summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2023-03-06 14:32:06 +0000
committertb <>2023-03-06 14:32:06 +0000
commit2ba7dcfcbc2ef5aaeb8eb14f36f83bd57c22bcae (patch)
treebbe07d6e06b695cebe22802551f2db0a61354d7c
parentcfc0cbdbaaa36a4b6adee60b5cf3f4a388554426 (diff)
downloadopenbsd-2ba7dcfcbc2ef5aaeb8eb14f36f83bd57c22bcae.tar.gz
openbsd-2ba7dcfcbc2ef5aaeb8eb14f36f83bd57c22bcae.tar.bz2
openbsd-2ba7dcfcbc2ef5aaeb8eb14f36f83bd57c22bcae.zip
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/asn1pars.c94
-rw-r--r--src/usr.bin/openssl/ca.c518
-rw-r--r--src/usr.bin/openssl/certhash.c24
-rw-r--r--src/usr.bin/openssl/ciphers.c40
-rw-r--r--src/usr.bin/openssl/cms.c702
-rw-r--r--src/usr.bin/openssl/crl.c90
-rw-r--r--src/usr.bin/openssl/crl2p7.c58
-rw-r--r--src/usr.bin/openssl/dgst.c168
-rw-r--r--src/usr.bin/openssl/dh.c54
-rw-r--r--src/usr.bin/openssl/dhparam.c82
-rw-r--r--src/usr.bin/openssl/dsa.c94
-rw-r--r--src/usr.bin/openssl/dsaparam.c58
-rw-r--r--src/usr.bin/openssl/ec.c102
-rw-r--r--src/usr.bin/openssl/ecparam.c116
-rw-r--r--src/usr.bin/openssl/enc.c232
-rw-r--r--src/usr.bin/openssl/errstr.c10
-rw-r--r--src/usr.bin/openssl/gendh.c24
-rw-r--r--src/usr.bin/openssl/gendsa.c22
-rw-r--r--src/usr.bin/openssl/genpkey.c60
-rw-r--r--src/usr.bin/openssl/genrsa.c32
-rw-r--r--src/usr.bin/openssl/nseq.c30
-rw-r--r--src/usr.bin/openssl/ocsp.c356
-rw-r--r--src/usr.bin/openssl/passwd.c78
-rw-r--r--src/usr.bin/openssl/pkcs12.c204
-rw-r--r--src/usr.bin/openssl/pkcs7.c58
-rw-r--r--src/usr.bin/openssl/pkcs8.c92
-rw-r--r--src/usr.bin/openssl/pkey.c84
-rw-r--r--src/usr.bin/openssl/pkeyparam.c34
-rw-r--r--src/usr.bin/openssl/pkeyutl.c152
-rw-r--r--src/usr.bin/openssl/prime.c34
-rw-r--r--src/usr.bin/openssl/rand.c24
-rw-r--r--src/usr.bin/openssl/req.c358
-rw-r--r--src/usr.bin/openssl/rsa.c108
-rw-r--r--src/usr.bin/openssl/rsautl.c96
-rw-r--r--src/usr.bin/openssl/s_client.c412
-rw-r--r--src/usr.bin/openssl/s_server.c560
-rw-r--r--src/usr.bin/openssl/s_time.c86
-rw-r--r--src/usr.bin/openssl/sess_id.c58
-rw-r--r--src/usr.bin/openssl/smime.c384
-rw-r--r--src/usr.bin/openssl/spkac.c66
-rw-r--r--src/usr.bin/openssl/ts.c120
-rw-r--r--src/usr.bin/openssl/verify.c54
-rw-r--r--src/usr.bin/openssl/version.c44
-rw-r--r--src/usr.bin/openssl/x509.c448
44 files changed, 3260 insertions, 3260 deletions
diff --git a/src/usr.bin/openssl/asn1pars.c b/src/usr.bin/openssl/asn1pars.c
index 6f7fa18512..5824b0ea14 100644
--- a/src/usr.bin/openssl/asn1pars.c
+++ b/src/usr.bin/openssl/asn1pars.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1pars.c,v 1.12 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: asn1pars.c,v 1.13 2023/03/06 14:32:05 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -86,14 +86,14 @@ static struct {
86 int offset; 86 int offset;
87 char *oidfile; 87 char *oidfile;
88 STACK_OF(OPENSSL_STRING) *osk; 88 STACK_OF(OPENSSL_STRING) *osk;
89} asn1pars_config; 89} cfg;
90 90
91static int 91static int
92asn1pars_opt_dlimit(char *arg) 92asn1pars_opt_dlimit(char *arg)
93{ 93{
94 const char *errstr; 94 const char *errstr;
95 95
96 asn1pars_config.dump = strtonum(arg, 1, INT_MAX, &errstr); 96 cfg.dump = strtonum(arg, 1, INT_MAX, &errstr);
97 if (errstr) { 97 if (errstr) {
98 fprintf(stderr, "-dlimit must be from 1 to INT_MAX: %s\n", 98 fprintf(stderr, "-dlimit must be from 1 to INT_MAX: %s\n",
99 errstr); 99 errstr);
@@ -107,7 +107,7 @@ asn1pars_opt_length(char *arg)
107{ 107{
108 const char *errstr; 108 const char *errstr;
109 109
110 asn1pars_config.length = strtonum(arg, 1, UINT_MAX, &errstr); 110 cfg.length = strtonum(arg, 1, UINT_MAX, &errstr);
111 if (errstr) { 111 if (errstr) {
112 fprintf(stderr, "-length must be from 1 to UINT_MAX: %s\n", 112 fprintf(stderr, "-length must be from 1 to UINT_MAX: %s\n",
113 errstr); 113 errstr);
@@ -119,7 +119,7 @@ asn1pars_opt_length(char *arg)
119static int 119static int
120asn1pars_opt_strparse(char *arg) 120asn1pars_opt_strparse(char *arg)
121{ 121{
122 if (sk_OPENSSL_STRING_push(asn1pars_config.osk, arg) == 0) { 122 if (sk_OPENSSL_STRING_push(cfg.osk, arg) == 0) {
123 fprintf(stderr, "-strparse cannot add argument\n"); 123 fprintf(stderr, "-strparse cannot add argument\n");
124 return (-1); 124 return (-1);
125 } 125 }
@@ -132,7 +132,7 @@ static const struct option asn1pars_options[] = {
132 .desc = "Dump unknown data in hex form", 132 .desc = "Dump unknown data in hex form",
133 .type = OPTION_VALUE, 133 .type = OPTION_VALUE,
134 .value = -1, 134 .value = -1,
135 .opt.value = &asn1pars_config.dump, 135 .opt.value = &cfg.dump,
136 }, 136 },
137 { 137 {
138 .name = "dlimit", 138 .name = "dlimit",
@@ -146,34 +146,34 @@ static const struct option asn1pars_options[] = {
146 .argname = "file", 146 .argname = "file",
147 .desc = "File to generate ASN.1 structure from", 147 .desc = "File to generate ASN.1 structure from",
148 .type = OPTION_ARG, 148 .type = OPTION_ARG,
149 .opt.arg = &asn1pars_config.genconf, 149 .opt.arg = &cfg.genconf,
150 }, 150 },
151 { 151 {
152 .name = "genstr", 152 .name = "genstr",
153 .argname = "string", 153 .argname = "string",
154 .desc = "String to generate ASN.1 structure from", 154 .desc = "String to generate ASN.1 structure from",
155 .type = OPTION_ARG, 155 .type = OPTION_ARG,
156 .opt.arg = &asn1pars_config.genstr, 156 .opt.arg = &cfg.genstr,
157 }, 157 },
158 { 158 {
159 .name = "i", 159 .name = "i",
160 .desc = "Indent output according to depth of structures", 160 .desc = "Indent output according to depth of structures",
161 .type = OPTION_FLAG, 161 .type = OPTION_FLAG,
162 .opt.flag = &asn1pars_config.indent, 162 .opt.flag = &cfg.indent,
163 }, 163 },
164 { 164 {
165 .name = "in", 165 .name = "in",
166 .argname = "file", 166 .argname = "file",
167 .desc = "The input file (default stdin)", 167 .desc = "The input file (default stdin)",
168 .type = OPTION_ARG, 168 .type = OPTION_ARG,
169 .opt.arg = &asn1pars_config.infile, 169 .opt.arg = &cfg.infile,
170 }, 170 },
171 { 171 {
172 .name = "inform", 172 .name = "inform",
173 .argname = "fmt", 173 .argname = "fmt",
174 .desc = "Input format (DER, TXT or PEM (default))", 174 .desc = "Input format (DER, TXT or PEM (default))",
175 .type = OPTION_ARG_FORMAT, 175 .type = OPTION_ARG_FORMAT,
176 .opt.value = &asn1pars_config.informat, 176 .opt.value = &cfg.informat,
177 }, 177 },
178 { 178 {
179 .name = "length", 179 .name = "length",
@@ -186,28 +186,28 @@ static const struct option asn1pars_options[] = {
186 .name = "noout", 186 .name = "noout",
187 .desc = "Do not produce any output", 187 .desc = "Do not produce any output",
188 .type = OPTION_FLAG, 188 .type = OPTION_FLAG,
189 .opt.flag = &asn1pars_config.noout, 189 .opt.flag = &cfg.noout,
190 }, 190 },
191 { 191 {
192 .name = "offset", 192 .name = "offset",
193 .argname = "num", 193 .argname = "num",
194 .desc = "Offset to begin parsing", 194 .desc = "Offset to begin parsing",
195 .type = OPTION_ARG_INT, 195 .type = OPTION_ARG_INT,
196 .opt.value = &asn1pars_config.offset, 196 .opt.value = &cfg.offset,
197 }, 197 },
198 { 198 {
199 .name = "oid", 199 .name = "oid",
200 .argname = "file", 200 .argname = "file",
201 .desc = "File containing additional object identifiers (OIDs)", 201 .desc = "File containing additional object identifiers (OIDs)",
202 .type = OPTION_ARG, 202 .type = OPTION_ARG,
203 .opt.arg = &asn1pars_config.oidfile, 203 .opt.arg = &cfg.oidfile,
204 }, 204 },
205 { 205 {
206 .name = "out", 206 .name = "out",
207 .argname = "file", 207 .argname = "file",
208 .desc = "Output file in DER format", 208 .desc = "Output file in DER format",
209 .type = OPTION_ARG, 209 .type = OPTION_ARG,
210 .opt.arg = &asn1pars_config.derfile, 210 .opt.arg = &cfg.derfile,
211 }, 211 },
212 { 212 {
213 .name = "strparse", 213 .name = "strparse",
@@ -252,10 +252,10 @@ asn1parse_main(int argc, char **argv)
252 exit(1); 252 exit(1);
253 } 253 }
254 254
255 memset(&asn1pars_config, 0, sizeof(asn1pars_config)); 255 memset(&cfg, 0, sizeof(cfg));
256 256
257 asn1pars_config.informat = FORMAT_PEM; 257 cfg.informat = FORMAT_PEM;
258 if ((asn1pars_config.osk = sk_OPENSSL_STRING_new_null()) == NULL) { 258 if ((cfg.osk = sk_OPENSSL_STRING_new_null()) == NULL) {
259 BIO_printf(bio_err, "Memory allocation failure\n"); 259 BIO_printf(bio_err, "Memory allocation failure\n");
260 goto end; 260 goto end;
261 } 261 }
@@ -273,28 +273,28 @@ asn1parse_main(int argc, char **argv)
273 } 273 }
274 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 274 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
275 275
276 if (asn1pars_config.oidfile != NULL) { 276 if (cfg.oidfile != NULL) {
277 if (BIO_read_filename(in, asn1pars_config.oidfile) <= 0) { 277 if (BIO_read_filename(in, cfg.oidfile) <= 0) {
278 BIO_printf(bio_err, "problems opening %s\n", 278 BIO_printf(bio_err, "problems opening %s\n",
279 asn1pars_config.oidfile); 279 cfg.oidfile);
280 ERR_print_errors(bio_err); 280 ERR_print_errors(bio_err);
281 goto end; 281 goto end;
282 } 282 }
283 OBJ_create_objects(in); 283 OBJ_create_objects(in);
284 } 284 }
285 if (asn1pars_config.infile == NULL) 285 if (cfg.infile == NULL)
286 BIO_set_fp(in, stdin, BIO_NOCLOSE); 286 BIO_set_fp(in, stdin, BIO_NOCLOSE);
287 else { 287 else {
288 if (BIO_read_filename(in, asn1pars_config.infile) <= 0) { 288 if (BIO_read_filename(in, cfg.infile) <= 0) {
289 perror(asn1pars_config.infile); 289 perror(cfg.infile);
290 goto end; 290 goto end;
291 } 291 }
292 } 292 }
293 293
294 if (asn1pars_config.derfile) { 294 if (cfg.derfile) {
295 if (!(derout = BIO_new_file(asn1pars_config.derfile, "wb"))) { 295 if (!(derout = BIO_new_file(cfg.derfile, "wb"))) {
296 BIO_printf(bio_err, "problems opening %s\n", 296 BIO_printf(bio_err, "problems opening %s\n",
297 asn1pars_config.derfile); 297 cfg.derfile);
298 ERR_print_errors(bio_err); 298 ERR_print_errors(bio_err);
299 goto end; 299 goto end;
300 } 300 }
@@ -304,16 +304,16 @@ asn1parse_main(int argc, char **argv)
304 if (!BUF_MEM_grow(buf, BUFSIZ * 8)) 304 if (!BUF_MEM_grow(buf, BUFSIZ * 8))
305 goto end; /* Pre-allocate :-) */ 305 goto end; /* Pre-allocate :-) */
306 306
307 if (asn1pars_config.genstr || asn1pars_config.genconf) { 307 if (cfg.genstr || cfg.genconf) {
308 num = do_generate(bio_err, asn1pars_config.genstr, 308 num = do_generate(bio_err, cfg.genstr,
309 asn1pars_config.genconf, buf); 309 cfg.genconf, buf);
310 if (num < 0) { 310 if (num < 0) {
311 ERR_print_errors(bio_err); 311 ERR_print_errors(bio_err);
312 goto end; 312 goto end;
313 } 313 }
314 } else { 314 } else {
315 315
316 if (asn1pars_config.informat == FORMAT_PEM) { 316 if (cfg.informat == FORMAT_PEM) {
317 BIO *tmp; 317 BIO *tmp;
318 318
319 if ((b64 = BIO_new(BIO_f_base64())) == NULL) 319 if ((b64 = BIO_new(BIO_f_base64())) == NULL)
@@ -337,20 +337,20 @@ asn1parse_main(int argc, char **argv)
337 337
338 /* If any structs to parse go through in sequence */ 338 /* If any structs to parse go through in sequence */
339 339
340 if (sk_OPENSSL_STRING_num(asn1pars_config.osk)) { 340 if (sk_OPENSSL_STRING_num(cfg.osk)) {
341 tmpbuf = (unsigned char *) str; 341 tmpbuf = (unsigned char *) str;
342 tmplen = num; 342 tmplen = num;
343 for (i = 0; i < sk_OPENSSL_STRING_num(asn1pars_config.osk); 343 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.osk);
344 i++) { 344 i++) {
345 ASN1_TYPE *atmp; 345 ASN1_TYPE *atmp;
346 int typ; 346 int typ;
347 j = strtonum( 347 j = strtonum(
348 sk_OPENSSL_STRING_value(asn1pars_config.osk, i), 348 sk_OPENSSL_STRING_value(cfg.osk, i),
349 1, INT_MAX, &errstr); 349 1, INT_MAX, &errstr);
350 if (errstr) { 350 if (errstr) {
351 BIO_printf(bio_err, 351 BIO_printf(bio_err,
352 "'%s' is an invalid number: %s\n", 352 "'%s' is an invalid number: %s\n",
353 sk_OPENSSL_STRING_value(asn1pars_config.osk, 353 sk_OPENSSL_STRING_value(cfg.osk,
354 i), errstr); 354 i), errstr);
355 continue; 355 continue;
356 } 356 }
@@ -380,28 +380,28 @@ asn1parse_main(int argc, char **argv)
380 str = (char *) tmpbuf; 380 str = (char *) tmpbuf;
381 num = tmplen; 381 num = tmplen;
382 } 382 }
383 if (asn1pars_config.offset >= num) { 383 if (cfg.offset >= num) {
384 BIO_printf(bio_err, "Error: offset too large\n"); 384 BIO_printf(bio_err, "Error: offset too large\n");
385 goto end; 385 goto end;
386 } 386 }
387 num -= asn1pars_config.offset; 387 num -= cfg.offset;
388 388
389 if ((asn1pars_config.length == 0) || 389 if ((cfg.length == 0) ||
390 ((long)asn1pars_config.length > num)) 390 ((long)cfg.length > num))
391 asn1pars_config.length = (unsigned int) num; 391 cfg.length = (unsigned int) num;
392 if (derout) { 392 if (derout) {
393 if (BIO_write(derout, str + asn1pars_config.offset, 393 if (BIO_write(derout, str + cfg.offset,
394 asn1pars_config.length) != (int)asn1pars_config.length) { 394 cfg.length) != (int)cfg.length) {
395 BIO_printf(bio_err, "Error writing output\n"); 395 BIO_printf(bio_err, "Error writing output\n");
396 ERR_print_errors(bio_err); 396 ERR_print_errors(bio_err);
397 goto end; 397 goto end;
398 } 398 }
399 } 399 }
400 if (!asn1pars_config.noout && 400 if (!cfg.noout &&
401 !ASN1_parse_dump(out, 401 !ASN1_parse_dump(out,
402 (unsigned char *)&(str[asn1pars_config.offset]), 402 (unsigned char *)&(str[cfg.offset]),
403 asn1pars_config.length, asn1pars_config.indent, 403 cfg.length, cfg.indent,
404 asn1pars_config.dump)) { 404 cfg.dump)) {
405 ERR_print_errors(bio_err); 405 ERR_print_errors(bio_err);
406 goto end; 406 goto end;
407 } 407 }
@@ -415,7 +415,7 @@ asn1parse_main(int argc, char **argv)
415 ERR_print_errors(bio_err); 415 ERR_print_errors(bio_err);
416 BUF_MEM_free(buf); 416 BUF_MEM_free(buf);
417 ASN1_TYPE_free(at); 417 ASN1_TYPE_free(at);
418 sk_OPENSSL_STRING_free(asn1pars_config.osk); 418 sk_OPENSSL_STRING_free(cfg.osk);
419 OBJ_cleanup(); 419 OBJ_cleanup();
420 420
421 return (ret); 421 return (ret);
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index e13354f4af..369d11ead6 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.54 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: ca.c,v 1.55 2023/03/06 14:32:05 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -207,63 +207,63 @@ static struct {
207 char *startdate; 207 char *startdate;
208 char *subj; 208 char *subj;
209 int verbose; 209 int verbose;
210} ca_config; 210} cfg;
211 211
212static int 212static int
213ca_opt_chtype_utf8(void) 213ca_opt_chtype_utf8(void)
214{ 214{
215 ca_config.chtype = MBSTRING_UTF8; 215 cfg.chtype = MBSTRING_UTF8;
216 return (0); 216 return (0);
217} 217}
218 218
219static int 219static int
220ca_opt_crl_ca_compromise(char *arg) 220ca_opt_crl_ca_compromise(char *arg)
221{ 221{
222 ca_config.rev_arg = arg; 222 cfg.rev_arg = arg;
223 ca_config.rev_type = REV_CA_COMPROMISE; 223 cfg.rev_type = REV_CA_COMPROMISE;
224 return (0); 224 return (0);
225} 225}
226 226
227static int 227static int
228ca_opt_crl_compromise(char *arg) 228ca_opt_crl_compromise(char *arg)
229{ 229{
230 ca_config.rev_arg = arg; 230 cfg.rev_arg = arg;
231 ca_config.rev_type = REV_KEY_COMPROMISE; 231 cfg.rev_type = REV_KEY_COMPROMISE;
232 return (0); 232 return (0);
233} 233}
234 234
235static int 235static int
236ca_opt_crl_hold(char *arg) 236ca_opt_crl_hold(char *arg)
237{ 237{
238 ca_config.rev_arg = arg; 238 cfg.rev_arg = arg;
239 ca_config.rev_type = REV_HOLD; 239 cfg.rev_type = REV_HOLD;
240 return (0); 240 return (0);
241} 241}
242 242
243static int 243static int
244ca_opt_crl_reason(char *arg) 244ca_opt_crl_reason(char *arg)
245{ 245{
246 ca_config.rev_arg = arg; 246 cfg.rev_arg = arg;
247 ca_config.rev_type = REV_CRL_REASON; 247 cfg.rev_type = REV_CRL_REASON;
248 return (0); 248 return (0);
249} 249}
250 250
251static int 251static int
252ca_opt_in(char *arg) 252ca_opt_in(char *arg)
253{ 253{
254 ca_config.infile = arg; 254 cfg.infile = arg;
255 ca_config.req = 1; 255 cfg.req = 1;
256 return (0); 256 return (0);
257} 257}
258 258
259static int 259static int
260ca_opt_infiles(int argc, char **argv, int *argsused) 260ca_opt_infiles(int argc, char **argv, int *argsused)
261{ 261{
262 ca_config.infiles_num = argc - 1; 262 cfg.infiles_num = argc - 1;
263 if (ca_config.infiles_num < 1) 263 if (cfg.infiles_num < 1)
264 return (1); 264 return (1);
265 ca_config.infiles = argv + 1; 265 cfg.infiles = argv + 1;
266 ca_config.req = 1; 266 cfg.req = 1;
267 *argsused = argc; 267 *argsused = argc;
268 return (0); 268 return (0);
269} 269}
@@ -271,19 +271,19 @@ ca_opt_infiles(int argc, char **argv, int *argsused)
271static int 271static int
272ca_opt_revoke(char *arg) 272ca_opt_revoke(char *arg)
273{ 273{
274 ca_config.infile = arg; 274 cfg.infile = arg;
275 ca_config.dorevoke = 1; 275 cfg.dorevoke = 1;
276 return (0); 276 return (0);
277} 277}
278 278
279static int 279static int
280ca_opt_sigopt(char *arg) 280ca_opt_sigopt(char *arg)
281{ 281{
282 if (ca_config.sigopts == NULL) 282 if (cfg.sigopts == NULL)
283 ca_config.sigopts = sk_OPENSSL_STRING_new_null(); 283 cfg.sigopts = sk_OPENSSL_STRING_new_null();
284 if (ca_config.sigopts == NULL) 284 if (cfg.sigopts == NULL)
285 return (1); 285 return (1);
286 if (!sk_OPENSSL_STRING_push(ca_config.sigopts, arg)) 286 if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
287 return (1); 287 return (1);
288 return (0); 288 return (0);
289} 289}
@@ -291,16 +291,16 @@ ca_opt_sigopt(char *arg)
291static int 291static int
292ca_opt_spkac(char *arg) 292ca_opt_spkac(char *arg)
293{ 293{
294 ca_config.spkac_file = arg; 294 cfg.spkac_file = arg;
295 ca_config.req = 1; 295 cfg.req = 1;
296 return (0); 296 return (0);
297} 297}
298 298
299static int 299static int
300ca_opt_ss_cert(char *arg) 300ca_opt_ss_cert(char *arg)
301{ 301{
302 ca_config.ss_cert_file = arg; 302 cfg.ss_cert_file = arg;
303 ca_config.req = 1; 303 cfg.req = 1;
304 return (0); 304 return (0);
305} 305}
306 306
@@ -309,27 +309,27 @@ static const struct option ca_options[] = {
309 .name = "batch", 309 .name = "batch",
310 .desc = "Operate in batch mode", 310 .desc = "Operate in batch mode",
311 .type = OPTION_FLAG, 311 .type = OPTION_FLAG,
312 .opt.flag = &ca_config.batch, 312 .opt.flag = &cfg.batch,
313 }, 313 },
314 { 314 {
315 .name = "cert", 315 .name = "cert",
316 .argname = "file", 316 .argname = "file",
317 .desc = "File containing the CA certificate", 317 .desc = "File containing the CA certificate",
318 .type = OPTION_ARG, 318 .type = OPTION_ARG,
319 .opt.arg = &ca_config.certfile, 319 .opt.arg = &cfg.certfile,
320 }, 320 },
321 { 321 {
322 .name = "config", 322 .name = "config",
323 .argname = "file", 323 .argname = "file",
324 .desc = "Specify an alternative configuration file", 324 .desc = "Specify an alternative configuration file",
325 .type = OPTION_ARG, 325 .type = OPTION_ARG,
326 .opt.arg = &ca_config.configfile, 326 .opt.arg = &cfg.configfile,
327 }, 327 },
328 { 328 {
329 .name = "create_serial", 329 .name = "create_serial",
330 .desc = "If reading serial fails, create a new random serial", 330 .desc = "If reading serial fails, create a new random serial",
331 .type = OPTION_FLAG, 331 .type = OPTION_FLAG,
332 .opt.flag = &ca_config.create_serial, 332 .opt.flag = &cfg.create_serial,
333 }, 333 },
334 { 334 {
335 .name = "crl_CA_compromise", 335 .name = "crl_CA_compromise",
@@ -367,62 +367,62 @@ static const struct option ca_options[] = {
367 .argname = "days", 367 .argname = "days",
368 .desc = "Number of days before the next CRL is due", 368 .desc = "Number of days before the next CRL is due",
369 .type = OPTION_ARG_LONG, 369 .type = OPTION_ARG_LONG,
370 .opt.lvalue = &ca_config.crldays, 370 .opt.lvalue = &cfg.crldays,
371 }, 371 },
372 { 372 {
373 .name = "crlexts", 373 .name = "crlexts",
374 .argname = "section", 374 .argname = "section",
375 .desc = "CRL extension section (override value in config file)", 375 .desc = "CRL extension section (override value in config file)",
376 .type = OPTION_ARG, 376 .type = OPTION_ARG,
377 .opt.arg = &ca_config.crl_ext, 377 .opt.arg = &cfg.crl_ext,
378 }, 378 },
379 { 379 {
380 .name = "crlhours", 380 .name = "crlhours",
381 .argname = "hours", 381 .argname = "hours",
382 .desc = "Number of hours before the next CRL is due", 382 .desc = "Number of hours before the next CRL is due",
383 .type = OPTION_ARG_LONG, 383 .type = OPTION_ARG_LONG,
384 .opt.lvalue = &ca_config.crlhours, 384 .opt.lvalue = &cfg.crlhours,
385 }, 385 },
386 { 386 {
387 .name = "crlsec", 387 .name = "crlsec",
388 .argname = "seconds", 388 .argname = "seconds",
389 .desc = "Number of seconds before the next CRL is due", 389 .desc = "Number of seconds before the next CRL is due",
390 .type = OPTION_ARG_LONG, 390 .type = OPTION_ARG_LONG,
391 .opt.lvalue = &ca_config.crlsec, 391 .opt.lvalue = &cfg.crlsec,
392 }, 392 },
393 { 393 {
394 .name = "days", 394 .name = "days",
395 .argname = "arg", 395 .argname = "arg",
396 .desc = "Number of days to certify the certificate for", 396 .desc = "Number of days to certify the certificate for",
397 .type = OPTION_ARG_LONG, 397 .type = OPTION_ARG_LONG,
398 .opt.lvalue = &ca_config.days, 398 .opt.lvalue = &cfg.days,
399 }, 399 },
400 { 400 {
401 .name = "enddate", 401 .name = "enddate",
402 .argname = "YYMMDDHHMMSSZ", 402 .argname = "YYMMDDHHMMSSZ",
403 .desc = "Certificate validity notAfter (overrides -days)", 403 .desc = "Certificate validity notAfter (overrides -days)",
404 .type = OPTION_ARG, 404 .type = OPTION_ARG,
405 .opt.arg = &ca_config.enddate, 405 .opt.arg = &cfg.enddate,
406 }, 406 },
407 { 407 {
408 .name = "extensions", 408 .name = "extensions",
409 .argname = "section", 409 .argname = "section",
410 .desc = "Extension section (override value in config file)", 410 .desc = "Extension section (override value in config file)",
411 .type = OPTION_ARG, 411 .type = OPTION_ARG,
412 .opt.arg = &ca_config.extensions, 412 .opt.arg = &cfg.extensions,
413 }, 413 },
414 { 414 {
415 .name = "extfile", 415 .name = "extfile",
416 .argname = "file", 416 .argname = "file",
417 .desc = "Configuration file with X509v3 extentions to add", 417 .desc = "Configuration file with X509v3 extentions to add",
418 .type = OPTION_ARG, 418 .type = OPTION_ARG,
419 .opt.arg = &ca_config.extfile, 419 .opt.arg = &cfg.extfile,
420 }, 420 },
421 { 421 {
422 .name = "gencrl", 422 .name = "gencrl",
423 .desc = "Generate a new CRL", 423 .desc = "Generate a new CRL",
424 .type = OPTION_FLAG, 424 .type = OPTION_FLAG,
425 .opt.flag = &ca_config.gencrl, 425 .opt.flag = &cfg.gencrl,
426 }, 426 },
427 { 427 {
428 .name = "in", 428 .name = "in",
@@ -443,93 +443,93 @@ static const struct option ca_options[] = {
443 .argname = "password", 443 .argname = "password",
444 .desc = "Key to decode the private key if it is encrypted", 444 .desc = "Key to decode the private key if it is encrypted",
445 .type = OPTION_ARG, 445 .type = OPTION_ARG,
446 .opt.arg = &ca_config.key, 446 .opt.arg = &cfg.key,
447 }, 447 },
448 { 448 {
449 .name = "keyfile", 449 .name = "keyfile",
450 .argname = "file", 450 .argname = "file",
451 .desc = "Private key file", 451 .desc = "Private key file",
452 .type = OPTION_ARG, 452 .type = OPTION_ARG,
453 .opt.arg = &ca_config.keyfile, 453 .opt.arg = &cfg.keyfile,
454 }, 454 },
455 { 455 {
456 .name = "keyform", 456 .name = "keyform",
457 .argname = "fmt", 457 .argname = "fmt",
458 .desc = "Private key file format (DER or PEM (default))", 458 .desc = "Private key file format (DER or PEM (default))",
459 .type = OPTION_ARG_FORMAT, 459 .type = OPTION_ARG_FORMAT,
460 .opt.value = &ca_config.keyform, 460 .opt.value = &cfg.keyform,
461 }, 461 },
462 { 462 {
463 .name = "md", 463 .name = "md",
464 .argname = "alg", 464 .argname = "alg",
465 .desc = "Message digest to use", 465 .desc = "Message digest to use",
466 .type = OPTION_ARG, 466 .type = OPTION_ARG,
467 .opt.arg = &ca_config.md, 467 .opt.arg = &cfg.md,
468 }, 468 },
469 { 469 {
470 .name = "msie_hack", 470 .name = "msie_hack",
471 .type = OPTION_FLAG, 471 .type = OPTION_FLAG,
472 .opt.flag = &ca_config.msie_hack, 472 .opt.flag = &cfg.msie_hack,
473 }, 473 },
474 { 474 {
475 .name = "multivalue-rdn", 475 .name = "multivalue-rdn",
476 .desc = "Enable support for multivalued RDNs", 476 .desc = "Enable support for multivalued RDNs",
477 .type = OPTION_FLAG, 477 .type = OPTION_FLAG,
478 .opt.flag = &ca_config.multirdn, 478 .opt.flag = &cfg.multirdn,
479 }, 479 },
480 { 480 {
481 .name = "name", 481 .name = "name",
482 .argname = "section", 482 .argname = "section",
483 .desc = "Specifies the configuration file section to use", 483 .desc = "Specifies the configuration file section to use",
