aboutsummaryrefslogtreecommitdiff
path: root/openssl/apps
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/apps')
-rw-r--r--openssl/apps/Makefile19
-rw-r--r--openssl/apps/apps.c6
-rw-r--r--openssl/apps/asn1pars.c2
-rw-r--r--openssl/apps/ca.c10
-rw-r--r--openssl/apps/cms.c2
-rw-r--r--openssl/apps/dhparam.c4
-rw-r--r--openssl/apps/enc.c13
-rw-r--r--openssl/apps/gendh.c2
-rw-r--r--openssl/apps/ocsp.c2
-rw-r--r--openssl/apps/s_cb.c3
-rw-r--r--openssl/apps/s_client.c15
-rw-r--r--openssl/apps/s_server.c73
-rw-r--r--openssl/apps/s_time.c2
-rw-r--r--openssl/apps/smime.c2
-rw-r--r--openssl/apps/srp.c4
-rw-r--r--openssl/apps/verify.c2
16 files changed, 103 insertions, 58 deletions
diff --git a/openssl/apps/Makefile b/openssl/apps/Makefile
index 72657ea65..cafe55458 100644
--- a/openssl/apps/Makefile
+++ b/openssl/apps/Makefile
@@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
sreq.o: req.c
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+openssl-vms.cnf: openssl.cnf
+ $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
+
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -127,12 +130,12 @@ links:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
-depend:
- @if [ -z "$(THIS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
- else \
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
- fi
+update: openssl-vms.cnf local_depend
+
+depend: local_depend
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+local_depend:
+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -144,10 +147,10 @@ clean:
rm -f req
$(DLIBSSL):
- (cd ..; $(MAKE) DIRS=ssl all)
+ (cd ..; $(MAKE) build_libssl)
$(DLIBCRYPTO):
- (cd ..; $(MAKE) DIRS=crypto all)
+ (cd ..; $(MAKE) build_libcrypto)
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c
index 9862afde3..680123834 100644
--- a/openssl/apps/apps.c
+++ b/openssl/apps/apps.c
@@ -572,7 +572,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
char *prompt = NULL;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
- if(!prompt) {
+ if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
UI_free(ui);
return 0;
@@ -586,7 +586,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) {
buff = (char *)OPENSSL_malloc(bufsiz);
- if(!buff) {
+ if (!buff) {
BIO_printf(bio_err, "Out of memory\n");
UI_free(ui);
OPENSSL_free(prompt);
@@ -2238,6 +2238,8 @@ int args_verify(char ***pargs, int *pargc,
flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig"))
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else if (!strcmp(arg, "-no_alt_chains"))
+ flags |= X509_V_FLAG_NO_ALT_CHAINS;
else
return 0;
diff --git a/openssl/apps/asn1pars.c b/openssl/apps/asn1pars.c
index 7a0f16943..11b078759 100644
--- a/openssl/apps/asn1pars.c
+++ b/openssl/apps/asn1pars.c
@@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
- long errline;
+ long errline = 0;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
diff --git a/openssl/apps/ca.c b/openssl/apps/ca.c
index 5d29a64c5..97ad0c1ff 100644
--- a/openssl/apps/ca.c
+++ b/openssl/apps/ca.c
@@ -558,7 +558,7 @@ int MAIN(int argc, char **argv)
#ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
@@ -566,7 +566,7 @@ int MAIN(int argc, char **argv)
#else
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
@@ -2803,7 +2803,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME *comp_time = NULL;
tmp = BUF_strdup(str);
- if(!tmp) {
+ if (!tmp) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
@@ -2825,7 +2825,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
if (prevtm) {
*prevtm = ASN1_UTCTIME_new();
- if(!*prevtm) {
+ if (!*prevtm) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
@@ -2869,7 +2869,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
goto err;
}
comp_time = ASN1_GENERALIZEDTIME_new();
- if(!comp_time) {
+ if (!comp_time) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
diff --git a/openssl/apps/cms.c b/openssl/apps/cms.c
index 0cc4b46d8..d7645c0d6 100644
--- a/openssl/apps/cms.c
+++ b/openssl/apps/cms.c
@@ -581,6 +581,8 @@ int MAIN(int argc, char **argv)
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
+ "-no_alt_chains only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err,
"-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
diff --git a/openssl/apps/dhparam.c b/openssl/apps/dhparam.c
index f86311c28..d3b6d58ad 100644
--- a/openssl/apps/dhparam.c
+++ b/openssl/apps/dhparam.c
@@ -130,7 +130,7 @@
# undef PROG
# define PROG dhparam_main
-# define DEFBITS 512
+# define DEFBITS 2048
/*-
* -inform arg - input format - default PEM (DER or PEM)
@@ -254,7 +254,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
