Commit graph

312 commits

Author SHA1 Message Date
Rich Salz
0bc2f36555 Remove obsolete key formats.
Remove support for RSA_NET and Netscape key format (-keyform n).

Also removed documentation of SGC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-16 01:06:48 -04:00
Rich Salz
3b061a00e3 RT2547: Tighten perms on generated privkey files
When generating a private key, try to make the output file be readable
only by the owner.  Put it in CHANGES file since it might be noticeable.

Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key.  Checked via assert so that this
bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
the code-paths where private keys are written.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-06-15 18:26:56 -04:00
Richard Levitte
296f54ee21 Restore module loading
The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-05-29 12:41:50 +02:00
Rich Salz
cc01d21756 RT3876: Only load config when needed
Create app_load_config(), a routine to load config file.  Remove the
"always load config" from the main app.  Change the places that used to
load config to call the new common routine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-28 17:28:33 -04:00
Matt Caswell
e481f9b90b Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:10:51 +01:00
Rich Salz
75ebbd9aa4 Use p==NULL not !p (in if statements, mainly)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-11 10:06:38 -04:00
Rich Salz
86885c2895 Use "==0" instead of "!strcmp" etc
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-06 22:37:53 -04:00
Gunnar Kudrjavets
4c9b0a0314 Initialize potentially uninitialized local variables
Compiling OpenSSL code with MSVC and /W4 results in a number of warnings.
One category of warnings is particularly interesting - C4701 (potentially
uninitialized local variable 'name' used). This warning pretty much means
that there's a code path which results in uninitialized variables being used
or returned. Depending on compiler, its options, OS, values in registers
and/or stack, the results can be nondeterministic. Cases like this are very
hard to debug so it's rational to fix these issues.

This patch contains a set of trivial fixes for all the C4701 warnings (just
initializing variables to 0 or NULL or appropriate error code) to make sure
that deterministic values will be returned from all the execution paths.

RT#3835

Signed-off-by: Matt Caswell <matt@openssl.org>

Matt's note: All of these appear to be bogus warnings, i.e. there isn't
actually a code path where an unitialised variable could be used - its just
that the compiler hasn't been able to figure that out from the logic. So
this commit is just about silencing spurious warnings.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-06 13:06:46 +01:00
Matt Caswell
b1ad95e328 Fix windows build
Fix error in WIN32_rename() introduced by commit b4faea50c3.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-05 22:16:08 +01:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00
Dr. Stephen Henson
bdcb1a2cf5 more OSSL_NELEM cases
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-04 13:03:49 +01:00
Rich Salz
25aaa98aa2 free NULL cleanup -- coda
After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-01 14:37:16 -04:00
Rich Salz
efa7dd6444 free NULL cleanup 11
Don't check for NULL before calling free functions. This gets:
        ERR_STATE_free
        ENGINE_free
        DSO_free
        CMAC_CTX_free
        COMP_CTX_free
        CONF_free
        NCONF_free NCONF_free_data _CONF_free_data
        A sk_free use within OBJ_sigid_free
        TS_TST_INFO_free (rest of TS_ API was okay)
        Doc update for UI_free (all uses were fine)
        X509V3_conf_free
        X509V3_section_free
        X509V3_string_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:15:18 -04:00
Rich Salz
b548a1f11c free null cleanup finale
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Rich Salz
23a1d5e97c free NULL cleanup 7
This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 21:37:06 -04:00
Rich Salz
895cba195a free cleanup 12
Don't check for NULL before calling free function.  This gets:
        NAME_CONSTRAINTS_free GENERAL_SUBTREE_free ECDSA_METHOD_free
        JPAKE_CTX_free OCSP_REQ_CTX_free SCT_free SRP_VBASE_free
        SRP_gN_free SRP_user_pwd_free TXT_DB_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 18:10:52 -04:00
Rich Salz
4b45c6e52b free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Rich Salz
68dc682499 In apps, malloc or die
No point in proceeding if you're out of memory.  So change
*all* OPENSSL_malloc calls in apps to use the new routine which
prints a message and exits.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:48:31 -04:00
Rich Salz
222561fe8e free NULL cleanup 5a
Don't check for NULL before calling a free routine.  This gets X509_.*free:
    x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
    X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
    X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:33:59 -04:00
Rich Salz
2ace745022 free NULL cleanup 8
Do not check for NULL before calling a free routine.  This addresses:
    ASN1_BIT_STRING_free ASN1_GENERALIZEDTIME_free ASN1_INTEGER_free
    ASN1_OBJECT_free ASN1_OCTET_STRING_free ASN1_PCTX_free ASN1_SCTX_free
    ASN1_STRING_clear_free ASN1_STRING_free ASN1_TYPE_free
    ASN1_UTCTIME_free M_ASN1_free_of