484 .type = OPTION_ARG, 484 .type = OPTION_ARG,
485 .opt.arg = &ca_config.section, 485 .opt.arg = &cfg.section,
486 }, 486 },
487 { 487 {
488 .name = "noemailDN", 488 .name = "noemailDN",
489 .desc = "Do not add the EMAIL field to the DN", 489 .desc = "Do not add the EMAIL field to the DN",
490 .type = OPTION_VALUE, 490 .type = OPTION_VALUE,
491 .opt.value = &ca_config.email_dn, 491 .opt.value = &cfg.email_dn,
492 .value = 0, 492 .value = 0,
493 }, 493 },
494 { 494 {
495 .name = "notext", 495 .name = "notext",
496 .desc = "Do not print the generated certificate", 496 .desc = "Do not print the generated certificate",
497 .type = OPTION_FLAG, 497 .type = OPTION_FLAG,
498 .opt.flag = &ca_config.notext, 498 .opt.flag = &cfg.notext,
499 }, 499 },
500 { 500 {
501 .name = "out", 501 .name = "out",
502 .argname = "file", 502 .argname = "file",
503 .desc = "Output file (default stdout)", 503 .desc = "Output file (default stdout)",
504 .type = OPTION_ARG, 504 .type = OPTION_ARG,
505 .opt.arg = &ca_config.outfile, 505 .opt.arg = &cfg.outfile,
506 }, 506 },
507 { 507 {
508 .name = "outdir", 508 .name = "outdir",
509 .argname = "directory", 509 .argname = "directory",
510 .desc = " Directory to output certificates to", 510 .desc = " Directory to output certificates to",
511 .type = OPTION_ARG, 511 .type = OPTION_ARG,
512 .opt.arg = &ca_config.outdir, 512 .opt.arg = &cfg.outdir,
513 }, 513 },
514 { 514 {
515 .name = "passin", 515 .name = "passin",
516 .argname = "src", 516 .argname = "src",
517 .desc = "Private key input password source", 517 .desc = "Private key input password source",
518 .type = OPTION_ARG, 518 .type = OPTION_ARG,
519 .opt.arg = &ca_config.passargin, 519 .opt.arg = &cfg.passargin,
520 }, 520 },
521 { 521 {
522 .name = "policy", 522 .name = "policy",
523 .argname = "name", 523 .argname = "name",
524 .desc = "The CA 'policy' to support", 524 .desc = "The CA 'policy' to support",
525 .type = OPTION_ARG, 525 .type = OPTION_ARG,
526 .opt.arg = &ca_config.policy, 526 .opt.arg = &cfg.policy,
527 }, 527 },
528 { 528 {
529 .name = "preserveDN", 529 .name = "preserveDN",
530 .desc = "Do not re-order the DN", 530 .desc = "Do not re-order the DN",
531 .type = OPTION_FLAG, 531 .type = OPTION_FLAG,
532 .opt.flag = &ca_config.preserve, 532 .opt.flag = &cfg.preserve,
533 }, 533 },
534 { 534 {
535 .name = "revoke", 535 .name = "revoke",
@@ -542,7 +542,7 @@ static const struct option ca_options[] = {
542 .name = "selfsign", 542 .name = "selfsign",
543 .desc = "Sign a certificate using the key associated with it", 543 .desc = "Sign a certificate using the key associated with it",
544 .type = OPTION_FLAG, 544 .type = OPTION_FLAG,
545 .opt.flag = &ca_config.selfsign, 545 .opt.flag = &cfg.selfsign,
546 }, 546 },
547 { 547 {
548 .name = "sigopt", 548 .name = "sigopt",
@@ -570,27 +570,27 @@ static const struct option ca_options[] = {
570 .argname = "YYMMDDHHMMSSZ", 570 .argname = "YYMMDDHHMMSSZ",
571 .desc = "Certificate validity notBefore", 571 .desc = "Certificate validity notBefore",
572 .type = OPTION_ARG, 572 .type = OPTION_ARG,
573 .opt.arg = &ca_config.startdate, 573 .opt.arg = &cfg.startdate,
574 }, 574 },
575 { 575 {
576 .name = "status", 576 .name = "status",
577 .argname = "serial", 577 .argname = "serial",
578 .desc = "Shows certificate status given the serial number", 578 .desc = "Shows certificate status given the serial number",
579 .type = OPTION_ARG, 579 .type = OPTION_ARG,
580 .opt.arg = &ca_config.serial_status, 580 .opt.arg = &cfg.serial_status,
581 }, 581 },
582 { 582 {
583 .name = "subj", 583 .name = "subj",
584 .argname = "arg", 584 .argname = "arg",
585 .desc = "Use arg instead of request's subject", 585 .desc = "Use arg instead of request's subject",
586 .type = OPTION_ARG, 586 .type = OPTION_ARG,
587 .opt.arg = &ca_config.subj, 587 .opt.arg = &cfg.subj,
588 }, 588 },
589 { 589 {
590 .name = "updatedb", 590 .name = "updatedb",
591 .desc = "Updates db for expired certificates", 591 .desc = "Updates db for expired certificates",
592 .type = OPTION_FLAG, 592 .type = OPTION_FLAG,
593 .opt.flag = &ca_config.doupdatedb, 593 .opt.flag = &cfg.doupdatedb,
594 }, 594 },
595 { 595 {
596 .name = "utf8", 596 .name = "utf8",
@@ -602,7 +602,7 @@ static const struct option ca_options[] = {
602 .name = "verbose", 602 .name = "verbose",
603 .desc = "Verbose output during processing", 603 .desc = "Verbose output during processing",
604 .type = OPTION_FLAG, 604 .type = OPTION_FLAG,
605 .opt.flag = &ca_config.verbose, 605 .opt.flag = &cfg.verbose,
606 }, 606 },
607 { NULL }, 607 { NULL },
608}; 608};
@@ -690,11 +690,11 @@ ca_main(int argc, char **argv)
690 exit(1); 690 exit(1);
691 } 691 }
692 692
693 memset(&ca_config, 0, sizeof(ca_config)); 693 memset(&cfg, 0, sizeof(cfg));
694 ca_config.email_dn = 1; 694 cfg.email_dn = 1;
695 ca_config.keyform = FORMAT_PEM; 695 cfg.keyform = FORMAT_PEM;
696 ca_config.chtype = MBSTRING_ASC; 696 cfg.chtype = MBSTRING_ASC;
697 ca_config.rev_type = REV_NONE; 697 cfg.rev_type = REV_NONE;
698 698
699 conf = NULL; 699 conf = NULL;
700 700
@@ -705,37 +705,37 @@ ca_main(int argc, char **argv)
705 705
706 /*****************************************************************/ 706 /*****************************************************************/
707 tofree = NULL; 707 tofree = NULL;
708 if (ca_config.configfile == NULL) 708 if (cfg.configfile == NULL)
709 ca_config.configfile = getenv("OPENSSL_CONF"); 709 cfg.configfile = getenv("OPENSSL_CONF");
710 if (ca_config.configfile == NULL) { 710 if (cfg.configfile == NULL) {
711 if ((tofree = make_config_name()) == NULL) { 711 if ((tofree = make_config_name()) == NULL) {
712 BIO_printf(bio_err, "error making config file name\n"); 712 BIO_printf(bio_err, "error making config file name\n");
713 goto err; 713 goto err;
714 } 714 }
715 ca_config.configfile = tofree; 715 cfg.configfile = tofree;
716 } 716 }
717 BIO_printf(bio_err, "Using configuration from %s\n", 717 BIO_printf(bio_err, "Using configuration from %s\n",
718 ca_config.configfile); 718 cfg.configfile);
719 conf = NCONF_new(NULL); 719 conf = NCONF_new(NULL);
720 if (NCONF_load(conf, ca_config.configfile, &errorline) <= 0) { 720 if (NCONF_load(conf, cfg.configfile, &errorline) <= 0) {
721 if (errorline <= 0) 721 if (errorline <= 0)
722 BIO_printf(bio_err, 722 BIO_printf(bio_err,
723 "error loading the config file '%s'\n", 723 "error loading the config file '%s'\n",
724 ca_config.configfile); 724 cfg.configfile);
725 else 725 else
726 BIO_printf(bio_err, 726 BIO_printf(bio_err,
727 "error on line %ld of config file '%s'\n", 727 "error on line %ld of config file '%s'\n",
728 errorline, ca_config.configfile); 728 errorline, cfg.configfile);
729 goto err; 729 goto err;
730 } 730 }
731 free(tofree); 731 free(tofree);
732 tofree = NULL; 732 tofree = NULL;
733 733
734 /* Lets get the config section we are using */ 734 /* Lets get the config section we are using */
735 if (ca_config.section == NULL) { 735 if (cfg.section == NULL) {
736 ca_config.section = NCONF_get_string(conf, BASE_SECTION, 736 cfg.section = NCONF_get_string(conf, BASE_SECTION,
737 ENV_DEFAULT_CA); 737 ENV_DEFAULT_CA);
738 if (ca_config.section == NULL) { 738 if (cfg.section == NULL) {
739 lookup_fail(BASE_SECTION, ENV_DEFAULT_CA); 739 lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
740 goto err; 740 goto err;
741 } 741 }
@@ -765,7 +765,7 @@ ca_main(int argc, char **argv)
765 goto err; 765 goto err;
766 } 766 }
767 } 767 }
768 f = NCONF_get_string(conf, ca_config.section, STRING_MASK); 768 f = NCONF_get_string(conf, cfg.section, STRING_MASK);
769 if (f == NULL) 769 if (f == NULL)
770 ERR_clear_error(); 770 ERR_clear_error();
771 771
@@ -774,15 +774,15 @@ ca_main(int argc, char **argv)
774 "Invalid global string mask setting %s\n", f); 774 "Invalid global string mask setting %s\n", f);
775 goto err; 775 goto err;
776 } 776 }
777 if (ca_config.chtype != MBSTRING_UTF8) { 777 if (cfg.chtype != MBSTRING_UTF8) {
778 f = NCONF_get_string(conf, ca_config.section, UTF8_IN); 778 f = NCONF_get_string(conf, cfg.section, UTF8_IN);
779 if (f == NULL) 779 if (f == NULL)
780 ERR_clear_error(); 780 ERR_clear_error();
781 else if (strcmp(f, "yes") == 0) 781 else if (strcmp(f, "yes") == 0)
782 ca_config.chtype = MBSTRING_UTF8; 782 cfg.chtype = MBSTRING_UTF8;
783 } 783 }
784 db_attr.unique_subject = 1; 784 db_attr.unique_subject = 1;
785 p = NCONF_get_string(conf, ca_config.section, ENV_UNIQUE_SUBJECT); 785 p = NCONF_get_string(conf, cfg.section, ENV_UNIQUE_SUBJECT);
786 if (p != NULL) { 786 if (p != NULL) {
787 db_attr.unique_subject = parse_yesno(p, 1); 787 db_attr.unique_subject = parse_yesno(p, 1);
788 } else 788 } else
@@ -798,10 +798,10 @@ ca_main(int argc, char **argv)
798 } 798 }
799 /*****************************************************************/ 799 /*****************************************************************/
800 /* report status of cert with serial number given on command line */ 800 /* report status of cert with serial number given on command line */
801 if (ca_config.serial_status) { 801 if (cfg.serial_status) {
802 if ((dbfile = NCONF_get_string(conf, ca_config.section, 802 if ((dbfile = NCONF_get_string(conf, cfg.section,
803 ENV_DATABASE)) == NULL) { 803 ENV_DATABASE)) == NULL) {
804 lookup_fail(ca_config.section, ENV_DATABASE); 804 lookup_fail(cfg.section, ENV_DATABASE);
805 goto err; 805 goto err;
806 } 806 }
807 db = load_index(dbfile, &db_attr); 807 db = load_index(dbfile, &db_attr);
@@ -811,47 +811,47 @@ ca_main(int argc, char **argv)
811 if (!index_index(db)) 811 if (!index_index(db))
812 goto err; 812 goto err;
813 813
814 if (get_certificate_status(ca_config.serial_status, db) != 1) 814 if (get_certificate_status(cfg.serial_status, db) != 1)
815 BIO_printf(bio_err, "Error verifying serial %s!\n", 815 BIO_printf(bio_err, "Error verifying serial %s!\n",
816 ca_config.serial_status); 816 cfg.serial_status);
817 goto err; 817 goto err;
818 } 818 }
819 /*****************************************************************/ 819 /*****************************************************************/
820 /* we definitely need a private key, so let's get it */ 820 /* we definitely need a private key, so let's get it */
821 821
822 if ((ca_config.keyfile == NULL) && 822 if ((cfg.keyfile == NULL) &&
823 ((ca_config.keyfile = NCONF_get_string(conf, ca_config.section, 823 ((cfg.keyfile = NCONF_get_string(conf, cfg.section,
824 ENV_PRIVATE_KEY)) == NULL)) { 824 ENV_PRIVATE_KEY)) == NULL)) {
825 lookup_fail(ca_config.section, ENV_PRIVATE_KEY); 825 lookup_fail(cfg.section, ENV_PRIVATE_KEY);
826 goto err; 826 goto err;
827 } 827 }
828 if (ca_config.key == NULL) { 828 if (cfg.key == NULL) {
829 free_key = 1; 829 free_key = 1;
830 if (!app_passwd(bio_err, ca_config.passargin, NULL, 830 if (!app_passwd(bio_err, cfg.passargin, NULL,
831 &ca_config.key, NULL)) { 831 &cfg.key, NULL)) {
832 BIO_printf(bio_err, "Error getting password\n"); 832 BIO_printf(bio_err, "Error getting password\n");
833 goto err; 833 goto err;
834 } 834 }
835 } 835 }
836 pkey = load_key(bio_err, ca_config.keyfile, ca_config.keyform, 0, 836 pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0,
837 ca_config.key, "CA private key"); 837 cfg.key, "CA private key");
838 if (ca_config.key != NULL) 838 if (cfg.key != NULL)
839 explicit_bzero(ca_config.key, strlen(ca_config.key)); 839 explicit_bzero(cfg.key, strlen(cfg.key));
840 if (pkey == NULL) { 840 if (pkey == NULL) {
841 /* load_key() has already printed an appropriate message */ 841 /* load_key() has already printed an appropriate message */
842 goto err; 842 goto err;
843 } 843 }
844 /*****************************************************************/ 844 /*****************************************************************/
845 /* we need a certificate */ 845 /* we need a certificate */
846 if (!ca_config.selfsign || ca_config.spkac_file != NULL || 846 if (!cfg.selfsign || cfg.spkac_file != NULL ||
847 ca_config.ss_cert_file != NULL || ca_config.gencrl) { 847 cfg.ss_cert_file != NULL || cfg.gencrl) {
848 if ((ca_config.certfile == NULL) && 848 if ((cfg.certfile == NULL) &&
849 ((ca_config.certfile = NCONF_get_string(conf, 849 ((cfg.certfile = NCONF_get_string(conf,
850 ca_config.section, ENV_CERTIFICATE)) == NULL)) { 850 cfg.section, ENV_CERTIFICATE)) == NULL)) {
851 lookup_fail(ca_config.section, ENV_CERTIFICATE); 851 lookup_fail(cfg.section, ENV_CERTIFICATE);
852 goto err; 852 goto err;
853 } 853 }
854 x509 = load_cert(bio_err, ca_config.certfile, FORMAT_PEM, NULL, 854 x509 = load_cert(bio_err, cfg.certfile, FORMAT_PEM, NULL,
855 "CA certificate"); 855 "CA certificate");
856 if (x509 == NULL) 856 if (x509 == NULL)
857 goto err; 857 goto err;
@@ -862,21 +862,21 @@ ca_main(int argc, char **argv)
862 goto err; 862 goto err;
863 } 863 }
864 } 864 }
865 if (!ca_config.selfsign) 865 if (!cfg.selfsign)
866 x509p = x509; 866 x509p = x509;
867 867
868 f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE); 868 f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
869 if (f == NULL) 869 if (f == NULL)
870 ERR_clear_error(); 870 ERR_clear_error();
871 if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 871 if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
872 ca_config.preserve = 1; 872 cfg.preserve = 1;
873 f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK); 873 f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
874 if (f == NULL) 874 if (f == NULL)
875 ERR_clear_error(); 875 ERR_clear_error();
876 if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 876 if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
877 ca_config.msie_hack = 1; 877 cfg.msie_hack = 1;
878 878
879 f = NCONF_get_string(conf, ca_config.section, ENV_NAMEOPT); 879 f = NCONF_get_string(conf, cfg.section, ENV_NAMEOPT);
880 880
881 if (f != NULL) { 881 if (f != NULL) {
882 if (!set_name_ex(&nameopt, f)) { 882 if (!set_name_ex(&nameopt, f)) {
@@ -888,7 +888,7 @@ ca_main(int argc, char **argv)
888 } else 888 } else
889 ERR_clear_error(); 889 ERR_clear_error();
890 890
891 f = NCONF_get_string(conf, ca_config.section, ENV_CERTOPT); 891 f = NCONF_get_string(conf, cfg.section, ENV_CERTOPT);
892 892
893 if (f != NULL) { 893 if (f != NULL) {
894 if (!set_cert_ex(&certopt, f)) { 894 if (!set_cert_ex(&certopt, f)) {
@@ -900,7 +900,7 @@ ca_main(int argc, char **argv)
900 } else 900 } else
901 ERR_clear_error(); 901 ERR_clear_error();
902 902
903 f = NCONF_get_string(conf, ca_config.section, ENV_EXTCOPY); 903 f = NCONF_get_string(conf, cfg.section, ENV_EXTCOPY);
904 904
905 if (f != NULL) { 905 if (f != NULL) {
906 if (!set_ext_copy(&ext_copy, f)) { 906 if (!set_ext_copy(&ext_copy, f)) {
@@ -913,9 +913,9 @@ ca_main(int argc, char **argv)
913 913
914 /*****************************************************************/ 914 /*****************************************************************/
915 /* lookup where to write new certificates */ 915 /* lookup where to write new certificates */
916 if (ca_config.outdir == NULL && ca_config.req) { 916 if (cfg.outdir == NULL && cfg.req) {
917 if ((ca_config.outdir = NCONF_get_string(conf, 917 if ((cfg.outdir = NCONF_get_string(conf,
918 ca_config.section, ENV_NEW_CERTS_DIR)) == NULL) { 918 cfg.section, ENV_NEW_CERTS_DIR)) == NULL) {
919 BIO_printf(bio_err, "output directory %s not defined\n", 919 BIO_printf(bio_err, "output directory %s not defined\n",
920 ENV_NEW_CERTS_DIR); 920 ENV_NEW_CERTS_DIR);
921 goto err; 921 goto err;
@@ -923,9 +923,9 @@ ca_main(int argc, char **argv)
923 } 923 }
924 /*****************************************************************/ 924 /*****************************************************************/
925 /* we need to load the database file */ 925 /* we need to load the database file */
926 if ((dbfile = NCONF_get_string(conf, ca_config.section, 926 if ((dbfile = NCONF_get_string(conf, cfg.section,
927 ENV_DATABASE)) == NULL) { 927 ENV_DATABASE)) == NULL) {
928 lookup_fail(ca_config.section, ENV_DATABASE); 928 lookup_fail(cfg.section, ENV_DATABASE);
929 goto err; 929 goto err;
930 } 930 }
931 db = load_index(dbfile, &db_attr); 931 db = load_index(dbfile, &db_attr);
@@ -976,7 +976,7 @@ ca_main(int argc, char **argv)
976 p++; 976 p++;
977 } 977 }
978 } 978 }
979 if (ca_config.verbose) { 979 if (cfg.verbose) {
980 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 980 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
981 TXT_DB_write(out, db->db); 981 TXT_DB_write(out, db->db);
982 BIO_printf(bio_err, "%d entries loaded from the database\n", 982 BIO_printf(bio_err, "%d entries loaded from the database\n",
@@ -988,8 +988,8 @@ ca_main(int argc, char **argv)
988 988
989 /*****************************************************************/ 989 /*****************************************************************/
990 /* Update the db file for expired certificates */ 990 /* Update the db file for expired certificates */
991 if (ca_config.doupdatedb) { 991 if (cfg.doupdatedb) {
992 if (ca_config.verbose) 992 if (cfg.verbose)
993 BIO_printf(bio_err, "Updating %s ...\n", dbfile); 993 BIO_printf(bio_err, "Updating %s ...\n", dbfile);
994 994
995 i = do_updatedb(db); 995 i = do_updatedb(db);
@@ -997,7 +997,7 @@ ca_main(int argc, char **argv)
997 BIO_printf(bio_err, "Malloc failure\n"); 997 BIO_printf(bio_err, "Malloc failure\n");
998 goto err; 998 goto err;
999 } else if (i == 0) { 999 } else if (i == 0) {
1000 if (ca_config.verbose) 1000 if (cfg.verbose)
1001 BIO_printf(bio_err, 1001 BIO_printf(bio_err,
1002 "No entries found to mark expired\n"); 1002 "No entries found to mark expired\n");
1003 } else { 1003 } else {
@@ -1007,92 +1007,92 @@ ca_main(int argc, char **argv)
1007 if (!rotate_index(dbfile, "new", "old")) 1007 if (!rotate_index(dbfile, "new", "old"))
1008 goto err; 1008 goto err;
1009 1009
1010 if (ca_config.verbose) 1010 if (cfg.verbose)
1011 BIO_printf(bio_err, 1011 BIO_printf(bio_err,
1012 "Done. %d entries marked as expired\n", i); 1012 "Done. %d entries marked as expired\n", i);
1013 } 1013 }
1014 } 1014 }
1015 /*****************************************************************/ 1015 /*****************************************************************/
1016 /* Read extentions config file */ 1016 /* Read extentions config file */
1017 if (ca_config.extfile != NULL) { 1017 if (cfg.extfile != NULL) {
1018 extconf = NCONF_new(NULL); 1018 extconf = NCONF_new(NULL);
1019 if (NCONF_load(extconf, ca_config.extfile, &errorline) <= 0) { 1019 if (NCONF_load(extconf, cfg.extfile, &errorline) <= 0) {
1020 if (errorline <= 0) 1020 if (errorline <= 0)
1021 BIO_printf(bio_err, 1021 BIO_printf(bio_err,
1022 "ERROR: loading the config file '%s'\n", 1022 "ERROR: loading the config file '%s'\n",
1023 ca_config.extfile); 1023 cfg.extfile);
1024 else 1024 else
1025 BIO_printf(bio_err, 1025 BIO_printf(bio_err,
1026 "ERROR: on line %ld of config file '%s'\n", 1026 "ERROR: on line %ld of config file '%s'\n",
1027 errorline, ca_config.extfile); 1027 errorline, cfg.extfile);
1028 ret = 1; 1028 ret = 1;
1029 goto err; 1029 goto err;
1030 } 1030 }
1031 if (ca_config.verbose) 1031 if (cfg.verbose)
1032 BIO_printf(bio_err, 1032 BIO_printf(bio_err,
1033 "Successfully loaded extensions file %s\n", 1033 "Successfully loaded extensions file %s\n",
1034 ca_config.extfile); 1034 cfg.extfile);
1035 1035
1036 /* We can have sections in the ext file */ 1036 /* We can have sections in the ext file */
1037 if (ca_config.extensions == NULL && 1037 if (cfg.extensions == NULL &&
1038 (ca_config.extensions = NCONF_get_string(extconf, "default", 1038 (cfg.extensions = NCONF_get_string(extconf, "default",
1039 "extensions")) == NULL) 1039 "extensions")) == NULL)
1040 ca_config.extensions = "default"; 1040 cfg.extensions = "default";
1041 } 1041 }
1042 /*****************************************************************/ 1042 /*****************************************************************/
1043 if (ca_config.req || ca_config.gencrl) { 1043 if (cfg.req || cfg.gencrl) {
1044 if (ca_config.outfile != NULL) { 1044 if (cfg.outfile != NULL) {
1045 if (BIO_write_filename(Sout, ca_config.outfile) <= 0) { 1045 if (BIO_write_filename(Sout, cfg.outfile) <= 0) {
1046 perror(ca_config.outfile); 1046 perror(cfg.outfile);
1047 goto err; 1047 goto err;
1048 } 1048 }
1049 } else { 1049 } else {
1050 BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 1050 BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1051 } 1051 }
1052 } 1052 }
1053 if ((ca_config.md == NULL) && 1053 if ((cfg.md == NULL) &&
1054 ((ca_config.md = NCONF_get_string(conf, ca_config.section, 1054 ((cfg.md = NCONF_get_string(conf, cfg.section,
1055 ENV_DEFAULT_MD)) == NULL)) { 1055 ENV_DEFAULT_MD)) == NULL)) {
1056 lookup_fail(ca_config.section, ENV_DEFAULT_MD); 1056 lookup_fail(cfg.section, ENV_DEFAULT_MD);
1057 goto err; 1057 goto err;
1058 } 1058 }
1059 if (strcmp(ca_config.md, "default") == 0) { 1059 if (strcmp(cfg.md, "default") == 0) {
1060 int def_nid; 1060 int def_nid;
1061 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { 1061 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
1062 BIO_puts(bio_err, "no default digest\n"); 1062 BIO_puts(bio_err, "no default digest\n");
1063 goto err; 1063 goto err;
1064 } 1064 }
1065 ca_config.md = (char *) OBJ_nid2sn(def_nid); 1065 cfg.md = (char *) OBJ_nid2sn(def_nid);
1066 if (ca_config.md == NULL) 1066 if (cfg.md == NULL)
1067 goto err; 1067 goto err;
1068 } 1068 }
1069 if ((dgst = EVP_get_digestbyname(ca_config.md)) == NULL) { 1069 if ((dgst = EVP_get_digestbyname(cfg.md)) == NULL) {
1070 BIO_printf(bio_err, 1070 BIO_printf(bio_err,
1071 "%s is an unsupported message digest type\n", ca_config.md); 1071 "%s is an unsupported message digest type\n", cfg.md);
1072 goto err; 1072 goto err;
1073 } 1073 }
1074 if (ca_config.req) { 1074 if (cfg.req) {
1075 if ((ca_config.email_dn == 1) && 1075 if ((cfg.email_dn == 1) &&
1076 ((tmp_email_dn = NCONF_get_string(conf, ca_config.section, 1076 ((tmp_email_dn = NCONF_get_string(conf, cfg.section,
1077 ENV_DEFAULT_EMAIL_DN)) != NULL)) { 1077 ENV_DEFAULT_EMAIL_DN)) != NULL)) {
1078 if (strcmp(tmp_email_dn, "no") == 0) 1078 if (strcmp(tmp_email_dn, "no") == 0)
1079 ca_config.email_dn = 0; 1079 cfg.email_dn = 0;
1080 } 1080 }
1081 if (ca_config.verbose) 1081 if (cfg.verbose)
1082 BIO_printf(bio_err, "message digest is %s\n", 1082 BIO_printf(bio_err, "message digest is %s\n",
1083 OBJ_nid2ln(EVP_MD_type(dgst))); 1083 OBJ_nid2ln(EVP_MD_type(dgst)));
1084 if ((ca_config.policy == NULL) && 1084 if ((cfg.policy == NULL) &&
1085 ((ca_config.policy = NCONF_get_string(conf, 1085 ((cfg.policy = NCONF_get_string(conf,
1086 ca_config.section, ENV_POLICY)) == NULL)) { 1086 cfg.section, ENV_POLICY)) == NULL)) {
1087 lookup_fail(ca_config.section, ENV_POLICY); 1087 lookup_fail(cfg.section, ENV_POLICY);
1088 goto err; 1088 goto err;
1089 } 1089 }
1090 if (ca_config.verbose) 1090 if (cfg.verbose)
1091 BIO_printf(bio_err, "policy is %s\n", ca_config.policy); 1091 BIO_printf(bio_err, "policy is %s\n", cfg.policy);
1092 1092
1093 if ((serialfile = NCONF_get_string(conf, ca_config.section, 1093 if ((serialfile = NCONF_get_string(conf, cfg.section,
1094 ENV_SERIAL)) == NULL) { 1094 ENV_SERIAL)) == NULL) {
1095 lookup_fail(ca_config.section, ENV_SERIAL); 1095 lookup_fail(cfg.section, ENV_SERIAL);
1096 goto err; 1096 goto err;
1097 } 1097 }
1098 if (extconf == NULL) { 1098 if (extconf == NULL) {
@@ -1100,59 +1100,59 @@ ca_main(int argc, char **argv)
1100 * no '-extfile' option, so we look for extensions in 1100 * no '-extfile' option, so we look for extensions in
1101 * the main configuration file 1101 * the main configuration file
1102 */ 1102 */
1103 if (ca_config.extensions == NULL) { 1103 if (cfg.extensions == NULL) {
1104 ca_config.extensions = NCONF_get_string(conf, 1104 cfg.extensions = NCONF_get_string(conf,
1105 ca_config.section, ENV_EXTENSIONS); 1105 cfg.section, ENV_EXTENSIONS);
1106 if (ca_config.extensions == NULL) 1106 if (cfg.extensions == NULL)
1107 ERR_clear_error(); 1107 ERR_clear_error();
1108 } 1108 }
1109 if (ca_config.extensions != NULL) { 1109 if (cfg.extensions != NULL) {
1110 /* Check syntax of file */ 1110 /* Check syntax of file */
1111 X509V3_CTX ctx; 1111 X509V3_CTX ctx;
1112 X509V3_set_ctx_test(&ctx); 1112 X509V3_set_ctx_test(&ctx);
1113 X509V3_set_nconf(&ctx, conf); 1113 X509V3_set_nconf(&ctx, conf);
1114 if (!X509V3_EXT_add_nconf(conf, &ctx, 1114 if (!X509V3_EXT_add_nconf(conf, &ctx,