" -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err,
- " numbits number of bits in to generate (default 512)\n");
+ " numbits number of bits in to generate (default 2048)\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
diff --git a/openssl/apps/enc.c b/openssl/apps/enc.c
index 5c2cf7a4a..7b7c70b13 100644
--- a/openssl/apps/enc.c
+++ b/openssl/apps/enc.c
@@ -548,9 +548,14 @@ int MAIN(int argc, char **argv)
else
OPENSSL_cleanse(str, strlen(str));
}
- if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
- BIO_printf(bio_err, "invalid hex iv value\n");
- goto end;
+ if (hiv != NULL) {
+ int siz = EVP_CIPHER_iv_length(cipher);
+ if (siz == 0) {
+ BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+ } else if (!set_hex(hiv, iv, sizeof iv)) {
+ BIO_printf(bio_err, "invalid hex iv value\n");
+ goto end;
+ }
}
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0) {
@@ -562,7 +567,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
- if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+ if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
}
diff --git a/openssl/apps/gendh.c b/openssl/apps/gendh.c
index adaa10178..fef6f1b17 100644
--- a/openssl/apps/gendh.c
+++ b/openssl/apps/gendh.c
@@ -80,7 +80,7 @@
# include <openssl/x509.h>
# include <openssl/pem.h>
-# define DEFBITS 512
+# define DEFBITS 2048
# undef PROG
# define PROG gendh_main
diff --git a/openssl/apps/ocsp.c b/openssl/apps/ocsp.c
index 71def2611..572f0643e 100644
--- a/openssl/apps/ocsp.c
+++ b/openssl/apps/ocsp.c
@@ -519,6 +519,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
"-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
+ "-no_alt_chains only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
"-VAfile file validator certificates file\n");
BIO_printf(bio_err,
"-validity_period n maximum validity discrepancy in seconds\n");
diff --git a/openssl/apps/s_cb.c b/openssl/apps/s_cb.c
index 7918500a6..fabf9cfb2 100644
--- a/openssl/apps/s_cb.c
+++ b/openssl/apps/s_cb.c
@@ -111,6 +111,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <string.h> /* for memcpy() */
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
@@ -747,7 +748,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
/* Initialize a random secret */
if (!cookie_initialized) {
- if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
+ if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
BIO_printf(bio_err, "error setting random cookie secret\n");
return 0;
}
diff --git a/openssl/apps/s_client.c b/openssl/apps/s_client.c
index ef41cec1a..28737b6d1 100644
--- a/openssl/apps/s_client.c
+++ b/openssl/apps/s_client.c
@@ -323,6 +323,8 @@ static void sc_usage(void)
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err,
+ " -no_alt_chains - only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
" -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err,
" -pause - sleep(1) after each read(2) and write(2) system call\n");
@@ -547,7 +549,7 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
PW_CB_DATA cb_tmp;
int l;
- if(!pass) {
+ if (!pass) {
BIO_printf(bio_err, "Malloc failure\n");
return NULL;
}
@@ -1177,13 +1179,12 @@ int MAIN(int argc, char **argv)
if (!set_cert_key_stuff(ctx, cert, key))
goto end;
- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx))) {
- /*
- * BIO_printf(bio_err,"error setting default verify locations\n");
- */
+ if ((CAfile || CApath)
+ && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
ERR_print_errors(bio_err);
- /* goto end; */
}
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL) {
diff --git a/openssl/apps/s_server.c b/openssl/apps/s_server.c
index bcf5c3313..b58e5e07c 100644
--- a/openssl/apps/s_server.c
+++ b/openssl/apps/s_server.c
@@ -219,7 +219,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
unsigned int *id_len);
#ifndef OPENSSL_NO_DH
static DH *load_dh_param(const char *dhfile);
-static DH *get_dh512(void);
+static DH *get_dh2048(void);
#endif
#ifdef MONOLITH
@@ -227,30 +227,48 @@ static void s_server_init(void);
#endif
#ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[] = {
- 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
- 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
- 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
- 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
- 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
- 0x47, 0x74, 0xE8, 0x33,
+static unsigned char dh2048_p[] = {
+ 0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
+ 0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
+ 0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
+ 0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
