Viktor Szakats
e5452d40be
rsa.c: fix incorrect guard for pvk-* options
...
This update syncs the #if guard protecting the pvk-* options
with the rest of the source handling those options. Also fix
some nearby whitespace.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1365 )
2016-07-30 10:46:22 -04:00
Dr. Stephen Henson
44c248b5ac
print out MAC algorithm
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 23:25:47 +01:00
Jon Loeliger
1abd292585
RT4639: Typo when -DSSL_DEBUG
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-26 12:48:51 -04:00
FdaSilvaYY
ceab33e2cf
Typo and comment fix
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301 )
2016-07-25 08:35:39 -04:00
FdaSilvaYY
fefa4d5507
Unused variable, and cleanups
...
Break two long messages.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301 )
2016-07-25 08:35:39 -04:00
FdaSilvaYY
5f7d5125fd
Unused variable cleanup
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301 )
2016-07-25 08:35:39 -04:00
FdaSilvaYY
55e0d0b462
Discard a dead option
...
Old inactive inherited code, a code relic for sure.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301 )
2016-07-25 08:35:39 -04:00
Dr. Stephen Henson
3770b877ea
Add mask for newly created symlink.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-22 12:07:13 +01:00
Dr. Stephen Henson
ee8f785873
Check suffixes properly.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-22 12:07:13 +01:00
Dr. Stephen Henson
f22ff0eb16
use correct name for duplicate
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-22 12:07:13 +01:00
FdaSilvaYY
e8aa8b6c8f
Fix a few if(, for(, while( inside code.
...
Fix some indentation at the same time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292 )
2016-07-20 07:21:53 -04:00
FdaSilvaYY
7606c231c9
Simplify buffer limit checking, and reuse BIO_snprintf returned value.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284 )
2016-07-20 01:35:38 -04:00
FdaSilvaYY
edbff8da9b
Code factorisation and simplification
...
Fix some code indentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284 )
2016-07-20 01:35:38 -04:00
FdaSilvaYY
f6c460e8f6
Fix double calls to strlen
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284 )
2016-07-20 01:35:38 -04:00
FdaSilvaYY
cdd202f254
Simplify code related to tmp_email_dn.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284 )
2016-07-20 01:35:38 -04:00
FdaSilvaYY
1c72f70df4
Use more X509_REQ_get0_pubkey & X509_get0_pubkey
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284 )
2016-07-20 01:35:38 -04:00
Richard Levitte
d6accd5040
Fix forgotten goto
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 15:26:40 +02:00
Richard Levitte
642a166ce1
Convert the last uses of sockaddr in apps/* to use BIO_ADDR instead
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-19 14:32:39 +02:00
Dr. Stephen Henson
d166ed8c11
check return values for EVP_Digest*() APIs
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-15 14:09:05 +01:00
Matt Caswell
4bbd4ba66d
Disallow multiple protocol flags to s_server and s_client
...
We shouldn't allow both "-tls1" and "-tls1_2", or "-tls1" and "-no_tls1_2".
The only time multiple flags are allowed is where they are all "-no_<prot>".
This fixes Github Issue #1268
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-08 16:20:59 +01:00
Dr. Stephen Henson
ab6a591caa
Support PKCS v2.0 print in pkcs12 utility.
...
Extended alg_print() in pkcs12 utility to support PBES2 algorithms.
RT#4588
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-08 02:09:02 +01:00
Richard Levitte
d513369bfa
perl: Separate compile-time environment from runtime environment
...
Make it possible to have a separate and different perl command string
for installable scripts than we use when building, with the
environment variable HASHBANGPERL. Its value default to the same as
the environment PERL if it's defined, otherwise '/usr/bin/env perl'.
Note: this is only relevant for Unix-like environments.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-04 15:40:31 +02:00
Richard Levitte
0483f58652
Simplify INCLUDE statements in build.info files
...
Now that INCLUDE considers both the source and build trees, no need
for the rel2abs perl fragment hacks any more.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 18:36:08 +02:00
FdaSilvaYY
6b4a77f56e
Whitespace cleanup in apps
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264 )
2016-06-29 09:56:39 -04:00
David Benjamin
748e85308e
Fix BN_is_prime* calls.
...
