| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This is needed to generate stable output names/symlinks.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
Include a note in INSTALL that tests must be run from an unprivileged
process.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
The crl2pkcs7 app leaks a stack of OPENSSL_STRINGs in error paths.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
The dsaparam application allocates a temporary buffer but then doesn't
free it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
The make_receipt_request() function in the cms app can leak memory on
an error condition.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
| |
RT2630 -- segfault for int overlow
RT2877 -- check return values in apps/rand
Update CHANGES file for previous "windows rand" changes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
| |
Swap the ordering of some code to avoid a leak in an error path.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The -check argument to dhparam should never identify any problems if we
have just generated the parameters. Add a sanity check for this and print
an error and fail if necessary.
Also updates the documentation for the -check argument, and the DH_check()
function.
RT#4244
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the "req" command is used to generate a new EC key using the -newkey
option it will incorrectly display:
Generating a 2048 bit EC private key
This commit fixes the message to not display the bit length for EC keys
because we don't currently support getting that during generation.
GitHub Issue #1068
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an unrecognized algorithm is given on command line together with
-async_jobs, speed_main will jump to clean-up and run
ASYNC_cleanup_thread without calling ASYNC_init_thread first.
Example:
openssl speed -async_jobs 4 ras2048
Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1084)
|
| |
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
|
| |
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
|
| |
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When closing down the socket in s_client Windows will close it immediately
even if there is data in the write buffer still waiting to be sent. This
was causing tests to fail in Msys/Mingw builds because TLSProxy doesn't see
the final CloseNotify.
I have experimented with various ways of doing this "properly" (e.g.
shutting down the socket before closing, setting SO_LINGER etc). I can't
seem to find the "magic" formula that will make Windows do this. Inserting
a short 50ms sleep seems to do the trick...but its not very "nice" so I've
inserted a TODO on this item. Perhaps someone else will have better luck
in figuring this out.
RT#4255
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Windows we were using the function _kbhit() to determine whether there
was input waiting in stdin for us to read. Actually all this does is work
out whether there is a keyboard press event waiting to be processed in the
input buffer. This only seems to work in a standard Windows console (not
Msys console) and also doesn't work if you redirect the input from some
other source (as we do in TLSProxy tests). This commit changes things to
work differently depending on whether we are on the Windows console or not.
RT#4255
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In s_server we call BIO_sock_should_retry() to determine the state of the
socket and work out whether we should retry an operation on it or not.
However if you leave it too long to call this then other operations may
have occurred in the meantime which affect the result. Therefore we should
call it early and remember the result for when we need to use it. This fixes
a test problem on Windows.
Another issue with s_server on Windows is that some of output to stdout does
not get displayed immediately. Apparently more liberal use of BIO_flush is
required.
RT#4255
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
| |
RT#4492
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| |
|
|
|
|
|
|
| |
Especially on Windows, the .pl suffix is associated with the perl
interpreter, and therefore make those scripts usable as commands of
their own. On VMS, it simply looks better.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
|
| |
Add new function PEM_write_bio_PrivateKey_traditional() to enforce the
use of legacy "traditional" private key format. Add -traditional option
to pkcs8 and pkey utilities.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
|
| |
tofree pointer is no more used...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1103)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK
Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE
Make lhash stuff opaque.
Use typedefs for function pointers; makes the code simpler.
Remove CHECKED_xxx macros.
Add documentation; remove old X509-oriented doc.
Add API-compat names for entire old API
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
| |
|
|
|
|
|
| |
RT#4543
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
| |
|
|
|
|
| |
RT#1817
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
In the X509 app check that the obtained public key is valid before we
attempt to use it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
|
| |
Also adds 'esc_2254' to the possible command line name options
RT#1466
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Discard useless static engine_id
Add a const qualifier
Fix some spelling
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
|
| |
Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
| |
RT#4215
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix -signer option in smime utility to output signer certificates
when verifying.
Add support for format SMIME for -inform and -outform with cms and
smime utilities.
PR#4215
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
| |
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
| |
|
|
|
|
|
|
|
|
| |
Multiple digest options to the ocsp utility are allowed: e.g. to use
different digests for different certificate IDs. A digest option without
a following certificate is however illegal.
RT#4215
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
RT#4207
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| |
|
|
|
|
| |
RT#4403
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
|
| |
Update pkcs8 utility to use 256 bit AES using SHA256 by default.
Update documentation.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
| |
RT#4256
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
| |
RT#4402
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
