| #
bd4850df |
| 12-Jan-2016 |
Rich Salz |
RT4227: Range-check in apps.
Implement range-checking in all counts in apps. Turns out only a couple
of cases were missing. And make the range-checking code more strict.
Replace al
RT4227: Range-check in apps.
Implement range-checking in all counts in apps. Turns out only a couple
of cases were missing. And make the range-checking code more strict.
Replace almost all opt_ulong() calls with opt_long()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
| #
700b4a4a |
| 14-Dec-2015 |
Rich Salz |
Remove more (rest?) of FIPS build stuff.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e, OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11 |
|
| #
f8547f62 |
| 13-Jun-2015 |
Rich Salz |
Use SHA256 not MD5 as default digest.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| #
a0a82324 |
| 12-Oct-2015 |
Matt Caswell |
Centralise loading default apps config file
Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these
Centralise loading default apps config file
Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.
RT#4085
RT#4086
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
5f62e044 |
| 06-Sep-2015 |
Richard Levitte |
Fix enc so it properly treats BASE64 as text
To set both the incoming and outgoing data when 'encrypting' or
'decrypting' to FORMAT_BASE64 wasn't quite the right thing to do.
Re
Fix enc so it properly treats BASE64 as text
To set both the incoming and outgoing data when 'encrypting' or
'decrypting' to FORMAT_BASE64 wasn't quite the right thing to do.
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
| #
a60994df |
| 06-Sep-2015 |
Richard Levitte |
Change the treatment of stdin and stdout to allow binary data
If the output to stdout or the input from stdin is meant to be binary,
it's deeply unsetting to get the occasional LF conver
Change the treatment of stdin and stdout to allow binary data
If the output to stdout or the input from stdin is meant to be binary,
it's deeply unsetting to get the occasional LF converted to CRLF or
the other way around. If someone happens to forget to redirect stdin
or stdout, they will get gibberish anyway, line ending conversion will
not change that.
Therefore, let's not have dup_bio_* decide unilaterally what mode the
BIO derived from stdin and stdout, and rather let the app decide by
declaring the intended format.
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
| #
bdd58d98 |
| 04-Sep-2015 |
Richard Levitte |
Change the way apps open their input and output files
The different apps had the liberty to decide whether they would open their
input and output files in binary mode or not, which could
Change the way apps open their input and output files
The different apps had the liberty to decide whether they would open their
input and output files in binary mode or not, which could be confusing if
two different apps were handling the same type of file in different ways.
The solution is to centralise the decision of low level file organisation,
and that the apps would use a selection of formats to state the intent of
the file.
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
| #
d303b9d8 |
| 04-Sep-2015 |
Richard Levitte |
Make the handling of output and input formats consistent
Most of all, we needed to sort out which ones are binary and which
ones are text, and make sure they are treated accordingly and
Make the handling of output and input formats consistent
Most of all, we needed to sort out which ones are binary and which
ones are text, and make sure they are treated accordingly and
consistently so
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
| #
fb029ceb |
| 05-Aug-2015 |
Adam Eijdenberg |
RT3984: Fix clang compiler warning on Mac OS X where %ld is used for uint64_t.
clang suggests %llu instead, but it isn't clear that is portable on
all platforms.
C99 and above d
RT3984: Fix clang compiler warning on Mac OS X where %ld is used for uint64_t.
clang suggests %llu instead, but it isn't clear that is portable on
all platforms.
C99 and above define a handy macro for us, so we try to use that
definition and fall back to current definition if needed (though we
switch to 'u' for unsigned).
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b |
|
| #
9c3bcfa0 |
| 15-May-2015 |
Rich Salz |
Standardize handling of #ifdef'd options.
Here are the "rules" for handling flags that depend on #ifdef:
- Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd
e
Standardize handling of #ifdef'd options.
Here are the "rules" for handling flags that depend on #ifdef:
- Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd
entries appear at the end; by convention "engine" is last. This
ensures that at run-time, the flag will never be recognized/allowed.
The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
disable it; leave the "case OPT_xxx:" and "break" statements outside
the ifdef/ifndef. See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
for example.
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
296f54ee |
| 29-May-2015 |
Richard Levitte |
Restore module loading
The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.
Reviewed-by: Stephen Henson <steve@ope
Restore module loading
The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.
Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_10 |
|
| #
8920a7cd |
| 04-May-2015 |
Richard Levitte |
RT2943: Check sizes if -iv and -K arguments
RT2943 only complains about the incorrect check of -K argument size,
we might as well do the same thing with the -iv argument.
Before
RT2943: Check sizes if -iv and -K arguments
RT2943 only complains about the incorrect check of -K argument size,
we might as well do the same thing with the -iv argument.
Before this, we only checked that the given argument wouldn't give a
bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and
check against the size of the actual cipher used.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
b256f717 |
| 04-May-2015 |
Richard Levitte |
Have -K actually take an argument, and correct help text
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
b548a1f1 |
| 01-May-2015 |
Rich Salz |
free null cleanup finale
Don't check for NULL before calling OPENSSL_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
68dc6824 |
| 30-Apr-2015 |
Rich Salz |
In apps, malloc or die
No point in proceeding if you're out of memory. So change
*all* OPENSSL_malloc calls in apps to use the new routine which
prints a message and exits.
In apps, malloc or die
No point in proceeding if you're out of memory. So change
*all* OPENSSL_malloc calls in apps to use the new routine which
prints a message and exits.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
2fa45e6e |
| 29-Apr-2015 |
Rich Salz |
use isxdigit and apps_tohex
Replace ad-hoc ascii->hex with isxdigit and new app_tohex.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
| #
b196e7d9 |
| 28-Apr-2015 |
Rich Salz |
remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
333b070e |
| 25-Apr-2015 |
Rich Salz |
fewer NO_ENGINE #ifdef's
Make setup_engine be a dummy if NO_ENGINE is enabled.
The option is not enabled if NO_ENGINE is enabled, so the one "wasted"
variable just sits there. Remove
fewer NO_ENGINE #ifdef's
Make setup_engine be a dummy if NO_ENGINE is enabled.
The option is not enabled if NO_ENGINE is enabled, so the one "wasted"
variable just sits there. Removes some variables and code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
7e1b7485 |
| 24-Apr-2015 |
Rich Salz |
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
ca3a82c3 |
| 25-Mar-2015 |
Rich Salz |
free NULL cleanup
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Revision tags: OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
| #
266483d2 |
| 26-Feb-2015 |
Matt Caswell |
RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
27c7609c |
| 22-Jan-2015 |
Rich Salz |
ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF
Use setbuf(fp, NULL) instead of setvbuf(). This removes some
ifdef complexity because all of our platforms support setbuf.
Revi
ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF
Use setbuf(fp, NULL) instead of setvbuf(). This removes some
ifdef complexity because all of our platforms support setbuf.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat |
|
| #
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Revision tags: OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat, master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat, OpenSSL-fips-2_0_9, OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc, OpenSSL_1_0_2-beta3, OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2 |
|
| #
2097a17c |
| 13-Jul-2014 |
Matt Caswell |
Disabled XTS mode in enc utility as it is not supported
PR#3442
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Revision tags: OpenSSL-fips-2_0_8 |
|
| #
9494e99b |
| 11-Jun-2014 |
Dr. Stephen Henson |
Fix compilation with no-comp
|
