Commit Graph

2450 Commits

Author SHA1 Message Date
Nicola Tuveri
2e4c3b5caa More coding style fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
29dd15b18d Run util/openssl-format-source against apps/speed.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
cc98e63938 bugfix: calculate outlen for each curve
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
dfdd45f72c Handle EVP_PKEY_derive errors and fix coding style issues
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
c29c7aadb9 Fix coding style and remove some stale code/comments
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Nicola Tuveri
ed7377dba9 Use EVP interface for ECDH in apps/speed.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
2016-11-17 00:36:23 -05:00
Dr. Stephen Henson
b379598747 Make MSBLOB format work with dsa utility.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-17 03:53:03 +00:00
FdaSilvaYY
dfc3ffe502 Introduce PATH_MAX and NAME_MAX
to define the certificate filename storage buffer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1569)
2016-11-15 23:37:22 +01:00
FdaSilvaYY
3a19b22ae1 Simplify and fix usage of three string array variable...
using two separated local variables.

buf[1] was unused.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1569)
2016-11-15 23:37:22 +01:00
Richard Levitte
b612799a80 Revert "Remove heartbeats completely"
Done too soon, this is for future OpenSSL 1.2.0

This reverts commit 6c62f9e163.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-15 14:53:33 +01:00
Richard Levitte
6c62f9e163 Remove heartbeats completely
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
2016-11-15 10:45:21 +01:00
marko asplund
022696cab0 Allow CA.pl script user to pass extra arguments to openssl command
Useful e.g. to fully script CA commands

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1797)
2016-11-14 13:08:23 -05:00
EasySec
a22f9c84b4 Update s_client and s_server documentation about some missing arguments
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1837)
2016-11-12 21:33:24 -05:00
Matt Caswell
de4d764e32 Rename the Elliptic Curves extension to supported_groups
This is a skin deep change, which simply renames most places where we talk
about curves in a TLS context to groups. This is because TLS1.3 has renamed
the extension, and it can now include DH groups too. We still only support
curves, but this rename should pave the way for a future extension for DH
groups.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 15:05:36 +00:00
Matt Caswell
582a17d662 Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Matt Caswell
229bd12487 Fix a double free in ca command line
Providing a spkac file with no default section causes a double free.

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-10-28 09:25:04 +01:00
Richard Levitte
b85bf63952 apps: remove some #ifndef clutter
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1643)
2016-10-19 19:49:43 +02:00
Richard Levitte
907c6c8633 apps: instead of varying implementation, make setup_engine a function always
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1643)
2016-10-19 19:49:22 +02:00
Richard Levitte
dd1abd4462 If an engine comes up explicitely, it must also come down explicitely
In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it's a built in engine), we end up returning
an invalid reference.

Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1643)
2016-10-19 17:44:08 +02:00
FdaSilvaYY
10acff61e1 Fix not-c code
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1742)
2016-10-19 00:56:48 +02:00
Valentin Vidic
b2e54eb834 Add Postgres support to -starttls
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-10-17 23:05:36 +01:00
FdaSilvaYY
05c16493c9 Fix style issue
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1694)
2016-10-14 18:25:50 +02:00
FdaSilvaYY
44c83ebd70 Constify command options
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1694)
2016-10-14 18:25:50 +02:00
David Benjamin
609b0852e4 Remove trailing whitespace from some files.
The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:

  find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'

Then bn_prime.h was excluded since this is a generated file.

Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:21 +01:00
Dr. Stephen Henson
eb67172ae5 fix memory leak
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-10-01 15:16:59 +01:00
Dr. Stephen Henson
5fb1005987 Add -item option to asn1parse
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:46 +01:00
Richard Levitte
49e476a538 apps/apps.c: initialize and de-initialize engine around key loading
Before loading a key from an engine, it may need to be initialized.
When done loading the key, we must de-initialize the engine.
(if the engine is already initialized somehow, only the reference
counter will be incremented then decremented)

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-09-28 21:45:17 +02:00
Rich Salz
56e36bdaef Revert "Call ENGINE_init() before trying to use keys from engine"
This reverts commit 0a72002993.
This fails to call ENGINE_finish; an alternate fix is forthcoming.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-09-28 14:40:25 -04:00
David Woodhouse
0a72002993 Call ENGINE_init() before trying to use keys from engine
When I said before that s_client "used to work in 1.0.2" that was only
partly true. It worked for engines which provided a default generic
method for some key type, because it called ENGINE_set_default() and
that ended up being an implicit initialisation and functional refcount.