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 11:31:07 -04:00
Matt Caswell
a3ed492f58 Fix windows build
The big apps cleanup broke the windows build. This commit
fixes some miscellaneous issues so that it builds again.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 11:35:18 +01:00
Rich Salz
db4c08f019 Rewrite parse_name
Remove need for multiple arrays, parse the X509 name
one RDN at a time.  Thanks to Andy for careful review.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-29 14:50:00 -04:00
Rich Salz
2fa45e6ee7 use isxdigit and apps_tohex
Replace ad-hoc ascii->hex with isxdigit and new app_tohex.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-29 14:15:50 -04:00
Rich Salz
ecf3a1fb18 Remove needless bio_err argument
Many functions had a BIO* parameter, and it was always called
with bio_err.  Remove the param and just use bio_err.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-29 11:27:08 -04:00
Rich Salz
b196e7d936 remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00
Rich Salz
1bb2daead8 Simplify parse_yesno; remove local variable
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-04-26 21:28:38 -04:00
Rich Salz
7e1b748570 Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb24
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 15:26:15 -04:00
Viktor Dukhovni
61986d32f3 Code style: space after 'if'
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-16 13:44:59 -04:00
Rich Salz
e0e920b1a0 free NULL cleanup 9
Ongoing work to skip NULL check before calling free routine.  This gets:
    ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free
    nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free
    PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free
    PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free
    SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free
    ssl_sess_cert_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-04-11 16:32:54 -04:00
Rich Salz
ca3a82c3b3 free NULL cleanup
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25 11:31:18 -04:00
Matt Caswell
918bb86529 Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-05 09:09:57 +00:00
Matt Caswell
25690b7f5f Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25 09:15:02 +00:00
Emilia Kasper
0923e7df9e Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-10 15:35:20 +01:00
Rich Salz
68b00c2372 ifdef cleanup part 3: OPENSSL_SYSNAME
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
Remove MS_STATIC; it's a relic from platforms <32 bits.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 11:58:26 -05:00
Rich Salz
27c7609cf8 ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF
Use setbuf(fp, NULL) instead of setvbuf().  This removes some
ifdef complexity because all of our platforms support setbuf.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-22 12:57:29 -05:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
68d39f3ce6 Move more comments that confuse indent
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Rich Salz
6d23cf9744 RT3548: Remove unsupported platforms
This last one for this ticket.  Removes WIN16.
So long, MS_CALLBACK and MS_FAR.  We won't miss you.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 17:30:54 -05:00
Matt Caswell
3a83462dfe Further comment amendments to preserve formatting prior to source reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Viktor Dukhovni
297c67fcd8 Update API to use (char *) for email addresses and hostnames
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
2014-07-07 19:11:38 +10:00
Viktor Dukhovni
ced3d9158a Set optional peername when X509_check_host() succeeds.
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
2014-07-06 01:50:50 +10:00
Dr. Stephen Henson
d2aea03829 Memory leak and NULL dereference fixes.
PR#3403
2014-06-27 14:35:07 +01:00
Martin Kaiser
189ae368d9 Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
Dr. Stephen Henson
7ba08a4d73 Use correct length when prompting for password.
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
2014-04-04 12:44:43 +01:00
Dr. Stephen Henson
a4cc3c8041 Avoid Windows 8 Getversion deprecated errors.
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
2014-02-25 13:40:33 +00:00
Piotr Sikora
2911575c6e Fix compilation with no-nextprotoneg.
PR#3106
2013-11-14 01:20:12 +00:00
Andy Polyakov
a006fef78e Improve WINCE support.
Submitted by: Pierre Delaage
2013-01-19 21:23:13 +01:00
Dr. Stephen Henson
b252cf0d98 make JPAKE work again, fix memory leaks 2012-12-29 23:38:20 +00:00
Dr. Stephen Henson
51e7a4378a New verify flag to return success if we have any certificate in the
trusted store instead of the default which is to return an error if
we can't build the complete chain.
2012-12-13 18:14:46 +00:00
Dr. Stephen Henson
0090a686c0 Add code to download CRLs based on CRLDP extension.
Just a sample, real world applications would have to be cleverer.
2012-12-06 18:43:40 +00:00
Dr. Stephen Henson
3bf15e2974 Integrate host, email and IP address checks into X509_verify.
Add new verify options to set checks.

