#
1ddf2594 |
| 06-Feb-2020 |
Pauli |
dsa: deprecate applications that depend on the low level DSA functions. speed is updated to not support DSA instead of being removed. The dhparam, dsaparam, dsa and gendsa commands
dsa: deprecate applications that depend on the low level DSA functions. speed is updated to not support DSA instead of being removed. The dhparam, dsaparam, dsa and gendsa commands are deprecated but still exist without NO_DEPRECATED defined. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10977)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
92de469f |
| 20-Sep-2019 |
Rich Salz |
Document command parameters. Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: Pau
Document command parameters. Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10371)
show more ...
|
#
5388f986 |
| 07-Nov-2019 |
Rich Salz |
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore s
Add "sections" to -help output Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore section headers Reformat ts's additional help Add output section Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9953)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
b6a07f67 |
| 09-Aug-2018 |
Philip Prindeville |
gendsa: dsaparam: introduce -verbose option to enable output Other commands like 'req' support -verbose, so why not gendsa and dsaparam? Part of a larger and more ambitious effort t
gendsa: dsaparam: introduce -verbose option to enable output Other commands like 'req' support -verbose, so why not gendsa and dsaparam? Part of a larger and more ambitious effort to add -verbose to all apps that might be used in scripts and need to otherwise run silently (well, without belching out anything that isn't a warning or error... which ties into a later scrub of using STDOUT were appropriate for informative messages instead of STDERR)... so that scripts also have the option of doing >/dev/null without losing anything critical. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6908)
show more ...
|
#
dffa7520 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in apps/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7765)
|
Revision tags: OpenSSL_1_1_1-pre8 |
|
#
0336df2f |
| 30-May-2018 |
Georg Schmidt |
Issue warnings for large DSA and RSA keys Issue a warning when generating DSA or RSA keys of size greater than OPENSSL_DSA_MAX_MODULUS_BITS resp. OPENSSL_RSA_MAX_MODULUS_BITS. R
Issue warnings for large DSA and RSA keys Issue a warning when generating DSA or RSA keys of size greater than OPENSSL_DSA_MAX_MODULUS_BITS resp. OPENSSL_RSA_MAX_MODULUS_BITS. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6380)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
#
6738bf14 |
| 13-Feb-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
dab2cd68 |
| 31-Jan-2018 |
Richard Levitte |
apps: Don't include progs.h in apps.h Everything in apps includes apps.h, because that one declares apps internal library routines. However, progs.h doesn't declare library routines
apps: Don't include progs.h in apps.h Everything in apps includes apps.h, because that one declares apps internal library routines. However, progs.h doesn't declare library routines, but rather the main commands and their options, and there's no reason why the library modules should include it. So, remove the inclusion of progs.h from apps.h and add that inclusion in all command source files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5222)
show more ...
|
Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
26a7d938 |
| 17-Oct-2017 |
KaoruToda |
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
show more ...
|
#
3ee1eac2 |
| 05-Jul-2017 |
Rich Salz |
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file Always writes to the file on exit For apps that use a config file, the RANDFILE config parameter reads the file at startup (to seed the RNG) and write to it on exit if the -writerand flag isn't used. Ensured that every app that took -rand also took -writerand, and made sure all of that agreed with all the documentation. Fix error reporting in write_file and -rand Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3862)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c |
|
#
dd1abd44 |
| 28-Sep-2016 |
Richard Levitte |
If an engine comes up explicitely, it must also come down explicitely In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately
If an engine comes up explicitely, it must also come down explicitely In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it's a built in engine), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1643)
show more ...
|
Revision tags: OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13, OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4 |
|
#
44c83ebd |
| 13-Mar-2016 |
FdaSilvaYY |
Constify command options Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from ht
Constify command options Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1694)
show more ...
|
#
12d56b29 |
| 31-Jul-2016 |
FdaSilvaYY |
Fix various missing option help messages ... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl
Fix various missing option help messages ... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1585)
show more ...
|
#
2ac6115d |
| 14-Jun-2016 |
Richard Levitte |
Deal with the consequences of constifying getters Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
#
846e33c7 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 01/10 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
#
6e9fa57c |
| 30-Mar-2016 |
Matt Caswell |
Make DSA_METHOD opaque Move the dsa_method structure out of the public header file, and provide getter and setter functions for creating and modifying custom DSA_METHODs. Review
Make DSA_METHOD opaque Move the dsa_method structure out of the public header file, and provide getter and setter functions for creating and modifying custom DSA_METHODs. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
#
1258396d |
| 30-Mar-2016 |
Matt Caswell |
Make the DSA structure opaque Move the dsa_st structure out of the public header file. Add some accessor functions to enable access to the internal fields, and update all internal us
Make the DSA structure opaque Move the dsa_st structure out of the public header file. Add some accessor functions to enable access to the internal fields, and update all internal usage to use the new functions. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
#
effaf4de |
| 31-Jan-2016 |
Rich Salz |
Use NON_EMPTY_TRANSLATION_UNIT, consistently. This also closes RT 4123 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2, OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
070c2332 |
| 08-Oct-2015 |
Alessandro Ghedini |
Remove useless code RT#4081 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
a0a82324 |
| 12-Oct-2015 |
Matt Caswell |
Centralise loading default apps config file Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these
Centralise loading default apps config file Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these are not then recoginised on the command line. Move the default config file loading to before the command line option processing. Whilst we're doing this we might as well centralise this instead of doing it individually for each application. Finally if we do it before the OpenSSL_add_ssl_algorithms() call then ciphersuites provided by an engine (e.g. GOST) can be available to the apps. RT#4085 RT#4086 Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
bdd58d98 |
| 04-Sep-2015 |
Richard Levitte |
Change the way apps open their input and output files The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could
Change the way apps open their input and output files The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could be confusing if two different apps were handling the same type of file in different ways. The solution is to centralise the decision of low level file organisation, and that the apps would use a selection of formats to state the intent of the file. Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b, OpenSSL-fips-2_0_10 |
|
#
3b061a00 |
| 02-May-2015 |
Rich Salz |
RT2547: Tighten perms on generated privkey files When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be notic
RT2547: Tighten perms on generated privkey files When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
#
9c3bcfa0 |
| 15-May-2015 |
Rich Salz |
Standardize handling of #ifdef'd options. Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd e
Standardize handling of #ifdef'd options. Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
296f54ee |
| 29-May-2015 |
Richard Levitte |
Restore module loading The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: Stephen Henson <steve@ope
Restore module loading The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
#
b548a1f1 |
| 01-May-2015 |
Rich Salz |
free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
|