Constify char* input parameters in apps code

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Constify X509_get0_signature()

Reviewed-by: Richard Levitte <levitte@openssl.org>

Corrupt signature in place.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Corrupt signature earlier.

If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.

Reviewed-by: Rich Salz <rs

Corrupt signature earlier.

If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().

Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant poin

Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().

Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

RT3136: Remove space after issuer/subject

Reviewed-by: Richard Levitte <levitte@openssl.org>

Deal with the consequences of constifying getters

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

Constify X509_TRUST_add method.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)

Ensure an ASN1_OBJECT is freed in error paths

Reviewed-by: Richard Levitte <levitte@openssl.org>

Check that the obtained public key is valid

In the X509 app check that the obtained public key is valid before we
attempt to use it.

Issue reported by Yuan Jochen Kang.

Check that the obtained public key is valid

In the X509 app check that the obtained public key is valid before we
attempt to use it.

Issue reported by Yuan Jochen Kang.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

show more ...

Copyright consolidation 01/10

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

GH932: Add more help messages to some apps options.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

Fix some code maintenance issues

Various instances of variables being written to, but then never read.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Make many X509_xxx types opaque.

Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX

Reviewed-by: Rich

Make many X509_xxx types opaque.

Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

show more ...

Deprecate OBJ_cleanup() and make it a no-op

OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@ope

Deprecate OBJ_cleanup() and make it a no-op

OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Make the RSA structure opaque

Move rsa_st away from public headers.
Add accessor/writer functions for the public RSA data.
Adapt all other source to use the accessors and writers.

Make the RSA structure opaque

Move rsa_st away from public headers.
Add accessor/writer functions for the public RSA data.
Adapt all other source to use the accessors and writers.

Reviewed-by: Matt Caswell <matt@openssl.org>

show more ...

Use X509_REQ_get0_pubkey

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

Make DSA_METHOD opaque

Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.

Review

Make DSA_METHOD opaque

Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

show more ...

Make the DSA structure opaque

Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
us

Make the DSA structure opaque

Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

show more ...

Remove unused parameters from internal functions

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove outdated DEBUG flags.

Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem use

Remove outdated DEBUG flags.

Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Fix engine key support in utilities.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Fix opt_imax() call

Not all architectures have a time_t defined the same way. To make
sure we get the same result, we need to cast &checkoffset to (intmax_t *)
and make sure that in

Fix opt_imax() call

Not all architectures have a time_t defined the same way. To make
sure we get the same result, we need to cast &checkoffset to (intmax_t *)
and make sure that intmax_t is defined somehow.

To make really sure we don't pass a variable with the wrong size down
to opt_imax(), we use a temporary intmax_t.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

Better type for x509 -checkend argument

This is a time_t and can be zero or negative. So use 'M' (maximal
signed int) not 'p' (positive int).

Reviewed-by: Rich Salz <rsalz@open

Better type for x509 -checkend argument

This is a time_t and can be zero or negative. So use 'M' (maximal
signed int) not 'p' (positive int).

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...

make EVP_PKEY opaque

Reviewed-by: Richard Levitte <levitte@openssl.org>