Remove previous -check* commands from s_client and s_server.
2012-12-05 18:35:20 +00:00
Dr. Stephen Henson
b6b094fb77 check mval for NULL too 2012-12-04 17:25:34 +00:00
Dr. Stephen Henson
0db46a7dd7 fix leak 2012-12-03 16:32:52 +00:00
Dr. Stephen Henson
fdb78f3d88 New option to add CRLs for s_client and s_server. 2012-12-02 16:16:28 +00:00
Dr. Stephen Henson
95ea531864 add option to get a certificate or CRL from a URL 2012-12-02 14:00:22 +00:00
Dr. Stephen Henson
a70da5b3ec New functions to check a hostname email or IP address against a
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
2012-10-08 15:10:07 +00:00
Dr. Stephen Henson
3ad344a517 add suite B chain validation flags and associated verify errors 2012-08-03 13:51:43 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
fc7dae5229 PR: 2717
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
2012-02-11 23:41:19 +00:00
Dr. Stephen Henson
3770b988c0 PR: 2710
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.
2012-02-10 19:54:54 +00:00
Dr. Stephen Henson
16363c0165 implement -attime option as a verify parameter then it works with all relevant applications 2011-12-10 00:37:22 +00:00
Richard Levitte
537c982306 After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS
submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 10:58:14 +00:00
Dr. Stephen Henson
838ea7f824 PR: 2366
Submitted by: Damien Miller <djm@mindrot.org>
Reviewed by: steve

Stop pkeyutl crashing if some arguments are missing. Also make str2fmt
tolerate NULL parameter.
2010-11-11 14:42:50 +00:00
Ben Laurie
bf48836c7c Fixes to NPN from Adam Langley. 2010-09-05 17:14:01 +00:00
Ben Laurie
ee2ffc2794 Add Next Protocol Negotiation. 2010-07-28 10:06:55 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
4e96633ac7 PR: 2262
Submitted By: Victor Wagner <vitus@cryptocom.ru>