1115 ca_config.extensions, NULL)) { 1115 cfg.extensions, NULL)) {
1116 BIO_printf(bio_err, 1116 BIO_printf(bio_err,
1117 "Error Loading extension section %s\n", 1117 "Error Loading extension section %s\n",
1118 ca_config.extensions); 1118 cfg.extensions);
1119 ret = 1; 1119 ret = 1;
1120 goto err; 1120 goto err;
1121 } 1121 }
1122 } 1122 }
1123 } 1123 }
1124 if (ca_config.startdate == NULL) { 1124 if (cfg.startdate == NULL) {
1125 ca_config.startdate = NCONF_get_string(conf, 1125 cfg.startdate = NCONF_get_string(conf,
1126 ca_config.section, ENV_DEFAULT_STARTDATE); 1126 cfg.section, ENV_DEFAULT_STARTDATE);
1127 if (ca_config.startdate == NULL) 1127 if (cfg.startdate == NULL)
1128 ERR_clear_error(); 1128 ERR_clear_error();
1129 } 1129 }
1130 if (ca_config.startdate == NULL) 1130 if (cfg.startdate == NULL)
1131 ca_config.startdate = "today"; 1131 cfg.startdate = "today";
1132 1132
1133 if (ca_config.enddate == NULL) { 1133 if (cfg.enddate == NULL) {
1134 ca_config.enddate = NCONF_get_string(conf, 1134 cfg.enddate = NCONF_get_string(conf,
1135 ca_config.section, ENV_DEFAULT_ENDDATE); 1135 cfg.section, ENV_DEFAULT_ENDDATE);
1136 if (ca_config.enddate == NULL) 1136 if (cfg.enddate == NULL)
1137 ERR_clear_error(); 1137 ERR_clear_error();
1138 } 1138 }
1139 if (ca_config.days == 0 && ca_config.enddate == NULL) { 1139 if (cfg.days == 0 && cfg.enddate == NULL) {
1140 if (!NCONF_get_number(conf, ca_config.section, 1140 if (!NCONF_get_number(conf, cfg.section,
1141 ENV_DEFAULT_DAYS, &ca_config.days)) 1141 ENV_DEFAULT_DAYS, &cfg.days))
1142 ca_config.days = 0; 1142 cfg.days = 0;
1143 } 1143 }
1144 if (ca_config.enddate == NULL && ca_config.days == 0) { 1144 if (cfg.enddate == NULL && cfg.days == 0) {
1145 BIO_printf(bio_err, 1145 BIO_printf(bio_err,
1146 "cannot lookup how many days to certify for\n"); 1146 "cannot lookup how many days to certify for\n");
1147 goto err; 1147 goto err;
1148 } 1148 }
1149 if ((serial = load_serial(serialfile, ca_config.create_serial, 1149 if ((serial = load_serial(serialfile, cfg.create_serial,
1150 NULL)) == NULL) { 1150 NULL)) == NULL) {
1151 BIO_printf(bio_err, 1151 BIO_printf(bio_err,
1152 "error while loading serial number\n"); 1152 "error while loading serial number\n");
1153 goto err; 1153 goto err;
1154 } 1154 }
1155 if (ca_config.verbose) { 1155 if (cfg.verbose) {
1156 if (BN_is_zero(serial)) 1156 if (BN_is_zero(serial))
1157 BIO_printf(bio_err, 1157 BIO_printf(bio_err,
1158 "next serial number is 00\n"); 1158 "next serial number is 00\n");
@@ -1164,25 +1164,25 @@ ca_main(int argc, char **argv)
1164 free(f); 1164 free(f);
1165 } 1165 }
1166 } 1166 }
1167 if ((attribs = NCONF_get_section(conf, ca_config.policy)) == 1167 if ((attribs = NCONF_get_section(conf, cfg.policy)) ==
1168 NULL) { 1168 NULL) {
1169 BIO_printf(bio_err, "unable to find 'section' for %s\n", 1169 BIO_printf(bio_err, "unable to find 'section' for %s\n",
1170 ca_config.policy); 1170 cfg.policy);
1171 goto err; 1171 goto err;
1172 } 1172 }
1173 if ((cert_sk = sk_X509_new_null()) == NULL) { 1173 if ((cert_sk = sk_X509_new_null()) == NULL) {
1174 BIO_printf(bio_err, "Memory allocation failure\n"); 1174 BIO_printf(bio_err, "Memory allocation failure\n");
1175 goto err; 1175 goto err;
1176 } 1176 }
1177 if (ca_config.spkac_file != NULL) { 1177 if (cfg.spkac_file != NULL) {
1178 total++; 1178 total++;
1179 j = certify_spkac(&x, ca_config.spkac_file, pkey, x509, 1179 j = certify_spkac(&x, cfg.spkac_file, pkey, x509,
1180 dgst, ca_config.sigopts, attribs, db, serial, 1180 dgst, cfg.sigopts, attribs, db, serial,
1181 ca_config.subj, ca_config.chtype, 1181 cfg.subj, cfg.chtype,
1182 ca_config.multirdn, ca_config.email_dn, 1182 cfg.multirdn, cfg.email_dn,
1183 ca_config.startdate, ca_config.enddate, 1183 cfg.startdate, cfg.enddate,
1184 ca_config.days, ca_config.extensions, conf, 1184 cfg.days, cfg.extensions, conf,
1185 ca_config.verbose, certopt, nameopt, default_op, 1185 cfg.verbose, certopt, nameopt, default_op,
1186 ext_copy); 1186 ext_copy);
1187 if (j < 0) 1187 if (j < 0)
1188 goto err; 1188 goto err;
@@ -1196,21 +1196,21 @@ ca_main(int argc, char **argv)
1196 "Memory allocation failure\n"); 1196 "Memory allocation failure\n");
1197 goto err; 1197 goto err;
1198 } 1198 }
1199 if (ca_config.outfile != NULL) { 1199 if (cfg.outfile != NULL) {
1200 output_der = 1; 1200 output_der = 1;
1201 ca_config.batch = 1; 1201 cfg.batch = 1;
1202 } 1202 }
1203 } 1203 }
1204 } 1204 }
1205 if (ca_config.ss_cert_file != NULL) { 1205 if (cfg.ss_cert_file != NULL) {
1206 total++; 1206 total++;
1207 j = certify_cert(&x, ca_config.ss_cert_file, pkey, x509, 1207 j = certify_cert(&x, cfg.ss_cert_file, pkey, x509,
1208 dgst, ca_config.sigopts, attribs, db, serial, 1208 dgst, cfg.sigopts, attribs, db, serial,
1209 ca_config.subj, ca_config.chtype, 1209 cfg.subj, cfg.chtype,
1210 ca_config.multirdn, ca_config.email_dn, 1210 cfg.multirdn, cfg.email_dn,
1211 ca_config.startdate, ca_config.enddate, 1211 cfg.startdate, cfg.enddate,
1212 ca_config.days, ca_config.batch, 1212 cfg.days, cfg.batch,
1213 ca_config.extensions, conf, ca_config.verbose, 1213 cfg.extensions, conf, cfg.verbose,
1214 certopt, nameopt, default_op, ext_copy); 1214 certopt, nameopt, default_op, ext_copy);
1215 if (j < 0) 1215 if (j < 0)
1216 goto err; 1216 goto err;
@@ -1226,17 +1226,17 @@ ca_main(int argc, char **argv)
1226 } 1226 }
1227 } 1227 }
1228 } 1228 }
1229 if (ca_config.infile != NULL) { 1229 if (cfg.infile != NULL) {
1230 total++; 1230 total++;
1231 j = certify(&x, ca_config.infile, pkey, x509p, dgst, 1231 j = certify(&x, cfg.infile, pkey, x509p, dgst,
1232 ca_config.sigopts, attribs, db, serial, 1232 cfg.sigopts, attribs, db, serial,
1233 ca_config.subj, ca_config.chtype, 1233 cfg.subj, cfg.chtype,
1234 ca_config.multirdn, ca_config.email_dn, 1234 cfg.multirdn, cfg.email_dn,
1235 ca_config.startdate, ca_config.enddate, 1235 cfg.startdate, cfg.enddate,
1236 ca_config.days, ca_config.batch, 1236 cfg.days, cfg.batch,
1237 ca_config.extensions, conf, ca_config.verbose, 1237 cfg.extensions, conf, cfg.verbose,
1238 certopt, nameopt, default_op, ext_copy, 1238 certopt, nameopt, default_op, ext_copy,
1239 ca_config.selfsign); 1239 cfg.selfsign);
1240 if (j < 0) 1240 if (j < 0)
1241 goto err; 1241 goto err;
1242 if (j > 0) { 1242 if (j > 0) {
@@ -1251,17 +1251,17 @@ ca_main(int argc, char **argv)
1251 } 1251 }
1252 } 1252 }
1253 } 1253 }
1254 for (i = 0; i < ca_config.infiles_num; i++) { 1254 for (i = 0; i < cfg.infiles_num; i++) {
1255 total++; 1255 total++;
1256 j = certify(&x, ca_config.infiles[i], pkey, x509p, dgst, 1256 j = certify(&x, cfg.infiles[i], pkey, x509p, dgst,
1257 ca_config.sigopts, attribs, db, serial, 1257 cfg.sigopts, attribs, db, serial,
1258 ca_config.subj, ca_config.chtype, 1258 cfg.subj, cfg.chtype,
1259 ca_config.multirdn, ca_config.email_dn, 1259 cfg.multirdn, cfg.email_dn,
1260 ca_config.startdate, ca_config.enddate, 1260 cfg.startdate, cfg.enddate,
1261 ca_config.days, ca_config.batch, 1261 cfg.days, cfg.batch,
1262 ca_config.extensions, conf, ca_config.verbose, 1262 cfg.extensions, conf, cfg.verbose,
1263 certopt, nameopt, default_op, ext_copy, 1263 certopt, nameopt, default_op, ext_copy,
1264 ca_config.selfsign); 1264 cfg.selfsign);
1265 if (j < 0) 1265 if (j < 0)
1266 goto err; 1266 goto err;
1267 if (j > 0) { 1267 if (j > 0) {
@@ -1282,7 +1282,7 @@ ca_main(int argc, char **argv)
1282 */ 1282 */
1283 1283
1284 if (sk_X509_num(cert_sk) > 0) { 1284 if (sk_X509_num(cert_sk) > 0) {
1285 if (!ca_config.batch) { 1285 if (!cfg.batch) {
1286 char answer[10]; 1286 char answer[10];
1287 1287
1288 BIO_printf(bio_err, 1288 BIO_printf(bio_err,
@@ -1313,7 +1313,7 @@ ca_main(int argc, char **argv)
1313 if (!save_index(dbfile, "new", db)) 1313 if (!save_index(dbfile, "new", db))
1314 goto err; 1314 goto err;
1315 } 1315 }
1316 if (ca_config.verbose) 1316 if (cfg.verbose)
1317 BIO_printf(bio_err, "writing new certificates\n"); 1317 BIO_printf(bio_err, "writing new certificates\n");
1318 for (i = 0; i < sk_X509_num(cert_sk); i++) { 1318 for (i = 0; i < sk_X509_num(cert_sk); i++) {
1319 ASN1_INTEGER *serialNumber; 1319 ASN1_INTEGER *serialNumber;
@@ -1334,7 +1334,7 @@ ca_main(int argc, char **argv)
1334 serialstr = strdup("00"); 1334 serialstr = strdup("00");
1335 if (serialstr != NULL) { 1335 if (serialstr != NULL) {
1336 k = snprintf(pempath, sizeof(pempath), 1336 k = snprintf(pempath, sizeof(pempath),
1337 "%s/%s.pem", ca_config.outdir, serialstr); 1337 "%s/%s.pem", cfg.outdir, serialstr);
1338 free(serialstr); 1338 free(serialstr);
1339 if (k < 0 || k >= sizeof(pempath)) { 1339 if (k < 0 || k >= sizeof(pempath)) {
1340 BIO_printf(bio_err, 1340 BIO_printf(bio_err,
@@ -1346,7 +1346,7 @@ ca_main(int argc, char **argv)
1346 "memory allocation failed\n"); 1346 "memory allocation failed\n");
1347 goto err; 1347 goto err;
1348 } 1348 }
1349 if (ca_config.verbose) 1349 if (cfg.verbose)
1350 BIO_printf(bio_err, "writing %s\n", pempath); 1350 BIO_printf(bio_err, "writing %s\n", pempath);
1351 1351
1352 if (BIO_write_filename(Cout, pempath) <= 0) { 1352 if (BIO_write_filename(Cout, pempath) <= 0) {
@@ -1354,10 +1354,10 @@ ca_main(int argc, char **argv)
1354 goto err; 1354 goto err;
1355 } 1355 }
1356 if (!write_new_certificate(Cout, x, 0, 1356 if (!write_new_certificate(Cout, x, 0,
1357 ca_config.notext)) 1357 cfg.notext))
1358 goto err; 1358 goto err;
1359 if (!write_new_certificate(Sout, x, output_der, 1359 if (!write_new_certificate(Sout, x, output_der,
1360 ca_config.notext)) 1360 cfg.notext))
1361 goto err; 1361 goto err;
1362 } 1362 }
1363 1363
@@ -1373,29 +1373,29 @@ ca_main(int argc, char **argv)
1373 } 1373 }
1374 } 1374 }
1375 /*****************************************************************/ 1375 /*****************************************************************/
1376 if (ca_config.gencrl) { 1376 if (cfg.gencrl) {
1377 int crl_v2 = 0; 1377 int crl_v2 = 0;
1378 if (ca_config.crl_ext == NULL) { 1378 if (cfg.crl_ext == NULL) {
1379 ca_config.crl_ext = NCONF_get_string(conf, 1379 cfg.crl_ext = NCONF_get_string(conf,
1380 ca_config.section, ENV_CRLEXT); 1380 cfg.section, ENV_CRLEXT);
1381 if (ca_config.crl_ext == NULL) 1381 if (cfg.crl_ext == NULL)
1382 ERR_clear_error(); 1382 ERR_clear_error();
1383 } 1383 }
1384 if (ca_config.crl_ext != NULL) { 1384 if (cfg.crl_ext != NULL) {
1385 /* Check syntax of file */ 1385 /* Check syntax of file */
1386 X509V3_CTX ctx; 1386 X509V3_CTX ctx;
1387 X509V3_set_ctx_test(&ctx); 1387 X509V3_set_ctx_test(&ctx);
1388 X509V3_set_nconf(&ctx, conf); 1388 X509V3_set_nconf(&ctx, conf);
1389 if (!X509V3_EXT_add_nconf(conf, &ctx, ca_config.crl_ext, 1389 if (!X509V3_EXT_add_nconf(conf, &ctx, cfg.crl_ext,
1390 NULL)) { 1390 NULL)) {
1391 BIO_printf(bio_err, 1391 BIO_printf(bio_err,
1392 "Error Loading CRL extension section %s\n", 1392 "Error Loading CRL extension section %s\n",
1393 ca_config.crl_ext); 1393 cfg.crl_ext);
1394 ret = 1; 1394 ret = 1;
1395 goto err; 1395 goto err;
1396 } 1396 }
1397 } 1397 }
1398 if ((crlnumberfile = NCONF_get_string(conf, ca_config.section, 1398 if ((crlnumberfile = NCONF_get_string(conf, cfg.section,
1399 ENV_CRLNUMBER)) != NULL) 1399 ENV_CRLNUMBER)) != NULL)
1400 if ((crlnumber = load_serial(crlnumberfile, 0, 1400 if ((crlnumber = load_serial(crlnumberfile, 0,
1401 NULL)) == NULL) { 1401 NULL)) == NULL) {
@@ -1403,23 +1403,23 @@ ca_main(int argc, char **argv)
1403 "error while loading CRL number\n"); 1403 "error while loading CRL number\n");
1404 goto err; 1404 goto err;
1405 } 1405 }
1406 if (!ca_config.crldays && !ca_config.crlhours && 1406 if (!cfg.crldays && !cfg.crlhours &&
1407 !ca_config.crlsec) { 1407 !cfg.crlsec) {
1408 if (!NCONF_get_number(conf, ca_config.section, 1408 if (!NCONF_get_number(conf, cfg.section,
1409 ENV_DEFAULT_CRL_DAYS, &ca_config.crldays)) 1409 ENV_DEFAULT_CRL_DAYS, &cfg.crldays))
1410 ca_config.crldays = 0; 1410 cfg.crldays = 0;
1411 if (!NCONF_get_number(conf, ca_config.section, 1411 if (!NCONF_get_number(conf, cfg.section,
1412 ENV_DEFAULT_CRL_HOURS, &ca_config.crlhours)) 1412 ENV_DEFAULT_CRL_HOURS, &cfg.crlhours))
1413 ca_config.crlhours = 0; 1413 cfg.crlhours = 0;
1414 ERR_clear_error(); 1414 ERR_clear_error();
1415 } 1415 }
1416 if ((ca_config.crldays == 0) && (ca_config.crlhours == 0) && 1416 if ((cfg.crldays == 0) && (cfg.crlhours == 0) &&
1417 (ca_config.crlsec == 0)) { 1417 (cfg.crlsec == 0)) {
1418 BIO_printf(bio_err, 1418 BIO_printf(bio_err,
1419 "cannot lookup how long until the next CRL is issued\n"); 1419 "cannot lookup how long until the next CRL is issued\n");
1420 goto err; 1420 goto err;
1421 } 1421 }
1422 if (ca_config.verbose) 1422 if (cfg.verbose)
1423 BIO_printf(bio_err, "making CRL\n"); 1423 BIO_printf(bio_err, "making CRL\n");
1424 if ((crl = X509_CRL_new()) == NULL) 1424 if ((crl = X509_CRL_new()) == NULL)
1425 goto err; 1425 goto err;
@@ -1430,8 +1430,8 @@ ca_main(int argc, char **argv)
1430 goto err; 1430 goto err;
1431 if (!X509_CRL_set_lastUpdate(crl, tmptm)) 1431 if (!X509_CRL_set_lastUpdate(crl, tmptm))
1432 goto err; 1432 goto err;
1433 if (X509_time_adj_ex(tmptm, ca_config.crldays, 1433 if (X509_time_adj_ex(tmptm, cfg.crldays,
1434 ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) == 1434 cfg.crlhours * 60 * 60 + cfg.crlsec, NULL) ==
1435 NULL) { 1435 NULL) {
1436 BIO_puts(bio_err, "error setting CRL nextUpdate\n"); 1436 BIO_puts(bio_err, "error setting CRL nextUpdate\n");
1437 goto err; 1437 goto err;
@@ -1475,19 +1475,19 @@ ca_main(int argc, char **argv)
1475 X509_CRL_sort(crl); 1475 X509_CRL_sort(crl);
1476 1476
1477 /* we now have a CRL */ 1477 /* we now have a CRL */
1478 if (ca_config.verbose) 1478 if (cfg.verbose)
1479 BIO_printf(bio_err, "signing CRL\n"); 1479 BIO_printf(bio_err, "signing CRL\n");
1480 1480
1481 /* Add any extensions asked for */ 1481 /* Add any extensions asked for */
1482 1482
1483 if (ca_config.crl_ext != NULL || crlnumberfile != NULL) { 1483 if (cfg.crl_ext != NULL || crlnumberfile != NULL) {
1484 X509V3_CTX crlctx; 1484 X509V3_CTX crlctx;
1485 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); 1485 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
1486 X509V3_set_nconf(&crlctx, conf); 1486 X509V3_set_nconf(&crlctx, conf);
1487 1487
1488 if (ca_config.crl_ext != NULL) 1488 if (cfg.crl_ext != NULL)
1489 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, 1489 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
1490 ca_config.crl_ext, crl)) 1490 cfg.crl_ext, crl))
1491 goto err; 1491 goto err;
1492 if (crlnumberfile != NULL) { 1492 if (crlnumberfile != NULL) {
1493 tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL); 1493 tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL);
@@ -1504,7 +1504,7 @@ ca_main(int argc, char **argv)
1504 goto err; 1504 goto err;
1505 } 1505 }
1506 } 1506 }
1507 if (ca_config.crl_ext != NULL || crl_v2) { 1507 if (cfg.crl_ext != NULL || crl_v2) {
1508 if (!X509_CRL_set_version(crl, 1)) 1508 if (!X509_CRL_set_version(crl, 1))
1509 goto err; /* version 2 CRL */ 1509 goto err; /* version 2 CRL */
1510 } 1510 }
@@ -1517,7 +1517,7 @@ ca_main(int argc, char **argv)
1517 crlnumber = NULL; 1517 crlnumber = NULL;
1518 1518
1519 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, 1519 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst,
1520 ca_config.sigopts)) 1520 cfg.sigopts))
1521 goto err; 1521 goto err;
1522 1522
1523 if (!PEM_write_bio_X509_CRL(Sout, crl)) 1523 if (!PEM_write_bio_X509_CRL(Sout, crl))
@@ -1529,18 +1529,18 @@ ca_main(int argc, char **argv)
1529 1529
1530 } 1530 }
1531 /*****************************************************************/ 1531 /*****************************************************************/
1532 if (ca_config.dorevoke) { 1532 if (cfg.dorevoke) {
1533 if (ca_config.infile == NULL) { 1533 if (cfg.infile == NULL) {
1534 BIO_printf(bio_err, "no input files\n"); 1534 BIO_printf(bio_err, "no input files\n");
1535 goto err; 1535 goto err;
1536 } else { 1536 } else {
1537 X509 *revcert; 1537 X509 *revcert;
1538 revcert = load_cert(bio_err, ca_config.infile, 1538 revcert = load_cert(bio_err, cfg.infile,
1539 FORMAT_PEM, NULL, ca_config.infile); 1539 FORMAT_PEM, NULL, cfg.infile);
1540 if (revcert == NULL) 1540 if (revcert == NULL)
1541 goto err; 1541 goto err;
1542 j = do_revoke(revcert, db, ca_config.rev_type, 1542 j = do_revoke(revcert, db, cfg.rev_type,
1543 ca_config.rev_arg); 1543 cfg.rev_arg);
1544 if (j <= 0) 1544 if (j <= 0)
1545 goto err; 1545 goto err;
1546 X509_free(revcert); 1546 X509_free(revcert);
@@ -1570,11 +1570,11 @@ ca_main(int argc, char **argv)
1570 if (ret) 1570 if (ret)
1571 ERR_print_errors(bio_err); 1571 ERR_print_errors(bio_err);
1572 if (free_key) 1572 if (free_key)
1573 free(ca_config.key); 1573 free(cfg.key);
1574 BN_free(serial); 1574 BN_free(serial);
1575 BN_free(crlnumber); 1575 BN_free(crlnumber);
1576 free_index(db); 1576 free_index(db);
1577 sk_OPENSSL_STRING_free(ca_config.sigopts); 1577 sk_OPENSSL_STRING_free(cfg.sigopts);
1578 EVP_PKEY_free(pkey); 1578 EVP_PKEY_free(pkey);
1579 X509_free(x509); 1579 X509_free(x509);
1580 X509_CRL_free(crl); 1580 X509_CRL_free(crl);
@@ -1778,7 +1778,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1778 if (obj == NULL) 1778 if (obj == NULL)
1779 goto err; 1779 goto err;
1780 1780
1781 if (ca_config.msie_hack) { 1781 if (cfg.msie_hack) {
1782 /* assume all type should be strings */ 1782 /* assume all type should be strings */
1783 nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne)); 1783 nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));
1784 if (nid == NID_undef) 1784 if (nid == NID_undef)
@@ -1940,7 +1940,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1940 } 1940 }
1941 } 1941 }
1942 1942
1943 if (ca_config.preserve) { 1943 if (cfg.preserve) {
1944 X509_NAME_free(subject); 1944 X509_NAME_free(subject);
1945 /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ 1945 /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
1946 subject = X509_NAME_dup(name); 1946 subject = X509_NAME_dup(name);
diff --git a/src/usr.bin/openssl/certhash.c b/src/usr.bin/openssl/certhash.c
index 785f1216ad..5ee29b8d01 100644
--- a/src/usr.bin/openssl/certhash.c
+++ b/src/usr.bin/openssl/certhash.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: certhash.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: certhash.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -36,20 +36,20 @@
36static struct { 36static struct {
37 int dryrun; 37 int dryrun;
38 int verbose; 38 int verbose;
39} certhash_config; 39} cfg;
40 40
41static const struct option certhash_options[] = { 41static const struct option certhash_options[] = {
42 { 42 {
43 .name = "n", 43 .name = "n",
44 .desc = "Perform a dry-run - do not make any changes", 44 .desc = "Perform a dry-run - do not make any changes",
45 .type = OPTION_FLAG, 45 .type = OPTION_FLAG,
46 .opt.flag = &certhash_config.dryrun, 46 .opt.flag = &cfg.dryrun,
47 }, 47 },
48 { 48 {
49 .name = "v", 49 .name = "v",
50 .desc = "Verbose", 50 .desc = "Verbose",
51 .type = OPTION_FLAG, 51 .type = OPTION_FLAG,
52 .opt.flag = &certhash_config.verbose, 52 .opt.flag = &cfg.verbose,
53 }, 53 },
54 { NULL }, 54 { NULL },
55}; 55};
@@ -569,7 +569,7 @@ certhash_directory(const char *path)
569 goto err; 569 goto err;
570 } 570 }
571 571
572 if (certhash_config.verbose) 572 if (cfg.verbose)
573 fprintf(stdout, "scanning directory %s\n", path); 573 fprintf(stdout, "scanning directory %s\n", path);
574 574
575 /* Create lists of existing hash links, certs and CRLs. */ 575 /* Create lists of existing hash links, certs and CRLs. */
@@ -594,11 +594,11 @@ certhash_directory(const char *path)
594 if (link->exists == 0 || 594 if (link->exists == 0 ||
595 (link->reference != NULL && link->changed == 0)) 595 (link->reference != NULL && link->changed == 0))
596 continue; 596 continue;
597 if (certhash_config.verbose) 597 if (cfg.verbose)
598 fprintf(stdout, "%s link %s -> %s\n", 598 fprintf(stdout, "%s link %s -> %s\n",
599 (certhash_config.dryrun ? "would remove" : 599 (cfg.dryrun ? "would remove" :
600 "removing"), link->filename, link->target); 600 "removing"), link->filename, link->target);
601 if (certhash_config.dryrun) 601 if (cfg.dryrun)
602 continue; 602 continue;
603 if (unlink(link->filename) == -1) { 603 if (unlink(link->filename) == -1) {
604 fprintf(stderr, "failed to remove link %s\n", 604 fprintf(stderr, "failed to remove link %s\n",
@@ -611,12 +611,12 @@ certhash_directory(const char *path)
611 for (link = links; link != NULL; link = link->next) { 611 for (link = links; link != NULL; link = link->next) {
612 if (link->exists == 1 && link->changed == 0) 612 if (link->exists == 1 && link->changed == 0)
613 continue; 613 continue;
614 if (certhash_config.verbose) 614 if (cfg.verbose)
615 fprintf(stdout, "%s link %s -> %s\n", 615 fprintf(stdout, "%s link %s -> %s\n",
616 (certhash_config.dryrun ? "would create" : 616 (cfg.dryrun ? "would create" :
617 "creating"), link->filename, 617 "creating"), link->filename,
618 link->reference->filename); 618 link->reference->filename);
619 if (certhash_config.dryrun) 619 if (cfg.dryrun)
620 continue; 620 continue;
621 if (symlink(link->reference->filename, link->filename) == -1) { 621 if (symlink(link->reference->filename, link->filename) == -1) {
622 fprintf(stderr, "failed to create link %s -> %s\n", 622 fprintf(stderr, "failed to create link %s -> %s\n",
@@ -658,7 +658,7 @@ certhash_main(int argc, char **argv)
658 exit(1); 658 exit(1);
659 } 659 }
660 660
661 memset(&certhash_config, 0, sizeof(certhash_config)); 661 memset(&cfg, 0, sizeof(cfg));
662 662
663 if (options_parse(argc, argv, certhash_options, NULL, &argsused) != 0) { 663 if (options_parse(argc, argv, certhash_options, NULL, &argsused) != 0) {
664 certhash_usage(); 664 certhash_usage();
diff --git a/src/usr.bin/openssl/ciphers.c b/src/usr.bin/openssl/ciphers.c
index 73d9e63b6f..247929bb9e 100644
--- a/src/usr.bin/openssl/ciphers.c
+++ b/src/usr.bin/openssl/ciphers.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ciphers.c,v 1.17 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: ciphers.c,v 1.18 2023/03/06 14:32:05 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -29,65 +29,65 @@ static struct {
29 int use_supported; 29 int use_supported;
30 int verbose; 30 int verbose;
31 int version; 31 int version;
32} ciphers_config; 32} cfg;
33 33
34static const struct option ciphers_options[] = { 34static const struct option ciphers_options[] = {
35 { 35 {
36 .name = "h", 36 .name = "h",
37 .type = OPTION_FLAG, 37 .type = OPTION_FLAG,
38 .opt.flag = &ciphers_config.usage, 38 .opt.flag = &cfg.usage,
39 }, 39 },
40 { 40 {
41 .name = "?", 41 .name = "?",
42 .type = OPTION_FLAG, 42 .type = OPTION_FLAG,
43 .opt.flag = &ciphers_config.usage, 43 .opt.flag = &cfg.usage,
44 }, 44 },
45 { 45 {
46 .name = "s", 46 .name = "s",
47 .desc = "Only list ciphers that are supported by the TLS method", 47 .desc = "Only list ciphers that are supported by the TLS method",
48 .type = OPTION_FLAG, 48 .type = OPTION_FLAG,
49 .opt.flag = &ciphers_config.use_supported, 49 .opt.flag = &cfg.use_supported,
50 }, 50 },
51 { 51 {
52 .name = "tls1", 52 .name = "tls1",
53 .desc = "Use TLS protocol version 1", 53 .desc = "Use TLS protocol version 1",
54 .type = OPTION_VALUE, 54 .type = OPTION_VALUE,
55 .opt.value = &ciphers_config.version, 55 .opt.value = &cfg.version,
56 .value = TLS1_VERSION, 56 .value = TLS1_VERSION,
57 }, 57 },
58 { 58 {
59 .name = "tls1_1", 59 .name = "tls1_1",
60 .desc = "Use TLS protocol version 1.1", 60 .desc = "Use TLS protocol version 1.1",
61 .type = OPTION_VALUE, 61 .type = OPTION_VALUE,
62 .opt.value = &ciphers_config.version, 62 .opt.value = &cfg.version,
63 .value = TLS1_1_VERSION, 63 .value = TLS1_1_VERSION,
64 }, 64 },
65 { 65 {
66 .name = "tls1_2", 66 .name = "tls1_2",
67 .desc = "Use TLS protocol version 1.2", 67 .desc = "Use TLS protocol version 1.2",
68 .type = OPTION_VALUE, 68 .type = OPTION_VALUE,
69 .opt.value = &ciphers_config.version, 69 .opt.value = &cfg.version,
70 .value = TLS1_2_VERSION, 70 .value = TLS1_2_VERSION,
71 }, 71 },
72 { 72 {
73 .name = "tls1_3", 73 .name = "tls1_3",
74 .desc = "Use TLS protocol version 1.3", 74 .desc = "Use TLS protocol version 1.3",
75 .type = OPTION_VALUE, 75 .type = OPTION_VALUE,
76 .opt.value = &ciphers_config.version, 76 .opt.value = &cfg.version,
