Commit Graph

78 Commits

Author SHA1 Message Date
Tianjia Zhang
022411112d apps: Fix the mismatch of SM2 keys keymgmt
The SM2 key has a separate keymgmt, which is independent of the
EC. The key generated by the subcommand ecparam is wrong. Using
'openssl ec -in sm2.key -noout -text' will also encounter some
errors.

When using the ecparam subcommand to generate the SM2 key, use
the correct keymgmt to solve this problem.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15454)
2021-05-26 16:57:40 +02:00
Tomas Mraz
57cea5baf6 apps: Cleanup useless bio_open_default() calls for key input
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15331)
2021-05-21 10:00:21 +02:00
Tomas Mraz
d382e79632 Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.

The input type format is enforced only in case the file
type file store is used.

By default we use FORMAT_UNDEF meaning the input type
is not enforced.

Fixes #14569

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
2021-05-06 11:43:32 +01:00
Dr. David von Oheimb
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
2021-05-05 20:48:20 +02:00
Dr. David von Oheimb
3ad6030948 APPS: make apps strict on app_RAND_load() and app_RAND_write() failure
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14840)
2021-04-14 16:48:27 +02:00
Tomas Mraz
fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY
Additional renames done in encoder and decoder implementation
to follow the style.

Fixes #13622

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14155)
2021-02-17 15:26:12 +01:00
Rich Salz
51e5df0ed0 Load rand state after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
2021-02-12 08:34:17 +10:00
Tomas Mraz
28e1904250 apps/ecparam: Avoid crash when parameters fail to load
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14043)
2021-02-03 12:09:44 +01:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Richard Levitte
5ac632eed7 APPS: Restore inclusions
An '#include <string.h>' was mistakenly removed from apps/ec.c and
apps/ecparam.c

Fixes #13986

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13989)
2021-01-28 10:24:30 +01:00
Shane Lontis
5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Rich Salz
021410ea3f Check non-option arguments
Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.

Made all error messages consistent (which is to say, minimal).

Fixes: #13527

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13563)
2020-12-15 11:47:17 +01:00
Shane Lontis
c1131e6a0e Deprecate EC_POINT_bn2point and EC_POINT_point2bn.
Fixes #10366

The one place that actually used was in the legacy printing of ecparams.
This has been replaced by the pointtobuf variant.

The ecparam app was using one of these functions - this line has just been
removed as another PR will remove all the code generated lines..

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13294)
2020-12-07 17:15:39 +10:00
Rich Salz
1696b8909b Remove -C from dhparam,dsaparam,ecparam
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13384)
2020-11-13 14:45:22 +01:00
Billy Brumley
23ccae80bd Move EC_METHOD to internal-only
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11928)
2020-06-02 11:17:24 +03:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Rich Salz
1ae56f2f43 Don't compile commands if disabled
Rather than wrapping whole files in "ifndef OPENSSL_NO_xxx" we handle
the changes in build.info

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11250)
2020-04-10 15:24:02 +02:00
Pauli
6bd4e3f231 cmdline app: add provider commandline options.
Add a -provider option to allow providers to be loaded. This option can be
specified multiple times.

Add a -provider_path option to allow the path to providers to be specified.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11167)
2020-03-07 11:46:48 +10:00
Rich Salz
5388f9862d Add "sections" to -help output
Remove "Valid options" label, since all commands have sections (and
[almost] always the first one is "General options").
Have "list --options" ignore section headers
Reformat ts's additional help

Add output section

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9953)
2019-11-08 06:08:30 +10:00
Matt Caswell
a9612d6c03 Make the EC code available from inside the FIPS provider
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
2019-08-06 11:19:07 +01:00
Shane Lontis
8402cd5f75 added code to validate EC named curve parameters
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
2019-04-11 12:05:38 +03:00
Richard Levitte
dffa752023 Following the license change, modify the boilerplates in apps/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7765)
2018-12-06 14:15:27 +01:00
Matt Caswell
9cc570d4c4 Use the new non-curve type specific EC functions internally
Fixes #6646

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6815)
2018-07-31 09:08:38 +01:00
Bernd Edlinger
4bdc25b07f Fix ecparam -genkey with point compression or DER outform
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5741)
2018-03-25 11:12:46 +02:00
Matt Caswell
6738bf1417 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-13 13:59:25 +00:00
Richard Levitte
dab2cd68e7 apps: Don't include progs.h in apps.h
Everything in apps includes apps.h, because that one declares apps
internal library routines.  However, progs.h doesn't declare library
routines, but rather the main commands and their options, and there's
no reason why the library modules should include it.

