1. 13 10月, 2015 1 次提交
    • M
      Centralise loading default apps config file · a0a82324
      Matt Caswell 提交于
      Loading the config file after processing command line options can
      cause problems, e.g. where an engine provides new ciphers/digests
      these are not then recoginised on the command line. Move the
      default config file loading to before the command line option
      processing. Whilst we're doing this we might as well centralise
      this instead of doing it individually for each application. Finally
      if we do it before the OpenSSL_add_ssl_algorithms() call then
      ciphersuites provided by an engine (e.g. GOST) can be available to
      the apps.
      
      RT#4085
      RT#4086
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      a0a82324
  2. 06 9月, 2015 2 次提交
  3. 16 6月, 2015 1 次提交
    • R
      RT2547: Tighten perms on generated privkey files · 3b061a00
      Rich Salz 提交于
      When generating a private key, try to make the output file be readable
      only by the owner.  Put it in CHANGES file since it might be noticeable.
      
      Add "int private" flag to apps that write private keys, and check that it's
      set whenever we do write a private key.  Checked via assert so that this
      bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
      the code-paths where private keys are written.
      Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      3b061a00
  4. 03 6月, 2015 1 次提交
    • R
      Standardize handling of #ifdef'd options. · 9c3bcfa0
      Rich Salz 提交于
      Here are the "rules" for handling flags that depend on #ifdef:
      
      - Do not ifdef the enum.  Only ifdef the OPTIONS table.  All ifdef'd
        entries appear at the end; by convention "engine" is last.  This
        ensures that at run-time, the flag will never be recognized/allowed.
        The next two bullets entries are for silencing compiler warnings:
      - In the while/switch parsing statement, use #ifdef for the body to
        disable it; leave the "case OPT_xxx:" and "break" statements outside
        the ifdef/ifndef.  See ciphers.c for example.
      - If there are multiple options controlled by a single guard, OPT_FOO,
        OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
        and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
        for example.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      9c3bcfa0
  5. 29 5月, 2015 1 次提交
  6. 06 5月, 2015 1 次提交
    • G
      Initialize potentially uninitialized local variables · 4c9b0a03
      Gunnar Kudrjavets 提交于
      Compiling OpenSSL code with MSVC and /W4 results in a number of warnings.
      One category of warnings is particularly interesting - C4701 (potentially
      uninitialized local variable 'name' used). This warning pretty much means
      that there's a code path which results in uninitialized variables being used
      or returned. Depending on compiler, its options, OS, values in registers
      and/or stack, the results can be nondeterministic. Cases like this are very
      hard to debug so it's rational to fix these issues.
      
      This patch contains a set of trivial fixes for all the C4701 warnings (just
      initializing variables to 0 or NULL or appropriate error code) to make sure
      that deterministic values will be returned from all the execution paths.
      
      RT#3835
      Signed-off-by: NMatt Caswell <matt@openssl.org>
      
      Matt's note: All of these appear to be bogus warnings, i.e. there isn't
      actually a code path where an unitialised variable could be used - its just
      that the compiler hasn't been able to figure that out from the logic. So
      this commit is just about silencing spurious warnings.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      4c9b0a03
  7. 01 5月, 2015 2 次提交
    • R
      free NULL cleanup 7 · 23a1d5e9
      Rich Salz 提交于
      This gets BN_.*free:
          BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
          BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free
      
      Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
      dead code in engines/e_ubsec.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      23a1d5e9
    • R
      In apps, malloc or die · 68dc6824
      Rich Salz 提交于
      No point in proceeding if you're out of memory.  So change
      *all* OPENSSL_malloc calls in apps to use the new routine which
      prints a message and exits.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      68dc6824
  8. 29 4月, 2015 1 次提交
  9. 26 4月, 2015 1 次提交
  10. 25 4月, 2015 1 次提交
    • R
      Big apps cleanup (option-parsing, etc) · 7e1b7485
      Rich Salz 提交于
      This is merges the old "rsalz-monolith" branch over to master.  The biggest
      change is that option parsing switch from cascasding 'else if strcmp("-foo")'
      to a utility routine and somethin akin to getopt.  Also, an error in the
      command line no longer prints the full summary; use -help (or --help :)
      for that.  There have been many other changes and code-cleanup, see
      bullet list below.
      
      Special thanks to Matt for the long and detailed code review.
      
