[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Mon Jul 25 12:39:17 UTC 2016
The branch master has been updated
via 1e4c66f9532f177e0946e4d13eea3f09df00058a (commit)
via ceab33e2cfecbe57762e06576d2dd124c0424336 (commit)
via fefa4d5507ff78936bc0a4ed7d18dfd6c52da2fe (commit)
via 5f7d5125fd761a47c2086b83949a4ea2ffec0487 (commit)
via 55e0d0b46206b4af377bba325acf8dba0fd50b3f (commit)
via 67c93e6d9f3e099f3120bcc48cfd0c190364d628 (commit)
from c7d13c138c0aaaa6bff867b5137cf1e74950f53a (commit)
- Log -----------------------------------------------------------------
commit 1e4c66f9532f177e0946e4d13eea3f09df00058a
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Thu Jul 14 10:36:55 2016 +0200
explicit init
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
commit ceab33e2cfecbe57762e06576d2dd124c0424336
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Tue Jul 5 21:22:18 2016 +0200
Typo and comment fix
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
commit fefa4d5507ff78936bc0a4ed7d18dfd6c52da2fe
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Sat Jul 2 14:08:37 2016 +0200
Unused variable, and cleanups
Break two long messages.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
commit 5f7d5125fd761a47c2086b83949a4ea2ffec0487
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Mon Jul 11 19:46:08 2016 +0200
Unused variable cleanup
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
commit 55e0d0b46206b4af377bba325acf8dba0fd50b3f
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Mon Jul 11 19:45:40 2016 +0200
Discard a dead option
Old inactive inherited code, a code relic for sure.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
commit 67c93e6d9f3e099f3120bcc48cfd0c190364d628
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Mon Jul 11 19:41:32 2016 +0200
Discard some unused typedefs
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 15 +++++----------
apps/cms.c | 2 +-
apps/ocsp.c | 4 ++--
apps/s_server.c | 16 ++++------------
apps/smime.c | 2 +-
crypto/ct/ct_b64.c | 7 ++++---
crypto/engine/eng_openssl.c | 2 +-
include/openssl/asn1t.h | 7 -------
include/openssl/ssl.h | 8 ++++----
9 files changed, 22 insertions(+), 41 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index ac9c174..376c8a5 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1374,7 +1374,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
{
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
NULL;
- ASN1_UTCTIME *tm, *tmptm;
+ ASN1_UTCTIME *tm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
X509 *ret = NULL;
@@ -1389,12 +1389,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
OPENSSL_STRING *rrow = NULL;
char buf[25];
- tmptm = ASN1_UTCTIME_new();
- if (tmptm == NULL) {
- BIO_printf(bio_err, "malloc error\n");
- return (0);
- }
-
for (i = 0; i < DB_NUMBER; i++)
row[i] = NULL;
@@ -1530,7 +1524,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
if ((j < 0) && (last2 == -1)) {
BIO_printf(bio_err,
- "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",
+ "The %s field does not exist in the CA certificate,\n"
+ "the 'policy' is misconfigured\n",
cv->name);
goto end;
}
@@ -1544,7 +1539,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
}
if (j < 0) {
BIO_printf(bio_err,
- "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",
+ "The %s field is different between\n"
+ "CA certificate (%s) and the request (%s)\n",
cv->name,
((str2 == NULL) ? "NULL" : (char *)str2->data),
((str == NULL) ? "NULL" : (char *)str->data));
@@ -1863,7 +1859,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
X509_NAME_free(subject);
if (dn_subject != subject)
X509_NAME_free(dn_subject);
- ASN1_UTCTIME_free(tmptm);
if (ok <= 0)
X509_free(ret);
else
diff --git a/apps/cms.c b/apps/cms.c
index ad771d2..5899760 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -480,7 +480,7 @@ int cms_main(int argc, char **argv)
signerfile = opt_arg();
break;
case OPT_INKEY:
- /* If previous -inkey arument add signer to list */
+ /* If previous -inkey argument add signer to list */
if (keyfile) {
if (signerfile == NULL) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 1886504..1cb11b2 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -105,7 +105,7 @@ OPTIONS ocsp_options[] = {
{"timeout", OPT_TIMEOUT, 'p',
"Connection timeout (in seconds) to the OCSP responder"},
{"url", OPT_URL, 's', "Responder URL"},
- {"host", OPT_HOST, 's', "host:prot top to connect to"},
+ {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
{"port", OPT_PORT, 'p', "Port to run responder on"},
{"ignore_err", OPT_IGNORE_ERR, '-'},
{"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
@@ -114,7 +114,7 @@ OPTIONS ocsp_options[] = {
{"resp_no_certs", OPT_RESP_NO_CERTS, '-',
"Don't include any certificates in response"},
{"resp_key_id", OPT_RESP_KEY_ID, '-',
- "Identify reponse by signing certificate key ID"},
+ "Identify response by signing certificate key ID"},
{"no_certs", OPT_NO_CERTS, '-',
"Don't include any certificates in signed request"},
{"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
diff --git a/apps/s_server.c b/apps/s_server.c
index cd7155b..36ad266 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -151,11 +151,10 @@ static const char *session_id_prefix = NULL;
#ifndef OPENSSL_NO_DTLS
static int enable_timeouts = 0;
static long socket_mtu;
-static int cert_chain = 0;
+
#endif
static int dtlslisten = 0;
-static BIO *serverinfo_in = NULL;
static const char *s_serverinfo_file = NULL;
#ifndef OPENSSL_NO_PSK