77 .value = TLS1_3_VERSION, 77 .value = TLS1_3_VERSION,
78 }, 78 },
79 { 79 {
80 .name = "v", 80 .name = "v",
81 .desc = "Provide cipher listing", 81 .desc = "Provide cipher listing",
82 .type = OPTION_VALUE, 82 .type = OPTION_VALUE,
83 .opt.value = &ciphers_config.verbose, 83 .opt.value = &cfg.verbose,
84 .value = 1, 84 .value = 1,
85 }, 85 },
86 { 86 {
87 .name = "V", 87 .name = "V",
88 .desc = "Provide cipher listing with cipher suite values", 88 .desc = "Provide cipher listing with cipher suite values",
89 .type = OPTION_VALUE, 89 .type = OPTION_VALUE,
90 .opt.value = &ciphers_config.verbose, 90 .opt.value = &cfg.verbose,
91 .value = 2, 91 .value = 2,
92 }, 92 },
93 { NULL }, 93 { NULL },
@@ -119,7 +119,7 @@ ciphers_main(int argc, char **argv)
119 exit(1); 119 exit(1);
120 } 120 }
121 121
122 memset(&ciphers_config, 0, sizeof(ciphers_config)); 122 memset(&cfg, 0, sizeof(cfg));
123 123
124 if (options_parse(argc, argv, ciphers_options, &cipherlist, 124 if (options_parse(argc, argv, ciphers_options, &cipherlist,
125 NULL) != 0) { 125 NULL) != 0) {
@@ -127,7 +127,7 @@ ciphers_main(int argc, char **argv)
127 return (1); 127 return (1);
128 } 128 }
129 129
130 if (ciphers_config.usage) { 130 if (cfg.usage) {
131 ciphers_usage(); 131 ciphers_usage();
132 return (1); 132 return (1);
133 } 133 }
@@ -135,12 +135,12 @@ ciphers_main(int argc, char **argv)
135 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) 135 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
136 goto err; 136 goto err;
137 137
138 if (ciphers_config.version != 0) { 138 if (cfg.version != 0) {
139 if (!SSL_CTX_set_min_proto_version(ssl_ctx, 139 if (!SSL_CTX_set_min_proto_version(ssl_ctx,
140 ciphers_config.version)) 140 cfg.version))
141 goto err; 141 goto err;
142 if (!SSL_CTX_set_max_proto_version(ssl_ctx, 142 if (!SSL_CTX_set_max_proto_version(ssl_ctx,
143 ciphers_config.version)) 143 cfg.version))
144 goto err; 144 goto err;
145 } 145 }
146 146
@@ -152,7 +152,7 @@ ciphers_main(int argc, char **argv)
152 if ((ssl = SSL_new(ssl_ctx)) == NULL) 152 if ((ssl = SSL_new(ssl_ctx)) == NULL)
153 goto err; 153 goto err;
154 154
155 if (ciphers_config.use_supported) { 155 if (cfg.use_supported) {
156 if ((supported_ciphers = 156 if ((supported_ciphers =
157 SSL_get1_supported_ciphers(ssl)) == NULL) 157 SSL_get1_supported_ciphers(ssl)) == NULL)
158 goto err; 158 goto err;
@@ -164,12 +164,12 @@ ciphers_main(int argc, char **argv)
164 164
165 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 165 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
166 cipher = sk_SSL_CIPHER_value(ciphers, i); 166 cipher = sk_SSL_CIPHER_value(ciphers, i);
167 if (ciphers_config.verbose == 0) { 167 if (cfg.verbose == 0) {
168 fprintf(stdout, "%s%s", (i ? ":" : ""), 168 fprintf(stdout, "%s%s", (i ? ":" : ""),
169 SSL_CIPHER_get_name(cipher)); 169 SSL_CIPHER_get_name(cipher));
170 continue; 170 continue;
171 } 171 }
172 if (ciphers_config.verbose > 1) { 172 if (cfg.verbose > 1) {
173 value = SSL_CIPHER_get_value(cipher); 173 value = SSL_CIPHER_get_value(cipher);
174 fprintf(stdout, "%-*s0x%02X,0x%02X - ", 10, "", 174 fprintf(stdout, "%-*s0x%02X,0x%02X - ", 10, "",
175 ((value >> 8) & 0xff), (value & 0xff)); 175 ((value >> 8) & 0xff), (value & 0xff));
@@ -182,7 +182,7 @@ ciphers_main(int argc, char **argv)
182 fprintf(stdout, "%s", desc); 182 fprintf(stdout, "%s", desc);
183 free(desc); 183 free(desc);
184 } 184 }
185 if (ciphers_config.verbose == 0) 185 if (cfg.verbose == 0)
186 fprintf(stdout, "\n"); 186 fprintf(stdout, "\n");
187 187
188 goto done; 188 goto done;
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c
index b88fd55b3c..0ddf26e5a7 100644
--- a/src/usr.bin/openssl/cms.c
+++ b/src/usr.bin/openssl/cms.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms.c,v 1.32 2023/03/05 13:08:22 tb Exp $ */ 1/* $OpenBSD: cms.c,v 1.33 2023/03/06 14:32:05 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -149,7 +149,7 @@ static struct {
149 char *to; 149 char *to;
150 int verify_retcode; 150 int verify_retcode;
151 X509_VERIFY_PARAM *vpm; 151 X509_VERIFY_PARAM *vpm;
152} cms_config; 152} cfg;
153 153
154static const EVP_CIPHER * 154static const EVP_CIPHER *
155get_cipher_by_name(char *name) 155get_cipher_by_name(char *name)
@@ -198,8 +198,8 @@ cms_opt_cipher(int argc, char **argv, int *argsused)
198 if (*name++ != '-') 198 if (*name++ != '-')
199 return (1); 199 return (1);
200 200
201 if ((cms_config.cipher = get_cipher_by_name(name)) == NULL) 201 if ((cfg.cipher = get_cipher_by_name(name)) == NULL)
202 if ((cms_config.cipher = EVP_get_cipherbyname(name)) == NULL) 202 if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL)
203 return (1); 203 return (1);
204 204
205 *argsused = 1; 205 *argsused = 1;
@@ -209,9 +209,9 @@ cms_opt_cipher(int argc, char **argv, int *argsused)
209static int 209static int
210cms_opt_econtent_type(char *arg) 210cms_opt_econtent_type(char *arg)
211{ 211{
212 ASN1_OBJECT_free(cms_config.econtent_type); 212 ASN1_OBJECT_free(cfg.econtent_type);
213 213
214 if ((cms_config.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) { 214 if ((cfg.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) {
215 BIO_printf(bio_err, "Invalid OID %s\n", arg); 215 BIO_printf(bio_err, "Invalid OID %s\n", arg);
216 return (1); 216 return (1);
217 } 217 }
@@ -221,33 +221,33 @@ cms_opt_econtent_type(char *arg)
221static int 221static int
222cms_opt_inkey(char *arg) 222cms_opt_inkey(char *arg)
223{ 223{
224 if (cms_config.keyfile == NULL) { 224 if (cfg.keyfile == NULL) {
225 cms_config.keyfile = arg; 225 cfg.keyfile = arg;
226 return (0); 226 return (0);
227 } 227 }
228 228
229 if (cms_config.signerfile == NULL) { 229 if (cfg.signerfile == NULL) {
230 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 230 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
231 return (1); 231 return (1);
232 } 232 }
233 233
234 if (cms_config.sksigners == NULL) 234 if (cfg.sksigners == NULL)
235 cms_config.sksigners = sk_OPENSSL_STRING_new_null(); 235 cfg.sksigners = sk_OPENSSL_STRING_new_null();
236 if (cms_config.sksigners == NULL) 236 if (cfg.sksigners == NULL)
237 return (1); 237 return (1);
238 if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) 238 if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile))
239 return (1); 239 return (1);
240 240
241 cms_config.signerfile = NULL; 241 cfg.signerfile = NULL;
242 242
243 if (cms_config.skkeys == NULL) 243 if (cfg.skkeys == NULL)
244 cms_config.skkeys = sk_OPENSSL_STRING_new_null(); 244 cfg.skkeys = sk_OPENSSL_STRING_new_null();
245 if (cms_config.skkeys == NULL) 245 if (cfg.skkeys == NULL)
246 return (1); 246 return (1);
247 if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) 247 if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
248 return (1); 248 return (1);
249 249
250 cms_config.keyfile = arg; 250 cfg.keyfile = arg;
251 return (0); 251 return (0);
252} 252}
253 253
@@ -256,14 +256,14 @@ cms_opt_keyopt(char *arg)
256{ 256{
257 int keyidx = -1; 257 int keyidx = -1;
258 258
259 if (cms_config.operation == SMIME_ENCRYPT) { 259 if (cfg.operation == SMIME_ENCRYPT) {
260 if (cms_config.encerts != NULL) 260 if (cfg.encerts != NULL)
261 keyidx += sk_X509_num(cms_config.encerts); 261 keyidx += sk_X509_num(cfg.encerts);
262 } else { 262 } else {
263 if (cms_config.keyfile != NULL || cms_config.signerfile != NULL) 263 if (cfg.keyfile != NULL || cfg.signerfile != NULL)
264 keyidx++; 264 keyidx++;
265 if (cms_config.skkeys != NULL) 265 if (cfg.skkeys != NULL)
266 keyidx += sk_OPENSSL_STRING_num(cms_config.skkeys); 266 keyidx += sk_OPENSSL_STRING_num(cfg.skkeys);
267 } 267 }
268 268
269 if (keyidx < 0) { 269 if (keyidx < 0) {
@@ -271,8 +271,8 @@ cms_opt_keyopt(char *arg)
271 return (1); 271 return (1);
272 } 272 }
273 273
274 if (cms_config.key_param == NULL || 274 if (cfg.key_param == NULL ||
275 cms_config.key_param->idx != keyidx) { 275 cfg.key_param->idx != keyidx) {
276 struct cms_key_param *nparam; 276 struct cms_key_param *nparam;
277 277
278 if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL) 278 if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL)
@@ -285,15 +285,15 @@ cms_opt_keyopt(char *arg)
285 } 285 }
286 286
287 nparam->next = NULL; 287 nparam->next = NULL;
288 if (cms_config.key_first == NULL) 288 if (cfg.key_first == NULL)
289 cms_config.key_first = nparam; 289 cfg.key_first = nparam;
290 else 290 else
291 cms_config.key_param->next = nparam; 291 cfg.key_param->next = nparam;
292 292
293 cms_config.key_param = nparam; 293 cfg.key_param = nparam;
294 } 294 }
295 295
296 if (!sk_OPENSSL_STRING_push(cms_config.key_param->param, arg)) 296 if (!sk_OPENSSL_STRING_push(cfg.key_param->param, arg))
297 return (1); 297 return (1);
298 298
299 return (0); 299 return (0);
@@ -302,7 +302,7 @@ cms_opt_keyopt(char *arg)
302static int 302static int
303cms_opt_md(char *arg) 303cms_opt_md(char *arg)
304{ 304{
305 if ((cms_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { 305 if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) {
306 BIO_printf(bio_err, "Unknown digest %s\n", arg); 306 BIO_printf(bio_err, "Unknown digest %s\n", arg);
307 return (1); 307 return (1);
308 } 308 }
@@ -312,38 +312,38 @@ cms_opt_md(char *arg)
312static int 312static int
313cms_opt_print(void) 313cms_opt_print(void)
314{ 314{
315 cms_config.noout = 1; 315 cfg.noout = 1;
316 cms_config.print = 1; 316 cfg.print = 1;
317 return (0); 317 return (0);
318} 318}
319 319
320static int 320static int
321cms_opt_pwri_pass(char *arg) 321cms_opt_pwri_pass(char *arg)
322{ 322{
323 cms_config.pwri_pass = (unsigned char *)arg; 323 cfg.pwri_pass = (unsigned char *)arg;
324 return (0); 324 return (0);
325} 325}
326 326
327static int 327static int
328cms_opt_recip(char *arg) 328cms_opt_recip(char *arg)
329{ 329{
330 if (cms_config.operation == SMIME_ENCRYPT) { 330 if (cfg.operation == SMIME_ENCRYPT) {
331 if (cms_config.encerts == NULL) { 331 if (cfg.encerts == NULL) {
332 if ((cms_config.encerts = sk_X509_new_null()) == NULL) 332 if ((cfg.encerts = sk_X509_new_null()) == NULL)
333 return (1); 333 return (1);
334 } 334 }
335 335
336 cms_config.cert = load_cert(bio_err, arg, FORMAT_PEM, 336 cfg.cert = load_cert(bio_err, arg, FORMAT_PEM,
337 NULL, "recipient certificate file"); 337 NULL, "recipient certificate file");
338 if (cms_config.cert == NULL) 338 if (cfg.cert == NULL)
339 return (1); 339 return (1);
340 340
341 if (!sk_X509_push(cms_config.encerts, cms_config.cert)) 341 if (!sk_X509_push(cfg.encerts, cfg.cert))
342 return (1); 342 return (1);
343 343
344 cms_config.cert = NULL; 344 cfg.cert = NULL;
345 } else { 345 } else {
346 cms_config.recipfile = arg; 346 cfg.recipfile = arg;
347 } 347 }
348 return (0); 348 return (0);
349} 349}
@@ -351,11 +351,11 @@ cms_opt_recip(char *arg)
351static int 351static int
352cms_opt_receipt_request_from(char *arg) 352cms_opt_receipt_request_from(char *arg)
353{ 353{
354 if (cms_config.rr_from == NULL) 354 if (cfg.rr_from == NULL)
355 cms_config.rr_from = sk_OPENSSL_STRING_new_null(); 355 cfg.rr_from = sk_OPENSSL_STRING_new_null();
356 if (cms_config.rr_from == NULL) 356 if (cfg.rr_from == NULL)
357 return (1); 357 return (1);
358 if (!sk_OPENSSL_STRING_push(cms_config.rr_from, arg)) 358 if (!sk_OPENSSL_STRING_push(cfg.rr_from, arg))
359 return (1); 359 return (1);
360 360
361 return (0); 361 return (0);
@@ -364,11 +364,11 @@ cms_opt_receipt_request_from(char *arg)
364static int 364static int
365cms_opt_receipt_request_to(char *arg) 365cms_opt_receipt_request_to(char *arg)
366{ 366{
367 if (cms_config.rr_to == NULL) 367 if (cfg.rr_to == NULL)
368 cms_config.rr_to = sk_OPENSSL_STRING_new_null(); 368 cfg.rr_to = sk_OPENSSL_STRING_new_null();
369 if (cms_config.rr_to == NULL) 369 if (cfg.rr_to == NULL)
370 return (1); 370 return (1);
371 if (!sk_OPENSSL_STRING_push(cms_config.rr_to, arg)) 371 if (!sk_OPENSSL_STRING_push(cfg.rr_to, arg))
372 return (1); 372 return (1);
373 373
374 return (0); 374 return (0);
@@ -379,13 +379,13 @@ cms_opt_secretkey(char *arg)
379{ 379{
380 long ltmp; 380 long ltmp;
381 381
382 free(cms_config.secret_key); 382 free(cfg.secret_key);
383 383
384 if ((cms_config.secret_key = string_to_hex(arg, &ltmp)) == NULL) { 384 if ((cfg.secret_key = string_to_hex(arg, &ltmp)) == NULL) {
385 BIO_printf(bio_err, "Invalid key %s\n", arg); 385 BIO_printf(bio_err, "Invalid key %s\n", arg);
386 return (1); 386 return (1);
387 } 387 }
388 cms_config.secret_keylen = (size_t)ltmp; 388 cfg.secret_keylen = (size_t)ltmp;
389 return (0); 389 return (0);
390} 390}
391 391
@@ -394,44 +394,44 @@ cms_opt_secretkeyid(char *arg)
394{ 394{
395 long ltmp; 395 long ltmp;
396 396
397 free(cms_config.secret_keyid); 397 free(cfg.secret_keyid);
398 398
399 if ((cms_config.secret_keyid = string_to_hex(arg, &ltmp)) == NULL) { 399 if ((cfg.secret_keyid = string_to_hex(arg, &ltmp)) == NULL) {
400 BIO_printf(bio_err, "Invalid id %s\n", arg); 400 BIO_printf(bio_err, "Invalid id %s\n", arg);
401 return (1); 401 return (1);
402 } 402 }
403 cms_config.secret_keyidlen = (size_t)ltmp; 403 cfg.secret_keyidlen = (size_t)ltmp;
404 return (0); 404 return (0);
405} 405}
406 406
407static int 407static int
408cms_opt_signer(char *arg) 408cms_opt_signer(char *arg)
409{ 409{
410 if (cms_config.signerfile == NULL) { 410 if (cfg.signerfile == NULL) {
411 cms_config.signerfile = arg; 411 cfg.signerfile = arg;
412 return (0); 412 return (0);
413 } 413 }
414 414
415 if (cms_config.sksigners == NULL) 415 if (cfg.sksigners == NULL)
416 cms_config.sksigners = sk_OPENSSL_STRING_new_null(); 416 cfg.sksigners = sk_OPENSSL_STRING_new_null();
417 if (cms_config.sksigners == NULL) 417 if (cfg.sksigners == NULL)
418 return (1); 418 return (1);
419 if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) 419 if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile))
420 return (1); 420 return (1);
421 421
422 if (cms_config.keyfile == NULL) 422 if (cfg.keyfile == NULL)
423 cms_config.keyfile = cms_config.signerfile; 423 cfg.keyfile = cfg.signerfile;
424 424
425 if (cms_config.skkeys == NULL) 425 if (cfg.skkeys == NULL)
426 cms_config.skkeys = sk_OPENSSL_STRING_new_null(); 426 cfg.skkeys = sk_OPENSSL_STRING_new_null();
427 if (cms_config.skkeys == NULL) 427 if (cfg.skkeys == NULL)
428 return (1); 428 return (1);
429 if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) 429 if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
430 return (1); 430 return (1);
431 431
432 cms_config.keyfile = NULL; 432 cfg.keyfile = NULL;
433 433
434 cms_config.signerfile = arg; 434 cfg.signerfile = arg;
435 return (0); 435 return (0);
436} 436}
437 437
@@ -441,7 +441,7 @@ cms_opt_verify_param(int argc, char **argv, int *argsused)
441 int oargc = argc; 441 int oargc = argc;
442 int badarg = 0; 442 int badarg = 0;
443 443
444 if (!args_verify(&argv, &argc, &badarg, bio_err, &cms_config.vpm)) 444 if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm))
445 return (1); 445 return (1);
446 if (badarg) 446 if (badarg)
447 return (1); 447 return (1);
@@ -454,8 +454,8 @@ cms_opt_verify_param(int argc, char **argv, int *argsused)
454static int 454static int
455cms_opt_verify_receipt(char *arg) 455cms_opt_verify_receipt(char *arg)
456{ 456{
457 cms_config.operation = SMIME_VERIFY_RECEIPT; 457 cfg.operation = SMIME_VERIFY_RECEIPT;
458 cms_config.rctfile = arg; 458 cfg.rctfile = arg;
459 return (0); 459 return (0);
460} 460}
461 461
@@ -539,20 +539,20 @@ static const struct option cms_options[] = {
539 .argname = "file", 539 .argname = "file",
540 .desc = "Certificate Authority file", 540 .desc = "Certificate Authority file",
541 .type = OPTION_ARG, 541 .type = OPTION_ARG,
542 .opt.arg = &cms_config.CAfile, 542 .opt.arg = &cfg.CAfile,
543 }, 543 },
544 { 544 {
545 .name = "CApath", 545 .name = "CApath",
546 .argname = "path", 546 .argname = "path",
547 .desc = "Certificate Authority path", 547 .desc = "Certificate Authority path",
548 .type = OPTION_ARG, 548 .type = OPTION_ARG,
549 .opt.arg = &cms_config.CApath, 549 .opt.arg = &cfg.CApath,
550 }, 550 },
551 { 551 {
552 .name = "binary", 552 .name = "binary",
553 .desc = "Do not translate message to text", 553 .desc = "Do not translate message to text",
554 .type = OPTION_VALUE_OR, 554 .type = OPTION_VALUE_OR,
555 .opt.value = &cms_config.flags, 555 .opt.value = &cfg.flags,
556 .value = CMS_BINARY, 556 .value = CMS_BINARY,
557 }, 557 },
558 { 558 {
@@ -560,27 +560,27 @@ static const struct option cms_options[] = {
560 .argname = "file", 560 .argname = "file",
561 .desc = "Other certificates file", 561 .desc = "Other certificates file",
562 .type = OPTION_ARG, 562 .type = OPTION_ARG,
563 .opt.arg = &cms_config.certfile, 563 .opt.arg = &cfg.certfile,
564 }, 564 },
565 { 565 {
566 .name = "certsout", 566 .name = "certsout",
567 .argname = "file", 567 .argname = "file",
568 .desc = "Certificate output file", 568 .desc = "Certificate output file",
569 .type = OPTION_ARG, 569 .type = OPTION_ARG,
570 .opt.arg = &cms_config.certsoutfile, 570 .opt.arg = &cfg.certsoutfile,
571 }, 571 },
572 { 572 {
573 .name = "cmsout", 573 .name = "cmsout",
574 .desc = "Output CMS structure", 574 .desc = "Output CMS structure",
575 .type = OPTION_VALUE, 575 .type = OPTION_VALUE,
576 .opt.value = &cms_config.operation, 576 .opt.value = &cfg.operation,
577 .value = SMIME_CMSOUT, 577 .value = SMIME_CMSOUT,
578 }, 578 },
579 { 579 {
580 .name = "compress", 580 .name = "compress",
581 .desc = "Create CMS CompressedData type", 581 .desc = "Create CMS CompressedData type",
582 .type = OPTION_VALUE, 582 .type = OPTION_VALUE,
583 .opt.value = &cms_config.operation, 583 .opt.value = &cfg.operation,
584 .value = SMIME_COMPRESS, 584 .value = SMIME_COMPRESS,
585 }, 585 },
586 { 586 {
@@ -588,55 +588,55 @@ static const struct option cms_options[] = {
588 .argname = "file", 588 .argname = "file",
589 .desc = "Supply or override content for detached signature", 589 .desc = "Supply or override content for detached signature",
590 .type = OPTION_ARG, 590 .type = OPTION_ARG,
591 .opt.arg = &cms_config.contfile, 591 .opt.arg = &cfg.contfile,
592 }, 592 },
593 { 593 {
594 .name = "crlfeol", 594 .name = "crlfeol",
595 .desc = "Use CRLF as EOL termination instead of CR only", 595 .desc = "Use CRLF as EOL termination instead of CR only",
596 .type = OPTION_VALUE_OR, 596 .type = OPTION_VALUE_OR,
597 .opt.value = &cms_config.flags, 597 .opt.value = &cfg.flags,
598 .value = CMS_CRLFEOL, 598 .value = CMS_CRLFEOL,
599 }, 599 },
600 { 600 {
601 .name = "data_create", 601 .name = "data_create",
602 .desc = "Create CMS Data type", 602 .desc = "Create CMS Data type",
603 .type = OPTION_VALUE, 603 .type = OPTION_VALUE,
604 .opt.value = &cms_config.operation, 604 .opt.value = &cfg.operation,
605 .value = SMIME_DATA_CREATE, 605 .value = SMIME_DATA_CREATE,
606 }, 606 },
607 { 607 {
608 .name = "data_out", 608 .name = "data_out",
609 .desc = "Output content from the input CMS Data type", 609 .desc = "Output content from the input CMS Data type",
610 .type = OPTION_VALUE, 610 .type = OPTION_VALUE,
611 .opt.value = &cms_config.operation, 611 .opt.value = &cfg.operation,
612 .value = SMIME_DATAOUT, 612 .value = SMIME_DATAOUT,
613 }, 613 },
614 { 614 {
615 .name = "debug_decrypt", 615 .name = "debug_decrypt",
616 .desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting", 616 .desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting",
617 .type = OPTION_VALUE_OR, 617 .type = OPTION_VALUE_OR,
618 .opt.value = &cms_config.flags, 618 .opt.value = &cfg.flags,
619 .value = CMS_DEBUG_DECRYPT, 619 .value = CMS_DEBUG_DECRYPT,
620 }, 620 },
621 { 621 {
622 .name = "decrypt", 622 .name = "decrypt",
623 .desc = "Decrypt encrypted message", 623 .desc = "Decrypt encrypted message",
624 .type = OPTION_VALUE, 624 .type = OPTION_VALUE,
625 .opt.value = &cms_config.operation, 625 .opt.value = &cfg.operation,
626 .value = SMIME_DECRYPT, 626 .value = SMIME_DECRYPT,
627 }, 627 },
628 { 628 {
629 .name = "digest_create", 629 .name = "digest_create",
630 .desc = "Create CMS DigestedData type", 630 .desc = "Create CMS DigestedData type",
631 .type = OPTION_VALUE, 631 .type = OPTION_VALUE,
632 .opt.value = &cms_config.operation, 632 .opt.value = &cfg.operation,
633 .value = SMIME_DIGEST_CREATE, 633 .value = SMIME_DIGEST_CREATE,
634 }, 634 },
635 { 635 {
636 .name = "digest_verify", 636 .name = "digest_verify",
637 .desc = "Verify CMS DigestedData type and output the content", 637 .desc = "Verify CMS DigestedData type and output the content",
638 .type = OPTION_VALUE, 638 .type = OPTION_VALUE,
639 .opt.value = &cms_config.operation, 639 .opt.value = &cfg.operation,
640 .value = SMIME_DIGEST_VERIFY, 640 .value = SMIME_DIGEST_VERIFY,
641 }, 641 },
642 { 642 {
@@ -650,21 +650,21 @@ static const struct option cms_options[] = {
650 .name = "encrypt", 650 .name = "encrypt",
651 .desc = "Encrypt message", 651 .desc = "Encrypt message",
652 .type = OPTION_VALUE, 652 .type = OPTION_VALUE,
653 .opt.value = &cms_config.operation, 653 .opt.value = &cfg.operation,
654 .value = SMIME_ENCRYPT, 654 .value = SMIME_ENCRYPT,
655 }, 655 },
656 { 656 {
657 .name = "EncryptedData_decrypt", 657 .name = "EncryptedData_decrypt",
658 .desc = "Decrypt CMS EncryptedData", 658 .desc = "Decrypt CMS EncryptedData",
659 .type = OPTION_VALUE, 659 .type = OPTION_VALUE,
660 .opt.value = &cms_config.operation, 660 .opt.value = &cfg.operation,
661 .value = SMIME_ENCRYPTED_DECRYPT, 661 .value = SMIME_ENCRYPTED_DECRYPT,
662 }, 662 },
663 { 663 {
664 .name = "EncryptedData_encrypt", 664 .name = "EncryptedData_encrypt",
665 .desc = "Encrypt content using supplied symmetric key and algorithm", 665 .desc = "Encrypt content using supplied symmetric key and algorithm",
666 .type = OPTION_VALUE, 666 .type = OPTION_VALUE,
667 .opt.value = &cms_config.operation, 667 .opt.value = &cfg.operation,
668 .value = SMIME_ENCRYPTED_ENCRYPT, 668 .value = SMIME_ENCRYPTED_ENCRYPT,
669 }, 669 },
670 { 670 {
@@ -672,20 +672,20 @@ static const struct option cms_options[] = {
672 .argname = "addr", 672 .argname = "addr",
673 .desc = "From address", 673 .desc = "From address",
674 .type = OPTION_ARG, 674 .type = OPTION_ARG,
675 .opt.arg = &cms_config.from, 675 .opt.arg = &cfg.from,
676 }, 676 },
677 { 677 {
678 .name = "in", 678 .name = "in",
679 .argname = "file", 679 .argname = "file",
680 .desc = "Input file", 680 .desc = "Input file",
681 .type = OPTION_ARG, 681 .type = OPTION_ARG,
682 .opt.arg = &cms_config.infile, 682 .opt.arg = &cfg.infile,
683 }, 683 },
684 { 684 {
685 .name = "indef", 685 .name = "indef",
686 .desc = "Same as -stream", 686 .desc = "Same as -stream",
687 .type = OPTION_VALUE_OR, 687 .type = OPTION_VALUE_OR,
688 .opt.value = &cms_config.flags, 688 .opt.value = &cfg.flags,
689 .value = CMS_STREAM, 689 .value = CMS_STREAM,
690 }, 690 },
691 { 691 {
@@ -693,7 +693,7 @@ static const struct option cms_options[] = {
693 .argname = "fmt", 693 .argname = "fmt",
694 .desc = "Input format (DER, PEM or SMIME (default))", 694 .desc = "Input format (DER, PEM or SMIME (default))",
695 .type = OPTION_ARG_FORMAT, 695 .type = OPTION_ARG_FORMAT,
696 .opt.value = &cms_config.informat, 696 .opt.value = &cfg.informat,
697 }, 697 },
698 { 698 {
699 .name = "inkey", 699 .name = "inkey",
@@ -707,13 +707,13 @@ static const struct option cms_options[] = {
707 .argname = "fmt", 707 .argname = "fmt",
708 .desc = "Input key format (DER or PEM (default))", 708 .desc = "Input key format (DER or PEM (default))",
709 .type = OPTION_ARG_FORMAT, 709 .type = OPTION_ARG_FORMAT,
710 .opt.value = &cms_config.keyform, 710 .opt.value = &cfg.keyform,
711 }, 711 },
712 { 712 {
713 .name = "keyid", 713 .name = "keyid",
714 .desc = "Use subject key identifier", 714 .desc = "Use subject key identifier",
715 .type = OPTION_VALUE_OR, 715 .type = OPTION_VALUE_OR,
716 .opt.value = &cms_config.flags, 716 .opt.value = &cfg.flags,
717 .value = CMS_USE_KEYID, 717 .value = CMS_USE_KEYID,
718 }, 718 },
719 { 719 {
@@ -734,90 +734,90 @@ static const struct option cms_options[] = {
734 .name = "no_attr_verify", 734 .name = "no_attr_verify",
735 .desc = "Do not verify the signer's attribute of a signature", 735 .desc = "Do not verify the signer's attribute of a signature",
736 .type = OPTION_VALUE_OR, 736 .type = OPTION_VALUE_OR,
737 .opt.value = &cms_config.flags, 737 .opt.value = &cfg.flags,
738 .value = CMS_NO_ATTR_VERIFY, 738 .value = CMS_NO_ATTR_VERIFY,
739 }, 739 },
740 { 740 {
