openssl ca: avoid double free for spkac files without default section

ok jsing

Zap a useless comment followed by a stray semicolon

Noticed by Christian Andersen

Kill last user of ASN1_time_parse() in the tree

ASN1_time_parse() was useful while OpenSSL didn't have something sort of
equivalent, but now they do. Let's retire ASN1_time_parse() to internal.
This will require some patching in ports, but shrug.

ok beck

Teach openssl ca about Ed25519 certificates

This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null()
as required by the API. This way ASN1_item_sign() now knows how to behave.

"ok = (rv == 2);" beck

Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.

Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

Stop setting enc.modified manually. It's no longer needed.

Remove unused variable tmptm in do_body of openssl(1) ca

Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

Use defined constants

Move subject check process after the subject edit process

Referred to OpenSSL commit 2cedf794 and arranged for our codebase.

ok tb@

Clean up end of do_body in openssl(1) ca

suggested from tb@

Remove NULL check before free in openssl(1) ca

ok tb@

Check X509_get_notAfter return value in openssl(1) ca.c

Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.c

suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().

Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err path

comments from tb@

Unwrap lines in openssl(1) ca.c

suggested from tb@

Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@

Checking the return value in openssl(1) ca.c

Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.

ok and comments from tb@

Compare strcmp and strcasecmp return value with zero

Check pointer variable if it is NULL in ca.c

missed with r1.32

Wrap over 80 long lines in ca.c

Explicitly check pointer variable if it is NULL or not in ca.c

Remove space between '*' and pointer variable in ca.c

Use 'serial' rather than 'ser' in ca.c

input from jsing@

Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@

Remove a redundant memset call.

snprintf/vsnprintf return < 0 on error, rather than -1.

Indent labels with a single space so that diff prototypes are more useful.

simplify startdate/enddate validation
ok jsing@

Fix the ca command so that certs it generates have RFC5280 conformant time.
Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>

rearrange pledge promises into the canonical order; easier to eyeball

We don't need any VMS access tricks.
ok beck tedu

buf[][] with strange use all over the place is ridiculous, especially
if buf[1] is never used.
ok guenther beck

more e-mail -> email

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

add a couple of missing NULL checks

noted by Bill Parker (dogbert2) on github

remove vestigial bits of sha-0 and md2 from openssl(1)

Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)

OK guenther@ jmc@

Nuke SSLEAY_CONF -- a backwards compatibility environment variable that
has been superseded by OPENSSL_CONF and discouraged from use for almost
16 years.

"Definately ok" jsing@
"burn it" deraadt@
"Kill it with fire" miod@
"KILL IT WITH FIRE!!! BURN!!!!" beck@

fix unchecked mallocs - coverity 130454 and 130455
ok jsing@

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Remove unused defines. No binary change.

ok deraadt@ miod@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Revert ca.c r1.7 - BN_to_ASN1_INTEGER() only allocates an ASN.1 integer
when it is not passed a reference to one. In this case, it is passed a
reference to an ASN.1 integer that is part of the X509 ASN.1 data
structure. Freeing this causes bad things to happen, since it is used and
then freed later on.

Found the hard way by kinichiro inoguchi.

Free memory when finished.

Fixes coverity 78835.

ok bcook@

Remove effectively unused variable.

Fixes Coverity issue 21693.

ok beck@ bcook@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

Modify BSIZE to BUFLEN to avoid redefinition on HP-UX.

HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.

from kinichiro <kinichiro.inoguchi@gmail.com>

ok miod@, jsing@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Zap a useless comment followed by a stray semicolon

Noticed by Christian Andersen

Kill last user of ASN1_time_parse() in the tree

ASN1_time_parse() was useful while OpenSSL didn't have something sort of
equivalent, but now they do. Let's retire ASN1_time_parse() to internal.
This will require some patching in ports, but shrug.

ok beck

Teach openssl ca about Ed25519 certificates

This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null()
as required by the API. This way ASN1_item_sign() now knows how to behave.

"ok = (rv == 2);" beck

Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.

Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

Stop setting enc.modified manually. It's no longer needed.

Remove unused variable tmptm in do_body of openssl(1) ca

Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

Use defined constants

Move subject check process after the subject edit process

Referred to OpenSSL commit 2cedf794 and arranged for our codebase.

ok tb@

Clean up end of do_body in openssl(1) ca

suggested from tb@

Remove NULL check before free in openssl(1) ca

ok tb@

Check X509_get_notAfter return value in openssl(1) ca.c

Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.c

suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().

Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err path

comments from tb@

Unwrap lines in openssl(1) ca.c

suggested from tb@

Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@

Checking the return value in openssl(1) ca.c

Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.

ok and comments from tb@

Compare strcmp and strcasecmp return value with zero

Check pointer variable if it is NULL in ca.c

missed with r1.32

Wrap over 80 long lines in ca.c

Explicitly check pointer variable if it is NULL or not in ca.c

Remove space between '*' and pointer variable in ca.c

Use 'serial' rather than 'ser' in ca.c

input from jsing@

Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@

Remove a redundant memset call.

snprintf/vsnprintf return < 0 on error, rather than -1.

Indent labels with a single space so that diff prototypes are more useful.

simplify startdate/enddate validation
ok jsing@

Fix the ca command so that certs it generates have RFC5280 conformant time.
Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>

rearrange pledge promises into the canonical order; easier to eyeball

We don't need any VMS access tricks.
ok beck tedu

buf[][] with strange use all over the place is ridiculous, especially
if buf[1] is never used.
ok guenther beck

more e-mail -> email

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

add a couple of missing NULL checks

noted by Bill Parker (dogbert2) on github

remove vestigial bits of sha-0 and md2 from openssl(1)

Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)

OK guenther@ jmc@

Nuke SSLEAY_CONF -- a backwards compatibility environment variable that
has been superseded by OPENSSL_CONF and discouraged from use for almost
16 years.

"Definately ok" jsing@
"burn it" deraadt@
"Kill it with fire" miod@
"KILL IT WITH FIRE!!! BURN!!!!" beck@

fix unchecked mallocs - coverity 130454 and 130455
ok jsing@

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Remove unused defines. No binary change.

ok deraadt@ miod@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Revert ca.c r1.7 - BN_to_ASN1_INTEGER() only allocates an ASN.1 integer
when it is not passed a reference to one. In this case, it is passed a
reference to an ASN.1 integer that is part of the X509 ASN.1 data
structure. Freeing this causes bad things to happen, since it is used and
then freed later on.

Found the hard way by kinichiro inoguchi.

Free memory when finished.

Fixes coverity 78835.

ok bcook@

Remove effectively unused variable.

Fixes Coverity issue 21693.

ok beck@ bcook@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

Modify BSIZE to BUFLEN to avoid redefinition on HP-UX.

HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.

from kinichiro <kinichiro.inoguchi@gmail.com>

ok miod@, jsing@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Kill last user of ASN1_time_parse() in the tree

ASN1_time_parse() was useful while OpenSSL didn't have something sort of
equivalent, but now they do. Let's retire ASN1_time_parse() to internal.
This will require some patching in ports, but shrug.

ok beck

Teach openssl ca about Ed25519 certificates

This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null()
as required by the API. This way ASN1_item_sign() now knows how to behave.

"ok = (rv == 2);" beck

Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.

Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

Stop setting enc.modified manually. It's no longer needed.

Remove unused variable tmptm in do_body of openssl(1) ca

Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

Use defined constants

Move subject check process after the subject edit process

Referred to OpenSSL commit 2cedf794 and arranged for our codebase.

ok tb@

Clean up end of do_body in openssl(1) ca

suggested from tb@

Remove NULL check before free in openssl(1) ca

ok tb@

Check X509_get_notAfter return value in openssl(1) ca.c

Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.c

suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().

Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err path

comments from tb@

Unwrap lines in openssl(1) ca.c

suggested from tb@

Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@

Checking the return value in openssl(1) ca.c

Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.

ok and comments from tb@

Compare strcmp and strcasecmp return value with zero

Check pointer variable if it is NULL in ca.c

missed with r1.32

Wrap over 80 long lines in ca.c

Explicitly check pointer variable if it is NULL or not in ca.c

Remove space between '*' and pointer variable in ca.c

Use 'serial' rather than 'ser' in ca.c

input from jsing@

Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@

Remove a redundant memset call.

snprintf/vsnprintf return < 0 on error, rather than -1.

Indent labels with a single space so that diff prototypes are more useful.

simplify startdate/enddate validation
ok jsing@

Fix the ca command so that certs it generates have RFC5280 conformant time.
Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>

rearrange pledge promises into the canonical order; easier to eyeball

We don't need any VMS access tricks.
ok beck tedu

buf[][] with strange use all over the place is ridiculous, especially
if buf[1] is never used.
ok guenther beck

more e-mail -> email

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

add a couple of missing NULL checks

noted by Bill Parker (dogbert2) on github

remove vestigial bits of sha-0 and md2 from openssl(1)

Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)

OK guenther@ jmc@

Nuke SSLEAY_CONF -- a backwards compatibility environment variable that
has been superseded by OPENSSL_CONF and discouraged from use for almost
16 years.

"Definately ok" jsing@
"burn it" deraadt@
"Kill it with fire" miod@
"KILL IT WITH FIRE!!! BURN!!!!" beck@

fix unchecked mallocs - coverity 130454 and 130455
ok jsing@

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Remove unused defines. No binary change.

ok deraadt@ miod@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Revert ca.c r1.7 - BN_to_ASN1_INTEGER() only allocates an ASN.1 integer
when it is not passed a reference to one. In this case, it is passed a
reference to an ASN.1 integer that is part of the X509 ASN.1 data
structure. Freeing this causes bad things to happen, since it is used and
then freed later on.

Found the hard way by kinichiro inoguchi.

Free memory when finished.

Fixes coverity 78835.

ok bcook@

Remove effectively unused variable.

Fixes Coverity issue 21693.

ok beck@ bcook@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

Modify BSIZE to BUFLEN to avoid redefinition on HP-UX.

HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.

from kinichiro <kinichiro.inoguchi@gmail.com>

ok miod@, jsing@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Teach openssl ca about Ed25519 certificates

This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null()
as required by the API. This way ASN1_item_sign() now knows how to behave.

"ok = (rv == 2);" beck

Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.

Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

Stop setting enc.modified manually. It's no longer needed.

Remove unused variable tmptm in do_body of openssl(1) ca

Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

Use defined constants

Move subject check process after the subject edit process

Referred to OpenSSL commit 2cedf794 and arranged for our codebase.

ok tb@

Clean up end of do_body in openssl(1) ca

suggested from tb@

Remove NULL check before free in openssl(1) ca

ok tb@

Check X509_get_notAfter return value in openssl(1) ca.c

Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.c

suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().

Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err path

comments from tb@

Unwrap lines in openssl(1) ca.c

suggested from tb@

Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@

Checking the return value in openssl(1) ca.c

Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.

ok and comments from tb@

Compare strcmp and strcasecmp return value with zero

Check pointer variable if it is NULL in ca.c

missed with r1.32

Wrap over 80 long lines in ca.c

Explicitly check pointer variable if it is NULL or not in ca.c

Remove space between '*' and pointer variable in ca.c

Use 'serial' rather than 'ser' in ca.c

input from jsing@

Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@

Remove a redundant memset call.

snprintf/vsnprintf return < 0 on error, rather than -1.

