If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
In the X509 app check that the obtained public key is valid before we
attempt to use it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Move rsa_st away from public headers.
Add accessor/writer functions for the public RSA data.
Adapt all other source to use the accessors and writers.
Reviewed-by: Matt Caswell <matt@openssl.org>
Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Not all architectures have a time_t defined the same way. To make
sure we get the same result, we need to cast &checkoffset to (intmax_t *)
and make sure that intmax_t is defined somehow.
To make really sure we don't pass a variable with the wrong size down
to opt_imax(), we use a temporary intmax_t.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.
RT#4085
RT#4086
Reviewed-by: Richard Levitte <levitte@openssl.org>
The different apps had the liberty to decide whether they would open their
input and output files in binary mode or not, which could be confusing if
two different apps were handling the same type of file in different ways.
The solution is to centralise the decision of low level file organisation,
and that the apps would use a selection of formats to state the intent of
the file.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Most of all, we needed to sort out which ones are binary and which
ones are text, and make sure they are treated accordingly and
consistently so
Reviewed-by: Tim Hudson <tjh@openssl.org>
There's no reason why we should default to a output format that is
old, and confusing in some cases.
This affects the commands "ca", "crl", "req" and "x509".
Reviewed-by: Rich Salz <rsalz@openssl.org>
When generating a private key, try to make the output file be readable
only by the owner. Put it in CHANGES file since it might be noticeable.
Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key. Checked via assert so that this
bug (security-related) gets fixed. Thanks to Viktor for help in tracing
the code-paths where private keys are written.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Here are the "rules" for handling flags that depend on #ifdef:
- Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd
entries appear at the end; by convention "engine" is last. This
ensures that at run-time, the flag will never be recognized/allowed.
The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
disable it; leave the "case OPT_xxx:" and "break" statements outside
the ifdef/ifndef. See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
for example.
Reviewed-by: Matt Caswell <matt@openssl.org>
The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.
Reviewed-by: Stephen Henson <steve@openssl.org>
Create app_load_config(), a routine to load config file. Remove the
"always load config" from the main app. Change the places that used to
load config to call the new common routine.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The file name given to -CAserial might not exist yet. The
-CAcreateserial option decides if this is ok or not.
Previous to this change, -CAserial was a type '<' option, and in that
case, the existence of the file given as argument is tested quite
early, and is a failure if it doesn't. With the type 's' option, the
argument is just a string that the application can do whatever it
wants with.
Reviewed-by: Rich Salz <rsalz@openssl.org>
After the finale, the "real" final part. :) Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
No point in proceeding if you're out of memory. So change
*all* OPENSSL_malloc calls in apps to use the new routine which
prints a message and exits.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Make setup_engine be a dummy if NO_ENGINE is enabled.
The option is not enabled if NO_ENGINE is enabled, so the one "wasted"
variable just sits there. Removes some variables and code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reduces number of silly casts in OpenSSL code and likely most
applications. Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
Add new extension functions which work with NCONF.
Tidy up extension config routines and remove redundant code.
Fix NCONF_get_number().
Todo: more testing of apps to see they still work...
to go the monolith way (does anyone do that these days?).
NOTE: a few applications are missing in this commit. I've a few more
changes in them that I haven't tested yet.
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.
Also, have our own password callback that we can send both a password
and some prompt info to. The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...
Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves... That's changed too.
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.
Fix typo in uid.c
record-oriented fashion. That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it. This can be very confusing.
The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record. Voila, BIO_f_linebuffer() is born.
Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this. After
the release, this BIO method will be enabled on all other platforms as
well.
This allows intermediate CAs to be created more easily.
PKCS12_create() now checks private key matches certificate.
Fix typo in x509 app.
Update docs.
New function ASN1_STRING_to_UTF8() converts any ASN1_STRING
type to UTF8.
functions. These are intended to be replacements
for the ancient ASN1_STRING_print() and X509_NAME_print()
functions.
The new functions support RFC2253 and various pretty
printing options. It is also possible to display
international characters if the terminal properly handles
UTF8 encoding (Linux seems to tolerate this if the
"unicode_start" script is run).
Still needs to be documented, integrated into other
utilities and extensively tested.
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.