741 .name = "no_content_verify", 741 .name = "no_content_verify",
742 .desc = "Do not verify the content of a signed message", 742 .desc = "Do not verify the content of a signed message",
743 .type = OPTION_VALUE_OR, 743 .type = OPTION_VALUE_OR,
744 .opt.value = &cms_config.flags, 744 .opt.value = &cfg.flags,
745 .value = CMS_NO_CONTENT_VERIFY, 745 .value = CMS_NO_CONTENT_VERIFY,
746 }, 746 },
747 { 747 {
748 .name = "no_signer_cert_verify", 748 .name = "no_signer_cert_verify",
749 .desc = "Do not verify the signer's certificate", 749 .desc = "Do not verify the signer's certificate",
750 .type = OPTION_VALUE_OR, 750 .type = OPTION_VALUE_OR,
751 .opt.value = &cms_config.flags, 751 .opt.value = &cfg.flags,
752 .value = CMS_NO_SIGNER_CERT_VERIFY, 752 .value = CMS_NO_SIGNER_CERT_VERIFY,
753 }, 753 },
754 { 754 {
755 .name = "noattr", 755 .name = "noattr",
756 .desc = "Do not include any signed attributes", 756 .desc = "Do not include any signed attributes",
757 .type = OPTION_VALUE_OR, 757 .type = OPTION_VALUE_OR,
758 .opt.value = &cms_config.flags, 758 .opt.value = &cfg.flags,
759 .value = CMS_NOATTR, 759 .value = CMS_NOATTR,
760 }, 760 },
761 { 761 {
762 .name = "nocerts", 762 .name = "nocerts",
763 .desc = "Do not include signer's certificate when signing", 763 .desc = "Do not include signer's certificate when signing",
764 .type = OPTION_VALUE_OR, 764 .type = OPTION_VALUE_OR,
765 .opt.value = &cms_config.flags, 765 .opt.value = &cfg.flags,
766 .value = CMS_NOCERTS, 766 .value = CMS_NOCERTS,
767 }, 767 },
768 { 768 {
769 .name = "nodetach", 769 .name = "nodetach",
770 .desc = "Use opaque signing", 770 .desc = "Use opaque signing",
771 .type = OPTION_VALUE_AND, 771 .type = OPTION_VALUE_AND,
772 .opt.value = &cms_config.flags, 772 .opt.value = &cfg.flags,
773 .value = ~CMS_DETACHED, 773 .value = ~CMS_DETACHED,
774 }, 774 },
775 { 775 {
776 .name = "noindef", 776 .name = "noindef",
777 .desc = "Disable CMS streaming", 777 .desc = "Disable CMS streaming",
778 .type = OPTION_VALUE_AND, 778 .type = OPTION_VALUE_AND,
779 .opt.value = &cms_config.flags, 779 .opt.value = &cfg.flags,
780 .value = ~CMS_STREAM, 780 .value = ~CMS_STREAM,
781 }, 781 },
782 { 782 {
783 .name = "nointern", 783 .name = "nointern",
784 .desc = "Do not search certificates in message for signer", 784 .desc = "Do not search certificates in message for signer",
785 .type = OPTION_VALUE_OR, 785 .type = OPTION_VALUE_OR,
786 .opt.value = &cms_config.flags, 786 .opt.value = &cfg.flags,
787 .value = CMS_NOINTERN, 787 .value = CMS_NOINTERN,
788 }, 788 },
789 { 789 {
790 .name = "nooldmime", 790 .name = "nooldmime",
791 .desc = "Output old S/MIME content type", 791 .desc = "Output old S/MIME content type",
792 .type = OPTION_VALUE_OR, 792 .type = OPTION_VALUE_OR,
793 .opt.value = &cms_config.flags, 793 .opt.value = &cfg.flags,
794 .value = CMS_NOOLDMIMETYPE, 794 .value = CMS_NOOLDMIMETYPE,
795 }, 795 },
796 { 796 {
797 .name = "noout", 797 .name = "noout",
798 .desc = "Do not output the parsed CMS structure", 798 .desc = "Do not output the parsed CMS structure",
799 .type = OPTION_FLAG, 799 .type = OPTION_FLAG,
800 .opt.flag = &cms_config.noout, 800 .opt.flag = &cfg.noout,
801 }, 801 },
802 { 802 {
803 .name = "nosigs", 803 .name = "nosigs",
804 .desc = "Do not verify message signature", 804 .desc = "Do not verify message signature",
805 .type = OPTION_VALUE_OR, 805 .type = OPTION_VALUE_OR,
806 .opt.value = &cms_config.flags, 806 .opt.value = &cfg.flags,
807 .value = CMS_NOSIGS, 807 .value = CMS_NOSIGS,
808 }, 808 },
809 { 809 {
810 .name = "nosmimecap", 810 .name = "nosmimecap",
811 .desc = "Omit the SMIMECapabilities attribute", 811 .desc = "Omit the SMIMECapabilities attribute",
812 .type = OPTION_VALUE_OR, 812 .type = OPTION_VALUE_OR,
813 .opt.value = &cms_config.flags, 813 .opt.value = &cfg.flags,
814 .value = CMS_NOSMIMECAP, 814 .value = CMS_NOSMIMECAP,
815 }, 815 },
816 { 816 {
817 .name = "noverify", 817 .name = "noverify",
818 .desc = "Do not verify signer's certificate", 818 .desc = "Do not verify signer's certificate",
819 .type = OPTION_VALUE_OR, 819 .type = OPTION_VALUE_OR,
820 .opt.value = &cms_config.flags, 820 .opt.value = &cfg.flags,
821 .value = CMS_NO_SIGNER_CERT_VERIFY, 821 .value = CMS_NO_SIGNER_CERT_VERIFY,
822 }, 822 },
823 { 823 {
@@ -825,21 +825,21 @@ static const struct option cms_options[] = {
825 .argname = "file", 825 .argname = "file",
826 .desc = "Output file", 826 .desc = "Output file",
827 .type = OPTION_ARG, 827 .type = OPTION_ARG,
828 .opt.arg = &cms_config.outfile, 828 .opt.arg = &cfg.outfile,
829 }, 829 },
830 { 830 {
831 .name = "outform", 831 .name = "outform",
832 .argname = "fmt", 832 .argname = "fmt",
833 .desc = "Output format (DER, PEM or SMIME (default))", 833 .desc = "Output format (DER, PEM or SMIME (default))",
834 .type = OPTION_ARG_FORMAT, 834 .type = OPTION_ARG_FORMAT,
835 .opt.value = &cms_config.outformat, 835 .opt.value = &cfg.outformat,
836 }, 836 },
837 { 837 {
838 .name = "passin", 838 .name = "passin",
839 .argname = "src", 839 .argname = "src",
840 .desc = "Private key password source", 840 .desc = "Private key password source",
841 .type = OPTION_ARG, 841 .type = OPTION_ARG,
842 .opt.arg = &cms_config.passargin, 842 .opt.arg = &cfg.passargin,
843 }, 843 },
844 { 844 {
845 .name = "print", 845 .name = "print",
@@ -859,20 +859,20 @@ static const struct option cms_options[] = {
859 .argname = "fmt", 859 .argname = "fmt",
860 .desc = "Receipt file format (DER, PEM or SMIME (default))", 860 .desc = "Receipt file format (DER, PEM or SMIME (default))",
861 .type = OPTION_ARG_FORMAT, 861 .type = OPTION_ARG_FORMAT,
862 .opt.value = &cms_config.rctformat, 862 .opt.value = &cfg.rctformat,
863 }, 863 },
864 { 864 {
865 .name = "receipt_request_all", 865 .name = "receipt_request_all",
866 .desc = "Indicate requests should be provided by all recipients", 866 .desc = "Indicate requests should be provided by all recipients",
867 .type = OPTION_VALUE, 867 .type = OPTION_VALUE,
868 .opt.value = &cms_config.rr_allorfirst, 868 .opt.value = &cfg.rr_allorfirst,
869 .value = 0, 869 .value = 0,
870 }, 870 },
871 { 871 {
872 .name = "receipt_request_first", 872 .name = "receipt_request_first",
873 .desc = "Indicate requests should be provided by first tier recipient", 873 .desc = "Indicate requests should be provided by first tier recipient",
874 .type = OPTION_VALUE, 874 .type = OPTION_VALUE,
875 .opt.value = &cms_config.rr_allorfirst, 875 .opt.value = &cfg.rr_allorfirst,
876 .value = 1, 876 .value = 1,
877 }, 877 },
878 { 878 {
@@ -886,7 +886,7 @@ static const struct option cms_options[] = {
886 .name = "receipt_request_print", 886 .name = "receipt_request_print",
887 .desc = "Print out the contents of any signed receipt requests", 887 .desc = "Print out the contents of any signed receipt requests",
888 .type = OPTION_FLAG, 888 .type = OPTION_FLAG,
889 .opt.flag = &cms_config.rr_print, 889 .opt.flag = &cfg.rr_print,
890 }, 890 },
891 { 891 {
892 .name = "receipt_request_to", 892 .name = "receipt_request_to",
@@ -906,7 +906,7 @@ static const struct option cms_options[] = {
906 .name = "resign", 906 .name = "resign",
907 .desc = "Resign a signed message", 907 .desc = "Resign a signed message",
908 .type = OPTION_VALUE, 908 .type = OPTION_VALUE,
909 .opt.value = &cms_config.operation, 909 .opt.value = &cfg.operation,
910 .value = SMIME_RESIGN, 910 .value = SMIME_RESIGN,
911 }, 911 },
912 { 912 {
@@ -927,14 +927,14 @@ static const struct option cms_options[] = {
927 .name = "sign", 927 .name = "sign",
928 .desc = "Sign message", 928 .desc = "Sign message",
929 .type = OPTION_VALUE, 929 .type = OPTION_VALUE,
930 .opt.value = &cms_config.operation, 930 .opt.value = &cfg.operation,
931 .value = SMIME_SIGN, 931 .value = SMIME_SIGN,
932 }, 932 },
933 { 933 {
934 .name = "sign_receipt", 934 .name = "sign_receipt",
935 .desc = "Generate a signed receipt for the message", 935 .desc = "Generate a signed receipt for the message",
936 .type = OPTION_VALUE, 936 .type = OPTION_VALUE,
937 .opt.value = &cms_config.operation, 937 .opt.value = &cfg.operation,
938 .value = SMIME_SIGN_RECEIPT, 938 .value = SMIME_SIGN_RECEIPT,
939 }, 939 },
940 { 940 {
@@ -948,7 +948,7 @@ static const struct option cms_options[] = {
948 .name = "stream", 948 .name = "stream",
949 .desc = "Enable CMS streaming", 949 .desc = "Enable CMS streaming",
950 .type = OPTION_VALUE_OR, 950 .type = OPTION_VALUE_OR,
951 .opt.value = &cms_config.flags, 951 .opt.value = &cfg.flags,
952 .value = CMS_STREAM, 952 .value = CMS_STREAM,
953 }, 953 },
954 { 954 {
@@ -956,13 +956,13 @@ static const struct option cms_options[] = {
956 .argname = "s", 956 .argname = "s",
957 .desc = "Subject", 957 .desc = "Subject",
958 .type = OPTION_ARG, 958 .type = OPTION_ARG,
959 .opt.arg = &cms_config.subject, 959 .opt.arg = &cfg.subject,
960 }, 960 },
961 { 961 {
962 .name = "text", 962 .name = "text",
963 .desc = "Include or delete text MIME headers", 963 .desc = "Include or delete text MIME headers",
964 .type = OPTION_VALUE_OR, 964 .type = OPTION_VALUE_OR,
965 .opt.value = &cms_config.flags, 965 .opt.value = &cfg.flags,
966 .value = CMS_TEXT, 966 .value = CMS_TEXT,
967 }, 967 },
968 { 968 {
@@ -970,20 +970,20 @@ static const struct option cms_options[] = {
970 .argname = "addr", 970 .argname = "addr",
971 .desc = "To address", 971 .desc = "To address",
972 .type = OPTION_ARG, 972 .type = OPTION_ARG,
973 .opt.arg = &cms_config.to, 973 .opt.arg = &cfg.to,
974 }, 974 },
975 { 975 {
976 .name = "uncompress", 976 .name = "uncompress",
977 .desc = "Uncompress CMS CompressedData type", 977 .desc = "Uncompress CMS CompressedData type",
978 .type = OPTION_VALUE, 978 .type = OPTION_VALUE,
979 .opt.value = &cms_config.operation, 979 .opt.value = &cfg.operation,
980 .value = SMIME_UNCOMPRESS, 980 .value = SMIME_UNCOMPRESS,
981 }, 981 },
982 { 982 {
983 .name = "verify", 983 .name = "verify",
984 .desc = "Verify signed message", 984 .desc = "Verify signed message",
985 .type = OPTION_VALUE, 985 .type = OPTION_VALUE,
986 .opt.value = &cms_config.operation, 986 .opt.value = &cfg.operation,
987 .value = SMIME_VERIFY, 987 .value = SMIME_VERIFY,
988 }, 988 },
989 { 989 {
@@ -997,7 +997,7 @@ static const struct option cms_options[] = {
997 .name = "verify_retcode", 997 .name = "verify_retcode",
998 .desc = "Set verification error code to exit code", 998 .desc = "Set verification error code to exit code",
999 .type = OPTION_FLAG, 999 .type = OPTION_FLAG,
1000 .opt.flag = &cms_config.verify_retcode, 1000 .opt.flag = &cfg.verify_retcode,
1001 }, 1001 },
1002 { 1002 {
1003 .name = "check_ss_sig", 1003 .name = "check_ss_sig",
@@ -1170,84 +1170,84 @@ cms_main(int argc, char **argv)
1170 exit(1); 1170 exit(1);
1171 } 1171 }
1172 1172
1173 memset(&cms_config, 0, sizeof(cms_config)); 1173 memset(&cfg, 0, sizeof(cfg));
1174 cms_config.flags = CMS_DETACHED; 1174 cfg.flags = CMS_DETACHED;
1175 cms_config.rr_allorfirst = -1; 1175 cfg.rr_allorfirst = -1;
1176 cms_config.informat = FORMAT_SMIME; 1176 cfg.informat = FORMAT_SMIME;
1177 cms_config.outformat = FORMAT_SMIME; 1177 cfg.outformat = FORMAT_SMIME;
1178 cms_config.rctformat = FORMAT_SMIME; 1178 cfg.rctformat = FORMAT_SMIME;
1179 cms_config.keyform = FORMAT_PEM; 1179 cfg.keyform = FORMAT_PEM;
1180 if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) { 1180 if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) {
1181 goto argerr; 1181 goto argerr;
1182 } 1182 }
1183 args = argv + argsused; 1183 args = argv + argsused;
1184 ret = 1; 1184 ret = 1;
1185 1185
1186 if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) && 1186 if (((cfg.rr_allorfirst != -1) || cfg.rr_from != NULL) &&
1187 cms_config.rr_to == NULL) { 1187 cfg.rr_to == NULL) {
1188 BIO_puts(bio_err, "No Signed Receipts Recipients\n"); 1188 BIO_puts(bio_err, "No Signed Receipts Recipients\n");
1189 goto argerr; 1189 goto argerr;
1190 } 1190 }
1191 if (!(cms_config.operation & SMIME_SIGNERS) && 1191 if (!(cfg.operation & SMIME_SIGNERS) &&
1192 (cms_config.rr_to != NULL || cms_config.rr_from != NULL)) { 1192 (cfg.rr_to != NULL || cfg.rr_from != NULL)) {
1193 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); 1193 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
1194 goto argerr; 1194 goto argerr;
1195 } 1195 }
1196 if (!(cms_config.operation & SMIME_SIGNERS) && 1196 if (!(cfg.operation & SMIME_SIGNERS) &&
1197 (cms_config.skkeys != NULL || cms_config.sksigners != NULL)) { 1197 (cfg.skkeys != NULL || cfg.sksigners != NULL)) {
1198 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 1198 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
1199 goto argerr; 1199 goto argerr;
1200 } 1200 }
1201 if (cms_config.operation & SMIME_SIGNERS) { 1201 if (cfg.operation & SMIME_SIGNERS) {
1202 if (cms_config.keyfile != NULL && 1202 if (cfg.keyfile != NULL &&
1203 cms_config.signerfile == NULL) { 1203 cfg.signerfile == NULL) {
1204 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 1204 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
1205 goto argerr; 1205 goto argerr;
1206 } 1206 }
1207 /* Check to see if any final signer needs to be appended */ 1207 /* Check to see if any final signer needs to be appended */
1208 if (cms_config.signerfile != NULL) { 1208 if (cfg.signerfile != NULL) {
1209 if (cms_config.sksigners == NULL && 1209 if (cfg.sksigners == NULL &&
1210 (cms_config.sksigners = 1210 (cfg.sksigners =
1211 sk_OPENSSL_STRING_new_null()) == NULL) 1211 sk_OPENSSL_STRING_new_null()) == NULL)
1212 goto end; 1212 goto end;
1213 if (!sk_OPENSSL_STRING_push(cms_config.sksigners, 1213 if (!sk_OPENSSL_STRING_push(cfg.sksigners,
1214 cms_config.signerfile)) 1214 cfg.signerfile))
1215 goto end; 1215 goto end;
1216 if (cms_config.skkeys == NULL && 1216 if (cfg.skkeys == NULL &&
1217 (cms_config.skkeys = 1217 (cfg.skkeys =
1218 sk_OPENSSL_STRING_new_null()) == NULL) 1218 sk_OPENSSL_STRING_new_null()) == NULL)
1219 goto end; 1219 goto end;
1220 if (cms_config.keyfile == NULL) 1220 if (cfg.keyfile == NULL)
1221 cms_config.keyfile = cms_config.signerfile; 1221 cfg.keyfile = cfg.signerfile;
1222 if (!sk_OPENSSL_STRING_push(cms_config.skkeys, 1222 if (!sk_OPENSSL_STRING_push(cfg.skkeys,
1223 cms_config.keyfile)) 1223 cfg.keyfile))
1224 goto end; 1224 goto end;
1225 } 1225 }
1226 if (cms_config.sksigners == NULL) { 1226 if (cfg.sksigners == NULL) {
1227 BIO_printf(bio_err, 1227 BIO_printf(bio_err,
1228 "No signer certificate specified\n"); 1228 "No signer certificate specified\n");
1229 badarg = 1; 1229 badarg = 1;
1230 } 1230 }
1231 cms_config.signerfile = NULL; 1231 cfg.signerfile = NULL;
1232 cms_config.keyfile = NULL; 1232 cfg.keyfile = NULL;
1233 } else if (cms_config.operation == SMIME_DECRYPT) { 1233 } else if (cfg.operation == SMIME_DECRYPT) {
1234 if (cms_config.recipfile == NULL && 1234 if (cfg.recipfile == NULL &&
1235 cms_config.keyfile == NULL && 1235 cfg.keyfile == NULL &&
1236 cms_config.secret_key == NULL && 1236 cfg.secret_key == NULL &&
1237 cms_config.pwri_pass == NULL) { 1237 cfg.pwri_pass == NULL) {
1238 BIO_printf(bio_err, 1238 BIO_printf(bio_err,
1239 "No recipient certificate or key specified\n"); 1239 "No recipient certificate or key specified\n");
1240 badarg = 1; 1240 badarg = 1;
1241 } 1241 }
1242 } else if (cms_config.operation == SMIME_ENCRYPT) { 1242 } else if (cfg.operation == SMIME_ENCRYPT) {
1243 if (*args == NULL && cms_config.secret_key == NULL && 1243 if (*args == NULL && cfg.secret_key == NULL &&
1244 cms_config.pwri_pass == NULL && 1244 cfg.pwri_pass == NULL &&
1245 cms_config.encerts == NULL) { 1245 cfg.encerts == NULL) {
1246 BIO_printf(bio_err, 1246 BIO_printf(bio_err,
1247 "No recipient(s) certificate(s) specified\n"); 1247 "No recipient(s) certificate(s) specified\n");
1248 badarg = 1; 1248 badarg = 1;
1249 } 1249 }
1250 } else if (!cms_config.operation) { 1250 } else if (!cfg.operation) {
1251 badarg = 1; 1251 badarg = 1;
1252 } 1252 }
1253 1253
@@ -1257,103 +1257,103 @@ cms_main(int argc, char **argv)
1257 goto end; 1257 goto end;
1258 } 1258 }
1259 1259
1260 if (!app_passwd(bio_err, cms_config.passargin, NULL, &passin, NULL)) { 1260 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
1261 BIO_printf(bio_err, "Error getting password\n"); 1261 BIO_printf(bio_err, "Error getting password\n");
1262 goto end; 1262 goto end;
1263 } 1263 }
1264 ret = 2; 1264 ret = 2;
1265 1265
1266 if (!(cms_config.operation & SMIME_SIGNERS)) 1266 if (!(cfg.operation & SMIME_SIGNERS))
1267 cms_config.flags &= ~CMS_DETACHED; 1267 cfg.flags &= ~CMS_DETACHED;
1268 1268
1269 if (cms_config.operation & SMIME_OP) { 1269 if (cfg.operation & SMIME_OP) {
1270 if (cms_config.outformat == FORMAT_ASN1) 1270 if (cfg.outformat == FORMAT_ASN1)
1271 outmode = "wb"; 1271 outmode = "wb";
1272 } else { 1272 } else {
1273 if (cms_config.flags & CMS_BINARY) 1273 if (cfg.flags & CMS_BINARY)
1274 outmode = "wb"; 1274 outmode = "wb";
1275 } 1275 }
1276 1276
1277 if (cms_config.operation & SMIME_IP) { 1277 if (cfg.operation & SMIME_IP) {
1278 if (cms_config.informat == FORMAT_ASN1) 1278 if (cfg.informat == FORMAT_ASN1)
1279 inmode = "rb"; 1279 inmode = "rb";
1280 } else { 1280 } else {
1281 if (cms_config.flags & CMS_BINARY) 1281 if (cfg.flags & CMS_BINARY)
1282 inmode = "rb"; 1282 inmode = "rb";
1283 } 1283 }
1284 1284
1285 if (cms_config.operation == SMIME_ENCRYPT) { 1285 if (cfg.operation == SMIME_ENCRYPT) {
1286 if (cms_config.cipher == NULL) { 1286 if (cfg.cipher == NULL) {
1287#ifndef OPENSSL_NO_DES 1287#ifndef OPENSSL_NO_DES
1288 cms_config.cipher = EVP_des_ede3_cbc(); 1288 cfg.cipher = EVP_des_ede3_cbc();
1289#else 1289#else
1290 BIO_printf(bio_err, "No cipher selected\n"); 1290 BIO_printf(bio_err, "No cipher selected\n");
1291 goto end; 1291 goto end;
1292#endif 1292#endif
1293 } 1293 }
1294 if (cms_config.secret_key != NULL && 1294 if (cfg.secret_key != NULL &&
1295 cms_config.secret_keyid == NULL) { 1295 cfg.secret_keyid == NULL) {
1296 BIO_printf(bio_err, "No secret key id\n"); 1296 BIO_printf(bio_err, "No secret key id\n");
1297 goto end; 1297 goto end;
1298 } 1298 }
1299 if (*args != NULL && cms_config.encerts == NULL) 1299 if (*args != NULL && cfg.encerts == NULL)
1300 if ((cms_config.encerts = sk_X509_new_null()) == NULL) 1300 if ((cfg.encerts = sk_X509_new_null()) == NULL)
1301 goto end; 1301 goto end;
1302 while (*args) { 1302 while (*args) {
1303 if ((cms_config.cert = load_cert(bio_err, *args, 1303 if ((cfg.cert = load_cert(bio_err, *args,
1304 FORMAT_PEM, NULL, 1304 FORMAT_PEM, NULL,
1305 "recipient certificate file")) == NULL) 1305 "recipient certificate file")) == NULL)
1306 goto end; 1306 goto end;
1307 if (!sk_X509_push(cms_config.encerts, cms_config.cert)) 1307 if (!sk_X509_push(cfg.encerts, cfg.cert))
1308 goto end; 1308 goto end;
1309 cms_config.cert = NULL; 1309 cfg.cert = NULL;
1310 args++; 1310 args++;
1311 } 1311 }
1312 } 1312 }
1313 if (cms_config.certfile != NULL) { 1313 if (cfg.certfile != NULL) {
1314 if ((other = load_certs(bio_err, cms_config.certfile, 1314 if ((other = load_certs(bio_err, cfg.certfile,
1315 FORMAT_PEM, NULL, "certificate file")) == NULL) { 1315 FORMAT_PEM, NULL, "certificate file")) == NULL) {
1316 ERR_print_errors(bio_err); 1316 ERR_print_errors(bio_err);
1317 goto end; 1317 goto end;
1318 } 1318 }
1319 } 1319 }
1320 if (cms_config.recipfile != NULL && 1320 if (cfg.recipfile != NULL &&
1321 (cms_config.operation == SMIME_DECRYPT)) { 1321 (cfg.operation == SMIME_DECRYPT)) {
1322 if ((recip = load_cert(bio_err, cms_config.recipfile, 1322 if ((recip = load_cert(bio_err, cfg.recipfile,
1323 FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { 1323 FORMAT_PEM, NULL, "recipient certificate file")) == NULL) {
1324 ERR_print_errors(bio_err); 1324 ERR_print_errors(bio_err);
1325 goto end; 1325 goto end;
1326 } 1326 }
1327 } 1327 }
1328 if (cms_config.operation == SMIME_SIGN_RECEIPT) { 1328 if (cfg.operation == SMIME_SIGN_RECEIPT) {
1329 if ((signer = load_cert(bio_err, cms_config.signerfile, 1329 if ((signer = load_cert(bio_err, cfg.signerfile,
1330 FORMAT_PEM, NULL, 1330 FORMAT_PEM, NULL,
1331 "receipt signer certificate file")) == NULL) { 1331 "receipt signer certificate file")) == NULL) {
1332 ERR_print_errors(bio_err); 1332 ERR_print_errors(bio_err);
1333 goto end; 1333 goto end;
1334 } 1334 }
1335 } 1335 }
1336 if (cms_config.operation == SMIME_DECRYPT) { 1336 if (cfg.operation == SMIME_DECRYPT) {
1337 if (cms_config.keyfile == NULL) 1337 if (cfg.keyfile == NULL)
1338 cms_config.keyfile = cms_config.recipfile; 1338 cfg.keyfile = cfg.recipfile;
1339 } else if ((cms_config.operation == SMIME_SIGN) || 1339 } else if ((cfg.operation == SMIME_SIGN) ||
1340 (cms_config.operation == SMIME_SIGN_RECEIPT)) { 1340 (cfg.operation == SMIME_SIGN_RECEIPT)) {
1341 if (cms_config.keyfile == NULL) 1341 if (cfg.keyfile == NULL)
1342 cms_config.keyfile = cms_config.signerfile; 1342 cfg.keyfile = cfg.signerfile;
1343 } else { 1343 } else {
1344 cms_config.keyfile = NULL; 1344 cfg.keyfile = NULL;
1345 } 1345 }
1346 1346
1347 if (cms_config.keyfile != NULL) { 1347 if (cfg.keyfile != NULL) {
1348 key = load_key(bio_err, cms_config.keyfile, cms_config.keyform, 1348 key = load_key(bio_err, cfg.keyfile, cfg.keyform,
1349 0, passin, "signing key file"); 1349 0, passin, "signing key file");
1350 if (key == NULL) 1350 if (key == NULL)
1351 goto end; 1351 goto end;
1352 } 1352 }
1353 if (cms_config.infile != NULL) { 1353 if (cfg.infile != NULL) {
1354 if ((in = BIO_new_file(cms_config.infile, inmode)) == NULL) { 1354 if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) {
1355 BIO_printf(bio_err, 1355 BIO_printf(bio_err,
1356 "Can't open input file %s\n", cms_config.infile); 1356 "Can't open input file %s\n", cfg.infile);
1357 goto end; 1357 goto end;
1358 } 1358 }
1359 } else { 1359 } else {
@@ -1361,12 +1361,12 @@ cms_main(int argc, char **argv)
1361 goto end; 1361 goto end;
1362 } 1362 }
1363 1363
1364 if (cms_config.operation & SMIME_IP) { 1364 if (cfg.operation & SMIME_IP) {
1365 if (cms_config.informat == FORMAT_SMIME) 1365 if (cfg.informat == FORMAT_SMIME)
1366 cms = SMIME_read_CMS(in, &indata); 1366 cms = SMIME_read_CMS(in, &indata);
1367 else if (cms_config.informat == FORMAT_PEM) 1367 else if (cfg.informat == FORMAT_PEM)
1368 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); 1368 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
1369 else if (cms_config.informat == FORMAT_ASN1) 1369 else if (cfg.informat == FORMAT_ASN1)
1370 cms = d2i_CMS_bio(in, NULL); 1370 cms = d2i_CMS_bio(in, NULL);
1371 else { 1371 else {
1372 BIO_printf(bio_err, "Bad input format for CMS file\n"); 1372 BIO_printf(bio_err, "Bad input format for CMS file\n");
@@ -1377,24 +1377,24 @@ cms_main(int argc, char **argv)
1377 BIO_printf(bio_err, "Error reading S/MIME message\n"); 1377 BIO_printf(bio_err, "Error reading S/MIME message\n");
1378 goto end; 1378 goto end;
1379 } 1379 }
1380 if (cms_config.contfile != NULL) { 1380 if (cfg.contfile != NULL) {
1381 BIO_free(indata); 1381 BIO_free(indata);
1382 if ((indata = BIO_new_file(cms_config.contfile, 1382 if ((indata = BIO_new_file(cfg.contfile,
1383 "rb")) == NULL) { 1383 "rb")) == NULL) {
1384 BIO_printf(bio_err, 1384 BIO_printf(bio_err,
1385 "Can't read content file %s\n", 1385 "Can't read content file %s\n",
1386 cms_config.contfile); 1386 cfg.contfile);
1387 goto end; 1387 goto end;
1388 } 1388 }
1389 } 1389 }
1390 if (cms_config.certsoutfile != NULL) { 1390 if (cfg.certsoutfile != NULL) {
1391 STACK_OF(X509) *allcerts; 1391 STACK_OF(X509) *allcerts;
1392 if ((allcerts = CMS_get1_certs(cms)) == NULL) 1392 if ((allcerts = CMS_get1_certs(cms)) == NULL)
1393 goto end; 1393 goto end;
1394 if (!save_certs(cms_config.certsoutfile, allcerts)) { 1394 if (!save_certs(cfg.certsoutfile, allcerts)) {
1395 BIO_printf(bio_err, 1395 BIO_printf(bio_err,
1396 "Error writing certs to %s\n", 1396 "Error writing certs to %s\n",
1397 cms_config.certsoutfile); 1397 cfg.certsoutfile);
1398 sk_X509_pop_free(allcerts, X509_free); 1398 sk_X509_pop_free(allcerts, X509_free);
1399 ret = 5; 1399 ret = 5;
1400 goto end; 1400 goto end;
@@ -1402,19 +1402,19 @@ cms_main(int argc, char **argv)
1402 sk_X509_pop_free(allcerts, X509_free); 1402 sk_X509_pop_free(allcerts, X509_free);
1403 } 1403 }
1404 } 1404 }
1405 if (cms_config.rctfile != NULL) { 1405 if (cfg.rctfile != NULL) {
1406 char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ? 1406 char *rctmode = (cfg.rctformat == FORMAT_ASN1) ?
