summaryrefslogtreecommitdiff
path: root/apps
Commit message (Collapse)AuthorAgeFilesLines
* Fix wrong numbers being passed as string lengthsDmitry-Me2015-03-091-1/+1
| | | | | | Signed-off-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 0b142f022e2c5072295e00ebc11c5b707a726d74)
* Unchecked malloc fixesMatt Caswell2015-03-058-1/+52
| | | | | | | | | | | | | | | | | | | Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e) Conflicts: crypto/bio/bss_dgram.c Conflicts: apps/cms.c apps/s_cb.c apps/s_server.c apps/speed.c crypto/dh/dh_pmeth.c ssl/s3_pkt.c
* Fix warning with no-ecMatt Caswell2015-02-271-2/+8
| | | | | | This fixes another warning when config'd with no-ec Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Fix memory leak reporting.Dr. Stephen Henson2015-02-091-4/+4
| | | | | | | | | | Free up bio_err after memory leak data has been printed to it. In int_free_ex_data if ex_data is NULL there is nothing to free up so return immediately and don't reallocate it. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb)
* Remove explicit setting of read_ahead for DTLS. It never makes sense not toMatt Caswell2015-01-272-18/+0
| | | | | | | | | | | | use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs to be the default. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe) Conflicts: apps/s_client.c apps/s_server.c
* Re-align some comments after running the reformat script.OpenSSL_1_0_1-post-reformatMatt Caswell2015-01-228-71/+71
| | | | | | | | | This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 1.0.1 changes Reviewed-by: Tim Hudson <tjh@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-2259-34207/+32459
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Move more comments that confuse indentMatt Caswell2015-01-225-8/+14
| | | | | | | | | | | | | | | Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Reviewed-by: Tim Hudson <tjh@openssl.org>
* indent has problems with comments that are on the right hand side of a line.Matt Caswell2015-01-221-1/+3
| | | | | | | | | | | | | | | | | | | Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Conflicts: crypto/bn/bn.h crypto/ec/ec_lcl.h crypto/rsa/rsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl.h ssl/ssl3.h Conflicts: crypto/ec/ec_lcl.h ssl/tls1.h Reviewed-by: Tim Hudson <tjh@openssl.org>
* apps/speed.c: make it indent-friendly.Andy Polyakov2015-01-221-46/+80
| | | | | | | | | | Conflicts: apps/speed.c Conflicts: apps/speed.c Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix source where indent will not be able to copeMatt Caswell2015-01-223-5/+16
| | | | | | | | | | | Conflicts: apps/ciphers.c ssl/s3_pkt.c Conflicts: crypto/ec/ec_curve.c Reviewed-by: Tim Hudson <tjh@openssl.org>
* Further comment changes for reformatMatt Caswell2015-01-226-20/+22
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* mark all block comments that need format preserving so thatTim Hudson2015-01-2221-23/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org>
* typo in s_clientDominik Neubauer2014-12-311-1/+1
| | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Geoff Thorpe <geoff@openssl.org>
* Make "run" volatileKurt Roeckx2014-12-301-1/+1
| | | | | | RT#3629 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Document openssl dgst -hmac optionThorsten Glaser2014-12-301-0/+2
| | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix memory leak in the appsKurt Roeckx2014-12-301-2/+3
| | | | | | The BIO_free() allocated ex_data again that we already freed. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed)Richard Levitte2014-12-171-1/+1
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 8bc8450a26329e3c890df60026f969e7caabff3d)
* Updates to s_client and s_server to remove the constant 28 (for IPv4 headerMatt Caswell2014-12-032-4/+30
| | | | | | | | and UDP header) when setting an mtu. This constant is not always correct (e.g. if using IPv6). Use the new DTLS_CTRL functions instead. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 464ce92026bd0c79186cbefa75470f39607110be)
* Use the SSLv23 method by defaultKurt Roeckx2014-12-022-15/+0
| | | | | | If SSLv2 and SSLv3 are both disabled we still support SSL/TLS. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove duplicated codeMatt Caswell2014-11-271-21/+0
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Tidy up ocsp help outputMatt Caswell2014-11-271-45/+45
| | | | | | | | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 5e31a40f47c6bfd09c718d2af42ba8d8fe6bb932) Conflicts: apps/ocsp.c (cherry picked from commit e16458269036f4334525009906d346f68a73b2a4)
* Add documentation on -timeout option in the ocsp utilityAndré Guerreiro2014-11-271-0/+1
| | | | | | | | PR#3612 Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit de87dd46c1283f899a9ecf4ccc72db74f36afbf2) (cherry picked from commit 4d3df37bc7fd33d0bec5da04d2572caa0cdbab75)
* New option no-ssl3-method which removes SSLv3_*methodDr. Stephen Henson2014-11-192-2/+6
| | | | | | | | | | | | | | | | When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3 options for s_client/s_server/ssltest. When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3 options. We should document this somewhere, e.g. wiki, FAQ or manual page. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 3881d8106df732fc433d30446625dfa2396da42d) Conflicts: util/mkdef.pl