Fix error reporting in load_key function.
2010-05-27 14:09:03 +00:00
Dr. Stephen Henson
00a37b5a9b PR: 2220
Fixes to make OpenSSL compile with no-rc4
2010-04-06 11:18:59 +00:00
Dr. Stephen Henson
db28aa86e0 add -trusted_first option and verify flag 2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
04e4b82726 allow setting of verify names in command line utilities and print out verify names in verify utility 2010-02-25 00:11:32 +00:00
Dr. Stephen Henson
245d2ee3d0 Add option to allow in-band CRL loading in verify utility. Add function
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
2009-10-31 13:33:57 +00:00
Dr. Stephen Henson
c869da8839 Update from 1.0.0-stable 2009-07-27 21:10:00 +00:00
Dr. Stephen Henson
9a5faeaa42 Allow setting of verify depth in verify parameters (as opposed to the depth
implemented using the verify callback).
2009-06-29 16:09:37 +00:00
Dr. Stephen Henson
f3be6c7b7d Update from 1.0.0-stable. 2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
eddee61671 PR: 1956
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Netware doesn't have strings.h
2009-06-17 11:32:59 +00:00
Dr. Stephen Henson
83d8fa7dd1 Update from stable branch. 2009-05-13 11:32:46 +00:00
Dr. Stephen Henson
d4f0339c66 Update from 1.0.0-stable. 2009-04-26 22:18:22 +00:00
Dr. Stephen Henson
06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
617298dca3 Update from stable branch. 2009-03-12 17:10:26 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed
not used.
2008-11-02 12:50:48 +00:00
Dr. Stephen Henson
e9eda23ae6 Fix warnings and various issues.
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
2008-10-27 12:02:52 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate
and CRL signing keys.
2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension.
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates.
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
dd043cd501 Stop const mismatch warning in VC++. 2008-05-31 18:55:23 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
44a877aa88 Fix incorrect return value in apps/apps.c:parse_yesno()
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
2008-04-17 14:15:27 +00:00
Geoff Thorpe
7e8481afd1 Fix a nasty cast issue that my compiler was choking on. 2008-03-16 20:57:12 +00:00
Dr. Stephen Henson
52108cecc0 <strings.h> does not exist under WIN32. 2008-01-14 18:10:55 +00:00
Ben Laurie
f12797a447 Missing headers. 2008-01-12 11:22:31 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support.
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Ben Laurie
e28eddc51f Typo? Why did this work, anyway? 2007-09-08 15:58:51 +00:00
Dr. Stephen Henson
1bd06bd0c4 In interactive mode only config OpenSSL once. 2006-05-12 17:11:58 +00:00
Ulf Möller
fb05e1cdf6 declare as in prototype
Submitted by: Gisle Vanem
2006-04-12 19:24:45 +00:00
Dr. Stephen Henson
4a3dc3c0e3 Add RSA ctrl for padding mode, add ctrl support in pkeyutl. 2006-04-09 12:42:09 +00:00
Dr. Stephen Henson
a2318e86bd Fix typo. Add EVP_PKEY_CTX control function for later use by command line
utilities.
2006-04-09 00:34:00 +00:00
Dr. Stephen Henson
a9164153d1 Reformat pkeyutl.c, add support for verify operation but nothing actually
supports it (yet).
2006-04-08 22:25:47 +00:00
Nils Larsch
67b6f1ca88 fix problems found by coverity: remove useless code 2006-03-15 17:45:43 +00:00
Richard Levitte
a53cb070e3 When using POSIXly functions, we need to define _POSIX_C_SOURCE, at
least when the source is compiled with ANSI settings.
2005-11-27 15:32:57 +00:00
Andy Polyakov
eed22ac4ac Eliminate VC compiler warning. 2005-11-06 21:11:41 +00:00
Andy Polyakov
9135fddb0e Revive app_tminterval for Netware. 2005-11-06 17:11:04 +00:00
Andy Polyakov
d88fcf73f1 Revive app_tminterval for vxworks. 2005-11-06 16:55:44 +00:00
Andy Polyakov
a950f28762 Revive app_tminterval for VMS. 2005-11-06 16:16:38 +00:00
Andy Polyakov
e22f63f231 The typos never stop. Fix one in apps/apps.c. 2005-11-06 12:15:12 +00:00
Andy Polyakov
f530138876 Fix newly introduced typos and warnings in ./apps. 2005-11-06 11:58:22 +00:00
Andy Polyakov
0a39d8f207 Collect timing procedures in apps/apps.c. It's a bit cruel patch, as it
temporarily[!] removes support for couple of esoteric platforms [well,
Netware, vxWorks and VMS].
2005-11-06 11:40:59 +00:00
Andy Polyakov
a1ad253f17 Eliminate remaining calls to stat in apps/apps.c and unify WIN32_rename for
all Windows targets.
2005-11-04 16:12:05 +00:00
Andy Polyakov
ffa101872f Eliminate dependency on read/write/stat in apps under _WIN32. 2005-11-04 09:30:55 +00:00
Andy Polyakov
eff7cb41d1 Disable BIO_s_fd on CE and disable fd:N as password passing option on
all _WIN32 [see commentary for clarification].
2005-11-03 15:31:28 +00:00
Dr. Stephen Henson
a0156a926f Integrated support for PVK files. 2005-08-31 16:37:54 +00:00
Dr. Stephen Henson
eea374fd19 Command line support for RSAPublicKey format. 2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585 Remove ASN1_METHOD code replace with new ASN1 alternative. 2005-08-20 18:12:45 +00:00
Nils Larsch
3eeaab4bed make
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159
2005-07-16 12:37:36 +00:00
Nils Larsch
9e1a112336 initialize newly allocated data
PR: 1145
2005-07-01 16:08:14 +00:00
Andy Polyakov
53bb3bee34 Fix typos in apps/apps.c 2005-06-27 15:56:53 +00:00
Dr. Stephen Henson
f68854b4c3 Various Win32 and other fixes for warnings and compilation errors.
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
2005-04-19 00:12:36 +00:00
Nils Larsch
ff990440ee const fixes 2005-04-15 18:29:33 +00:00
Nils Larsch
7d727231b7 some const fixes 2005-04-05 19:11:19 +00:00
Andy Polyakov
3ffb8d42bc Remove naming conflict between variable and label. 2004-12-30 11:10:11 +00:00
Dr. Stephen Henson
e90faddaf8 Prompt for passphrases for PKCS12 input format 2004-12-29 01:07:14 +00:00
Dr. Stephen Henson
151368ccba PR: 940
Typo: use prompt_info, not cb_data->prompt_info.
2004-11-14 15:40:00 +00:00
Dr. Stephen Henson
c431798e82 Reformat smime utility.
Add support for policy checking in verify utility.
2004-09-07 18:38:46 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality.
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00
Geoff Thorpe
f0eae953e2 Remove some unnecessary recursive includes from the internal apps.h header,
and include bn.h in those C files that need bignum functionality.
2004-05-17 19:05:32 +00:00
Dr. Stephen Henson
64674bcc8c Reduce chances of issuer and serial number duplication by use of random
initial serial numbers.

