aboutsummaryrefslogtreecommitdiffstats
path: root/apps/pkcs8.c
Commit message (Collapse)AuthorAgeFilesLines
* Centralise loading default apps config fileMatt Caswell2015-10-121-3/+0
| | | | | | | | | | | | | | | | | Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these are not then recoginised on the command line. Move the default config file loading to before the command line option processing. Whilst we're doing this we might as well centralise this instead of doing it individually for each application. Finally if we do it before the OpenSSL_add_ssl_algorithms() call then ciphersuites provided by an engine (e.g. GOST) can be available to the apps. RT#4085 RT#4086 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Change the way apps open their input and output filesRichard Levitte2015-09-061-2/+2
| | | | | | | | | | | | The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could be confusing if two different apps were handling the same type of file in different ways. The solution is to centralise the decision of low level file organisation, and that the apps would use a selection of formats to state the intent of the file. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Make the handling of output and input formats consistentRichard Levitte2015-09-061-2/+2
| | | | | | | | Most of all, we needed to sort out which ones are binary and which ones are text, and make sure they are treated accordingly and consistently so Reviewed-by: Tim Hudson <tjh@openssl.org>
* RT3998: Allow scrypt to be disabledRich Salz2015-09-041-2/+12
| | | | | | | | This does 64-bit division and multiplication, and on 32-bit platforms pulls in libgcc symbols (and MSVC does similar) which may not be available. Mostly done by David Woodhouse. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* RT2547: Tighten perms on generated privkey filesRich Salz2015-06-151-1/+7
| | | | | | | | | | | | When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* fix warningDr. Stephen Henson2015-05-301-1/+1
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Restore module loadingRichard Levitte2015-05-291-0/+3
| | | | | | | The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: Stephen Henson <steve@openssl.org>
* scrypt in pkcs8 utilDr. Stephen Henson2015-05-261-4/+35
| | | | | | | Add support for PKCS#8 private key encryption using the scrypt algorithm in the pkcs8 utility. Update documentation. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add function PKCS8_set0_pbeDr. Stephen Henson2015-05-261-4/+16
| | | | | | | | | This adds a new function which will encrypt a private key using PKCS#8 based on an X509_ALGOR structure and reimplements PKCS8_encrypt to use it. Update pkcs8 utlity to use PKCS8_set0_pbe. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use p==NULL not !p (in if statements, mainly)Rich Salz2015-05-111-5/+5
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* free null cleanup finaleRich Salz2015-05-011-4/+2
| | | | | | Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
* fewer NO_ENGINE #ifdef'sRich Salz2015-04-251-10/+4
| | | | | | | | Make setup_engine be a dummy if NO_ENGINE is enabled. The option is not enabled if NO_ENGINE is enabled, so the one "wasted" variable just sits there. Removes some variables and code. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Big apps cleanup (option-parsing, etc)Rich Salz2015-04-241-181/+126
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb24 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: Matt Caswell <matt@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-370/+315
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Tidied up, added include to stdlib, removed "goto bad" usageMatt Caswell2014-06-171-13/+19
|
* Conform to whitespace conventionsrfkrocktk2014-06-171-7/+7
|
* Added custom PBKDF2 iteration count to PKCS8 tool.Naftuli Tzvi Kay2014-06-171-1/+8
|
* PKCS#8 support for alternative PRFs.Dr. Stephen Henson2014-03-011-0/+16
| | | | | | | | | | | Add option to set an alternative to the default hmacWithSHA1 PRF for PKCS#8 private key encryptions. This is used automatically by PKCS8_encrypt if the nid specified is a PRF. Add option to pkcs8 utility. Update docs. (cherry picked from commit b60272b01fcb4f69201b3e1659b4f7e9e9298dfb)
* Tolerate PKCS#8 DSA format with negative private key.Dr. Stephen Henson2010-01-221-0/+4
|
* PR: 2038Dr. Stephen Henson2009-09-111-1/+0
| | | | | | | Submitted by: Artem Chuprina <ran@cryptocom.ru> Approved by: steve@openssl.org Avoid double call to BIO_free().
* Return correct exit code.Dr. Stephen Henson2009-02-121-1/+1
|
* Avoid leaks in pkcs8 app, tidy code up.Dr. Stephen Henson2009-02-121-48/+24
|
* Update obsolete email address...Dr. Stephen Henson2008-11-051-1/+1
|
* Reformat pkcs8 source.Dr. Stephen Henson2004-06-241-100/+174
|
* implement PKCS #8 / SEC1 private key format for ECCBodo Möller2003-06-251-0/+17
| | | | Submitted by: Nils Larsch
* Correct a lot of printing calls. Remove extra arguments...Richard Levitte2003-04-031-6/+5
|
* Add the possibility to build without the ENGINE framework.Richard Levitte2003-01-301-0/+8
| | | | PR: 287
* Security fixes brought forward from 0.9.7.Ben Laurie2002-11-131-2/+2
|
* Signal an error if the entered output password didn't match itself.Richard Levitte2002-10-231-1/+2
| | | | PR: 314
* makedepend complains when a header file is included more than once inRichard Levitte2002-10-141-1/+0
| | | | the same source file.