@@ -713,7 +712,7 @@ typedef enum OPTION_choice {
OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
- OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN,
+ OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,
OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
@@ -741,7 +740,7 @@ OPTIONS s_server_options[] = {
{"Verify", OPT_UPPER_V_VERIFY, 'n',
"Turn on peer certificate verification, must have a cert"},
{"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
- {"naccept", OPT_NACCEPT, 'p', "Terminate after pnum connections"},
+ {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"},
{"serverinfo", OPT_SERVERINFO, 's',
"PEM serverinfo file for certificate"},
{"certform", OPT_CERTFORM, 'F',
@@ -789,7 +788,7 @@ OPTIONS s_server_options[] = {
"-Private Key file to use for servername if not in -cert2"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
- {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
+ {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"},
{"id_prefix", OPT_ID_PREFIX, 's',
"Generate SSL/TLS session IDs prefixed by arg"},
{"rand", OPT_RAND, 's',
@@ -881,7 +880,6 @@ OPTIONS s_server_options[] = {
{"dtls", OPT_DTLS, '-', "Use any DTLS version"},
{"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
{"mtu", OPT_MTU, 'p', "Set link layer MTU"},
- {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
{"listen", OPT_LISTEN, '-',
"Listen for a DTLS ClientHello with a cookie and then connect"},
#endif
@@ -1385,11 +1383,6 @@ int s_server_main(int argc, char *argv[])
socket_mtu = atol(opt_arg());
#endif
break;
- case OPT_CHAIN:
-#ifndef OPENSSL_NO_DTLS
- cert_chain = 1;
-#endif
- break;
case OPT_LISTEN:
#ifndef OPENSSL_NO_DTLS
dtlslisten = 1;
@@ -1983,7 +1976,6 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_free(ctx2);
X509_free(s_cert2);
EVP_PKEY_free(s_key2);
- BIO_free(serverinfo_in);
#ifndef OPENSSL_NO_NEXTPROTONEG
OPENSSL_free(next_proto.data);
#endif
diff --git a/apps/smime.c b/apps/smime.c
index f9f3d23..dd065bb 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -275,7 +275,7 @@ int smime_main(int argc, char **argv)
goto opthelp;
break;
case OPT_INKEY:
- /* If previous -inkey arument add signer to list */
+ /* If previous -inkey argument add signer to list */
if (keyfile) {
if (signerfile == NULL) {
BIO_printf(bio_err,
diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c
index 9cf7c51..80bd45e 100644
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
@@ -116,9 +116,10 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
}
/*
- * This methods returns: 1 on Success,
- * 0 on decoding failure,
- * -1 on internal (malloc) failure, or invalid parameter if any.
+ * Allocate, build and returns a new |ct_log| from input |pkey_base64|
+ * It returns 1 on success,
+ * 0 on decoding failure, or invalid parameter if any
+ * -1 on internal (malloc) failure
*/
int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
{
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 7e28604..9208f7e 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -264,7 +264,7 @@ static void test_r4_40_cipher_destroy(void)
}
static int test_cipher_nids(const int **nids)
{
- static int cipher_nids[4] = { 0, 0, 0 };
+ static int cipher_nids[4] = { 0, 0, 0, 0 };
static int pos = 0;
static int init = 0;
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index ad17bab..8eedfb3 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -652,13 +652,6 @@ struct ASN1_TLC_st {
};
/* Typedefs for ASN1 function pointers */
-
-typedef ASN1_VALUE *ASN1_new_func(void);
-typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in,
- long length);
-typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in);
-
typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_ITEM *it, int tag, int aclass, char opt,
ASN1_TLC *ctx);
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 1533daa..3628cd5 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -319,7 +319,7 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
# define SSL_OP_SINGLE_ECDH_USE 0x0
/* Does nothing: retained for compatibility */
# define SSL_OP_SINGLE_DH_USE 0x0
-/* Does nothing: retained for compatibiity */
+/* Does nothing: retained for compatibility */
# define SSL_OP_EPHEMERAL_RSA 0x0
/*
* Set on servers to choose the cipher according to the server's preferences
@@ -407,7 +407,7 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
/* Cert related flags */
/*
* Many implementations ignore some aspects of the TLS standards such as
- * enforcing certifcate chain algorithms. When this is set we enforce them.
+ * enforcing certificate chain algorithms. When this is set we enforce them.
*/
# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U
@@ -1541,7 +1541,7 @@ void SSL_certs_clear(SSL *s);
void SSL_free(SSL *ssl);
# ifdef OSSL_ASYNC_FD
/*
- * Windows applcation developer has to include windows.h to use these.
+ * Windows application developer has to include windows.h to use these.
*/
__owur int SSL_waiting_for_async(SSL *s);
__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
@@ -1752,8 +1752,8 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
void SSL_set_default_read_buffer_len(SSL *s, size_t len);
- /* NB: the keylength is only applicable when is_export is true */
# ifndef OPENSSL_NO_DH
+/* NB: the |keylength| is only applicable when is_export is true */
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
DH *(*dh) (SSL *ssl, int is_export,
int keylength));
More information about the openssl-commits
mailing list