PR: 842
2004-04-20 12:05:26 +00:00
Geoff Thorpe
823a67b0a9 header cleanup in apps/ 2004-04-19 18:13:07 +00:00
Richard Levitte
d530017c00 Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853
2004-03-25 20:09:00 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Richard Levitte
03ddbdd9b9 Move another common functionality (reproduced so far with cut'n'paste)
to apps.c, and give it the hopefully descriptive name parse_yesno().
2003-11-28 14:45:09 +00:00
Richard Levitte
6d5ffb591b Move do_subject() to apps.c and rename it to parse_name(). The
rationale behind the move is that it's use by several applications.
The rationale behind the name change is that it describes what the
function does a bit better.
2003-11-28 14:07:14 +00:00
Richard Levitte
4d8743f490 Netware-specific changes,
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Lutz Jänicke
f35232e6f3 Catch error condition to prevent NULL pointer dereference.
Submitted by: Goetz Babin-Ebell <babin-ebell@trustcenter.de>

PR: #766
2003-11-16 16:30:39 +00:00
Richard Levitte
e6fa67fa93 Generalise the definition of strcasecmp() and strncasecmp() for
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
2003-09-09 14:48:36 +00:00
Richard Levitte
4c771796d5 Convert save_serial() to work like save_index(), and add a
rotate_serial() that works like rotate_index().
2003-04-04 15:10:35 +00:00
Richard Levitte
83b23ed967 One more debug line to conditionalise. 2003-04-03 23:01:20 +00:00
Richard Levitte
db598fbce2 Don't try to free NULL values... 2003-04-03 20:03:23 +00:00
Richard Levitte
63b6fe2bf6 Conditionalise all debug strings. 2003-04-03 18:07:39 +00:00
Richard Levitte
f85b68cd49 Make it possible to have multiple active certificates with the same
subject.
2003-04-03 16:33:03 +00:00
Ulf Möller
66ecdf3bfb more mingw related cleanups. 2003-02-22 18:00:14 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
d652a0957f Make sure toupper() is declared 2002-10-25 09:51:45 +00:00