Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 17 7月, 2017 1 次提交
    • R
      Standardize apps use of -rand, etc. · 3ee1eac2
      Rich Salz 提交于 
      Standardized the -rand flag and added a new one:
    -rand file...
            Always reads the specified files
    -writerand file
            Always writes to the file on exit

For apps that use a config file, the RANDFILE config parameter reads
the file at startup (to seed the RNG) and write to it on exit if
the -writerand flag isn't used.

Ensured that every app that took -rand also took -writerand, and
made sure all of that agreed with all the documentation.

Fix error reporting in write_file and -rand
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3862)
      3ee1eac2
  3. 03 7月, 2017 1 次提交
  5. 13 6月, 2017 1 次提交
  7. 31 5月, 2017 1 次提交
  9. 29 3月, 2017 1 次提交
  11. 28 3月, 2017 1 次提交
  13. 03 3月, 2017 1 次提交
  15. 21 1月, 2017 1 次提交
  17. 15 10月, 2016 1 次提交
  19. 15 9月, 2016 2 次提交
  21. 14 9月, 2016 1 次提交
  23. 01 8月, 2016 1 次提交
  25. 20 7月, 2016 2 次提交
  27. 15 7月, 2016 1 次提交
  29. 18 5月, 2016 1 次提交
  31. 27 4月, 2016 1 次提交
  33. 31 3月, 2016 2 次提交
  35. 17 12月, 2015 1 次提交
    • R
      Rename some BUF_xxx to OPENSSL_xxx · 7644a9ae
      Rich Salz 提交于 
      Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: NTim Hudson <tjh@openssl.org>
      7644a9ae
  37. 08 12月, 2015 2 次提交
  39. 13 10月, 2015 1 次提交
    • M
      Centralise loading default apps config file · a0a82324
      Matt Caswell 提交于 
      Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.

RT#4085
RT#4086
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      a0a82324
  41. 06 9月, 2015 1 次提交
    • R
      Change the way apps open their input and output files · bdd58d98
      Richard Levitte 提交于 
      The different apps had the liberty to decide whether they would open their
input and output files in binary mode or not, which could be confusing if
two different apps were handling the same type of file in different ways.

The solution is to centralise the decision of low level file organisation,
and that the apps would use a selection of formats to state the intent of
the file.
Reviewed-by: NTim Hudson <tjh@openssl.org>
      bdd58d98
  43. 16 6月, 2015 1 次提交
    • R
      RT2547: Tighten perms on generated privkey files · 3b061a00
      Rich Salz 提交于 
      When generating a private key, try to make the output file be readable
only by the owner.  Put it in CHANGES file since it might be noticeable.

Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key.  Checked via assert so that this
bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
the code-paths where private keys are written.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      3b061a00
  45. 10 6月, 2015 1 次提交
  47. 03 6月, 2015 1 次提交
    • R
      Standardize handling of #ifdef'd options. · 9c3bcfa0
      Rich Salz 提交于 
      Here are the "rules" for handling flags that depend on #ifdef:

- Do not ifdef the enum.  Only ifdef the OPTIONS table.  All ifdef'd
  entries appear at the end; by convention "engine" is last.  This
  ensures that at run-time, the flag will never be recognized/allowed.
  The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
  disable it; leave the "case OPT_xxx:" and "break" statements outside
  the ifdef/ifndef.  See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
  OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
  and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
  for example.
Reviewed-by: NMatt Caswell <matt@openssl.org>
      9c3bcfa0
  49. 29 5月, 2015 1 次提交
  51. 01 5月, 2015 2 次提交
  53. 25 4月, 2015 1 次提交
    • R
      Big apps cleanup (option-parsing, etc) · 7e1b7485
      Rich Salz 提交于 
      This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb246
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag
Reviewed-by: NMatt Caswell <matt@openssl.org>
      7e1b7485
  55. 25 3月, 2015 2 次提交
  57. 22 1月, 2015 2 次提交
  59. 31 12月, 2014 1 次提交
  61. 29 6月, 2005 1 次提交
  63. 06 4月, 2005 1 次提交
  65. 30 10月, 2003 1 次提交
    • G
      A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. · 27545970
      Geoff Thorpe 提交于 
      I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
      27545970