Commit Graph

18086 Commits

Author SHA1 Message Date
Richard Levitte
54d72ef0f0 Fixup BIO demos for OpenSSL 1.1.x
Call SSL_CTX_new() before doing any configuration.
(or call OPENSSL_ssl_init())

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 18:24:24 +02:00
Richard Levitte
3656ea1c22 Fixup BIO demos for OpenSSL 1.1.x
'ECDHParameters = Automatic' isn't accepted.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 18:24:24 +02:00
Richard Levitte
16c6deed2c Fixup BIO demos for OpenSSL 1.1.x
Note: server-cmod doesn't seem to do things right...  from loading
cmod.cnf, it tries to load libssl_conf.so.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 18:24:24 +02:00
Matt Caswell
08029dfa03 Convert WPACKET_put_bytes to use convenience macros
All the other functions that take an argument for the number of bytes
use convenience macros for this purpose. We should do the same with
WPACKET_put_bytes().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 14:47:44 +01:00
Matt Caswell
85a7a5e6ef Convert CCS construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 14:17:50 +01:00
Matt Caswell
4f89bfbf15 Convert Finished construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 12:26:38 +01:00
Matt Caswell
418a18a2de Style tweaks following review feedback
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 10:16:56 +01:00
Matt Caswell
15e6be6c5c Convert NextProto message construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 10:16:56 +01:00
Matt Caswell
c49e191230 Convert Certificate message construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 10:16:56 +01:00
Matt Caswell
6400f33818 Convert ClientVerify Construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 10:16:56 +01:00
FdaSilvaYY
28aef3d955 Remove an option related to a deprecated flag
CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE  are unused in pkcs7/cms code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1585)
2016-09-19 21:21:38 -04:00
FdaSilvaYY
12d56b2992 Fix various missing option help messages ...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1585)
2016-09-19 21:21:38 -04:00
Matt Caswell
9205ebeb8e Convert num_alloc to a size_t in stack.c and tweak style
We were casting num_alloc to size_t in lots of places, or just using it in
a context where size_t makes more sense - so convert it. This simplifies
the code a bit.

Also tweak the style in stack.c a bit following on from the previous
commit

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-19 23:25:52 +01:00
Guido Vranken
9731a9ce7d Prevent overflows in stack API
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-19 23:24:49 +01:00
FdaSilvaYY
e2562bbbe1 Update INSTALL about no-md5 removal
no-rsa is no longer an option since 7ec8de1

Fix a typo about poly1305

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1582)
2016-09-19 20:12:58 +02:00
Richard Levitte
057c676afb Fix no-ocsp
Some compilers complain about unused variables, and some tests do
not run well without OCSP.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-19 15:08:58 +02:00
FdaSilvaYY
81f9ce1e19 Constify code about X509_VERIFY_PARAM
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1594)
2016-09-18 00:22:00 -04:00
Richard Levitte
66fe388aa4 Have the configuration options 'no-err' and 'no-async' work again
In an earlier attempt to simplify the processing of disabled options,
'no-err' and 'no-async' stopped working properly.  'err' and 'async'
are directories under 'crypto/', but they are special insofar that
they can't be simply skipped, like all the algorithm directories can,
so they need special treatment among the disablable things.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-17 21:57:29 +02:00
Richard Levitte
41240e68d7 Simplify configudata.pm dependency generation
While we're at it, correct the fault in windows-makefile.tmpl

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-17 21:15:12 +02:00
FdaSilvaYY
76dc356384 Remove an useless definition.
APP_INFO is currently a field of MEM struct.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1583)
2016-09-17 12:32:37 -04:00
Alessandro Ghedini
4f8a5f4da9 Use switch instead of multiple ifs
Makes the logic a little bit clearer.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1571)
2016-09-16 11:07:08 -04:00
Richard Levitte
c5ad3076a6 Simplify the dependencies for remaking configdata.pm
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Richard Levitte
1967a42eb5 Rearrange the storage of build file template names in %config
They are now relative paths as well

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Richard Levitte
dc660c70b5 Use the registered conf file names as dependencies to build configdata.pm
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Richard Levitte
ee9b0bbb4c Register the name of the config file each config target was found in
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Matt Caswell
3c0c68ae46 Revert "Abort on unrecognised warning alerts"
This reverts commit 77a6be4dfc.