1407 "rb" : "r"; 1407 "rb" : "r";
1408 if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) { 1408 if ((rctin = BIO_new_file(cfg.rctfile, rctmode)) == NULL) {
1409 BIO_printf(bio_err, 1409 BIO_printf(bio_err,
1410 "Can't open receipt file %s\n", cms_config.rctfile); 1410 "Can't open receipt file %s\n", cfg.rctfile);
1411 goto end; 1411 goto end;
1412 } 1412 }
1413 if (cms_config.rctformat == FORMAT_SMIME) 1413 if (cfg.rctformat == FORMAT_SMIME)
1414 rcms = SMIME_read_CMS(rctin, NULL); 1414 rcms = SMIME_read_CMS(rctin, NULL);
1415 else if (cms_config.rctformat == FORMAT_PEM) 1415 else if (cfg.rctformat == FORMAT_PEM)
1416 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); 1416 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
1417 else if (cms_config.rctformat == FORMAT_ASN1) 1417 else if (cfg.rctformat == FORMAT_ASN1)
1418 rcms = d2i_CMS_bio(rctin, NULL); 1418 rcms = d2i_CMS_bio(rctin, NULL);
1419 else { 1419 else {
1420 BIO_printf(bio_err, "Bad input format for receipt\n"); 1420 BIO_printf(bio_err, "Bad input format for receipt\n");
@@ -1426,10 +1426,10 @@ cms_main(int argc, char **argv)
1426 goto end; 1426 goto end;
1427 } 1427 }
1428 } 1428 }
1429 if (cms_config.outfile != NULL) { 1429 if (cfg.outfile != NULL) {
1430 if ((out = BIO_new_file(cms_config.outfile, outmode)) == NULL) { 1430 if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) {
1431 BIO_printf(bio_err, 1431 BIO_printf(bio_err,
1432 "Can't open output file %s\n", cms_config.outfile); 1432 "Can't open output file %s\n", cfg.outfile);
1433 goto end; 1433 goto end;
1434 } 1434 }
1435 } else { 1435 } else {
@@ -1437,42 +1437,42 @@ cms_main(int argc, char **argv)
1437 goto end; 1437 goto end;
1438 } 1438 }
1439 1439
1440 if ((cms_config.operation == SMIME_VERIFY) || 1440 if ((cfg.operation == SMIME_VERIFY) ||
1441 (cms_config.operation == SMIME_VERIFY_RECEIPT)) { 1441 (cfg.operation == SMIME_VERIFY_RECEIPT)) {
1442 if ((store = setup_verify(bio_err, cms_config.CAfile, 1442 if ((store = setup_verify(bio_err, cfg.CAfile,
1443 cms_config.CApath)) == NULL) 1443 cfg.CApath)) == NULL)
1444 goto end; 1444 goto end;
1445 X509_STORE_set_verify_cb(store, cms_cb); 1445 X509_STORE_set_verify_cb(store, cms_cb);
1446 if (cms_config.vpm != NULL) { 1446 if (cfg.vpm != NULL) {
1447 if (!X509_STORE_set1_param(store, cms_config.vpm)) 1447 if (!X509_STORE_set1_param(store, cfg.vpm))
1448 goto end; 1448 goto end;
1449 } 1449 }
1450 } 1450 }
1451 ret = 3; 1451 ret = 3;
1452 1452
1453 if (cms_config.operation == SMIME_DATA_CREATE) { 1453 if (cfg.operation == SMIME_DATA_CREATE) {
1454 cms = CMS_data_create(in, cms_config.flags); 1454 cms = CMS_data_create(in, cfg.flags);
1455 } else if (cms_config.operation == SMIME_DIGEST_CREATE) { 1455 } else if (cfg.operation == SMIME_DIGEST_CREATE) {
1456 cms = CMS_digest_create(in, cms_config.sign_md, 1456 cms = CMS_digest_create(in, cfg.sign_md,
1457 cms_config.flags); 1457 cfg.flags);
1458 } else if (cms_config.operation == SMIME_COMPRESS) { 1458 } else if (cfg.operation == SMIME_COMPRESS) {
1459 cms = CMS_compress(in, -1, cms_config.flags); 1459 cms = CMS_compress(in, -1, cfg.flags);
1460 } else if (cms_config.operation == SMIME_ENCRYPT) { 1460 } else if (cfg.operation == SMIME_ENCRYPT) {
1461 int i; 1461 int i;
1462 cms_config.flags |= CMS_PARTIAL; 1462 cfg.flags |= CMS_PARTIAL;
1463 cms = CMS_encrypt(NULL, in, cms_config.cipher, 1463 cms = CMS_encrypt(NULL, in, cfg.cipher,
1464 cms_config.flags); 1464 cfg.flags);
1465 if (cms == NULL) 1465 if (cms == NULL)
1466 goto end; 1466 goto end;
1467 for (i = 0; i < sk_X509_num(cms_config.encerts); i++) { 1467 for (i = 0; i < sk_X509_num(cfg.encerts); i++) {
1468 CMS_RecipientInfo *ri; 1468 CMS_RecipientInfo *ri;
1469 struct cms_key_param *kparam; 1469 struct cms_key_param *kparam;
1470 int tflags = cms_config.flags; 1470 int tflags = cfg.flags;
1471 X509 *x; 1471 X509 *x;
1472 1472
1473 if ((x = sk_X509_value(cms_config.encerts, i)) == NULL) 1473 if ((x = sk_X509_value(cfg.encerts, i)) == NULL)
1474 goto end; 1474 goto end;
1475 for (kparam = cms_config.key_first; kparam != NULL; 1475 for (kparam = cfg.key_first; kparam != NULL;
1476 kparam = kparam->next) { 1476 kparam = kparam->next) {
1477 if (kparam->idx == i) { 1477 if (kparam->idx == i) {
1478 tflags |= CMS_KEY_PARAM; 1478 tflags |= CMS_KEY_PARAM;
@@ -1492,18 +1492,18 @@ cms_main(int argc, char **argv)
1492 } 1492 }
1493 } 1493 }
1494 1494
1495 if (cms_config.secret_key != NULL) { 1495 if (cfg.secret_key != NULL) {
1496 if (CMS_add0_recipient_key(cms, NID_undef, 1496 if (CMS_add0_recipient_key(cms, NID_undef,
1497 cms_config.secret_key, cms_config.secret_keylen, 1497 cfg.secret_key, cfg.secret_keylen,
1498 cms_config.secret_keyid, cms_config.secret_keyidlen, 1498 cfg.secret_keyid, cfg.secret_keyidlen,
1499 NULL, NULL, NULL) == NULL) 1499 NULL, NULL, NULL) == NULL)
1500 goto end; 1500 goto end;
1501 /* NULL these because call absorbs them */ 1501 /* NULL these because call absorbs them */
1502 cms_config.secret_key = NULL; 1502 cfg.secret_key = NULL;
1503 cms_config.secret_keyid = NULL; 1503 cfg.secret_keyid = NULL;
1504 } 1504 }
1505 if (cms_config.pwri_pass != NULL) { 1505 if (cfg.pwri_pass != NULL) {
1506 pwri_tmp = strdup(cms_config.pwri_pass); 1506 pwri_tmp = strdup(cfg.pwri_pass);
1507 if (pwri_tmp == NULL) 1507 if (pwri_tmp == NULL)
1508 goto end; 1508 goto end;
1509 if (CMS_add0_recipient_password(cms, -1, NID_undef, 1509 if (CMS_add0_recipient_password(cms, -1, NID_undef,
@@ -1511,16 +1511,16 @@ cms_main(int argc, char **argv)
1511 goto end; 1511 goto end;
1512 pwri_tmp = NULL; 1512 pwri_tmp = NULL;
1513 } 1513 }
1514 if (!(cms_config.flags & CMS_STREAM)) { 1514 if (!(cfg.flags & CMS_STREAM)) {
1515 if (!CMS_final(cms, in, NULL, cms_config.flags)) 1515 if (!CMS_final(cms, in, NULL, cfg.flags))
1516 goto end; 1516 goto end;
1517 } 1517 }
1518 } else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) { 1518 } else if (cfg.operation == SMIME_ENCRYPTED_ENCRYPT) {
1519 cms = CMS_EncryptedData_encrypt(in, cms_config.cipher, 1519 cms = CMS_EncryptedData_encrypt(in, cfg.cipher,
1520 cms_config.secret_key, cms_config.secret_keylen, 1520 cfg.secret_key, cfg.secret_keylen,
1521 cms_config.flags); 1521 cfg.flags);
1522 1522
1523 } else if (cms_config.operation == SMIME_SIGN_RECEIPT) { 1523 } else if (cfg.operation == SMIME_SIGN_RECEIPT) {
1524 CMS_ContentInfo *srcms = NULL; 1524 CMS_ContentInfo *srcms = NULL;
1525 STACK_OF(CMS_SignerInfo) *sis; 1525 STACK_OF(CMS_SignerInfo) *sis;
1526 CMS_SignerInfo *si; 1526 CMS_SignerInfo *si;
@@ -1531,36 +1531,36 @@ cms_main(int argc, char **argv)
1531 if (si == NULL) 1531 if (si == NULL)
1532 goto end; 1532 goto end;
1533 srcms = CMS_sign_receipt(si, signer, key, other, 1533 srcms = CMS_sign_receipt(si, signer, key, other,
1534 cms_config.flags); 1534 cfg.flags);
1535 if (srcms == NULL) 1535 if (srcms == NULL)
1536 goto end; 1536 goto end;
1537 CMS_ContentInfo_free(cms); 1537 CMS_ContentInfo_free(cms);
1538 cms = srcms; 1538 cms = srcms;
1539 } else if (cms_config.operation & SMIME_SIGNERS) { 1539 } else if (cfg.operation & SMIME_SIGNERS) {
1540 int i; 1540 int i;
1541 /* 1541 /*
1542 * If detached data content we enable streaming if S/MIME 1542 * If detached data content we enable streaming if S/MIME
1543 * output format. 1543 * output format.
1544 */ 1544 */
1545 if (cms_config.operation == SMIME_SIGN) { 1545 if (cfg.operation == SMIME_SIGN) {
1546 1546
1547 if (cms_config.flags & CMS_DETACHED) { 1547 if (cfg.flags & CMS_DETACHED) {
1548 if (cms_config.outformat == FORMAT_SMIME) 1548 if (cfg.outformat == FORMAT_SMIME)
1549 cms_config.flags |= CMS_STREAM; 1549 cfg.flags |= CMS_STREAM;
1550 } 1550 }
1551 cms_config.flags |= CMS_PARTIAL; 1551 cfg.flags |= CMS_PARTIAL;
1552 cms = CMS_sign(NULL, NULL, other, in, cms_config.flags); 1552 cms = CMS_sign(NULL, NULL, other, in, cfg.flags);
1553 if (cms == NULL) 1553 if (cms == NULL)
1554 goto end; 1554 goto end;
1555 if (cms_config.econtent_type != NULL) 1555 if (cfg.econtent_type != NULL)
1556 if (!CMS_set1_eContentType(cms, 1556 if (!CMS_set1_eContentType(cms,
1557 cms_config.econtent_type)) 1557 cfg.econtent_type))
1558 goto end; 1558 goto end;
1559 1559
1560 if (cms_config.rr_to != NULL) { 1560 if (cfg.rr_to != NULL) {
1561 rr = make_receipt_request(cms_config.rr_to, 1561 rr = make_receipt_request(cfg.rr_to,
1562 cms_config.rr_allorfirst, 1562 cfg.rr_allorfirst,
1563 cms_config.rr_from); 1563 cfg.rr_from);
1564 if (rr == NULL) { 1564 if (rr == NULL) {
1565 BIO_puts(bio_err, 1565 BIO_puts(bio_err,
1566 "Signed Receipt Request Creation Error\n"); 1566 "Signed Receipt Request Creation Error\n");
@@ -1568,28 +1568,28 @@ cms_main(int argc, char **argv)
1568 } 1568 }
1569 } 1569 }
1570 } else { 1570 } else {
1571 cms_config.flags |= CMS_REUSE_DIGEST; 1571 cfg.flags |= CMS_REUSE_DIGEST;
1572 } 1572 }
1573 1573
1574 for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) { 1574 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) {
1575 CMS_SignerInfo *si; 1575 CMS_SignerInfo *si;
1576 struct cms_key_param *kparam; 1576 struct cms_key_param *kparam;
1577 int tflags = cms_config.flags; 1577 int tflags = cfg.flags;
1578 1578
1579 cms_config.signerfile = sk_OPENSSL_STRING_value( 1579 cfg.signerfile = sk_OPENSSL_STRING_value(
1580 cms_config.sksigners, i); 1580 cfg.sksigners, i);
1581 cms_config.keyfile = sk_OPENSSL_STRING_value( 1581 cfg.keyfile = sk_OPENSSL_STRING_value(
1582 cms_config.skkeys, i); 1582 cfg.skkeys, i);
1583 1583
1584 signer = load_cert(bio_err, cms_config.signerfile, 1584 signer = load_cert(bio_err, cfg.signerfile,
1585 FORMAT_PEM, NULL, "signer certificate"); 1585 FORMAT_PEM, NULL, "signer certificate");
1586 if (signer == NULL) 1586 if (signer == NULL)
1587 goto end; 1587 goto end;
1588 key = load_key(bio_err, cms_config.keyfile, 1588 key = load_key(bio_err, cfg.keyfile,
1589 cms_config.keyform, 0, passin, "signing key file"); 1589 cfg.keyform, 0, passin, "signing key file");
1590 if (key == NULL) 1590 if (key == NULL)
1591 goto end; 1591 goto end;
1592 for (kparam = cms_config.key_first; kparam != NULL; 1592 for (kparam = cfg.key_first; kparam != NULL;
1593 kparam = kparam->next) { 1593 kparam = kparam->next) {
1594 if (kparam->idx == i) { 1594 if (kparam->idx == i) {
1595 tflags |= CMS_KEY_PARAM; 1595 tflags |= CMS_KEY_PARAM;
@@ -1597,7 +1597,7 @@ cms_main(int argc, char **argv)
1597 } 1597 }
1598 } 1598 }
1599 si = CMS_add1_signer(cms, signer, key, 1599 si = CMS_add1_signer(cms, signer, key,
1600 cms_config.sign_md, tflags); 1600 cfg.sign_md, tflags);
1601 if (si == NULL) 1601 if (si == NULL)
1602 goto end; 1602 goto end;
1603 if (kparam != NULL) { 1603 if (kparam != NULL) {
@@ -1616,9 +1616,9 @@ cms_main(int argc, char **argv)
1616 key = NULL; 1616 key = NULL;
1617 } 1617 }
1618 /* If not streaming or resigning finalize structure */ 1618 /* If not streaming or resigning finalize structure */
1619 if ((cms_config.operation == SMIME_SIGN) && 1619 if ((cfg.operation == SMIME_SIGN) &&
1620 !(cms_config.flags & CMS_STREAM)) { 1620 !(cfg.flags & CMS_STREAM)) {
1621 if (!CMS_final(cms, in, NULL, cms_config.flags)) 1621 if (!CMS_final(cms, in, NULL, cfg.flags))
1622 goto end; 1622 goto end;
1623 } 1623 }
1624 } 1624 }
@@ -1627,15 +1627,15 @@ cms_main(int argc, char **argv)
1627 goto end; 1627 goto end;
1628 } 1628 }
1629 ret = 4; 1629 ret = 4;
1630 if (cms_config.operation == SMIME_DECRYPT) { 1630 if (cfg.operation == SMIME_DECRYPT) {
1631 if (cms_config.flags & CMS_DEBUG_DECRYPT) 1631 if (cfg.flags & CMS_DEBUG_DECRYPT)
1632 CMS_decrypt(cms, NULL, NULL, NULL, NULL, 1632 CMS_decrypt(cms, NULL, NULL, NULL, NULL,
1633 cms_config.flags); 1633 cfg.flags);
1634 1634
1635 if (cms_config.secret_key != NULL) { 1635 if (cfg.secret_key != NULL) {
1636 if (!CMS_decrypt_set1_key(cms, cms_config.secret_key, 1636 if (!CMS_decrypt_set1_key(cms, cfg.secret_key,
1637 cms_config.secret_keylen, cms_config.secret_keyid, 1637 cfg.secret_keylen, cfg.secret_keyid,
1638 cms_config.secret_keyidlen)) { 1638 cfg.secret_keyidlen)) {
1639 BIO_puts(bio_err, 1639 BIO_puts(bio_err,
1640 "Error decrypting CMS using secret key\n"); 1640 "Error decrypting CMS using secret key\n");
1641 goto end; 1641 goto end;
@@ -1648,95 +1648,95 @@ cms_main(int argc, char **argv)
1648 goto end; 1648 goto end;
1649 } 1649 }
1650 } 1650 }
1651 if (cms_config.pwri_pass != NULL) { 1651 if (cfg.pwri_pass != NULL) {
1652 if (!CMS_decrypt_set1_password(cms, 1652 if (!CMS_decrypt_set1_password(cms,
1653 cms_config.pwri_pass, -1)) { 1653 cfg.pwri_pass, -1)) {
1654 BIO_puts(bio_err, 1654 BIO_puts(bio_err,
1655 "Error decrypting CMS using password\n"); 1655 "Error decrypting CMS using password\n");
1656 goto end; 1656 goto end;
1657 } 1657 }
1658 } 1658 }
1659 if (!CMS_decrypt(cms, NULL, NULL, indata, out, 1659 if (!CMS_decrypt(cms, NULL, NULL, indata, out,
1660 cms_config.flags)) { 1660 cfg.flags)) {
1661 BIO_printf(bio_err, "Error decrypting CMS structure\n"); 1661 BIO_printf(bio_err, "Error decrypting CMS structure\n");
1662 goto end; 1662 goto end;
1663 } 1663 }
1664 } else if (cms_config.operation == SMIME_DATAOUT) { 1664 } else if (cfg.operation == SMIME_DATAOUT) {
1665 if (!CMS_data(cms, out, cms_config.flags)) 1665 if (!CMS_data(cms, out, cfg.flags))
1666 goto end; 1666 goto end;
1667 } else if (cms_config.operation == SMIME_UNCOMPRESS) { 1667 } else if (cfg.operation == SMIME_UNCOMPRESS) {
1668 if (!CMS_uncompress(cms, indata, out, cms_config.flags)) 1668 if (!CMS_uncompress(cms, indata, out, cfg.flags))
1669 goto end; 1669 goto end;
1670 } else if (cms_config.operation == SMIME_DIGEST_VERIFY) { 1670 } else if (cfg.operation == SMIME_DIGEST_VERIFY) {
1671 if (CMS_digest_verify(cms, indata, out, cms_config.flags) > 0) 1671 if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0)
1672 BIO_printf(bio_err, "Verification successful\n"); 1672 BIO_printf(bio_err, "Verification successful\n");
1673 else { 1673 else {
1674 BIO_printf(bio_err, "Verification failure\n"); 1674 BIO_printf(bio_err, "Verification failure\n");
1675 goto end; 1675 goto end;
1676 } 1676 }
1677 } else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) { 1677 } else if (cfg.operation == SMIME_ENCRYPTED_DECRYPT) {
1678 if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key, 1678 if (!CMS_EncryptedData_decrypt(cms, cfg.secret_key,
1679 cms_config.secret_keylen, indata, out, cms_config.flags)) 1679 cfg.secret_keylen, indata, out, cfg.flags))
1680 goto end; 1680 goto end;
1681 } else if (cms_config.operation == SMIME_VERIFY) { 1681 } else if (cfg.operation == SMIME_VERIFY) {
1682 if (CMS_verify(cms, other, store, indata, out, 1682 if (CMS_verify(cms, other, store, indata, out,
1683 cms_config.flags) > 0) { 1683 cfg.flags) > 0) {
1684 BIO_printf(bio_err, "Verification successful\n"); 1684 BIO_printf(bio_err, "Verification successful\n");
1685 } else { 1685 } else {
1686 BIO_printf(bio_err, "Verification failure\n"); 1686 BIO_printf(bio_err, "Verification failure\n");
1687 if (cms_config.verify_retcode) 1687 if (cfg.verify_retcode)
1688 ret = verify_err + 32; 1688 ret = verify_err + 32;
1689 goto end; 1689 goto end;
1690 } 1690 }
1691 if (cms_config.signerfile != NULL) { 1691 if (cfg.signerfile != NULL) {
1692 STACK_OF(X509) *signers; 1692 STACK_OF(X509) *signers;
1693 if ((signers = CMS_get0_signers(cms)) == NULL) 1693 if ((signers = CMS_get0_signers(cms)) == NULL)
1694 goto end; 1694 goto end;
1695 if (!save_certs(cms_config.signerfile, signers)) { 1695 if (!save_certs(cfg.signerfile, signers)) {
1696 BIO_printf(bio_err, 1696 BIO_printf(bio_err,
1697 "Error writing signers to %s\n", 1697 "Error writing signers to %s\n",
1698 cms_config.signerfile); 1698 cfg.signerfile);
1699 sk_X509_free(signers); 1699 sk_X509_free(signers);
1700 ret = 5; 1700 ret = 5;
1701 goto end; 1701 goto end;
1702 } 1702 }
1703 sk_X509_free(signers); 1703 sk_X509_free(signers);
1704 } 1704 }
1705 if (cms_config.rr_print) 1705 if (cfg.rr_print)
1706 receipt_request_print(bio_err, cms); 1706 receipt_request_print(bio_err, cms);
1707 1707
1708 } else if (cms_config.operation == SMIME_VERIFY_RECEIPT) { 1708 } else if (cfg.operation == SMIME_VERIFY_RECEIPT) {
1709 if (CMS_verify_receipt(rcms, cms, other, store, 1709 if (CMS_verify_receipt(rcms, cms, other, store,
1710 cms_config.flags) > 0) { 1710 cfg.flags) > 0) {
1711 BIO_printf(bio_err, "Verification successful\n"); 1711 BIO_printf(bio_err, "Verification successful\n");
1712 } else { 1712 } else {
1713 BIO_printf(bio_err, "Verification failure\n"); 1713 BIO_printf(bio_err, "Verification failure\n");
1714 goto end; 1714 goto end;
1715 } 1715 }
1716 } else { 1716 } else {
1717 if (cms_config.noout) { 1717 if (cfg.noout) {
1718 if (cms_config.print && 1718 if (cfg.print &&
1719 !CMS_ContentInfo_print_ctx(out, cms, 0, NULL)) 1719 !CMS_ContentInfo_print_ctx(out, cms, 0, NULL))
1720 goto end; 1720 goto end;
1721 } else if (cms_config.outformat == FORMAT_SMIME) { 1721 } else if (cfg.outformat == FORMAT_SMIME) {
1722 if (cms_config.to != NULL) 1722 if (cfg.to != NULL)
1723 BIO_printf(out, "To: %s\n", cms_config.to); 1723 BIO_printf(out, "To: %s\n", cfg.to);
1724 if (cms_config.from != NULL) 1724 if (cfg.from != NULL)
1725 BIO_printf(out, "From: %s\n", cms_config.from); 1725 BIO_printf(out, "From: %s\n", cfg.from);
1726 if (cms_config.subject != NULL) 1726 if (cfg.subject != NULL)
1727 BIO_printf(out, "Subject: %s\n", 1727 BIO_printf(out, "Subject: %s\n",
1728 cms_config.subject); 1728 cfg.subject);
1729 if (cms_config.operation == SMIME_RESIGN) 1729 if (cfg.operation == SMIME_RESIGN)
1730 ret = SMIME_write_CMS(out, cms, indata, 1730 ret = SMIME_write_CMS(out, cms, indata,
1731 cms_config.flags); 1731 cfg.flags);
1732 else 1732 else
1733 ret = SMIME_write_CMS(out, cms, in, 1733 ret = SMIME_write_CMS(out, cms, in,
1734 cms_config.flags); 1734 cfg.flags);
1735 } else if (cms_config.outformat == FORMAT_PEM) { 1735 } else if (cfg.outformat == FORMAT_PEM) {
1736 ret = PEM_write_bio_CMS_stream(out, cms, in, 1736 ret = PEM_write_bio_CMS_stream(out, cms, in,
1737 cms_config.flags); 1737 cfg.flags);
1738 } else if (cms_config.outformat == FORMAT_ASN1) { 1738 } else if (cfg.outformat == FORMAT_ASN1) {
1739 ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags); 1739 ret = i2d_CMS_bio_stream(out, cms, in, cfg.flags);
1740 } else { 1740 } else {
1741 BIO_printf(bio_err, "Bad output format for CMS file\n"); 1741 BIO_printf(bio_err, "Bad output format for CMS file\n");
1742 goto end; 1742 goto end;
@@ -1752,27 +1752,27 @@ cms_main(int argc, char **argv)
1752 if (ret) 1752 if (ret)
1753 ERR_print_errors(bio_err); 1753 ERR_print_errors(bio_err);
1754 1754
1755 sk_X509_pop_free(cms_config.encerts, X509_free); 1755 sk_X509_pop_free(cfg.encerts, X509_free);
1756 sk_X509_pop_free(other, X509_free); 1756 sk_X509_pop_free(other, X509_free);
1757 X509_VERIFY_PARAM_free(cms_config.vpm); 1757 X509_VERIFY_PARAM_free(cfg.vpm);
1758 sk_OPENSSL_STRING_free(cms_config.sksigners); 1758 sk_OPENSSL_STRING_free(cfg.sksigners);
1759 sk_OPENSSL_STRING_free(cms_config.skkeys); 1759 sk_OPENSSL_STRING_free(cfg.skkeys);
1760 free(cms_config.secret_key); 1760 free(cfg.secret_key);
1761 free(cms_config.secret_keyid); 1761 free(cfg.secret_keyid);
1762 free(pwri_tmp); 1762 free(pwri_tmp);
1763 ASN1_OBJECT_free(cms_config.econtent_type); 1763 ASN1_OBJECT_free(cfg.econtent_type);
1764 CMS_ReceiptRequest_free(rr); 1764 CMS_ReceiptRequest_free(rr);
1765 sk_OPENSSL_STRING_free(cms_config.rr_to); 1765 sk_OPENSSL_STRING_free(cfg.rr_to);
1766 sk_OPENSSL_STRING_free(cms_config.rr_from); 1766 sk_OPENSSL_STRING_free(cfg.rr_from);
1767 for (cms_config.key_param = cms_config.key_first; cms_config.key_param;) { 1767 for (cfg.key_param = cfg.key_first; cfg.key_param;) {
1768 struct cms_key_param *tparam; 1768 struct cms_key_param *tparam;
1769 sk_OPENSSL_STRING_free(cms_config.key_param->param); 1769 sk_OPENSSL_STRING_free(cfg.key_param->param);
1770 tparam = cms_config.key_param->next; 1770 tparam = cfg.key_param->next;
1771 free(cms_config.key_param); 1771 free(cfg.key_param);
1772 cms_config.key_param = tparam; 1772 cfg.key_param = tparam;
1773 } 1773 }
1774 X509_STORE_free(store); 1774 X509_STORE_free(store);
1775 X509_free(cms_config.cert); 1775 X509_free(cfg.cert);
1776 X509_free(recip); 1776 X509_free(recip);
1777 X509_free(signer); 1777 X509_free(signer);
1778 EVP_PKEY_free(key); 1778 EVP_PKEY_free(key);
diff --git a/src/usr.bin/openssl/crl.c b/src/usr.bin/openssl/crl.c
index 6b7bc5b72e..e64038dfda 100644
--- a/src/usr.bin/openssl/crl.c
+++ b/src/usr.bin/openssl/crl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: crl.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: crl.c,v 1.17 2023/03/06 14:32:05 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -86,7 +86,7 @@ static struct {
86 int outformat; 86 int outformat;
87 int text; 87 int text;
88 int verify; 88 int verify;
89} crl_config; 89} cfg;
90 90
91static const struct option crl_options[] = { 91static const struct option crl_options[] = {
92 { 92 {
@@ -94,109 +94,109 @@ static const struct option crl_options[] = {
94 .argname = "file", 94 .argname = "file",
95 .desc = "Verify the CRL using certificates in the given file", 95 .desc = "Verify the CRL using certificates in the given file",
96 .type = OPTION_ARG, 96 .type = OPTION_ARG,
97 .opt.arg = &crl_config.cafile, 97 .opt.arg = &cfg.cafile,
98 }, 98 },
99 { 99 {
100 .name = "CApath", 100 .name = "CApath",
101 .argname = "path", 101 .argname = "path",
102 .desc = "Verify the CRL using certificates in the given path", 102 .desc = "Verify the CRL using certificates in the given path",
103 .type = OPTION_ARG, 103 .type = OPTION_ARG,
104 .opt.arg = &crl_config.capath, 104 .opt.arg = &cfg.capath,
105 }, 105 },
106 { 106 {
107 .name = "crlnumber", 107 .name = "crlnumber",
108 .desc = "Print the CRL number", 108 .desc = "Print the CRL number",