      TEMPORARY:
              For now, comment out CRYPTO_mem_leaks() at end of main
      
      Tickets closed:
              RT3515: Use 3DES in pkcs12 if built with no-rc2
              RT1766: s_client -reconnect and -starttls broke
              RT2932: Catch write errors
              RT2604: port should be 'unsigned short'
              RT2983: total_bytes undeclared #ifdef RENEG
              RT1523: Add -nocert to fix output in x509 app
              RT3508: Remove unused variable introduced by b09eb246
              RT3511: doc fix; req default serial is random
              RT1325,2973: Add more extensions to c_rehash
              RT2119,3407: Updated to dgst.pod
              RT2379: Additional typo fix
              RT2693: Extra include of string.h
              RT2880: HFS is case-insensitive filenames
              RT3246: req command prints version number wrong
      
      Other changes; incompatibilities marked with *:
              Add SCSV support
              Add -misalign to speed command
              Make dhparam, dsaparam, ecparam, x509 output C in proper style
              Make some internal ocsp.c functions void
              Only display cert usages with -help in verify
              Use global bio_err, remove "BIO*err" parameter from functions
              For filenames, - always means stdin (or stdout as appropriate)
              Add aliases for -des/aes "wrap" ciphers.
              *Remove support for IISSGC (server gated crypto)
              *The undocumented OCSP -header flag is now "-header name=value"
              *Documented the OCSP -header flag
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      7e1b7485
  11. 25 3月, 2015 2 次提交
  12. 22 1月, 2015 1 次提交
  13. 13 1月, 2015 1 次提交
  14. 31 12月, 2014 1 次提交
  15. 19 12月, 2014 1 次提交
  16. 11 12月, 2014 1 次提交
  17. 09 12月, 2014 1 次提交
  18. 24 4月, 2011 2 次提交
  19. 12 6月, 2010 1 次提交
  20. 27 4月, 2009 1 次提交
  21. 16 7月, 2005 1 次提交
    • N
      make · 3eeaab4b
      Nils Larsch 提交于
          	./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
          	make depend all test
      work again
      
      PR: 1159
      3eeaab4b
  22. 31 1月, 2003 1 次提交
  23. 11 12月, 2002 1 次提交
  24. 09 12月, 2002 1 次提交
    • G
      Nils Larsch submitted; · e1898724
      Geoff Thorpe 提交于
        - a patch to fix a memory leak in rsa_gen.c
        - a note about compiler warnings with unions
        - a note about improving structure element names
      
      This applies his patch and implements a solution to the notes.
      e1898724
  25. 08 12月, 2002 1 次提交
    • G
      Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are · 5daec7ea
      Geoff Thorpe 提交于
      being built with it defined - it is not a symbol to affect how openssl
      itself builds, but to alter the way openssl headers can be used from an API
      point of view. The "deprecated" function wrappers will always remain inside
      OpenSSL at least as long as they're still being used internally. :-)
      
      The exception is dsaparam which has been updated to the BN_GENCB-based
      functions to test the new functionality. If GENCB_TEST is defined, dsaparam
      will support a "-timebomb <n>" switch to cancel parameter-generation if it
      gets as far as 'n' seconds without completion.
      5daec7ea
  26. 04 12月, 2002 1 次提交
  27. 23 4月, 2002 1 次提交
  28. 14 3月, 2002 1 次提交
  29. 22 2月, 2002 1 次提交
    • D
      Config code updates. · 3647bee2
      Dr. Stephen Henson 提交于
      CONF_modules_unload() now calls CONF_modules_finish()
      automatically.
      
      Default use of section openssl_conf moved to
      CONF_modules_load()
      
      Load config file in several openssl utilities.
      
      Most utilities now load modules from the config file,
      though in a few (such as version) this isn't done
      because it couldn't be used for anything.
      
      In the case of ca and req the config file used is
      the same as the utility itself: that is the -config
      command line option can be used to specify an
      alternative file.
      3647bee2
  30. 12 9月, 2001 1 次提交
  31. 24 6月, 2001 1 次提交
  32. 19 6月, 2001 1 次提交
  33. 18 6月, 2001 1 次提交
  34. 20 2月, 2001 2 次提交
    • R
      Use new-style system-id macros everywhere possible. I hope I haven't · bc36ee62
      Richard Levitte 提交于
      missed any.
      
      This compiles and runs on Linux, and external applications have no
      problems with it.  The definite test will be to build this on VMS.
      bc36ee62
    • R
      Make all configuration macros available for application by making · cf1b7d96
      Richard Levitte 提交于
      sure they are available in opensslconf.h, by giving them names starting
      with "OPENSSL_" to avoid conflicts with other packages and by making
      sure e_os2.h will cover all platform-specific cases together with
      opensslconf.h.
      
      I've checked fairly well that nothing breaks with this (apart from
      external software that will adapt if they have used something like
      NO_KRB5), but I can't guarantee it completely, so a review of this
      change would be a good thing.
      cf1b7d96
  35. 10 1月, 2001 1 次提交