There were some unexpected side effects to this commit, e.g. in SSLv3 a
warning alert gets sent "no_certificate" if a client does not send a
Certificate during Client Auth. With the above commit this causes the
connection to abort, which is incorrect. There may be some other edge cases
like this so we need to have a rethink on this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-15 22:48:37 +01:00
Richard Levitte
d602c2b680 Finally, make sure vms_term_sock.c is built on VMS
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
51e5133d55 Refactor to avoid unnecessary preprocessor logic
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
c7bdb6a31f Reformat to fit OpenSSL source code standards
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
0d0723e813 Add copyright and license on apps/vms_term_sock.[ch]
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
0d3b65832c VSI submission: redirect terminal input through socket
This is needed, because on VMS, select() can only be used on sockets.  being
able to use select() on all kinds of file descriptors is unique to Unix.

So, the solution for VMS is to create a layer that translates input from
standard input to socket communication.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Rich Salz
6f0ac0e2f2 Make reference to other manpage more explicit
Where -curves, etc., are defined: SSL_CONF_cmd

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-14 18:25:40 -04:00
Rich Salz
c7af65c7b2 GH1536: Install empty CT log list
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-14 18:22:33 -04:00
Richard Levitte
554b4019f5 VMS: Really don't force symbol mixed case when building DSOs
This is an amendment to the september 8 commit titled "VMS: Don't
force symbol mixed case when building DSOs"

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:04:43 +02:00
Richard Levitte
3074514694 Rather than one variable for each passwd type, use one enum variable
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Richard Levitte
49681ae147 Test the new SHA256 and SHA512 based password generation options
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Richard Levitte
2e04d6cc9d Document the new SHA256 and SHA512 password generation options
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Richard Levitte
4e57a12ba7 Add SHA256 and SHA512 based output for 'openssl passwd'
RT#4674 issue 2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Rich Salz
7d959c358a Add -h and -help for c_rehash script and app
Resolves GH1515 and GH1509.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-14 08:59:48 -04:00
Matt Caswell
dd8710dc54 Fix OCSP_RESPID processing bug introduced by WPACKET changes
An OCSP_RESPID in a status request extension has 2 bytes for the length
not 1.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 10:26:36 +01:00
Matt Caswell
73f0df8331 Add some sanity checks around usage of t_fromb64()
The internal SRP function t_fromb64() converts from base64 to binary. It
does not validate that the size of the destination is sufficiently large -
that is up to the callers. In some places there was such a check, but not
in others.

Add an argument to t_fromb64() to provide the size of the destination
buffer and validate that we don't write too much data. Also add some sanity
checks to the callers where appropriate.

With thanks to Shi Lei for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-14 10:06:41 +01:00
Matt Caswell
869d0a37cf Encourage use of the macros for the various "sub" functions
Don't call WPACKET_sub_memcpy(), WPACKET_sub_allocation_bytes() and
WPACKET_start_sub_packet_len() directly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
c9216d1485 Make wpackettest conform to style rules
Remove extra indentation at the start of an "if".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
b2b3024e0e Add a WPACKET_sub_allocate_bytes() function
Updated the construction code to use the new function. Also added some
convenience macros for WPACKET_sub_memcpy().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
f1ec23c0bc Convert CKE construction to use the WPACKET API
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Richard Levitte
497f3bf9a7 Add a test for 'openssl passwd'
Also, enlarge test group 20 to include openssl commands that aren't
tested otherwise

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:30:50 +02:00
Richard Levitte
9f9f962d96 Fix 'openssl passwd' with arguments -1 or -apr1
RT#4674

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:30:50 +02:00
FdaSilvaYY
06a79af200 Fix some magic values about revocation info type...
Add comments, document -valid option.
Add some const qualifiers.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1560)
2016-09-13 11:42:57 -04:00
Rich Salz
77297115cb Add --missing-help to list command
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-13 10:14:01 -04:00
Andy Grundman
fa4618a280 Remove -xtarget=ultra from solaris(64)-sparcv9-cc builds.
This flag got moved after -xarch=v9 in 1.1.0 and had the unexpected
side effect of the compiler building for 32-bit v8plusa instead of v9.

GH#1521
CLA: none; trivial

Signed-off-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-13 15:27:04 +02:00