10 12:01:08 -05:00
Pauli
2b305ab02e Make the output of enc -ciphers identical even if run several times in a session.
This amounts to moving the column counter so it isn't a function local static variable and reinitialising it each time.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2884)
2017-03-09 09:34:42 -05:00
Todd Short
b35fb005bd Add some TLS13 values to s_client/s_server
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2882)
2017-03-08 13:49:44 -05:00
Pauli
777f1708a8 Limit the output of the enc -ciphers command to just the ciphers enc can
process.  This means no AEAD ciphers and no XTS mode.

Update the test script that uses this output to test cipher suites to not
filter out the now missing cipher modes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2876)
2017-03-08 10:01:28 -05:00
Pauli
bf580d5f30 Increase the password buffer size to APP_PASS_LEN.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2868)
2017-03-07 10:12:05 +10:00
Matt Caswell
593a2aa3eb Fix no-psk
Fixes #2847

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2856)
2017-03-06 09:52:21 +00:00
Andy Polyakov
8b0d424240 apps/s_client.c: harden ldap_ExtendedResponse_parse.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-04 23:16:17 +01:00
edelangh
dbaa069a5e use OSSLzu instead of lu format for size_t display
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2660)
2017-03-03 08:04:47 -05:00
Matt Caswell
30d1bab146 Silence some clang warnings
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2831)
2017-03-02 23:56:36 +00:00
Matt Caswell
0665b4edae Rename SSL_write_early() to SSL_write_early_data()
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
f533fbd44a Rename SSL_read_early() to SSL_read_early_data()
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
ade1e88806 Updates to s_server and s_client for the latest early_data API changes
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
0a5ece5bd2 Tighten sanity checks when calling early data functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
6746648c42 Ensure the max_early_data option to s_server can be 0
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
576eb3958c Get s_client to report on whether early data was accepted or not
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
e0655186f9 Add a "-early_data" option to s_server
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
923ac8271b Add an option to s_client to send early_data
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Matt Caswell
048b189336 Add a -max_early_data option to s_server
Allows you to set the number of bytes that can be sent as early data

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:14 +00:00
Robert Scheck
398b0bbdf7 Add LDAP support (RFC 4511) to s_client ("-starttls ldap")
Based on initial patch by Alex Bergmann <alex@linlab.net> and new function
ldap_ExtendedResponse_parse() by Andy Polyakov <appro@openssl.org>. Thanks
very much to both.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2293)
2017-03-02 16:33:22 +01:00
Bernd Edlinger
f8aa15728b Check that async_jobs is not negative and not too high.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2693)
2017-03-01 12:19:46 -05:00
Rich Salz
a2b22cd6a8 Remove GENCB_TEST compile flag
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2790)
2017-02-28 12:59:22 -05:00
Matt Caswell
9fa36f5f4b Remove some commented out code in the apps
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2774)
2017-02-28 16:02:11 +00:00
Richard Levitte
e627a13cd5 Code health: Remove obvious VAX C fixups
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2775)
2017-02-28 15:32:01 +01:00
Emilia Kasper
b53338cbf8 Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:25 +01:00
Emilia Kasper
e546e2cc8c Remove debugging leftovers in apps/opt.c
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-02-28 15:23:40 +01:00
Dr. Stephen Henson
d86f2f26c8 Remove ancient demoCA directory
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2760)
2017-02-28 10:50:32 +00:00
Dr. Stephen Henson
395f7c4217 Print signature type to out, not bio_err
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2747)
2017-02-26 18:26:08 +00:00
Richard Levitte
46958a043d Check for the presence of _WIN32 rather than its value.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2727)
2017-02-23 14:41:20 +01:00
Richard Levitte
2ac915f162 In apps/rehash.c, decorate the inclusion of internal/o_dir.h for VMS
The library files are built with symbol names as is, while the
application is built with the default uppercase-all-symbols mode.
That's fine for public APIs, because we have __DECC_INCLUDE_PROLOGUE.H
and __DECC_INCLUDE_EPILOGUE.H automatically telling the compiler how
to treat the public header files.  However, we don't have the same
setup for internal library APIs, since they are usually only used by
the libraries.

Because apps/rehash.c uses a library internal header file, we have to
surround that inclusion with the same kind of pragmas found in
__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, or we get
unresolved symbols when building no-shared.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2725)
2017-02-23 13:45:00 +01:00
Richard Levitte
39aceac320 On VMS, massage the fetch file names to remove the generation number
The generation number is ';nnn' at the end of the file name fetched
with readdir().  Because rehash checks for specific extensions and
doesn't expect an additional generation number, the easiest is to
massage the received file name early by simply removing the generation
number.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2717)
2017-02-23 02:19:55 +01:00
Richard Levitte
341de5f199 Let the output from 'openssl enc -ciphers' go to stdout
Also, don't exit with an error code

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2716)
2017-02-23 00:11:18 +01:00
Richard Levitte
5c80e2af3a Make "openssl rehash" work on VMS 8.3 and up
A spelling error prevented it from building correctly.
Furthermore, we need to be more careful when to add a / at the end
of the dirname and when not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2706)
2017-02-22 18:36:32 +01:00
Rob Percival
65b3dff76b apps/req.c: flag "-new" is implied by "-precert"
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
2017-02-22 10:40:30 -05:00
Rob Percival
505fb99964 Change CA.pl flag from --newprecert to --precert
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
2017-02-22 10:40:30 -05:00
Rob Percival
b6486bf749 Adds a "-precert" flag to "openssl req" for creating pre-certificates
This makes it a little easier to create a pre-certificate.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
2017-02-22 10:40:30 -05:00
Bernd Edlinger
0fbaef9e64 Fix some more memory leaks with TXT_DB_insert.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2684)
2017-02-21 14:13:58 -05:00
Bernd Edlinger
9ad52c562a Fix a few memleaks in TXT_DB.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2684)
2017-02-21 14:13:58 -05:00
Dmitry Belyavskiy
a7c04f2b54 Provided support for the -nameopt flag in s_client, s_server and s_time
commands.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2695)
2017-02-21 13:50:00 -05:00
Pauli
d42d0a4dc7 Implementation of the ARIA cipher as described in RFC 5794.
This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)
2017-02-21 11:51:45 +01:00
Dmitry Belyavskiy
ad39b31c1c Added '-nameopt' option to the verify command.
It makes possible to print the certificate's DN correctly in case of verification errors.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2656)
2017-02-20 19:35:14 -05:00
Matt Caswell
f14afcaa42 Updates following review feedback
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:01 +00:00
Matt Caswell
b07b2a1b44 Add the ability for s_client to send a KeyUpdate message
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
Matt Caswell
34df45b531 Add a capability to s_server to send KeyUpdate messages
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
lrns
0cb8c9d85e Change req_check_len error message, it also accepts 20 bytes, but states 'less than' in the error message
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2648)
2017-02-16 09:18:11 -05:00