109 .type = OPTION_FLAG_ORD, 109 .type = OPTION_FLAG_ORD,
110 .opt.flag = &crl_config.crlnumber, 110 .opt.flag = &cfg.crlnumber,
111 }, 111 },
112 { 112 {
113 .name = "fingerprint", 113 .name = "fingerprint",
114 .desc = "Print the CRL fingerprint", 114 .desc = "Print the CRL fingerprint",
115 .type = OPTION_FLAG_ORD, 115 .type = OPTION_FLAG_ORD,
116 .opt.flag = &crl_config.fingerprint, 116 .opt.flag = &cfg.fingerprint,
117 }, 117 },
118 { 118 {
119 .name = "hash", 119 .name = "hash",
120 .desc = "Print the hash of the issuer name", 120 .desc = "Print the hash of the issuer name",
121 .type = OPTION_FLAG_ORD, 121 .type = OPTION_FLAG_ORD,
122 .opt.flag = &crl_config.hash, 122 .opt.flag = &cfg.hash,
123 }, 123 },
124 { 124 {
125 .name = "hash_old", 125 .name = "hash_old",
126 .desc = "Print an old-style (MD5) hash of the issuer name", 126 .desc = "Print an old-style (MD5) hash of the issuer name",
127 .type = OPTION_FLAG_ORD, 127 .type = OPTION_FLAG_ORD,
128 .opt.flag = &crl_config.hash_old, 128 .opt.flag = &cfg.hash_old,
129 }, 129 },
130 { 130 {
131 .name = "in", 131 .name = "in",
132 .argname = "file", 132 .argname = "file",
133 .desc = "Input file to read from (stdin if unspecified)", 133 .desc = "Input file to read from (stdin if unspecified)",
134 .type = OPTION_ARG, 134 .type = OPTION_ARG,
135 .opt.arg = &crl_config.infile, 135 .opt.arg = &cfg.infile,
136 }, 136 },
137 { 137 {
138 .name = "inform", 138 .name = "inform",
139 .argname = "format", 139 .argname = "format",
140 .desc = "Input format (DER or PEM)", 140 .desc = "Input format (DER or PEM)",
141 .type = OPTION_ARG_FORMAT, 141 .type = OPTION_ARG_FORMAT,
142 .opt.value = &crl_config.informat, 142 .opt.value = &cfg.informat,
143 }, 143 },
144 { 144 {
145 .name = "issuer", 145 .name = "issuer",
146 .desc = "Print the issuer name", 146 .desc = "Print the issuer name",
147 .type = OPTION_FLAG_ORD, 147 .type = OPTION_FLAG_ORD,
148 .opt.flag = &crl_config.issuer, 148 .opt.flag = &cfg.issuer,
149 }, 149 },
150 { 150 {
151 .name = "lastupdate", 151 .name = "lastupdate",
152 .desc = "Print the lastUpdate field", 152 .desc = "Print the lastUpdate field",
153 .type = OPTION_FLAG_ORD, 153 .type = OPTION_FLAG_ORD,
154 .opt.flag = &crl_config.lastupdate, 154 .opt.flag = &cfg.lastupdate,
155 }, 155 },
156 { 156 {
157 .name = "nameopt", 157 .name = "nameopt",
158 .argname = "options", 158 .argname = "options",
159 .desc = "Specify certificate name options", 159 .desc = "Specify certificate name options",
160 .type = OPTION_ARG, 160 .type = OPTION_ARG,
161 .opt.arg = &crl_config.nameopt, 161 .opt.arg = &cfg.nameopt,
162 }, 162 },
163 { 163 {
164 .name = "nextupdate", 164 .name = "nextupdate",
165 .desc = "Print the nextUpdate field", 165 .desc = "Print the nextUpdate field",
166 .type = OPTION_FLAG_ORD, 166 .type = OPTION_FLAG_ORD,
167 .opt.flag = &crl_config.nextupdate, 167 .opt.flag = &cfg.nextupdate,
168 }, 168 },
169 { 169 {
170 .name = "noout", 170 .name = "noout",
171 .desc = "Do not output the encoded version of the CRL", 171 .desc = "Do not output the encoded version of the CRL",
172 .type = OPTION_FLAG, 172 .type = OPTION_FLAG,
173 .opt.flag = &crl_config.noout, 173 .opt.flag = &cfg.noout,
174 }, 174 },
175 { 175 {
176 .name = "out", 176 .name = "out",
177 .argname = "file", 177 .argname = "file",
178 .desc = "Output file to write to (stdout if unspecified)", 178 .desc = "Output file to write to (stdout if unspecified)",
179 .type = OPTION_ARG, 179 .type = OPTION_ARG,
180 .opt.arg = &crl_config.outfile, 180 .opt.arg = &cfg.outfile,
181 }, 181 },
182 { 182 {
183 .name = "outform", 183 .name = "outform",
184 .argname = "format", 184 .argname = "format",
185 .desc = "Output format (DER or PEM)", 185 .desc = "Output format (DER or PEM)",
186 .type = OPTION_ARG_FORMAT, 186 .type = OPTION_ARG_FORMAT,
187 .opt.value = &crl_config.outformat, 187 .opt.value = &cfg.outformat,
188 }, 188 },
189 { 189 {
190 .name = "text", 190 .name = "text",
191 .desc = "Print out the CRL in text form", 191 .desc = "Print out the CRL in text form",
192 .type = OPTION_FLAG, 192 .type = OPTION_FLAG,
193 .opt.flag = &crl_config.text, 193 .opt.flag = &cfg.text,
194 }, 194 },
195 { 195 {
196 .name = "verify", 196 .name = "verify",
197 .desc = "Verify the signature on the CRL", 197 .desc = "Verify the signature on the CRL",
198 .type = OPTION_FLAG, 198 .type = OPTION_FLAG,
199 .opt.flag = &crl_config.verify, 199 .opt.flag = &cfg.verify,
200 }, 200 },
201 {NULL}, 201 {NULL},
202}; 202};
@@ -243,23 +243,23 @@ crl_main(int argc, char **argv)
243 243
244 digest = EVP_sha256(); 244 digest = EVP_sha256();
245 245
246 memset(&crl_config, 0, sizeof(crl_config)); 246 memset(&cfg, 0, sizeof(cfg));
247 crl_config.informat = FORMAT_PEM; 247 cfg.informat = FORMAT_PEM;
248 crl_config.outformat = FORMAT_PEM; 248 cfg.outformat = FORMAT_PEM;
249 249
250 if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { 250 if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) {
251 crl_usage(); 251 crl_usage();
252 goto end; 252 goto end;
253 } 253 }
254 254
255 if (crl_config.cafile != NULL || crl_config.capath != NULL) 255 if (cfg.cafile != NULL || cfg.capath != NULL)
256 crl_config.verify = 1; 256 cfg.verify = 1;
257 257
258 if (crl_config.nameopt != NULL) { 258 if (cfg.nameopt != NULL) {
259 if (set_name_ex(&nmflag, crl_config.nameopt) != 1) { 259 if (set_name_ex(&nmflag, cfg.nameopt) != 1) {
260 fprintf(stderr, 260 fprintf(stderr,
261 "Invalid -nameopt argument '%s'\n", 261 "Invalid -nameopt argument '%s'\n",
262 crl_config.nameopt); 262 cfg.nameopt);
263 goto end; 263 goto end;
264 } 264 }
265 } 265 }
@@ -273,18 +273,18 @@ crl_main(int argc, char **argv)
273 } 273 }
274 } 274 }
275 275
276 x = load_crl(crl_config.infile, crl_config.informat); 276 x = load_crl(cfg.infile, cfg.informat);
277 if (x == NULL) 277 if (x == NULL)
278 goto end; 278 goto end;
279 279
280 if (crl_config.verify) { 280 if (cfg.verify) {
281 store = X509_STORE_new(); 281 store = X509_STORE_new();
282 if (store == NULL) 282 if (store == NULL)
283 goto end; 283 goto end;
284 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); 284 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
285 if (lookup == NULL) 285 if (lookup == NULL)
286 goto end; 286 goto end;
287 if (!X509_LOOKUP_load_file(lookup, crl_config.cafile, 287 if (!X509_LOOKUP_load_file(lookup, cfg.cafile,
288 X509_FILETYPE_PEM)) 288 X509_FILETYPE_PEM))
289 X509_LOOKUP_load_file(lookup, NULL, 289 X509_LOOKUP_load_file(lookup, NULL,
290 X509_FILETYPE_DEFAULT); 290 X509_FILETYPE_DEFAULT);
@@ -292,7 +292,7 @@ crl_main(int argc, char **argv)
292 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); 292 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
293 if (lookup == NULL) 293 if (lookup == NULL)
294 goto end; 294 goto end;
295 if (!X509_LOOKUP_add_dir(lookup, crl_config.capath, 295 if (!X509_LOOKUP_add_dir(lookup, cfg.capath,
296 X509_FILETYPE_PEM)) 296 X509_FILETYPE_PEM))
297 X509_LOOKUP_add_dir(lookup, NULL, 297 X509_LOOKUP_add_dir(lookup, NULL,
298 X509_FILETYPE_DEFAULT); 298 X509_FILETYPE_DEFAULT);
@@ -335,11 +335,11 @@ crl_main(int argc, char **argv)
335 335
336 /* Print requested information the order that the flags were given. */ 336 /* Print requested information the order that the flags were given. */
337 for (i = 1; i <= argc; i++) { 337 for (i = 1; i <= argc; i++) {
338 if (crl_config.issuer == i) { 338 if (cfg.issuer == i) {
339 print_name(bio_out, "issuer=", 339 print_name(bio_out, "issuer=",
340 X509_CRL_get_issuer(x), nmflag); 340 X509_CRL_get_issuer(x), nmflag);
341 } 341 }
342 if (crl_config.crlnumber == i) { 342 if (cfg.crlnumber == i) {
343 ASN1_INTEGER *crlnum; 343 ASN1_INTEGER *crlnum;
344 crlnum = X509_CRL_get_ext_d2i(x, 344 crlnum = X509_CRL_get_ext_d2i(x,
345 NID_crl_number, NULL, NULL); 345 NID_crl_number, NULL, NULL);
@@ -351,23 +351,23 @@ crl_main(int argc, char **argv)
351 BIO_puts(bio_out, "<NONE>"); 351 BIO_puts(bio_out, "<NONE>");
352 BIO_printf(bio_out, "\n"); 352 BIO_printf(bio_out, "\n");
353 } 353 }
354 if (crl_config.hash == i) { 354 if (cfg.hash == i) {
355 BIO_printf(bio_out, "%08lx\n", 355 BIO_printf(bio_out, "%08lx\n",
356 X509_NAME_hash(X509_CRL_get_issuer(x))); 356 X509_NAME_hash(X509_CRL_get_issuer(x)));
357 } 357 }
358#ifndef OPENSSL_NO_MD5 358#ifndef OPENSSL_NO_MD5
359 if (crl_config.hash_old == i) { 359 if (cfg.hash_old == i) {
360 BIO_printf(bio_out, "%08lx\n", 360 BIO_printf(bio_out, "%08lx\n",
361 X509_NAME_hash_old(X509_CRL_get_issuer(x))); 361 X509_NAME_hash_old(X509_CRL_get_issuer(x)));
362 } 362 }
363#endif 363#endif
364 if (crl_config.lastupdate == i) { 364 if (cfg.lastupdate == i) {
365 BIO_printf(bio_out, "lastUpdate="); 365 BIO_printf(bio_out, "lastUpdate=");
366 ASN1_TIME_print(bio_out, 366 ASN1_TIME_print(bio_out,
367 X509_CRL_get_lastUpdate(x)); 367 X509_CRL_get_lastUpdate(x));
368 BIO_printf(bio_out, "\n"); 368 BIO_printf(bio_out, "\n");
369 } 369 }
370 if (crl_config.nextupdate == i) { 370 if (cfg.nextupdate == i) {
371 BIO_printf(bio_out, "nextUpdate="); 371 BIO_printf(bio_out, "nextUpdate=");
372 if (X509_CRL_get_nextUpdate(x)) 372 if (X509_CRL_get_nextUpdate(x))
373 ASN1_TIME_print(bio_out, 373 ASN1_TIME_print(bio_out,
@@ -376,7 +376,7 @@ crl_main(int argc, char **argv)
376 BIO_printf(bio_out, "NONE"); 376 BIO_printf(bio_out, "NONE");
377 BIO_printf(bio_out, "\n"); 377 BIO_printf(bio_out, "\n");
378 } 378 }
379 if (crl_config.fingerprint == i) { 379 if (cfg.fingerprint == i) {
380 int j; 380 int j;
381 unsigned int n; 381 unsigned int n;
382 unsigned char md[EVP_MAX_MD_SIZE]; 382 unsigned char md[EVP_MAX_MD_SIZE];
@@ -399,25 +399,25 @@ crl_main(int argc, char **argv)
399 ERR_print_errors(bio_err); 399 ERR_print_errors(bio_err);
400 goto end; 400 goto end;
401 } 401 }
402 if (crl_config.outfile == NULL) { 402 if (cfg.outfile == NULL) {
403 BIO_set_fp(out, stdout, BIO_NOCLOSE); 403 BIO_set_fp(out, stdout, BIO_NOCLOSE);
404 } else { 404 } else {
405 if (BIO_write_filename(out, crl_config.outfile) <= 0) { 405 if (BIO_write_filename(out, cfg.outfile) <= 0) {
406 perror(crl_config.outfile); 406 perror(cfg.outfile);
407 goto end; 407 goto end;
408 } 408 }
409 } 409 }
410 410
411 if (crl_config.text) 411 if (cfg.text)
412 X509_CRL_print(out, x); 412 X509_CRL_print(out, x);
413 413
414 if (crl_config.noout) { 414 if (cfg.noout) {
415 ret = 0; 415 ret = 0;
416 goto end; 416 goto end;
417 } 417 }
418 if (crl_config.outformat == FORMAT_ASN1) 418 if (cfg.outformat == FORMAT_ASN1)
419 i = (int) i2d_X509_CRL_bio(out, x); 419 i = (int) i2d_X509_CRL_bio(out, x);
420 else if (crl_config.outformat == FORMAT_PEM) 420 else if (cfg.outformat == FORMAT_PEM)
421 i = PEM_write_bio_X509_CRL(out, x); 421 i = PEM_write_bio_X509_CRL(out, x);
422 else { 422 else {
423 BIO_printf(bio_err, 423 BIO_printf(bio_err,
diff --git a/src/usr.bin/openssl/crl2p7.c b/src/usr.bin/openssl/crl2p7.c
index 0b0eae2a99..dfbc896a21 100644
--- a/src/usr.bin/openssl/crl2p7.c
+++ b/src/usr.bin/openssl/crl2p7.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: crl2p7.c,v 1.10 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: crl2p7.c,v 1.11 2023/03/06 14:32:05 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -83,18 +83,18 @@ static struct {
83 int nocrl; 83 int nocrl;
84 char *outfile; 84 char *outfile;
85 int outformat; 85 int outformat;
86} crl2p7_config; 86} cfg;
87 87
88static int 88static int
89crl2p7_opt_certfile(char *arg) 89crl2p7_opt_certfile(char *arg)
90{ 90{
91 if (crl2p7_config.certflst == NULL) 91 if (cfg.certflst == NULL)
92 crl2p7_config.certflst = sk_OPENSSL_STRING_new_null(); 92 cfg.certflst = sk_OPENSSL_STRING_new_null();
93 if (crl2p7_config.certflst == NULL) { 93 if (cfg.certflst == NULL) {
94 fprintf(stderr, "out of memory\n"); 94 fprintf(stderr, "out of memory\n");
95 return (1); 95 return (1);
96 } 96 }
97 if (!sk_OPENSSL_STRING_push(crl2p7_config.certflst, arg)) { 97 if (!sk_OPENSSL_STRING_push(cfg.certflst, arg)) {
98 fprintf(stderr, "out of memory\n"); 98 fprintf(stderr, "out of memory\n");
99 return (1); 99 return (1);
100 } 100 }
@@ -115,34 +115,34 @@ static const struct option crl2p7_options[] = {
115 .argname = "file", 115 .argname = "file",
116 .desc = "Input file (default stdin)", 116 .desc = "Input file (default stdin)",
117 .type = OPTION_ARG, 117 .type = OPTION_ARG,
118 .opt.arg = &crl2p7_config.infile, 118 .opt.arg = &cfg.infile,
119 }, 119 },
120 { 120 {
121 .name = "inform", 121 .name = "inform",
122 .argname = "format", 122 .argname = "format",
123 .desc = "Input format (DER or PEM (default))", 123 .desc = "Input format (DER or PEM (default))",
124 .type = OPTION_ARG_FORMAT, 124 .type = OPTION_ARG_FORMAT,
125 .opt.value = &crl2p7_config.informat, 125 .opt.value = &cfg.informat,
126 }, 126 },
127 { 127 {
128 .name = "nocrl", 128 .name = "nocrl",
129 .desc = "Do not read CRL from input or include CRL in output", 129 .desc = "Do not read CRL from input or include CRL in output",
130 .type = OPTION_FLAG, 130 .type = OPTION_FLAG,
131 .opt.flag = &crl2p7_config.nocrl, 131 .opt.flag = &cfg.nocrl,
132 }, 132 },
133 { 133 {
134 .name = "out", 134 .name = "out",
135 .argname = "file", 135 .argname = "file",
136 .desc = "Output file (default stdout)", 136 .desc = "Output file (default stdout)",
137 .type = OPTION_ARG, 137 .type = OPTION_ARG,
138 .opt.arg = &crl2p7_config.outfile, 138 .opt.arg = &cfg.outfile,
139 }, 139 },
140 { 140 {
141 .name = "outform", 141 .name = "outform",
142 .argname = "format", 142 .argname = "format",
143 .desc = "Output format (DER or PEM (default))", 143 .desc = "Output format (DER or PEM (default))",
144 .type = OPTION_ARG_FORMAT, 144 .type = OPTION_ARG_FORMAT,
145 .opt.value = &crl2p7_config.outformat, 145 .opt.value = &cfg.outformat,
146 }, 146 },
147 { NULL }, 147 { NULL },
148}; 148};
@@ -174,10 +174,10 @@ crl2pkcs7_main(int argc, char **argv)
174 exit(1); 174 exit(1);
175 } 175 }
176 176
177 memset(&crl2p7_config, 0, sizeof(crl2p7_config)); 177 memset(&cfg, 0, sizeof(cfg));
178 178
179 crl2p7_config.informat = FORMAT_PEM; 179 cfg.informat = FORMAT_PEM;
180 crl2p7_config.outformat = FORMAT_PEM; 180 cfg.outformat = FORMAT_PEM;
181 181
182 if (options_parse(argc, argv, crl2p7_options, NULL, NULL) != 0) { 182 if (options_parse(argc, argv, crl2p7_options, NULL, NULL) != 0) {
183 crl2p7_usage(); 183 crl2p7_usage();
@@ -190,19 +190,19 @@ crl2pkcs7_main(int argc, char **argv)
190 ERR_print_errors(bio_err); 190 ERR_print_errors(bio_err);
191 goto end; 191 goto end;
192 } 192 }
193 if (!crl2p7_config.nocrl) { 193 if (!cfg.nocrl) {
194 if (crl2p7_config.infile == NULL) 194 if (cfg.infile == NULL)
195 BIO_set_fp(in, stdin, BIO_NOCLOSE); 195 BIO_set_fp(in, stdin, BIO_NOCLOSE);
196 else { 196 else {
197 if (BIO_read_filename(in, crl2p7_config.infile) <= 0) { 197 if (BIO_read_filename(in, cfg.infile) <= 0) {
198 perror(crl2p7_config.infile); 198 perror(cfg.infile);
199 goto end; 199 goto end;
200 } 200 }
201 } 201 }
202 202
203 if (crl2p7_config.informat == FORMAT_ASN1) 203 if (cfg.informat == FORMAT_ASN1)
204 crl = d2i_X509_CRL_bio(in, NULL); 204 crl = d2i_X509_CRL_bio(in, NULL);
205 else if (crl2p7_config.informat == FORMAT_PEM) 205 else if (cfg.informat == FORMAT_PEM)
206 crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); 206 crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
207 else { 207 else {
208 BIO_printf(bio_err, 208 BIO_printf(bio_err,
@@ -236,9 +236,9 @@ crl2pkcs7_main(int argc, char **argv)
236 goto end; 236 goto end;
237 p7s->cert = cert_stack; 237 p7s->cert = cert_stack;
238 238
239 if (crl2p7_config.certflst) { 239 if (cfg.certflst) {
240 for (i = 0; i < sk_OPENSSL_STRING_num(crl2p7_config.certflst); i++) { 240 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.certflst); i++) {
241 certfile = sk_OPENSSL_STRING_value(crl2p7_config.certflst, i); 241 certfile = sk_OPENSSL_STRING_value(cfg.certflst, i);
242 if (add_certs_from_file(cert_stack, certfile) < 0) { 242 if (add_certs_from_file(cert_stack, certfile) < 0) {
243 BIO_printf(bio_err, 243 BIO_printf(bio_err,
244 "error loading certificates\n"); 244 "error loading certificates\n");
@@ -248,20 +248,20 @@ crl2pkcs7_main(int argc, char **argv)
248 } 248 }
249 } 249 }
250 250
251 sk_OPENSSL_STRING_free(crl2p7_config.certflst); 251 sk_OPENSSL_STRING_free(cfg.certflst);
252 252
253 if (crl2p7_config.outfile == NULL) { 253 if (cfg.outfile == NULL) {
254 BIO_set_fp(out, stdout, BIO_NOCLOSE); 254 BIO_set_fp(out, stdout, BIO_NOCLOSE);
255 } else { 255 } else {
256 if (BIO_write_filename(out, crl2p7_config.outfile) <= 0) { 256 if (BIO_write_filename(out, cfg.outfile) <= 0) {
257 perror(crl2p7_config.outfile); 257 perror(cfg.outfile);
258 goto end; 258 goto end;
259 } 259 }
260 } 260 }
261 261
262 if (crl2p7_config.outformat == FORMAT_ASN1) 262 if (cfg.outformat == FORMAT_ASN1)
263 i = i2d_PKCS7_bio(out, p7); 263 i = i2d_PKCS7_bio(out, p7);
264 else if (crl2p7_config.outformat == FORMAT_PEM) 264 else if (cfg.outformat == FORMAT_PEM)
265 i = PEM_write_bio_PKCS7(out, p7); 265 i = PEM_write_bio_PKCS7(out, p7);
266 else { 266 else {
267 BIO_printf(bio_err, 267 BIO_printf(bio_err,
diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c
index d29bc6f98c..3979966481 100644
--- a/src/usr.bin/openssl/dgst.c
+++ b/src/usr.bin/openssl/dgst.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dgst.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: dgst.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -96,7 +96,7 @@ static struct {
96 char *sigfile; 96 char *sigfile;
97 STACK_OF(OPENSSL_STRING) *sigopts; 97 STACK_OF(OPENSSL_STRING) *sigopts;
98 int want_pub; 98 int want_pub;
99} dgst_config; 99} cfg;
100 100
101static int 101static int
102dgst_opt_macopt(char *arg) 102dgst_opt_macopt(char *arg)
@@ -104,11 +104,11 @@ dgst_opt_macopt(char *arg)
104 if (arg == NULL) 104 if (arg == NULL)
105 return (1); 105 return (1);
106 106
107 if (dgst_config.macopts == NULL && 107 if (cfg.macopts == NULL &&
108 (dgst_config.macopts = sk_OPENSSL_STRING_new_null()) == NULL) 108 (cfg.macopts = sk_OPENSSL_STRING_new_null()) == NULL)
109 return (1); 109 return (1);
110 110
111 if (!sk_OPENSSL_STRING_push(dgst_config.macopts, arg)) 111 if (!sk_OPENSSL_STRING_push(cfg.macopts, arg))
112 return (1); 112 return (1);
113 113
114 return (0); 114 return (0);
@@ -122,10 +122,10 @@ dgst_opt_md(int argc, char **argv, int *argsused)
122 if (*name++ != '-') 122 if (*name++ != '-')
123 return (1); 123 return (1);
124 124
125 if ((dgst_config.m = EVP_get_digestbyname(name)) == NULL) 125 if ((cfg.m = EVP_get_digestbyname(name)) == NULL)
126 return (1); 126 return (1);
127 127
128 dgst_config.md = dgst_config.m; 128 cfg.md = cfg.m;
129 129
130 *argsused = 1; 130 *argsused = 1;
131 return (0); 131 return (0);
@@ -137,8 +137,8 @@ dgst_opt_prverify(char *arg)
137 if (arg == NULL) 137 if (arg == NULL)
138 return (1); 138 return (1);
139 139
140 dgst_config.keyfile = arg; 140 cfg.keyfile = arg;
141 dgst_config.do_verify = 1; 141 cfg.do_verify = 1;
142 return (0); 142 return (0);
143} 143}
144 144
@@ -148,11 +148,11 @@ dgst_opt_sigopt(char *arg)
148 if (arg == NULL) 148 if (arg == NULL)
149 return (1); 149 return (1);
150 150
151 if (dgst_config.sigopts == NULL && 151 if (cfg.sigopts == NULL &&
152 (dgst_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) 152 (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL)
153 return (1); 153 return (1);
154 154
155 if (!sk_OPENSSL_STRING_push(dgst_config.sigopts, arg)) 155 if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
156 return (1); 156 return (1);
157 157
158 return (0); 158 return (0);
@@ -164,9 +164,9 @@ dgst_opt_verify(char *arg)
164 if (arg == NULL) 164 if (arg == NULL)
165 return (1); 165 return (1);
166 166
167 dgst_config.keyfile = arg; 167 cfg.keyfile = arg;
168 dgst_config.want_pub = 1; 168 cfg.want_pub = 1;
169 dgst_config.do_verify = 1; 169 cfg.do_verify = 1;
170 return (0); 170 return (0);
171} 171}
172 172
@@ -175,27 +175,27 @@ static const struct option dgst_options[] = {
175 .name = "binary", 175 .name = "binary",
176 .desc = "Output the digest or signature in binary form", 176 .desc = "Output the digest or signature in binary form",
177 .type = OPTION_VALUE, 177 .type = OPTION_VALUE,
178 .opt.value = &dgst_config.out_bin, 178 .opt.value = &cfg.out_bin,
179 .value = 1, 179 .value = 1,
180 }, 180 },
181 { 181 {
182 .name = "c", 182 .name = "c",
183 .desc = "Print the digest in two-digit groups separated by colons", 183 .desc = "Print the digest in two-digit groups separated by colons",
184 .type = OPTION_VALUE, 184 .type = OPTION_VALUE,
185 .opt.value = &dgst_config.separator, 185 .opt.value = &cfg.separator,
186 .value = 1, 186 .value = 1,
187 }, 187 },
188 { 188 {
189 .name = "d", 189 .name = "d",
190 .desc = "Print BIO debugging information", 190 .desc = "Print BIO debugging information",
191 .type = OPTION_FLAG, 191 .type = OPTION_FLAG,
192 .opt.flag = &dgst_config.debug, 192 .opt.flag = &cfg.debug,
193 }, 193 },
194 { 194 {
195 .name = "hex", 195 .name = "hex",
196 .desc = "Output as hex dump", 196 .desc = "Output as hex dump",
197 .type = OPTION_VALUE, 197 .type = OPTION_VALUE,
198 .opt.value = &dgst_config.out_bin, 198 .opt.value = &cfg.out_bin,
199 .value = 0, 199 .value = 0,
200 }, 200 },
201 { 201 {
@@ -203,21 +203,21 @@ static const struct option dgst_options[] = {
203 .argname = "key", 203 .argname = "key",
204 .desc = "Create hashed MAC with key", 204 .desc = "Create hashed MAC with key",
205 .type = OPTION_ARG, 205 .type = OPTION_ARG,
206 .opt.arg = &dgst_config.hmac_key, 206 .opt.arg = &cfg.hmac_key,
207 }, 207 },
208 { 208 {
209 .name = "keyform", 209 .name = "keyform",
210 .argname = "format", 210 .argname = "format",
211 .desc = "Key file format (PEM)", 211 .desc = "Key file format (PEM)",
212 .type = OPTION_ARG_FORMAT, 212 .type = OPTION_ARG_FORMAT,
213 .opt.value = &dgst_config.keyform, 213 .opt.value = &cfg.keyform,