But an engine which doesn't provide generic methods doesn't get initialised,
and then when you try to use it you get an error:

cannot load client certificate private key file from engine
140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not initialised:crypto/engine/eng_pkey.c:66:
unable to load client certificate private key file

cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover
that engine_pkcs11 *used* to provide generic methods that OpenSSL would
try to use for ephemeral DH keys when negotiating ECDHE cipher suites in
TLS, and that didn't work out very well.)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1639)
2016-09-28 12:15:17 -04:00
David Woodhouse
a6972f3462 Restore '-keyform engine' support for s_client
This used to work in 1.0.2 but disappeared when the argument parsing was
revamped.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1639)
2016-09-28 12:15:17 -04:00
Rich Salz
f3b3d7f003 Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-22 08:36:26 -04:00
Rich Salz
13a461831a RT3669: dgst can only sign/verify one file.
Check arg count and print an error message.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-20 15:47:55 -04:00
Richard Levitte
a19228b7f4 apps/apps.c: include sys/socket.h to declare recv()
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-20 18:43:24 +02:00
FdaSilvaYY
28aef3d955 Remove an option related to a deprecated flag
CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE  are unused in pkcs7/cms code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1585)
2016-09-19 21:21:38 -04:00
FdaSilvaYY
12d56b2992 Fix various missing option help messages ...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1585)
2016-09-19 21:21:38 -04:00
Richard Levitte
057c676afb Fix no-ocsp
Some compilers complain about unused variables, and some tests do
not run well without OCSP.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-19 15:08:58 +02:00
Richard Levitte
51e5133d55 Refactor to avoid unnecessary preprocessor logic
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
c7bdb6a31f Reformat to fit OpenSSL source code standards
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
0d0723e813 Add copyright and license on apps/vms_term_sock.[ch]
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Richard Levitte
0d3b65832c VSI submission: redirect terminal input through socket
This is needed, because on VMS, select() can only be used on sockets.  being
able to use select() on all kinds of file descriptors is unique to Unix.

So, the solution for VMS is to create a layer that translates input from
standard input to socket communication.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-15 23:24:06 +02:00
Rich Salz
c7af65c7b2 GH1536: Install empty CT log list
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-14 18:22:33 -04:00
Richard Levitte
3074514694 Rather than one variable for each passwd type, use one enum variable
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Richard Levitte
4e57a12ba7 Add SHA256 and SHA512 based output for 'openssl passwd'
RT#4674 issue 2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Rich Salz
7d959c358a Add -h and -help for c_rehash script and app
Resolves GH1515 and GH1509.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-14 08:59:48 -04:00
Richard Levitte
9f9f962d96 Fix 'openssl passwd' with arguments -1 or -apr1
RT#4674

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:30:50 +02:00
FdaSilvaYY
06a79af200 Fix some magic values about revocation info type...
Add comments, document -valid option.
Add some const qualifiers.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1560)
2016-09-13 11:42:57 -04:00
Rich Salz
77297115cb Add --missing-help to list command
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-13 10:14:01 -04:00
Viktor Szakats
d485640b80 s_client: avoid warning on Windows/MS-DOS systems
it appears when using gcc/mingw:
```
apps/s_client.c:815:9: warning: variable 'at_eof' set but not used [-Wunused-but-set-variable]
     int at_eof = 0;
         ^~~~~~
```
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1512)
2016-09-13 09:14:15 -04:00
Andy Polyakov
fb5d9f1db5 Windows: UTF-8 opt-in for command-line arguments and console input.
User can make Windows openssl.exe to treat command-line arguments
and console input as UTF-8 By setting OPENSSL_WIN32_UTF8 environment
variable (to any value). This is likely to be required for data
interchangeability with other OSes and PKCS#12 containers generated
with Windows CryptoAPI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 11:56:28 +01:00
Dr. Stephen Henson
647ac8d3d7 Support broken PKCS#12 key generation.
OpenSSL versions before 1.1.0 didn't convert non-ASCII
UTF8 PKCS#12 passwords to Unicode correctly.

To correctly decrypt older files, if MAC verification fails
with the supplied password attempt to use the broken format
which is compatible with earlier versions of OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 11:43:40 +01:00