summaryrefslogtreecommitdiffstats
path: root/apps/dsa.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make DSA_METHOD opaqueMatt Caswell2016-04-031-1/+3
| | | | | | | | Move the dsa_method structure out of the public header file, and provide getter and setter functions for creating and modifying custom DSA_METHODs. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Make the DSA structure opaqueMatt Caswell2016-04-031-1/+1
| | | | | | | | | Move the dsa_st structure out of the public header file. Add some accessor functions to enable access to the internal fields, and update all internal usage to use the new functions. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Fix no-rc4.Ben Laurie2016-03-221-1/+4
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* argv was set but unusedKurt Roeckx2016-02-201-1/+3
| | | | | | | | Also gives an error message when you gave it a parameter it didn't expect. Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #2009
* Use NON_EMPTY_TRANSLATION_UNIT, consistently.Rich Salz2016-02-101-8/+5
| | | | | | This also closes RT 4123 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix engine key support in utilities.Dr. Stephen Henson2016-02-081-3/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Avoid erroneous "assert(private)" failures.Viktor Dukhovni2015-12-141-2/+7
| | | | | | | When processing a public key input via "-pubin", "private" was sometimes erroneously set, or else not set and incorrectly asserted. Reviewed-by: Rich salz <rsalz@openssl.org>
* Centralise loading default apps config fileMatt Caswell2015-10-121-3/+0
| | | | | | | | | | | | | | | | | Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these are not then recoginised on the command line. Move the default config file loading to before the command line option processing. Whilst we're doing this we might as well centralise this instead of doing it individually for each application. Finally if we do it before the OpenSSL_add_ssl_algorithms() call then ciphersuites provided by an engine (e.g. GOST) can be available to the apps. RT#4085 RT#4086 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Change the way apps open their input and output filesRichard Levitte2015-09-061-1/+1
| | | | | | | | | | | | The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could be confusing if two different apps were handling the same type of file in different ways. The solution is to centralise the decision of low level file organisation, and that the apps would use a selection of formats to state the intent of the file. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Make the handling of output and input formats consistentRichard Levitte2015-09-061-1/+1
| | | | | | | | Most of all, we needed to sort out which ones are binary and which ones are text, and make sure they are treated accordingly and consistently so Reviewed-by: Tim Hudson <tjh@openssl.org>
* RT2547: Tighten perms on generated privkey filesRich Salz2015-06-161-6/+20
| | | | | | | | | | | | When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Standardize handling of #ifdef'd options.Rich Salz2015-06-021-11/+13
| | | | | | | | | | | | | | | | | | Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: Matt Caswell <matt@openssl.org>
* Restore module loadingRichard Levitte2015-05-291-0/+3
| | | | | | | The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: Stephen Henson <steve@openssl.org>
* free null cleanup finaleRich Salz2015-05-011-4/+2
| | | | | | Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
* fewer NO_ENGINE #ifdef'sRich Salz2015-04-251-8/+3
| | | | | | | | Make setup_engine be a dummy if NO_ENGINE is enabled. The option is not enabled if NO_ENGINE is enabled, so the one "wasted" variable just sits there. Removes some variables and code. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Big apps cleanup (option-parsing, etc)Rich Salz2015-04-241-197/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
* free NULL cleanupRich Salz2015-03-251-4/+2
| | | | | | | This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
* free NULL cleanupRich Salz2015-03-251-2/+1
| | | | | | | | Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets DH_free, DSA_free, RSA_free Reviewed-by: Matt Caswell <matt@openssl.org>
* Make OpenSSL compile with no-rc4Dr. Stephen Henson2015-02-271-0/+4
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-286/+283
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* mark all block comments that need format preserving so thatTim Hudson2014-12-301-1/+2
| | | | | | | indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* PR: 2220Dr. Stephen Henson2010-04-061-1/+1
| | | | Fixes to make OpenSSL compile with no-rc4
* PR: 2061Dr. Stephen Henson2009-10-011-1/+1
| | | | | | | Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct i2b_PVK_bio error handling in rsa.c, dsa.c
* Update from 1.0.0-stable.Dr. Stephen Henson2009-04-271-0/+8
|
* Make no-engine work again.Dr. Stephen Henson2008-12-201-2/+0
|
* Add SEED encryption algorithm.Bodo Möller2007-04-241-0/+4
| | | | | | PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller
* Camellia cipher, contributed by NTTBodo Möller2006-06-091-0/+7
| | | | | Submitted by: Masashi Fujita Reviewed by: Bodo Moeller
* Add PVK support to dsa utility.Dr. Stephen Henson2005-10-081-2/+12
|
* Integrated support for PVK files.Dr. Stephen Henson2005-08-311-9/+24
|
* makeNils Larsch2005-07-161-0/+1
| | | | | | | | ./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again PR: 1159
* Remove some unnecessary recursive includes from the internal apps.h header,Geoff Thorpe2004-05-171-0/+1
| | | | and include bn.h in those C files that need bignum functionality.
