Commit graph

244 commits

Author SHA1 Message Date
Flavio Medeiros
b5292f7b40 GH480: Don't break statements with CPP stuff.
This is also RT 4137

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-24 16:11:39 -05:00
Kurt Roeckx
0335851754 argv was set but unused
Also gives an error message when you gave it a parameter it didn't expect.

Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #2009
2016-02-20 14:53:53 +01:00
Rich Salz
9a13bb387d GH681: More command help cleanup
enc:
 - typo in -base64 option
 - missing help opt text
ocsp, req, rsautl, s_client:
 - missing help opt text

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-18 12:24:44 -05:00
Emilia Kasper
a762655743 RT 3854: Update apps/req
Change the default keysize to 2048 bits, and the minimum to 512 bits.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-12 14:09:26 +01:00
Dr. Stephen Henson
43db7aa2de Fix engine key support in cms and req utilities.
PR#4246 and PR#4266

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 16:03:52 +00:00
Insu Yun
69ac182d15 GH634: fix potential memory leak
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-06 09:25:54 -05:00
Dr. Stephen Henson
3aeb934865 make EVP_PKEY opaque
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-20 03:24:59 +00:00
Rich Salz
7644a9aef8 Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 16:14:49 -05:00
Richard Levitte
bfb0641f93 Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy)
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
6e59a892db Adjust all accesses to EVP_MD_CTX to use accessor functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Matt Caswell
96487cddd4 Continue standardisation of malloc handling in apps
continue on from previous commits but in the apps directory

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-09 22:48:41 +00:00
Matt Caswell
1dce6c3f9e Rename -set-serial command to req
Previous OpenSSL versions used -set_serial, but master was using
-set-serial - so rename it back to the old version.

RT#4059

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-12 22:42:23 +01:00
Richard Levitte
bdd58d9846 Change the way apps open their input and output files
The different apps had the liberty to decide whether they would open their
input and output files in binary mode or not, which could be confusing if
two different apps were handling the same type of file in different ways.

The solution is to centralise the decision of low level file organisation,
and that the apps would use a selection of formats to state the intent of
the file.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 01:35:54 +02:00
Richard Levitte
d303b9d85e Make the handling of output and input formats consistent
Most of all, we needed to sort out which ones are binary and which
ones are text, and make sure they are treated accordingly and
consistently so

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 01:29:36 +02:00
Dr. Stephen Henson
124055a96e make X509_REQ opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 20:58:33 +01:00
Dr. Stephen Henson
d8c054f2da Remove asn1-kludge option.
Remove asn1-kludge option from the req utility. It was a decade old
workaround for CAs and software which required an invalid encoding
of PKCS#10 certificate requests: omitting the attributes field even
though it is not OPTIONAL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 20:58:33 +01:00
Adam Eijdenberg
902c6b95a3 RT3961: Fix switch/case errors in flag parsing
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:11:55 -04:00
Richard Levitte
f1cece554d Make "oneline" the default for nameopt
There's no reason why we should default to a output format that is
old, and confusing in some cases.

This affects the commands "ca", "crl", "req" and "x509".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-07 11:17:14 +02:00
Rich Salz
3b061a00e3 RT2547: Tighten perms on generated privkey files
When generating a private key, try to make the output file be readable
only by the owner.  Put it in CHANGES file since it might be noticeable.

Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key.  Checked via assert so that this
bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
the code-paths where private keys are written.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-06-15 18:26:56 -04:00
Tim Hudson
29eca1c0d5 Fix argument processing error from the option parsing change over.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-15 14:55:34 +10:00
Rich Salz
9c3bcfa027 Standardize handling of #ifdef'd options.
Here are the "rules" for handling flags that depend on #ifdef:

- Do not ifdef the enum.  Only ifdef the OPTIONS table.  All ifdef'd
  entries appear at the end; by convention "engine" is last.  This
  ensures that at run-time, the flag will never be recognized/allowed.
  The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
  disable it; leave the "case OPT_xxx:" and "break" statements outside
  the ifdef/ifndef.  See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
  OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
  and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
  for example.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-02 12:40:24 -04:00
Richard Levitte
296f54ee21 Restore module loading
The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-05-29 12:41:50 +02:00
Richard Levitte
2142519500 Fix double BIO_free in req
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-29 12:41:50 +02:00
Rich Salz
cc01d21756 RT3876: Only load config when needed
Create app_load_config(), a routine to load config file.  Remove the
"always load config" from the main app.  Change the places that used to
load config to call the new common routine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-28 17:28:33 -04:00
Hanno Böck
cf89a80e25 RT3861: Mem/bio leak in req command
The "out" variable is used for both key and csr.  Close it after
writing the first one so it can be re-used when writing the other.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-25 19:13:26 -04:00
Rich Salz
75ebbd9aa4 Use p==NULL not !p (in if statements, mainly)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-11 10:06:38 -04:00
Rich Salz
86885c2895 Use "==0" instead of "!strcmp" etc
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-06 22:37:53 -04:00
Rich Salz
25aaa98aa2 free NULL cleanup -- coda
After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-01 14:37:16 -04:00
Rich Salz
efa7dd6444 free NULL cleanup 11
Don't check for NULL before calling free functions. This gets:
        ERR_STATE_free
        ENGINE_free
        DSO_free
        CMAC_CTX_free
        COMP_CTX_free
        CONF_free
        NCONF_free NCONF_free_data _CONF_free_data
        A sk_free use within OBJ_sigid_free
        TS_TST_INFO_free (rest of TS_ API was okay)
        Doc update for UI_free (all uses were fine)
        X509V3_conf_free
        X509V3_section_free
        X509V3_string_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:15:18 -04:00
Rich Salz
b548a1f11c free null cleanup finale
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Rich Salz
333b070ec0 fewer NO_ENGINE #ifdef's
Make setup_engine be a dummy if NO_ENGINE is enabled.
The option is not enabled if NO_ENGINE is enabled, so the one "wasted"
variable just sits there. Removes some variables and code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 15:41:29 -04:00
Rich Salz
7e1b748570 Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb24
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 15:26:15 -04:00
Rich Salz
c5ba2d9904 free NULL cleanup
EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 10:54:15 -04:00
Rich Salz
10bf4fc2c3 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Rich Salz
68b00c2372 ifdef cleanup part 3: OPENSSL_SYSNAME
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
Remove MS_STATIC; it's a relic from platforms <32 bits.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 11:58:26 -05:00
Matt Caswell
50e735f9e5 Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Rich Salz
6d23cf9744 RT3548: Remove unsupported platforms
This last one for this ticket.  Removes WIN16.
So long, MS_CALLBACK and MS_FAR.  We won't miss you.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 17:30:54 -05:00
Matt Caswell
3a83462dfe Further comment amendments to preserve formatting prior to source reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Matt Caswell
5bafb04d2e Remove redundant OPENSSL_NO_DEPRECATED suppression
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:05 +00:00
Rich Salz
5cf37957fb RT3543: Remove #ifdef LINT
I also replaced some exit/return wrappers in various
programs (from main) to standardize on return.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-10 17:31:04 -05:00
Viktor Dukhovni
b00676bb6f Fix infinite loop. PR#3347 2014-05-11 20:28:56 +01:00
Kurt Roeckx
3343220327 Use defaults bits in req when not given
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file.  However the value isn't used to generate the key, but it does
print it's generating such a key.  The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024).  Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.

We now read the config first and use the value from the config file when no size
is given.

PR: 2592
2014-02-14 22:30:27 +00:00
Mat
5628ec6673 typo 2013-09-13 14:29:36 +01:00
Dr. Stephen Henson
256f9573c5 make -subj always override config file 2012-12-04 18:35:04 +00:00
Dr. Stephen Henson
4c623cddbe add -sigopt option to ca utility 2010-03-14 12:54:45 +00:00
Dr. Stephen Henson
cdb182b55a new sigopt and PSS support for req and x509 utilities 2010-03-12 14:41:00 +00:00
Dr. Stephen Henson
77163b6234 don't leave bogus errors in the queue 2010-03-10 13:48:09 +00:00
Dr. Stephen Henson
0e039aa797 Fix warnings about ignoring fgets return value 2009-10-04 16:42:56 +00:00
Dr. Stephen Henson
c869da8839 Update from 1.0.0-stable 2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
d4f0339c66 Update from 1.0.0-stable. 2009-04-26 22:18:22 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
718f8f7a9e Fix from stable branch. 2008-05-12 16:24:31 +00:00
Dr. Stephen Henson
710069c19e Fix warnings. 2007-08-12 17:44:32 +00:00
Bodo Möller
6a983d4287 Fix a bug recently introduced when updating this file to use the new
keygen API: make sure that 'pkey_type' is actually visible to MAIN().
2006-06-14 01:16:22 +00:00
Dr. Stephen Henson
01b8b3c7d2 Complete EVP_PKEY_ASN1_METHOD ENGINE support. 2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
98c82b899e Gather keygen options in req and only use them after all other options have
been processed. This allows any ENGINE changing operations to be processed
first (for example a config file).
2006-05-16 12:11:14 +00:00
Dr. Stephen Henson
759d8ac6ee Typo. 2006-05-12 00:27:39 +00:00
Dr. Stephen Henson
959e8dfe06 Update 'req' command to use new keygen API. 2006-05-11 21:39:00 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
ee1d9ec019 Remove link between digests and signature algorithms.
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Nils Larsch
67b6f1ca88 fix problems found by coverity: remove useless code 2006-03-15 17:45:43 +00:00
Nils Larsch
3eeaab4bed make
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159
2005-07-16 12:37:36 +00:00
Andy Polyakov
ea1b02db6a OPENSSL_Applink update. 2005-05-17 00:08:28 +00:00
Nils Larsch
9dd8405341 ecc api cleanup; summary:
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Nils Larsch
7d727231b7 some const fixes 2005-04-05 19:11:19 +00:00
Nils Larsch
12bdb64375 use SHA-1 as the default digest for the apps/openssl commands 2005-04-02 09:29:15 +00:00
Dr. Stephen Henson
00dd8f6d6e In "req" exit immediately if configuration file is needed and it can't
be loaded instead of giving the misleading:

"unable to find 'distinguised_name' in config"

error message.
2004-11-17 18:36:13 +00:00
Geoff Thorpe
bcfea9fb25 Allow RSA key-generation to specify an arbitrary public exponent. Jelte
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
2004-04-26 15:31:35 +00:00
Dr. Stephen Henson
64674bcc8c Reduce chances of issuer and serial number duplication by use of random
initial serial numbers.

PR: 842
2004-04-20 12:05:26 +00:00
Geoff Thorpe
6c43032121 minor signed/unsigned warning fixes 2004-02-10 18:46:10 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Richard Levitte
6d5ffb591b Move do_subject() to apps.c and rename it to parse_name(). The
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
2003-11-28 14:07:14 +00:00
Richard Levitte
7ce9e425bc Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option
to 'openssl req' and 'openssl ca'.

PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte

(there will be some follow-up changes)
2003-11-28 14:04:09 +00:00
Dr. Stephen Henson
a8287a90ea Give CRLDP its standard name.
Max req -x509 use V1 if extensions section absent.
2003-11-20 22:45:06 +00:00
Geoff Thorpe
bc3c578208 Copy-n-paste bug (don't mix variable declarations and code). This sets the
callback structure just before it is needed.
2003-10-29 22:30:45 +00:00
Geoff Thorpe
2aaec9cced Update any code that was using deprecated functions so that everything builds
and links with OPENSSL_NO_DEPRECATED defined.
2003-10-29 04:14:08 +00:00
Richard Levitte
3ae70939ba Correct a lot of printing calls. Remove extra arguments... 2003-04-03 23:39:48 +00:00
Dr. Stephen Henson
1a15c89988 Multi valued AVA support. 2003-03-30 01:51:16 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Dr. Stephen Henson
d3b5cb5343 Check return value of gmtime() and add error codes
where it fails in ASN1_TIME_set().

Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.

Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 01:12:01 +00:00
Richard Levitte
821951b851 Avoid double definition of config.
PR: 420
2002-12-24 23:53:46 +00:00
Geoff Thorpe
5daec7ea0e Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are
being built with it defined - it is not a symbol to affect how openssl
itself builds, but to alter the way openssl headers can be used from an API
point of view. The "deprecated" function wrappers will always remain inside
OpenSSL at least as long as they're still being used internally. :-)

The exception is dsaparam which has been updated to the BN_GENCB-based
functions to test the new functionality. If GENCB_TEST is defined, dsaparam
will support a "-timebomb <n>" switch to cancel parameter-generation if it
gets as far as 'n' seconds without completion.
2002-12-08 05:38:44 +00:00
Richard Levitte
1c3e4a3660 EXIT() may mean return(). That's confusing, so let's have it really mean
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
2002-12-03 16:33:03 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
06b7c8d5ba Variables on the stack must be initialized or we can't depend on any
initial value.  For errline/errorline, we did depend on that, erroneously
2002-11-11 21:34:21 +00:00
Bodo Möller
9226e2187c Let 'openssl req' fail if an argument to '-newkey' is not
recognized instead of using RSA as a default.
2002-09-10 07:34:45 +00:00
Bodo Möller
ad55f581f9 fix offsets
Submitted by: Nils Larsch
2002-08-26 11:25:14 +00:00
Dr. Stephen Henson
fc85ac20c7 Make -nameopt work in req and add support for -reqopt 2002-08-22 23:43:48 +00:00
Bodo Möller
64376cd8ff 'EC' vs. 'ECDSA'
Submitted by: Nils Larsch
2002-08-16 11:19:07 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Bodo Möller
e172d60ddb Add ECDH support.
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a use a generic EC_KEY structure (EC keys are not ECDSA specific)
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Richard Levitte
da9b972466 Make it possible to load keys from stdin, and restore that
functionality in the programs that had that before.
Part fo PR 164
2002-08-01 16:28:40 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam'
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Dr. Stephen Henson
eee6c81af8 Reorganise -subj option code, fix buffer overrun. 2002-05-19 16:31:10 +00:00
Lutz Jänicke
c0455cbb18 Fix escaping when using the -subj option of "openssl req", document
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
2002-04-30 12:08:18 +00:00