* Make it possible to load keys from stdin, and restore thatRichard Levitte2002-08-011-1/+2
| | | | | functionality in the programs that had that before. Part fo PR 164
* Fixes for 'no-hw' combined with 'no-SOME_CIPHER'.Bodo Möller2002-03-141-1/+1
| | | | | | Fix dsaparam usage output. Submitted by: Nils Larsch
* Config code updates.Dr. Stephen Henson2002-02-221-0/+4
| | | | | | | | | | | | | | | | | | | CONF_modules_unload() now calls CONF_modules_finish() automatically. Default use of section openssl_conf moved to CONF_modules_load() Load config file in several openssl utilities. Most utilities now load modules from the config file, though in a few (such as version) this isn't done because it couldn't be used for anything. In the case of ca and req the config file used is the same as the utility itself: that is the -config command line option can be used to specify an alternative file.
* Reduce the header dependencies on engine.h in apps/.Geoff Thorpe2001-09-121-1/+0
|
* Make better use of load_cert, load_certs and load_key.Richard Levitte2001-06-251-12/+4
|
* Provide an application-common setup function for engines and use itRichard Levitte2001-06-181-17/+1
| | | | everywhere.
* Use new-style system-id macros everywhere possible. I hope I haven'tRichard Levitte2001-02-201-1/+1
| | | | | | | missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
* Rewrite PKCS#12 code and remove some of the oldDr. Stephen Henson2000-12-311-1/+1
| | | | | | | | | | horrible macros. Fix two evil ASN1 bugs. Attempt to use 'ctx' when NULL if input is indefinite length constructed in asn1_check_tlen() and invalid pointer to ASN1_TYPE when reusing existing structure (this took *ages* to find because the new PKCS#12 code triggered it).
* Merge the engine branch into the main trunk. All conflicts resolved.Richard Levitte2000-10-261-0/+30
| | | | At the same time, add VMS support for Rijndael.
* On VMS, stdout may very well lead to a file that is written to in aRichard Levitte2000-09-201-4/+11
| | | | | | | | | | | | | | | | | record-oriented fashion. That means that every write() will write a separate record, which will be read separately by the programs trying to read from it. This can be very confusing. The solution is to put a BIO filter in the way that will buffer text until a linefeed is reached, and then write everything a line at a time, so every record written will be an actual line, not chunks of lines and not (usually doesn't happen, but I've seen it once) several lines in one record. Voila, BIO_f_linebuffer() is born. Since we're so close to release time, I'm making this VMS-only for now, just to make sure no code is needlessly broken by this. After the release, this BIO method will be enabled on all other platforms as well.
* There have been a number of complaints from a number of sources that namesRichard Levitte2000-06-011-4/+4
| | | | | | | | | like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
* Make pkcs8 work again.Dr. Stephen Henson2000-02-221-7/+13
| | | | | Make EVP_CIPHER_type() return NID_undef if the cipher has no ASN1 OID, modify code to handle this.
* Pass phrase reorganisation.Dr. Stephen Henson2000-02-161-30/+14
|
* Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith ↵Ralf S. Engelschall2000-02-111-0/+1
| | | | | | -Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
* Add command line password options to the reamining utilities,Dr. Stephen Henson2000-02-081-14/+14
| | | | amend docs.
* Add support for some broken PKCS#8 formats.Dr. Stephen Henson2000-02-051-4/+15
|
* Rename SSLeay_add_all_algorithms() et al toDr. Stephen Henson2000-02-041-1/+1
| | | | | OpenSSL_add_all_algorithms(). Move these into separate files so they work properly.
* Fix some of the command line password stuff. New functionDr. Stephen Henson2000-01-011-27/+85
| | | | | | | that can automatically determine the type of a DER encoded "traditional" format private key and change some of the d2i functions to use it instead of requiring the application to work out the key type.
* Add PKCS#8 utility functions and add PBE options.Dr. Stephen Henson1999-12-231-0/+11
|
* VMS updates.Ulf Möller1999-07-281-0/+1
| | | | Submitted by: Richard Levitte <levitte@stacken.kth.se>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-30 11:42:07 +0000