Indent labels with a single space so that diff prototypes are more useful.

simplify startdate/enddate validation
ok jsing@

Fix the ca command so that certs it generates have RFC5280 conformant time.
Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>

rearrange pledge promises into the canonical order; easier to eyeball

We don't need any VMS access tricks.
ok beck tedu

buf[][] with strange use all over the place is ridiculous, especially
if buf[1] is never used.
ok guenther beck

more e-mail -> email

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

add a couple of missing NULL checks

noted by Bill Parker (dogbert2) on github

remove vestigial bits of sha-0 and md2 from openssl(1)

Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)

OK guenther@ jmc@

Nuke SSLEAY_CONF -- a backwards compatibility environment variable that
has been superseded by OPENSSL_CONF and discouraged from use for almost
16 years.

"Definately ok" jsing@
"burn it" deraadt@
"Kill it with fire" miod@
"KILL IT WITH FIRE!!! BURN!!!!" beck@

fix unchecked mallocs - coverity 130454 and 130455
ok jsing@

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Remove unused defines. No binary change.

ok deraadt@ miod@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Revert ca.c r1.7 - BN_to_ASN1_INTEGER() only allocates an ASN.1 integer
when it is not passed a reference to one. In this case, it is passed a
reference to an ASN.1 integer that is part of the X509 ASN.1 data
structure. Freeing this causes bad things to happen, since it is used and
then freed later on.

Found the hard way by kinichiro inoguchi.

Free memory when finished.

Fixes coverity 78835.

ok bcook@

Remove effectively unused variable.

Fixes Coverity issue 21693.

ok beck@ bcook@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

Modify BSIZE to BUFLEN to avoid redefinition on HP-UX.

HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.

from kinichiro <kinichiro.inoguchi@gmail.com>

ok miod@, jsing@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.

Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

Stop setting enc.modified manually. It's no longer needed.

Remove unused variable tmptm in do_body of openssl(1) ca

Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

Use defined constants

Move subject check process after the subject edit process

Referred to OpenSSL commit 2cedf794 and arranged for our codebase.

ok tb@

Clean up end of do_body in openssl(1) ca

suggested from tb@

Remove NULL check before free in openssl(1) ca

ok tb@

Check X509_get_notAfter return value in openssl(1) ca.c

Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.c

suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().

Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err path

comments from tb@

Unwrap lines in openssl(1) ca.c

suggested from tb@

Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@

Checking the return value in openssl(1) ca.c

Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.

ok and comments from tb@

Compare strcmp and strcasecmp return value with zero

Check pointer variable if it is NULL in ca.c

missed with r1.32

Wrap over 80 long lines in ca.c

Explicitly check pointer variable if it is NULL or not in ca.c

Remove space between '*' and pointer variable in ca.c

Use 'serial' rather than 'ser' in ca.c

input from jsing@

Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@

Remove a redundant memset call.

snprintf/vsnprintf return < 0 on error, rather than -1.

Indent labels with a single space so that diff prototypes are more useful.

simplify startdate/enddate validation
ok jsing@

Fix the ca command so that certs it generates have RFC5280 conformant time.
Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>

rearrange pledge promises into the canonical order; easier to eyeball

We don't need any VMS access tricks.
ok beck tedu

buf[][] with strange use all over the place is ridiculous, especially
if buf[1] is never used.
ok guenther beck

more e-mail -> email

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

add a couple of missing NULL checks

noted by Bill Parker (dogbert2) on github

remove vestigial bits of sha-0 and md2 from openssl(1)

Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)

OK guenther@ jmc@

Nuke SSLEAY_CONF -- a backwards compatibility environment variable that
has been superseded by OPENSSL_CONF and discouraged from use for almost
16 years.

"Definately ok" jsing@
"burn it" deraadt@
"Kill it with fire" miod@
"KILL IT WITH FIRE!!! BURN!!!!" beck@

fix unchecked mallocs - coverity 130454 and 130455
ok jsing@

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Remove unused defines. No binary change.

ok deraadt@ miod@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Revert ca.c r1.7 - BN_to_ASN1_INTEGER() only allocates an ASN.1 integer
when it is not passed a reference to one. In this case, it is passed a
reference to an ASN.1 integer that is part of the X509 ASN.1 data
structure. Freeing this causes bad things to happen, since it is used and
then freed later on.

Found the hard way by kinichiro inoguchi.