* Add the possibility to build without the ENGINE framework.Richard Levitte2003-01-301-1/+14
| | | | PR: 287
* EXIT() may mean return(). That's confusing, so let's have it really meanRichard Levitte2002-12-031-1/+1
| | | | | | exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program)
* Config code updates.Dr. Stephen Henson2002-02-221-0/+3
| | | | | | | | | | | | | | | | | | | CONF_modules_unload() now calls CONF_modules_finish() automatically. Default use of section openssl_conf moved to CONF_modules_load() Load config file in several openssl utilities. Most utilities now load modules from the config file, though in a few (such as version) this isn't done because it couldn't be used for anything. In the case of ca and req the config file used is the same as the utility itself: that is the -config command line option can be used to specify an alternative file.
* Add AES support in the applications that support -des and -des3.Richard Levitte2002-02-201-0/+7
|
* Reduce the header dependencies on engine.h in apps/.Geoff Thorpe2001-09-121-1/+0
|
* Use apps_shutdown() in all applications, in case someone decides notRichard Levitte2001-06-231-0/+1
| | | | | | | to go the monolith way (does anyone do that these days?). NOTE: a few applications are missing in this commit. I've a few more changes in them that I haven't tested yet.
* make apps compile againDr. Stephen Henson2001-06-191-1/+1
|
* Provide an application-common setup function for engines and use itRichard Levitte2001-06-181-17/+1
| | | | everywhere.
* Use new-style system-id macros everywhere possible. I hope I haven'tRichard Levitte2001-02-201-1/+1
| | | | | | | missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
* Make all configuration macros available for application by makingRichard Levitte2001-02-191-2/+2
| | | | | | | | | | | | sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
* Merge the engine branch into the main trunk. All conflicts resolved.Richard Levitte2000-10-261-1/+28
| | | | At the same time, add VMS support for Rijndael.
* On VMS, stdout may very well lead to a file that is written to in aRichard Levitte2000-09-201-1/+9
| | | | | | | | | | | | | | | | | record-oriented fashion. That means that every write() will write a separate record, which will be read separately by the programs trying to read from it. This can be very confusing. The solution is to put a BIO filter in the way that will buffer text until a linefeed is reached, and then write everything a line at a time, so every record written will be an actual line, not chunks of lines and not (usually doesn't happen, but I've seen it once) several lines in one record. Voila, BIO_f_linebuffer() is born. Since we're so close to release time, I'm making this VMS-only for now, just to make sure no code is needlessly broken by this. After the release, this BIO method will be enabled on all other platforms as well.
* There have been a number of complaints from a number of sources that namesRichard Levitte2000-06-021-2/+2
| | | | | | | | | like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
* Pass phrase reorganisation.Dr. Stephen Henson2000-02-171-33/+17
|
* Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith ↵Ralf S. Engelschall2000-02-111-0/+2
| | | | | | -Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
* Add command line password options to the reamining utilities,Dr. Stephen Henson2000-02-081-2/+2
| | | | amend docs.
* Fix some of the command line password stuff. New functionDr. Stephen Henson2000-01-011-3/+2
| | | | | | | that can automatically determine the type of a DER encoded "traditional" format private key and change some of the d2i functions to use it instead of requiring the application to work out the key type.
* Allow passwords to be included on command line for a fewDr. Stephen Henson1999-12-251-11/+3
| | | | more utilities.
* Transparent support for PKCS#8 private keys in RSA/DSA.Dr. Stephen Henson1999-11-211-4/+4
| | | | | | | | New universal public key format. Fix CRL+cert load problem in by_file.c Make verify report errors when loading files or dirs