#
e5452d40 |
| 30-Jul-2016 |
Viktor Szakats |
rsa.c: fix incorrect guard for pvk-* options This update syncs the #if guard protecting the pvk-* options with the rest of the source handling those options. Also fix some nearby whi
rsa.c: fix incorrect guard for pvk-* options This update syncs the #if guard protecting the pvk-* options with the rest of the source handling those options. Also fix some nearby whitespace. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1365)
show more ...
|
#
2ac6115d |
| 14-Jun-2016 |
Richard Levitte |
Deal with the consequences of constifying getters Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
#
846e33c7 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 01/10 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
#
9862e9aa |
| 02-Apr-2016 |
Richard Levitte |
Make the RSA structure opaque Move rsa_st away from public headers. Add accessor/writer functions for the public RSA data. Adapt all other source to use the accessors and writers.
Make the RSA structure opaque Move rsa_st away from public headers. Add accessor/writer functions for the public RSA data. Adapt all other source to use the accessors and writers. Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
83ae8124 |
| 18-Mar-2016 |
Matt Caswell |
Fix no-dsa Misc fixes for no-dsa. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
#
03358517 |
| 14-Feb-2016 |
Kurt Roeckx |
argv was set but unused Also gives an error message when you gave it a parameter it didn't expect. Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #2009
|
#
effaf4de |
| 31-Jan-2016 |
Rich Salz |
Use NON_EMPTY_TRANSLATION_UNIT, consistently. This also closes RT 4123 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
dd958974 |
| 08-Feb-2016 |
Dr. Stephen Henson |
Fix engine key support in utilities. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
Revision tags: OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
#
7eff6aa0 |
| 13-Dec-2015 |
Viktor Dukhovni |
Avoid erroneous "assert(private)" failures. When processing a public key input via "-pubin", "private" was sometimes erroneously set, or else not set and incorrectly asserted. R
Avoid erroneous "assert(private)" failures. When processing a public key input via "-pubin", "private" was sometimes erroneously set, or else not set and incorrectly asserted. Reviewed-by: Rich salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
a0a82324 |
| 12-Oct-2015 |
Matt Caswell |
Centralise loading default apps config file Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these
Centralise loading default apps config file Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these are not then recoginised on the command line. Move the default config file loading to before the command line option processing. Whilst we're doing this we might as well centralise this instead of doing it individually for each application. Finally if we do it before the OpenSSL_add_ssl_algorithms() call then ciphersuites provided by an engine (e.g. GOST) can be available to the apps. RT#4085 RT#4086 Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
bdd58d98 |
| 04-Sep-2015 |
Richard Levitte |
Change the way apps open their input and output files The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could
Change the way apps open their input and output files The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could be confusing if two different apps were handling the same type of file in different ways. The solution is to centralise the decision of low level file organisation, and that the apps would use a selection of formats to state the intent of the file. Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
#
d303b9d8 |
| 04-Sep-2015 |
Richard Levitte |
Make the handling of output and input formats consistent Most of all, we needed to sort out which ones are binary and which ones are text, and make sure they are treated accordingly and
Make the handling of output and input formats consistent Most of all, we needed to sort out which ones are binary and which ones are text, and make sure they are treated accordingly and consistently so Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11 |
|
#
0bc2f365 |
| 02-Jul-2015 |
Rich Salz |
Remove obsolete key formats. Remove support for RSA_NET and Netscape key format (-keyform n). Also removed documentation of SGC. Reviewed-by: Viktor Dukhovni <viktor@openss
Remove obsolete key formats. Remove support for RSA_NET and Netscape key format (-keyform n). Also removed documentation of SGC. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b, OpenSSL-fips-2_0_10 |
|
#
3b061a00 |
| 02-May-2015 |
Rich Salz |
RT2547: Tighten perms on generated privkey files When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be notic
RT2547: Tighten perms on generated privkey files When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
#
9c3bcfa0 |
| 15-May-2015 |
Rich Salz |
Standardize handling of #ifdef'd options. Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd e
Standardize handling of #ifdef'd options. Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
296f54ee |
| 29-May-2015 |
Richard Levitte |
Restore module loading The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: Stephen Henson <steve@ope
Restore module loading The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
#
b548a1f1 |
| 01-May-2015 |
Rich Salz |
free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
68dc6824 |
| 30-Apr-2015 |
Rich Salz |
In apps, malloc or die No point in proceeding if you're out of memory. So change *all* OPENSSL_malloc calls in apps to use the new routine which prints a message and exits.
In apps, malloc or die No point in proceeding if you're out of memory. So change *all* OPENSSL_malloc calls in apps to use the new routine which prints a message and exits. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
b196e7d9 |
| 28-Apr-2015 |
Rich Salz |
remove malloc casts Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
bc2f5803 |
| 27-Apr-2015 |
Rich Salz |
Fix typo in help & comment formatting Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
333b070e |
| 25-Apr-2015 |
Rich Salz |
fewer NO_ENGINE #ifdef's Make setup_engine be a dummy if NO_ENGINE is enabled. The option is not enabled if NO_ENGINE is enabled, so the one "wasted" variable just sits there. Remove
fewer NO_ENGINE #ifdef's Make setup_engine be a dummy if NO_ENGINE is enabled. The option is not enabled if NO_ENGINE is enabled, so the one "wasted" variable just sits there. Removes some variables and code. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
7e1b7485 |
| 24-Apr-2015 |
Rich Salz |
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-
Big apps cleanup (option-parsing, etc) This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
ca3a82c3 |
| 25-Mar-2015 |
Rich Salz |
free NULL cleanup This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
d6407083 |
| 24-Mar-2015 |
Rich Salz |
free NULL cleanup Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets DH_free, DSA_free, RSA_free Reviewed-by: Matt
free NULL cleanup Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets DH_free, DSA_free, RSA_free Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
Revision tags: OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
#
35313768 |
| 26-Feb-2015 |
Dr. Stephen Henson |
Make OpenSSL compile with no-rc4 Reviewed-by: Matt Caswell <matt@openssl.org>
|