1529 Commits

Author SHA1 Message Date
Kurt Roeckx
f14a6bf515 Fix memory leak in the apps
The BIO_free() allocated ex_data again that we already freed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-30 17:00:22 +01:00
Richard Levitte
b3147fcbe6 Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed)
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8bc8450a26329e3c890df60026f969e7caabff3d)
2014-12-17 14:27:42 +01:00
Matt Caswell
d68aade28a Updates to s_client and s_server to remove the constant 28 (for IPv4 header
and UDP header) when setting an mtu. This constant is not always correct (e.g.
if using IPv6). Use the new DTLS_CTRL functions instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 464ce92026bd0c79186cbefa75470f39607110be)
2014-12-03 09:35:25 +00:00
Kurt Roeckx
5004c22c25 Use the SSLv23 method by default
If SSLv2 and SSLv3 are both disabled we still support SSL/TLS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-02 11:29:07 +01:00
Matt Caswell
3f1d582f70 Remove duplicated code
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:32:40 +00:00
Matt Caswell
8a2e5bf6b7 Tidy up ocsp help output
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5e31a40f47c6bfd09c718d2af42ba8d8fe6bb932)

Conflicts:
	apps/ocsp.c

(cherry picked from commit e16458269036f4334525009906d346f68a73b2a4)
2014-11-27 14:18:45 +00:00
André Guerreiro
6c3d948723 Add documentation on -timeout option in the ocsp utility
PR#3612

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit de87dd46c1283f899a9ecf4ccc72db74f36afbf2)
(cherry picked from commit 4d3df37bc7fd33d0bec5da04d2572caa0cdbab75)
2014-11-27 14:18:45 +00:00
Dr. Stephen Henson
821bee4333 New option no-ssl3-method which removes SSLv3_*method
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 3881d8106df732fc433d30446625dfa2396da42d)

Conflicts:
	util/mkdef.pl
2014-11-19 22:57:51 +00:00
Richard Levitte
17d45dec4d Make sure that disabling the MAYLOSEDATA3 warning is only done when the compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 10:47:12 +02:00
Bodo Moeller
6bfe55380a Support TLS_FALLBACK_SCSV.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 04:05:42 +02:00
Matt Caswell
bf4519cde5 Disabled XTS mode in enc utility as it is not supported
PR#3442

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2097a17c576f2395a10b05f14490688bc5f45a07)
2014-07-16 21:05:10 +01:00
Dr. Stephen Henson
cd63f94d4d Don't allow -www etc options with DTLS.
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
2014-07-15 12:25:39 +01:00
Dr. Stephen Henson
ea0ceb11a0 Use case insensitive compare for servername.
PR#3445
(cherry picked from commit 1c3e9a7c67ccdc5e770829fe951e5832e600d377)
2014-07-15 00:00:03 +01:00
Dr. Stephen Henson
a07f514fc0 Usage for -hack and -prexit -verify_return_error
(cherry picked from commit ee724df75d9ad67fd954253ac514fddb46f1e3c6)
2014-07-06 22:48:57 +01:00
Dr. Stephen Henson
b7c9762598 s_server usage for certificate status requests
(cherry picked from commit a44f219c009798054d6741e919cba5b2e656dbf4)
2014-07-06 22:45:44 +01:00
Dr. Stephen Henson
86f393ceb7 Show errors on CSR verification failure.
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)
2014-06-29 13:34:44 +01:00
Dr. Stephen Henson
d6d324374e Make no-ssl3 no-ssl2 do more sensible things.
(cherry picked from commit 7ae6a4b659facfd7ad8131238aa1d349cb3fc951)
2014-06-29 03:05:37 +01:00
Dr. Stephen Henson
046e288edf Typo.
PR#3107
(cherry picked from commit 7c206db9280865ae4af352dbc14e9019a6c4795d)
2014-06-28 12:43:18 +01:00
Dr. Stephen Henson
0980992d44 Memory leak and NULL derefernce fixes.
PR#3403
2014-06-27 03:21:10 +01:00
Dr. Stephen Henson
b66f59adfa Fix compilation with no-comp
(cherry picked from commit 7239a09c7b5757ed8d0e9869f3e9b03c0e11f4d1)
2014-06-11 14:33:32 +01:00
Dr. Stephen Henson
19ce768c6b Recognise padding extension.
(cherry picked from commit ea2bb861f0daaa20819bf9ac8c146f7593feacd4)