So, remove the inclusion of progs.h from apps.h and add that inclusion
in all command source files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5222)
2018-01-31 23:45:12 +01:00
Rich Salz
cbe2964821 Consistent formatting for sizeof(foo)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4872)
2017-12-07 19:11:49 -05:00
KaoruToda
26a7d938c9 Remove parentheses of return.
Since return is inconsistent, I removed unnecessary parentheses and
unified them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4541)
2017-10-18 16:05:06 +01:00
Rich Salz
3ee1eac27a Standardize apps use of -rand, etc.
Standardized the -rand flag and added a new one:
    -rand file...
            Always reads the specified files
    -writerand file
            Always writes to the file on exit

For apps that use a config file, the RANDFILE config parameter reads
the file at startup (to seed the RNG) and write to it on exit if
the -writerand flag isn't used.

Ensured that every app that took -rand also took -writerand, and
made sure all of that agreed with all the documentation.

Fix error reporting in write_file and -rand

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3862)
2017-07-16 19:20:45 -04:00
Rich Salz
aa8f3d76fc Modify Sun copyright to follow OpenSSL style
Approved by Oracle.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3585)
2017-06-20 11:13:45 -04:00
Paul Yang
2234212c3d Clean up a bundle of codingstyle stuff in apps directory
Mostly braces and NULL pointer check and also copyright year bump

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3657)
2017-06-12 16:11:05 -04:00
Richard Levitte
dd1abd4462 If an engine comes up explicitely, it must also come down explicitely
In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it's a built in engine), we end up returning
an invalid reference.

Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1643)
2016-10-19 17:44:08 +02:00
FdaSilvaYY
44c83ebd70 Constify command options
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1694)
2016-10-14 18:25:50 +02:00
Rich Salz
846e33c729 Copyright consolidation 01/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-17 14:19:19 -04:00
Kurt Roeckx
0335851754 argv was set but unused
Also gives an error message when you gave it a parameter it didn't expect.

Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #2009
2016-02-20 14:53:53 +01:00
Rich Salz
effaf4dee9 Use NON_EMPTY_TRANSLATION_UNIT, consistently.
This also closes RT 4123

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 20:13:29 -05:00
Dr. Stephen Henson
f6de4eb77f Fix memory leak and print out keygen errors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-01 15:11:18 +00:00
Alessandro Ghedini
070c23325a Remove useless code
RT#4081

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Matt Caswell
a0a82324f9 Centralise loading default apps config file
Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.

RT#4085
RT#4086

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-12 22:31:00 +01:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Richard Levitte
bdd58d9846 Change the way apps open their input and output files
The different apps had the liberty to decide whether they would open their
input and output files in binary mode or not, which could be confusing if
two different apps were handling the same type of file in different ways.

The solution is to centralise the decision of low level file organisation,
and that the apps would use a selection of formats to state the intent of
the file.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 01:35:54 +02:00
Peter Waltenberg
99dcd88035 Exit on error in ecparam
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-07-09 15:42:52 -04:00
Rich Salz
3b061a00e3 RT2547: Tighten perms on generated privkey files
When generating a private key, try to make the output file be readable
only by the owner.  Put it in CHANGES file since it might be noticeable.

Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key.  Checked via assert so that this
bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
the code-paths where private keys are written.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-06-15 18:26:56 -04:00
Richard Levitte
296f54ee21 Restore module loading
The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-05-29 12:41:50 +02:00
Rich Salz
86885c2895 Use "==0" instead of "!strcmp" etc
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-06 22:37:53 -04:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00
Rich Salz
b548a1f11c free null cleanup finale
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Rich Salz
23a1d5e97c free NULL cleanup 7
This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 21:37:06 -04:00
Rich Salz
68dc682499 In apps, malloc or die
No point in proceeding if you're out of memory.  So change
*all* OPENSSL_malloc calls in apps to use the new routine which
prints a message and exits.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:48:31 -04:00
Rich Salz
b196e7d936 remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00