* Make sure that disabling the MAYLOSEDATA3 warning is only done when the ↵Richard Levitte2014-10-151-3/+18
| | | | | | compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Support TLS_FALLBACK_SCSV.Bodo Moeller2014-10-151-0/+10
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Disabled XTS mode in enc utility as it is not supportedMatt Caswell2014-07-161-0/+6
| | | | | | | | PR#3442 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2097a17c576f2395a10b05f14490688bc5f45a07)
* Don't allow -www etc options with DTLS.Dr. Stephen Henson2014-07-151-0/+8
| | | | | | | | The options which emulate a web server don't make sense when doing DTLS. Exit with an error if an attempt is made to use them. PR#3453 (cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
* Use case insensitive compare for servername.Dr. Stephen Henson2014-07-151-1/+1
| | | | | PR#3445 (cherry picked from commit 1c3e9a7c67ccdc5e770829fe951e5832e600d377)
* Usage for -hack and -prexit -verify_return_errorDr. Stephen Henson2014-07-062-0/+4
| | | | (cherry picked from commit ee724df75d9ad67fd954253ac514fddb46f1e3c6)
* s_server usage for certificate status requestsDr. Stephen Henson2014-07-061-0/+4
| | | | (cherry picked from commit a44f219c009798054d6741e919cba5b2e656dbf4)
* Show errors on CSR verification failure.Dr. Stephen Henson2014-06-291-0/+2
| | | | | | | | | If CSR verify fails in ca utility print out error messages. Otherwise some errors give misleading output: for example if the key size exceeds the library limit. PR#2875 (cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)
* Make no-ssl3 no-ssl2 do more sensible things.Dr. Stephen Henson2014-06-293-11/+5
| | | | (cherry picked from commit 7ae6a4b659facfd7ad8131238aa1d349cb3fc951)
* Typo.Dr. Stephen Henson2014-06-281-1/+1
| | | | | PR#3107 (cherry picked from commit 7c206db9280865ae4af352dbc14e9019a6c4795d)
* Memory leak and NULL derefernce fixes.Dr. Stephen Henson2014-06-273-1/+14
| | | | PR#3403
* Fix compilation with no-compDr. Stephen Henson2014-06-111-0/+2
| | | | (cherry picked from commit 7239a09c7b5757ed8d0e9869f3e9b03c0e11f4d1)
* Recognise padding extension.Dr. Stephen Henson2014-06-011-0/+4
| | | | | | | | | (cherry picked from commit ea2bb861f0daaa20819bf9ac8c146f7593feacd4) Conflicts: apps/s_cb.c (cherry picked from commit 14dc83ca779e91a267701a1fb05b2bbcf2cb63c4)
* Change default cipher in smime app to des3.Dr. Stephen Henson2014-05-211-2/+2
| | | | | PR#3357 (cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58)
* Enc doesn't support AEAD ciphers.Dr. Stephen Henson2014-05-151-0/+6
|
* Fix infinite loop. PR#3347Viktor Dukhovni2014-05-111-2/+13
|
* coverity 966576 - close socket in error pathTim Hudson2014-05-081-0/+3
|
* PR#3342 fix resource leak coverity issue 966577Tim Hudson2014-05-081-1/+1
|
* Fix free errors in ocsp utility.Dr. Stephen Henson2014-04-091-6/+16
| | | | | | Keep copy of any host, path and port values allocated by OCSP_parse_url and free as necessary. (cherry picked from commit 5219d3dd350cc74498dd49daef5e6ee8c34d9857)
* Use correct length when prompting for password.Dr. Stephen Henson2014-04-041-2/+2
| | | | | | | | Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in the openssl utility. Thanks to Rob Mackinnon, Leviathan Security for reporting this issue. (cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)
* Add option to generate old hash format.Tim Hudson2014-04-031-0/+18
| | | | | | New -hash_old to generate CRL hashes using old (before OpenSSL 1.0.0) algorithm. (cherry picked from commit de2d97cd799f38024d70847bab37d91aa5a2536e)
* Avoid Windows 8 Getversion deprecated errors.Dr. Stephen Henson2014-02-251-1/+1
| | | | | | | | | | | | Windows 8 SDKs complain that GetVersion() is deprecated. We only use GetVersion like this: (GetVersion() < 0x80000000) which checks if the Windows version is NT based. Use a macro check_winnt() which uses GetVersion() on older SDK versions and true otherwise. (cherry picked from commit a4cc3c8041104896d51ae12ef7b678c31808ce52)
* Use defaults bits in req when not givenKurt Roeckx2014-02-141-6/+7
| | | | | | | | | | | | | | | If you use "-newkey rsa" it's supposed to read the default number of bits from the config file. However the value isn't used to generate the key, but it does print it's generating such a key. The set_keygen_ctx() doesn't call EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config file, but nothing is done with that anymore. We now read the config first and use the value from the config file when no size is given. PR: 2592 (cherry picked from commit 3343220327664680420d4068e1fbe46d2236f1b0)
* Fix various spelling errorsScott Schaefer2014-02-141-2/+2
| | | | (cherry picked from commit 2b4ffc659eabec29f76821f0ac624a2b8c19e4c7)
* Use default digest implementation in dgst.cDr. Stephen Henson2014-01-231-2/+2
| | | | | | Use default instead of ENGINE version of digest. Without this errors will occur if you use an ENGINE for a private key and it doesn't implement the digest in question.
* make updateDr. Stephen Henson2014-01-061-324/+657
|
View Lorry Controller Status