This function returns a tri-state -1 on error. See BoringSSL's
53409ee3d7595ed37da472bc73b010cd2c8a5ffd.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1251
2016-06-25 11:01:30 +02:00
Rich Salz
3b5bea3604
Add -ciphers flag to enc command
...
Don't print the full list of ciphers as part of the -help output.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-24 16:39:05 -04:00
mmiyashita
1d8b4eb2b4
segmentation fault with 'openssl s_client -prexit -keymatexport'
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1243 )
2016-06-21 17:30:46 -04:00
Richard Levitte
a392ef20f0
Allow proxy certs to be present when verifying a chain
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Richard Levitte
14d3c0dd2c
apps/req.c: Increment the right variable when parsing '+'
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 20:11:07 +02:00
Jiri Horky
fb0303f3ce
RT3136: Remove space after issuer/subject
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-20 09:25:12 -04:00
FdaSilvaYY
a8db2cfa4b
Add a comment after some #endif at end of apps source code.
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168 )
2016-06-18 16:30:24 -04:00
FdaSilvaYY
823146d65f
Useless header include of openssl/rand.h
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168 )
2016-06-18 16:30:24 -04:00
Matt Caswell
1dcb8ca2a4
Use a STACK_OF(OPENSSL_CSTRING) for const char * stacks
...
Better than losing the const qualifier.
RT4378
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
d012c1a179
Replace 4 casts with 1
...
Changing the type of the |str| variable in asn1pars enables us to remove
4 casts with just 1. This silences an OpenBSD warning along the way.
RT4378
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
FdaSilvaYY
0ad69cd6c0
Spelling fixes
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1219 )
2016-06-16 15:08:57 -04:00
Matt Caswell
f219a1b048
Revert "RT4526: Call TerminateProcess, not ExitProcess"
...
This reverts commit 9c1a9ccf65
.
TerminateProcess is asynchronous, so the code as written in the above
commit is not correct. It is also probably not needed in the speed
case. Reverting in order to figure out the correct solution.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-16 17:37:37 +01:00
Richard Levitte
2ac6115d9e
Deal with the consequences of constifying getters
...
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 20:09:27 +02:00
Rich Salz
9c1a9ccf65
RT4526: Call TerminateProcess, not ExitProcess
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-15 13:38:51 -04:00
FdaSilvaYY
82643254d6
Constify X509_TRUST_add method.
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215 )
2016-06-15 13:22:38 -04:00
Matt Caswell
d285b5418e
Avoid a double-free in crl2pl7
...
The variable |crtflst| could get double freed in an error path.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-14 11:27:10 +01:00
Matt Caswell
a45dca668e
Add missing break statement
...
The -psk option processing was falling through to the -srp option
processing in the ciphers app.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-14 11:21:44 +01:00
Rich Salz
a7be5759cf
RT3809: basicConstraints is critical
...
This is really a security bugfix, not enhancement any more.
Everyone knows critical extensions.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-06-13 09:18:22 -04:00
Dr. Stephen Henson
6ec6d52071
Don't skip leading zeroes in PSK keys.
...
Don't use BN_hex2bn() for PSK key conversion as the conversion to
BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead.
RT#4554
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-12 19:44:17 +01:00
John Denker
a3ef2c1679
RT2759: Don't read TTY when already at EOF.
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-12 08:52:40 -04:00
Rich Salz
7315ce80de
Avoid memory leaks if options repeated.
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-12 08:02:46 -04:00
Rich Salz
fe08bd76e2
GH1183: Fix -unix and -connect, etc., override
...
If a user specifies -unix, -6, etc., then the program tries to
use the last one specified. This is confusing code and leads to
scripting errors. Instead, allow only one type.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-10 10:45:49 -04:00
Rich Salz
b1ffe8dbee
GH1123: sort dir before rehash
...
This is needed to generate stable output names/symlinks.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-02 15:12:50 -04:00
Richard Levitte
6616429d4c
Build the 'openssl rehash' command on VMS version 8.3 and up
...
Include a note in INSTALL that tests must be run from an unprivileged
process.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-02 21:11:07 +02:00
Matt Caswell
1c422164d8
Fix memory leak in crl2pkcs7 app
...
The crl2pkcs7 app leaks a stack of OPENSSL_STRINGs in error paths.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
a855d1a155
Free a temporary buffer used by dsaparam application
...
The dsaparam application allocates a temporary buffer but then doesn't
free it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00