Free memory when finished.

Fixes coverity 78835.

ok bcook@

Remove effectively unused variable.

Fixes Coverity issue 21693.

ok beck@ bcook@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

Modify BSIZE to BUFLEN to avoid redefinition on HP-UX.

HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.

from kinichiro <kinichiro.inoguchi@gmail.com>

ok miod@, jsing@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.

Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

Stop setting enc.modified manually. It's no longer needed.

Remove unused variable tmptm in do_body of openssl(1) ca

Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

Use defined constants

Move subject check process after the subject edit process

Referred to OpenSSL commit 2cedf794 and arranged for our codebase.

ok tb@

Clean up end of do_body in openssl(1) ca

suggested from tb@

Remove NULL check before free in openssl(1) ca

ok tb@

Check X509_get_notAfter return value in openssl(1) ca.c

Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.c

suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().

Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err path

comments from tb@

Unwrap lines in openssl(1) ca.c

suggested from tb@

Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@

Checking the return value in openssl(1) ca.c

Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.

ok and comments from tb@

Compare strcmp and strcasecmp return value with zero

Check pointer variable if it is NULL in ca.c

missed with r1.32

Wrap over 80 long lines in ca.c

Explicitly check pointer variable if it is NULL or not in ca.c

Remove space between '*' and pointer variable in ca.c

Use 'serial' rather than 'ser' in ca.c

input from jsing@

Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@

Remove a redundant memset call.

snprintf/vsnprintf return < 0 on error, rather than -1.

Indent labels with a single space so that diff prototypes are more useful.

simplify startdate/enddate validation
ok jsing@

Fix the ca command so that certs it generates have RFC5280 conformant time.
Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>

rearrange pledge promises into the canonical order; easier to eyeball

We don't need any VMS access tricks.
ok beck tedu

buf[][] with strange use all over the place is ridiculous, especially
if buf[1] is never used.
ok guenther beck

more e-mail -> email

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

add a couple of missing NULL checks

noted by Bill Parker (dogbert2) on github

remove vestigial bits of sha-0 and md2 from openssl(1)

Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)

OK guenther@ jmc@

Nuke SSLEAY_CONF -- a backwards compatibility environment variable that
has been superseded by OPENSSL_CONF and discouraged from use for almost
16 years.

"Definately ok" jsing@
"burn it" deraadt@
"Kill it with fire" miod@
"KILL IT WITH FIRE!!! BURN!!!!" beck@

fix unchecked mallocs - coverity 130454 and 130455
ok jsing@

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Remove unused defines. No binary change.

ok deraadt@ miod@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Revert ca.c r1.7 - BN_to_ASN1_INTEGER() only allocates an ASN.1 integer
when it is not passed a reference to one. In this case, it is passed a
reference to an ASN.1 integer that is part of the X509 ASN.1 data
structure. Freeing this causes bad things to happen, since it is used and
then freed later on.

Found the hard way by kinichiro inoguchi.

Free memory when finished.

Fixes coverity 78835.

ok bcook@

Remove effectively unused variable.

Fixes Coverity issue 21693.

ok beck@ bcook@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

Modify BSIZE to BUFLEN to avoid redefinition on HP-UX.

HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.

from kinichiro <kinichiro.inoguchi@gmail.com>

ok miod@, jsing@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Use X509_*get0_pubkey() wherever possible to simplify and clean up
the code. Also add error checking where possible.

ok jsing

Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.

Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

Stop setting enc.modified manually. It's no longer needed.

Remove unused variable tmptm in do_body of openssl(1) ca

Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

Use defined constants

Move subject check process after the subject edit process

Referred to OpenSSL commit 2cedf794 and arranged for our codebase.

ok tb@

Clean up end of do_body in openssl(1) ca

suggested from tb@

Remove NULL check before free in openssl(1) ca

ok tb@

Check X509_get_notAfter return value in openssl(1) ca.c

Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.c

suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().

Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err path

comments from tb@

Unwrap lines in openssl(1) ca.c

suggested from tb@

Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@

Checking the return value in openssl(1) ca.c

Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.

ok and comments from tb@

Compare strcmp and strcasecmp return value with zero

Check pointer variable if it is NULL in ca.c

missed with r1.32

Wrap over 80 long lines in ca.c

Explicitly check pointer variable if it is NULL or not in ca.c

Remove space between '*' and pointer variable in ca.c

Use 'serial' rather than 'ser' in ca.c

input from jsing@

Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@

Remove a redundant memset call.

snprintf/vsnprintf return < 0 on error, rather than -1.

Indent labels with a single space so that diff prototypes are more useful.

simplify startdate/enddate validation
ok jsing@

Fix the ca command so that certs it generates have RFC5280 conformant time.
Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>

rearrange pledge promises into the canonical order; easier to eyeball

We don't need any VMS access tricks.
ok beck tedu

buf[][] with strange use all over the place is ridiculous, especially
if buf[1] is never used.
ok guenther beck

more e-mail -> email

Exit if a pledge call fails in non-interactive mode.

ok semarie@

add "tty" for several subcommands of openssl

it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.

passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).

problem reported by several
with and ok doug@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

add a couple of missing NULL checks

noted by Bill Parker (dogbert2) on github

remove vestigial bits of sha-0 and md2 from openssl(1)

Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)

OK guenther@ jmc@

Nuke SSLEAY_CONF -- a backwards compatibility environment variable that
has been superseded by OPENSSL_CONF and discouraged from use for almost
16 years.

"Definately ok" jsing@
"burn it" deraadt@
"Kill it with fire" miod@
"KILL IT WITH FIRE!!! BURN!!!!" beck@

fix unchecked mallocs - coverity 130454 and 130455
ok jsing@

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Correct spelling of OPENSSL_cleanse.

Remove unused defines. No binary change.

ok deraadt@ miod@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Revert ca.c r1.7 - BN_to_ASN1_INTEGER() only allocates an ASN.1 integer
when it is not passed a reference to one. In this case, it is passed a
reference to an ASN.1 integer that is part of the X509 ASN.1 data
structure. Freeing this causes bad things to happen, since it is used and
then freed later on.

Found the hard way by kinichiro inoguchi.

Free memory when finished.

Fixes coverity 78835.

ok bcook@

Remove effectively unused variable.

Fixes Coverity issue 21693.

ok beck@ bcook@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

Modify BSIZE to BUFLEN to avoid redefinition on HP-UX.

HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.

from kinichiro <kinichiro.inoguchi@gmail.com>

ok miod@, jsing@

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.

Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

Stop setting enc.modified manually. It's no longer needed.

Remove unused variable tmptm in do_body of openssl(1) ca

Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

Use defined constants

Move subject check process after the subject edit process

Referred to OpenSSL commit 2cedf794 and arranged for our codebase.

ok tb@

Clean up end of do_body in openssl(1) ca

suggested from tb@

Remove NULL check before free in openssl(1) ca

ok tb@

Check X509_get_notAfter return value in openssl(1) ca.c

Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.c

suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().

Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err path

comments from tb@

Unwrap lines in openssl(1) ca.c

suggested from tb@

Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@

Checking the return value in openssl(1) ca.c

Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.

ok and comments from tb@

Compare strcmp and strcasecmp return value with zero

Check pointer variable if it is NULL in ca.c

missed with r1.32

Wrap over 80 long lines in ca.c

Explicitly check pointer variable if it is NULL or not in ca.c

Remove space between '*' and pointer variable in ca.c

Use 'serial' rather than 'ser' in ca.c

input from jsing@

Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@

Remove a redundant memset call.

snprintf/vsnprintf return < 0 on error, rather than -1.

Indent labels with a single space so that diff prototypes are more useful.

simplify startdate/enddate validation
ok jsing@

Fix the ca command so that certs it generates have RFC5280 conformant time.
Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>

rearrange pledge promises into the canonical order; easier to eyeball

We don't need any VMS access tricks.
ok beck tedu