+ 0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
+ 0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
+ 0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
+ 0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
+ 0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
+ 0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
+ 0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
+ 0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
+ 0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
+ 0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
+ 0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
+ 0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
+ 0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
+ 0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
+ 0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
+ 0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
+ 0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
+ 0xE9,0x32,0x0B,0x3B,
};
-static unsigned char dh512_g[] = {
+static unsigned char dh2048_g[] = {
0x02,
};
-static DH *get_dh512(void)
+DH *get_dh2048()
{
- DH *dh = NULL;
+ DH *dh;
if ((dh = DH_new()) == NULL)
- return (NULL);
- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return (NULL);
- return (dh);
+ return NULL;
+ dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+ dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+ if (dh->p == NULL || dh->g == NULL) {
+ DH_free(dh);
+ return NULL;
+ }
+ return dh;
}
#endif
@@ -523,6 +541,8 @@ static void sv_usage(void)
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err,
+ " -no_alt_chains - only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
" -nocert - Don't use any certificates (Anon-DH)\n");
BIO_printf(bio_err,
" -cipher arg - play with 'openssl ciphers' to see what goes here\n");
@@ -720,7 +740,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
num = inl;
wbuf =
(EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
- if(!wbuf)
+ if (!wbuf)
return 0;
OPENSSL_free(b->ptr);
@@ -998,7 +1018,7 @@ int MAIN(int argc, char *argv[])
int off = 0;
int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
#ifndef OPENSSL_NO_ECDH
- int no_ecdhe;
+ int no_ecdhe = 0;
#endif
int state = 0;
const SSL_METHOD *meth = NULL;
@@ -1654,7 +1674,11 @@ int MAIN(int argc, char *argv[])
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
} else {
BIO_printf(bio_s_out, "Using default temp DH parameters\n");
- dh = get_dh512();
+ dh = get_dh2048();
+ if (dh == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
(void)BIO_flush(bio_s_out);
@@ -2251,8 +2275,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
ret = 1;
goto err;
}
- l += k;
- i -= k;
+ if (k > 0) {
+ l += k;
+ i -= k;
+ }
if (i <= 0)
break;
}
@@ -2916,7 +2942,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
{
unsigned int count = 0;
do {
- RAND_pseudo_bytes(id, *id_len);
+ if (RAND_pseudo_bytes(id, *id_len) < 0)
+ return 0;
/*
* Prefix the session_id with the required prefix. NB: If our prefix
* is too long, clip it - but there will be worse effects anyway, eg.
diff --git a/openssl/apps/s_time.c b/openssl/apps/s_time.c
index a40997a22..38788f713 100644
--- a/openssl/apps/s_time.c
+++ b/openssl/apps/s_time.c
@@ -302,7 +302,7 @@ static int parseArgs(int argc, char **argv)
if (--argc < 1)
goto bad;
maxTime = atoi(*(++argv));
- if(maxTime <= 0) {
+ if (maxTime <= 0) {
BIO_printf(bio_err, "time must be > 0\n");
badop = 1;
}
diff --git a/openssl/apps/smime.c b/openssl/apps/smime.c
index 7b351f601..53e43c5e7 100644
--- a/openssl/apps/smime.c
+++ b/openssl/apps/smime.c
@@ -442,6 +442,8 @@ int MAIN(int argc, char **argv)
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
+ "-no_alt_chains only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err,
"-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
diff --git a/openssl/apps/srp.c b/openssl/apps/srp.c
index c679448ee..c0ff4171c 100644
--- a/openssl/apps/srp.c
+++ b/openssl/apps/srp.c
@@ -435,7 +435,7 @@ int MAIN(int argc, char **argv)
# ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
@@ -443,7 +443,7 @@ int MAIN(int argc, char **argv)
# else
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
diff --git a/openssl/apps/verify.c b/openssl/apps/verify.c
index 7295c769f..e29f9bb7e 100644
--- a/openssl/apps/verify.c
+++ b/openssl/apps/verify.c
@@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
if (ret == 1) {
BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
- BIO_printf(bio_err, " [-attime timestamp]");
+ BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " [-engine e]");
#endif