Conflicts:

	apps/s_cb.c
(cherry picked from commit 14dc83ca779e91a267701a1fb05b2bbcf2cb63c4)
2014-06-01 16:50:37 +01:00
Dr. Stephen Henson
599fe418a1 Change default cipher in smime app to des3.
PR#3357
(cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58)
2014-05-21 11:14:33 +01:00
Dr. Stephen Henson
f9986e9abf Enc doesn't support AEAD ciphers. 2014-05-15 14:16:44 +01:00
Viktor Dukhovni
c3c6fc7855 Fix infinite loop. PR#3347 2014-05-11 21:13:18 +01:00
Tim Hudson
9e456a8537 coverity 966576 - close socket in error path 2014-05-08 23:19:19 +01:00
Tim Hudson
f179e2b899 PR#3342 fix resource leak coverity issue 966577 2014-05-08 23:18:44 +01:00
Dr. Stephen Henson
3d8f4f23af Fix free errors in ocsp utility.
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd350cc74498dd49daef5e6ee8c34d9857)
2014-04-09 15:45:35 +01:00
Dr. Stephen Henson
f54167d1dc Use correct length when prompting for password.
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)
2014-04-04 13:07:17 +01:00
Tim Hudson
50522642a0 Add option to generate old hash format.
New -hash_old to generate CRL hashes using old
(before OpenSSL 1.0.0) algorithm.
(cherry picked from commit de2d97cd799f38024d70847bab37d91aa5a2536e)
2014-04-03 13:37:04 +01:00
Dr. Stephen Henson
caf55bfacf Avoid Windows 8 Getversion deprecated errors.
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041104896d51ae12ef7b678c31808ce52)
2014-02-25 13:42:25 +00:00
Kurt Roeckx
e420060ac9 Use defaults bits in req when not given
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file.  However the value isn't used to generate the key, but it does
print it's generating such a key.  The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024).  Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.

We now read the config first and use the value from the config file when no size
is given.

PR: 2592
(cherry picked from commit 3343220327664680420d4068e1fbe46d2236f1b0)
2014-02-14 22:35:39 +00:00
Scott Schaefer
040ed7b4d0 Fix various spelling errors
(cherry picked from commit 2b4ffc659eabec29f76821f0ac624a2b8c19e4c7)
2014-02-14 22:35:39 +00:00
Dr. Stephen Henson
4eedf86a16 Use default digest implementation in dgst.c
Use default instead of ENGINE version of digest. Without this
errors will occur if you use an ENGINE for a private key and
it doesn't implement the digest in question.
2014-01-23 18:36:33 +00:00
Dr. Stephen Henson
c776a3f398 make update 2014-01-06 13:33:27 +00:00
Dr. Stephen Henson
60df657b3a make update 2013-12-08 13:23:14 +00:00
Dr. Stephen Henson
25370e93c6 Typo: don't call RAND_cleanup during app startup.
(cherry picked from commit 90e7f983b573c3f3c722a02db4491a1b1cd87e8c)
2013-06-12 21:18:47 +01:00
Dr. Stephen Henson
cdb6c48445 Don't use RC2 with PKCS#12 files in FIPS mode. 2013-05-30 21:39:50 +01:00
Dr. Stephen Henson
944bc29f90 Call RAND_cleanup in openssl application. 2013-03-28 14:28:06 +00:00
Andy Polyakov
0898147090 ssl/*: fix linking errors with no-srtp. 2013-02-09 19:52:07 +01:00
Dr. Stephen Henson
1dcf520fe2 Change default bits to 1024 2013-01-07 16:18:57 +00:00
Dr. Stephen Henson
3ea1e13569 add missing \n 2012-12-23 18:19:28 +00:00
Ben Laurie
5bb6d96558 Make verify return errors. 2012-12-13 15:48:42 +00:00
Dr. Stephen Henson
a650314f72 check mval for NULL too 2012-12-04 17:26:13 +00:00
Dr. Stephen Henson
54fdc39a08 fix leak 2012-12-03 16:33:24 +00:00
Dr. Stephen Henson
eb3a3911fc PR: 2908
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.
2012-11-21 14:02:21 +00:00
Dr. Stephen Henson
540f7c75ef fix leaks 2012-11-20 00:28:56 +00:00
Dr. Stephen Henson
f929f201fb fix memory leak 2012-09-11 13:44:38 +00:00
Bodo Möller
12c1621523 Enable message names for TLS 1.1, 1.2 with -msg. 2012-08-16 13:43:37 +00:00
Dr. Stephen Henson
25da47c3c8 Fix memory leak.
Always perform nexproto callback argument initialisation in s_server
otherwise we use uninitialised data if -nocert is specified.
2012-07-03 16:36:10 +00:00
Dr. Stephen Henson
36b0719793 oops, add -debug_decrypt option which was accidenatally left out 2012-06-19 13:39:03 +00:00