214 }, 214 },
215 { 215 {
216 .name = "mac", 216 .name = "mac",
217 .argname = "algorithm", 217 .argname = "algorithm",
218 .desc = "Create MAC (not necessarily HMAC)", 218 .desc = "Create MAC (not necessarily HMAC)",
219 .type = OPTION_ARG, 219 .type = OPTION_ARG,
220 .opt.arg = &dgst_config.mac_name, 220 .opt.arg = &cfg.mac_name,
221 }, 221 },
222 { 222 {
223 .name = "macopt", 223 .name = "macopt",
@@ -231,14 +231,14 @@ static const struct option dgst_options[] = {
231 .argname = "file", 231 .argname = "file",
232 .desc = "Output to file rather than stdout", 232 .desc = "Output to file rather than stdout",
233 .type = OPTION_ARG, 233 .type = OPTION_ARG,
234 .opt.arg = &dgst_config.outfile, 234 .opt.arg = &cfg.outfile,
235 }, 235 },
236 { 236 {
237 .name = "passin", 237 .name = "passin",
238 .argname = "arg", 238 .argname = "arg",
239 .desc = "Input file passphrase source", 239 .desc = "Input file passphrase source",
240 .type = OPTION_ARG, 240 .type = OPTION_ARG,
241 .opt.arg = &dgst_config.passargin, 241 .opt.arg = &cfg.passargin,
242 }, 242 },
243 { 243 {
244 .name = "prverify", 244 .name = "prverify",
@@ -251,7 +251,7 @@ static const struct option dgst_options[] = {
251 .name = "r", 251 .name = "r",
252 .desc = "Output the digest in coreutils format", 252 .desc = "Output the digest in coreutils format",
253 .type = OPTION_VALUE, 253 .type = OPTION_VALUE,
254 .opt.value = &dgst_config.separator, 254 .opt.value = &cfg.separator,
255 .value = 2, 255 .value = 2,
256 }, 256 },
257 { 257 {
@@ -259,14 +259,14 @@ static const struct option dgst_options[] = {
259 .argname = "file", 259 .argname = "file",
260 .desc = "Sign digest using private key in file", 260 .desc = "Sign digest using private key in file",
261 .type = OPTION_ARG, 261 .type = OPTION_ARG,
262 .opt.arg = &dgst_config.keyfile, 262 .opt.arg = &cfg.keyfile,
263 }, 263 },
264 { 264 {
265 .name = "signature", 265 .name = "signature",
266 .argname = "file", 266 .argname = "file",
267 .desc = "Signature to verify", 267 .desc = "Signature to verify",
268 .type = OPTION_ARG, 268 .type = OPTION_ARG,
269 .opt.arg = &dgst_config.sigfile, 269 .opt.arg = &cfg.sigfile,
270 }, 270 },
271 { 271 {
272 .name = "sigopt", 272 .name = "sigopt",
@@ -348,24 +348,24 @@ dgst_main(int argc, char **argv)
348 goto end; 348 goto end;
349 } 349 }
350 350
351 memset(&dgst_config, 0, sizeof(dgst_config)); 351 memset(&cfg, 0, sizeof(cfg));
352 dgst_config.keyform = FORMAT_PEM; 352 cfg.keyform = FORMAT_PEM;
353 dgst_config.out_bin = -1; 353 cfg.out_bin = -1;
354 354
355 /* first check the program name */ 355 /* first check the program name */
356 program_name(argv[0], pname, sizeof pname); 356 program_name(argv[0], pname, sizeof pname);
357 357
358 dgst_config.md = EVP_get_digestbyname(pname); 358 cfg.md = EVP_get_digestbyname(pname);
359 359
360 if (options_parse(argc, argv, dgst_options, NULL, 360 if (options_parse(argc, argv, dgst_options, NULL,
361 &dgst_config.argsused) != 0) { 361 &cfg.argsused) != 0) {
362 dgst_usage(); 362 dgst_usage();
363 goto end; 363 goto end;
364 } 364 }
365 argc -= dgst_config.argsused; 365 argc -= cfg.argsused;
366 argv += dgst_config.argsused; 366 argv += cfg.argsused;
367 367
368 if (dgst_config.do_verify && !dgst_config.sigfile) { 368 if (cfg.do_verify && !cfg.sigfile) {
369 BIO_printf(bio_err, 369 BIO_printf(bio_err,
370 "No signature to verify: use the -signature option\n"); 370 "No signature to verify: use the -signature option\n");
371 goto end; 371 goto end;
@@ -378,50 +378,50 @@ dgst_main(int argc, char **argv)
378 goto end; 378 goto end;
379 } 379 }
380 380
381 if (dgst_config.debug) { 381 if (cfg.debug) {
382 BIO_set_callback(in, BIO_debug_callback); 382 BIO_set_callback(in, BIO_debug_callback);
383 /* needed for windows 3.1 */ 383 /* needed for windows 3.1 */
384 BIO_set_callback_arg(in, (char *) bio_err); 384 BIO_set_callback_arg(in, (char *) bio_err);
385 } 385 }
386 if (!app_passwd(bio_err, dgst_config.passargin, NULL, &passin, NULL)) { 386 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
387 BIO_printf(bio_err, "Error getting password\n"); 387 BIO_printf(bio_err, "Error getting password\n");
388 goto end; 388 goto end;
389 } 389 }
390 if (dgst_config.out_bin == -1) { 390 if (cfg.out_bin == -1) {
391 if (dgst_config.keyfile) 391 if (cfg.keyfile)
392 dgst_config.out_bin = 1; 392 cfg.out_bin = 1;
393 else 393 else
394 dgst_config.out_bin = 0; 394 cfg.out_bin = 0;
395 } 395 }
396 396
397 if (dgst_config.outfile) { 397 if (cfg.outfile) {
398 if (dgst_config.out_bin) 398 if (cfg.out_bin)
399 out = BIO_new_file(dgst_config.outfile, "wb"); 399 out = BIO_new_file(cfg.outfile, "wb");
400 else 400 else
401 out = BIO_new_file(dgst_config.outfile, "w"); 401 out = BIO_new_file(cfg.outfile, "w");
402 } else { 402 } else {
403 out = BIO_new_fp(stdout, BIO_NOCLOSE); 403 out = BIO_new_fp(stdout, BIO_NOCLOSE);
404 } 404 }
405 405
406 if (!out) { 406 if (!out) {
407 BIO_printf(bio_err, "Error opening output file %s\n", 407 BIO_printf(bio_err, "Error opening output file %s\n",
408 dgst_config.outfile ? dgst_config.outfile : "(stdout)"); 408 cfg.outfile ? cfg.outfile : "(stdout)");
409 ERR_print_errors(bio_err); 409 ERR_print_errors(bio_err);
410 goto end; 410 goto end;
411 } 411 }
412 if ((!!dgst_config.mac_name + !!dgst_config.keyfile + 412 if ((!!cfg.mac_name + !!cfg.keyfile +
413 !!dgst_config.hmac_key) > 1) { 413 !!cfg.hmac_key) > 1) {
414 BIO_printf(bio_err, 414 BIO_printf(bio_err,
415 "MAC and Signing key cannot both be specified\n"); 415 "MAC and Signing key cannot both be specified\n");
416 goto end; 416 goto end;
417 } 417 }
418 if (dgst_config.keyfile) { 418 if (cfg.keyfile) {
419 if (dgst_config.want_pub) 419 if (cfg.want_pub)
420 sigkey = load_pubkey(bio_err, dgst_config.keyfile, 420 sigkey = load_pubkey(bio_err, cfg.keyfile,
421 dgst_config.keyform, 0, NULL, "key file"); 421 cfg.keyform, 0, NULL, "key file");
422 else 422 else
423 sigkey = load_key(bio_err, dgst_config.keyfile, 423 sigkey = load_key(bio_err, cfg.keyfile,
424 dgst_config.keyform, 0, passin, "key file"); 424 cfg.keyform, 0, passin, "key file");
425 if (!sigkey) { 425 if (!sigkey) {
426 /* 426 /*
427 * load_[pub]key() has already printed an appropriate 427 * load_[pub]key() has already printed an appropriate
@@ -430,17 +430,17 @@ dgst_main(int argc, char **argv)
430 goto end; 430 goto end;
431 } 431 }
432 } 432 }
433 if (dgst_config.mac_name) { 433 if (cfg.mac_name) {
434 EVP_PKEY_CTX *mac_ctx = NULL; 434 EVP_PKEY_CTX *mac_ctx = NULL;
435 int r = 0; 435 int r = 0;
436 if (!init_gen_str(bio_err, &mac_ctx, dgst_config.mac_name, 0)) 436 if (!init_gen_str(bio_err, &mac_ctx, cfg.mac_name, 0))
437 goto mac_end; 437 goto mac_end;
438 if (dgst_config.macopts) { 438 if (cfg.macopts) {
439 char *macopt; 439 char *macopt;
440 for (i = 0; i < sk_OPENSSL_STRING_num( 440 for (i = 0; i < sk_OPENSSL_STRING_num(
441 dgst_config.macopts); i++) { 441 cfg.macopts); i++) {
442 macopt = sk_OPENSSL_STRING_value( 442 macopt = sk_OPENSSL_STRING_value(
443 dgst_config.macopts, i); 443 cfg.macopts, i);
444 if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { 444 if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
445 BIO_printf(bio_err, 445 BIO_printf(bio_err,
446 "MAC parameter error \"%s\"\n", 446 "MAC parameter error \"%s\"\n",
@@ -461,9 +461,9 @@ dgst_main(int argc, char **argv)
461 if (r == 0) 461 if (r == 0)
462 goto end; 462 goto end;
463 } 463 }
464 if (dgst_config.hmac_key) { 464 if (cfg.hmac_key) {
465 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, 465 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
466 (unsigned char *) dgst_config.hmac_key, -1); 466 (unsigned char *) cfg.hmac_key, -1);
467 if (!sigkey) 467 if (!sigkey)
468 goto end; 468 goto end;
469 } 469 }
@@ -476,23 +476,23 @@ dgst_main(int argc, char **argv)
476 ERR_print_errors(bio_err); 476 ERR_print_errors(bio_err);
477 goto end; 477 goto end;
478 } 478 }
479 if (dgst_config.do_verify) 479 if (cfg.do_verify)
480 r = EVP_DigestVerifyInit(mctx, &pctx, dgst_config.md, 480 r = EVP_DigestVerifyInit(mctx, &pctx, cfg.md,
481 NULL, sigkey); 481 NULL, sigkey);
482 else 482 else
483 r = EVP_DigestSignInit(mctx, &pctx, dgst_config.md, 483 r = EVP_DigestSignInit(mctx, &pctx, cfg.md,
484 NULL, sigkey); 484 NULL, sigkey);
485 if (!r) { 485 if (!r) {
486 BIO_printf(bio_err, "Error setting context\n"); 486 BIO_printf(bio_err, "Error setting context\n");
487 ERR_print_errors(bio_err); 487 ERR_print_errors(bio_err);
488 goto end; 488 goto end;
489 } 489 }
490 if (dgst_config.sigopts) { 490 if (cfg.sigopts) {
491 char *sigopt; 491 char *sigopt;
492 for (i = 0; i < sk_OPENSSL_STRING_num( 492 for (i = 0; i < sk_OPENSSL_STRING_num(
493 dgst_config.sigopts); i++) { 493 cfg.sigopts); i++) {
494 sigopt = sk_OPENSSL_STRING_value( 494 sigopt = sk_OPENSSL_STRING_value(
495 dgst_config.sigopts, i); 495 cfg.sigopts, i);
496 if (pkey_ctrl_string(pctx, sigopt) <= 0) { 496 if (pkey_ctrl_string(pctx, sigopt) <= 0) {
497 BIO_printf(bio_err, 497 BIO_printf(bio_err,
498 "parameter error \"%s\"\n", 498 "parameter error \"%s\"\n",
@@ -505,16 +505,16 @@ dgst_main(int argc, char **argv)
505 } 505 }
506 /* we use md as a filter, reading from 'in' */ 506 /* we use md as a filter, reading from 'in' */
507 else { 507 else {
508 if (dgst_config.md == NULL) 508 if (cfg.md == NULL)
509 dgst_config.md = EVP_sha256(); 509 cfg.md = EVP_sha256();
510 if (!BIO_set_md(bmd, dgst_config.md)) { 510 if (!BIO_set_md(bmd, cfg.md)) {
511 BIO_printf(bio_err, "Error setting digest %s\n", pname); 511 BIO_printf(bio_err, "Error setting digest %s\n", pname);
512 ERR_print_errors(bio_err); 512 ERR_print_errors(bio_err);
513 goto end; 513 goto end;
514 } 514 }
515 } 515 }
516 516
517 if (dgst_config.sigfile && sigkey) { 517 if (cfg.sigfile && sigkey) {
518 BIO *sigbio; 518 BIO *sigbio;
519 siglen = EVP_PKEY_size(sigkey); 519 siglen = EVP_PKEY_size(sigkey);
520 sigbuf = malloc(siglen); 520 sigbuf = malloc(siglen);
@@ -523,10 +523,10 @@ dgst_main(int argc, char **argv)
523 ERR_print_errors(bio_err); 523 ERR_print_errors(bio_err);
524 goto end; 524 goto end;
525 } 525 }
526 sigbio = BIO_new_file(dgst_config.sigfile, "rb"); 526 sigbio = BIO_new_file(cfg.sigfile, "rb");
527 if (!sigbio) { 527 if (!sigbio) {
528 BIO_printf(bio_err, "Error opening signature file %s\n", 528 BIO_printf(bio_err, "Error opening signature file %s\n",
529 dgst_config.sigfile); 529 cfg.sigfile);
530 ERR_print_errors(bio_err); 530 ERR_print_errors(bio_err);
531 goto end; 531 goto end;
532 } 532 }
@@ -534,26 +534,26 @@ dgst_main(int argc, char **argv)
534 BIO_free(sigbio); 534 BIO_free(sigbio);
535 if (siglen <= 0) { 535 if (siglen <= 0) {
536 BIO_printf(bio_err, "Error reading signature file %s\n", 536 BIO_printf(bio_err, "Error reading signature file %s\n",
537 dgst_config.sigfile); 537 cfg.sigfile);
538 ERR_print_errors(bio_err); 538 ERR_print_errors(bio_err);
539 goto end; 539 goto end;
540 } 540 }
541 } 541 }
542 inp = BIO_push(bmd, in); 542 inp = BIO_push(bmd, in);
543 543
544 if (dgst_config.md == NULL) { 544 if (cfg.md == NULL) {
545 EVP_MD_CTX *tctx; 545 EVP_MD_CTX *tctx;
546 BIO_get_md_ctx(bmd, &tctx); 546 BIO_get_md_ctx(bmd, &tctx);
547 dgst_config.md = EVP_MD_CTX_md(tctx); 547 cfg.md = EVP_MD_CTX_md(tctx);
548 } 548 }
549 if (argc == 0) { 549 if (argc == 0) {
550 BIO_set_fp(in, stdin, BIO_NOCLOSE); 550 BIO_set_fp(in, stdin, BIO_NOCLOSE);
551 err = do_fp(out, buf, inp, dgst_config.separator, 551 err = do_fp(out, buf, inp, cfg.separator,
552 dgst_config.out_bin, sigkey, sigbuf, siglen, NULL, NULL, 552 cfg.out_bin, sigkey, sigbuf, siglen, NULL, NULL,
553 "stdin", bmd); 553 "stdin", bmd);
554 } else { 554 } else {
555 const char *md_name = NULL, *sig_name = NULL; 555 const char *md_name = NULL, *sig_name = NULL;
556 if (!dgst_config.out_bin) { 556 if (!cfg.out_bin) {
557 if (sigkey) { 557 if (sigkey) {
558 const EVP_PKEY_ASN1_METHOD *ameth; 558 const EVP_PKEY_ASN1_METHOD *ameth;
559 ameth = EVP_PKEY_get0_asn1(sigkey); 559 ameth = EVP_PKEY_get0_asn1(sigkey);
@@ -561,7 +561,7 @@ dgst_main(int argc, char **argv)
561 EVP_PKEY_asn1_get0_info(NULL, NULL, 561 EVP_PKEY_asn1_get0_info(NULL, NULL,
562 NULL, NULL, &sig_name, ameth); 562 NULL, NULL, &sig_name, ameth);
563 } 563 }
564 md_name = EVP_MD_name(dgst_config.md); 564 md_name = EVP_MD_name(cfg.md);
565 } 565 }
566 err = 0; 566 err = 0;
567 for (i = 0; i < argc; i++) { 567 for (i = 0; i < argc; i++) {
@@ -571,8 +571,8 @@ dgst_main(int argc, char **argv)
571 err++; 571 err++;
572 continue; 572 continue;
573 } else { 573 } else {
574 r = do_fp(out, buf, inp, dgst_config.separator, 574 r = do_fp(out, buf, inp, cfg.separator,
575 dgst_config.out_bin, sigkey, sigbuf, siglen, 575 cfg.out_bin, sigkey, sigbuf, siglen,
576 sig_name, md_name, argv[i], bmd); 576 sig_name, md_name, argv[i], bmd);
577 } 577 }
578 if (r) 578 if (r)
@@ -587,8 +587,8 @@ dgst_main(int argc, char **argv)
587 free(passin); 587 free(passin);
588 BIO_free_all(out); 588 BIO_free_all(out);
589 EVP_PKEY_free(sigkey); 589 EVP_PKEY_free(sigkey);
590 sk_OPENSSL_STRING_free(dgst_config.sigopts); 590 sk_OPENSSL_STRING_free(cfg.sigopts);
591 sk_OPENSSL_STRING_free(dgst_config.macopts); 591 sk_OPENSSL_STRING_free(cfg.macopts);
592 free(sigbuf); 592 free(sigbuf);
593 BIO_free(bmd); 593 BIO_free(bmd);
594 594
diff --git a/src/usr.bin/openssl/dh.c b/src/usr.bin/openssl/dh.c
index 200233c0f2..a4c02235f2 100644
--- a/src/usr.bin/openssl/dh.c
+++ b/src/usr.bin/openssl/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: dh.c,v 1.15 2023/03/06 14:32:05 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -83,60 +83,60 @@ static struct {
83 char *outfile; 83 char *outfile;
84 int outformat; 84 int outformat;
85 int text; 85 int text;
86} dh_config; 86} cfg;
87 87
88static const struct option dh_options[] = { 88static const struct option dh_options[] = {
89 { 89 {
90 .name = "C", 90 .name = "C",
91 .desc = "Convert DH parameters into C code", 91 .desc = "Convert DH parameters into C code",
92 .type = OPTION_FLAG, 92 .type = OPTION_FLAG,
93 .opt.flag = &dh_config.C, 93 .opt.flag = &cfg.C,
94 }, 94 },
95 { 95 {
96 .name = "check", 96 .name = "check",
97 .desc = "Check the DH parameters", 97 .desc = "Check the DH parameters",
98 .type = OPTION_FLAG, 98 .type = OPTION_FLAG,
99 .opt.flag = &dh_config.check, 99 .opt.flag = &cfg.check,
100 }, 100 },
101 { 101 {
102 .name = "in", 102 .name = "in",
103 .argname = "file", 103 .argname = "file",
104 .desc = "Input file (default stdin)", 104 .desc = "Input file (default stdin)",
105 .type = OPTION_ARG, 105 .type = OPTION_ARG,
106 .opt.arg = &dh_config.infile, 106 .opt.arg = &cfg.infile,
107 }, 107 },
108 { 108 {
109 .name = "inform", 109 .name = "inform",
110 .argname = "format", 110 .argname = "format",
111 .desc = "Input format (DER or PEM (default))", 111 .desc = "Input format (DER or PEM (default))",
112 .type = OPTION_ARG_FORMAT, 112 .type = OPTION_ARG_FORMAT,
113 .opt.value = &dh_config.informat, 113 .opt.value = &cfg.informat,
114 }, 114 },
115 { 115 {
116 .name = "noout", 116 .name = "noout",
117 .desc = "No output", 117 .desc = "No output",
118 .type = OPTION_FLAG, 118 .type = OPTION_FLAG,
119 .opt.flag = &dh_config.noout, 119 .opt.flag = &cfg.noout,
120 }, 120 },
121 { 121 {
122 .name = "out", 122 .name = "out",
123 .argname = "file", 123 .argname = "file",
124 .desc = "Output file (default stdout)", 124 .desc = "Output file (default stdout)",
125 .type = OPTION_ARG, 125 .type = OPTION_ARG,
126 .opt.arg = &dh_config.outfile, 126 .opt.arg = &cfg.outfile,
127 }, 127 },
128 { 128 {
129 .name = "outform", 129 .name = "outform",
130 .argname = "format", 130 .argname = "format",
131 .desc = "Output format (DER or PEM (default))", 131 .desc = "Output format (DER or PEM (default))",
132 .type = OPTION_ARG_FORMAT, 132 .type = OPTION_ARG_FORMAT,
133 .opt.value = &dh_config.outformat, 133 .opt.value = &cfg.outformat,
134 }, 134 },
135 { 135 {
136 .name = "text", 136 .name = "text",
137 .desc = "Print a text form of the DH parameters", 137 .desc = "Print a text form of the DH parameters",
138 .type = OPTION_FLAG, 138 .type = OPTION_FLAG,
139 .opt.flag = &dh_config.text, 139 .opt.flag = &cfg.text,
140 }, 140 },
141 { NULL }, 141 { NULL },
142}; 142};
@@ -163,10 +163,10 @@ dh_main(int argc, char **argv)
163 exit(1); 163 exit(1);
164 } 164 }
165 165
166 memset(&dh_config, 0, sizeof(dh_config)); 166 memset(&cfg, 0, sizeof(cfg));
167 167
168 dh_config.informat = FORMAT_PEM; 168 cfg.informat = FORMAT_PEM;
169 dh_config.outformat = FORMAT_PEM; 169 cfg.outformat = FORMAT_PEM;
170 170
171 if (options_parse(argc, argv, dh_options, NULL, NULL) != 0) { 171 if (options_parse(argc, argv, dh_options, NULL, NULL) != 0) {
172 dh_usage(); 172 dh_usage();
@@ -179,26 +179,26 @@ dh_main(int argc, char **argv)
179 ERR_print_errors(bio_err); 179 ERR_print_errors(bio_err);
180 goto end; 180 goto end;
181 } 181 }
182 if (dh_config.infile == NULL) 182 if (cfg.infile == NULL)
183 BIO_set_fp(in, stdin, BIO_NOCLOSE); 183 BIO_set_fp(in, stdin, BIO_NOCLOSE);
184 else { 184 else {
185 if (BIO_read_filename(in, dh_config.infile) <= 0) { 185 if (BIO_read_filename(in, cfg.infile) <= 0) {
186 perror(dh_config.infile); 186 perror(cfg.infile);
187 goto end; 187 goto end;
188 } 188 }
189 } 189 }
190 if (dh_config.outfile == NULL) { 190 if (cfg.outfile == NULL) {
191 BIO_set_fp(out, stdout, BIO_NOCLOSE); 191 BIO_set_fp(out, stdout, BIO_NOCLOSE);
192 } else { 192 } else {
193 if (BIO_write_filename(out, dh_config.outfile) <= 0) { 193 if (BIO_write_filename(out, cfg.outfile) <= 0) {
194 perror(dh_config.outfile); 194 perror(cfg.outfile);
195 goto end; 195 goto end;
196 } 196 }
197 } 197 }
198 198
199 if (dh_config.informat == FORMAT_ASN1) 199 if (cfg.informat == FORMAT_ASN1)
200 dh = d2i_DHparams_bio(in, NULL); 200 dh = d2i_DHparams_bio(in, NULL);
201 else if (dh_config.informat == FORMAT_PEM) 201 else if (cfg.informat == FORMAT_PEM)
202 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); 202 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
203 else { 203 else {
204 BIO_printf(bio_err, "bad input format specified\n"); 204 BIO_printf(bio_err, "bad input format specified\n");
@@ -209,10 +209,10 @@ dh_main(int argc, char **argv)
209 ERR_print_errors(bio_err); 209 ERR_print_errors(bio_err);
210 goto end; 210 goto end;
211 } 211 }
212 if (dh_config.text) { 212 if (cfg.text) {
213 DHparams_print(out, dh); 213 DHparams_print(out, dh);
214 } 214 }
215 if (dh_config.check) { 215 if (cfg.check) {
216 if (!DH_check(dh, &i)) { 216 if (!DH_check(dh, &i)) {
217 ERR_print_errors(bio_err); 217 ERR_print_errors(bio_err);
218 goto end; 218 goto end;
@@ -228,7 +228,7 @@ dh_main(int argc, char **argv)
228 if (i == 0) 228 if (i == 0)
229 printf("DH parameters appear to be ok.\n"); 229 printf("DH parameters appear to be ok.\n");
230 } 230 }
231 if (dh_config.C) { 231 if (cfg.C) {
232 unsigned char *data; 232 unsigned char *data;
233 int len, l, bits; 233 int len, l, bits;
234 234
@@ -271,10 +271,10 @@ dh_main(int argc, char **argv)
271 printf("\treturn(dh);\n\t}\n"); 271 printf("\treturn(dh);\n\t}\n");
272 free(data); 272 free(data);
273 } 273 }
274 if (!dh_config.noout) { 274 if (!cfg.noout) {
275 if (dh_config.outformat == FORMAT_ASN1) 275 if (cfg.outformat == FORMAT_ASN1)
276 i = i2d_DHparams_bio(out, dh); 276 i = i2d_DHparams_bio(out, dh);
277 else if (dh_config.outformat == FORMAT_PEM) 277 else if (cfg.outformat == FORMAT_PEM)
278 i = PEM_write_bio_DHparams(out, dh); 278 i = PEM_write_bio_DHparams(out, dh);
279 else { 279 else {
280 BIO_printf(bio_err, "bad output format specified for outfile\n"); 280 BIO_printf(bio_err, "bad output format specified for outfile\n");
diff --git a/src/usr.bin/openssl/dhparam.c b/src/usr.bin/openssl/dhparam.c
index 8a487cb918..0542464d7b 100644
--- a/src/usr.bin/openssl/dhparam.c
+++ b/src/usr.bin/openssl/dhparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dhparam.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: dhparam.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -142,7 +142,7 @@ static struct {
142 char *outfile; 142 char *outfile;
143 int outformat; 143 int outformat;
144 int text; 144 int text;
145} dhparam_config; 145} cfg;
146 146
147static const struct option dhparam_options[] = { 147static const struct option dhparam_options[] = {
148 { 148 {
@@ -150,73 +150,73 @@ static const struct option dhparam_options[] = {
150 .desc = "Generate DH parameters with a generator value of 2 " 150 .desc = "Generate DH parameters with a generator value of 2 "
151 "(default)", 151 "(default)",
152 .type = OPTION_VALUE, 152 .type = OPTION_VALUE,
153 .opt.value = &dhparam_config.g, 153 .opt.value = &cfg.g,
154 .value = 2, 154 .value = 2,
155 }, 155 },
156 { 156 {
157 .name = "5", 157 .name = "5",
158 .desc = "Generate DH parameters with a generator value of 5", 158 .desc = "Generate DH parameters with a generator value of 5",
159 .type = OPTION_VALUE, 159 .type = OPTION_VALUE,
160 .opt.value = &dhparam_config.g, 160 .opt.value = &cfg.g,
161 .value = 5, 161 .value = 5,
162 }, 162 },
163 { 163 {
164 .name = "C", 164 .name = "C",
165 .desc = "Convert DH parameters into C code", 165 .desc = "Convert DH parameters into C code",
166 .type = OPTION_FLAG, 166 .type = OPTION_FLAG,
167 .opt.flag = &dhparam_config.C, 167 .opt.flag = &cfg.C,
168 }, 168 },
169 { 169 {
170 .name = "check", 170 .name = "check",
171 .desc = "Check the DH parameters", 171 .desc = "Check the DH parameters",
172 .type = OPTION_FLAG, 172 .type = OPTION_FLAG,
173 .opt.flag = &dhparam_config.check, 173 .opt.flag = &cfg.check,
174 }, 174 },
175 { 175 {
176 .name = "dsaparam", 176 .name = "dsaparam",
177 .desc = "Read or generate DSA parameters and convert to DH", 177 .desc = "Read or generate DSA parameters and convert to DH",
178 .type = OPTION_FLAG, 178 .type = OPTION_FLAG,
179 .opt.flag = &dhparam_config.dsaparam, 179 .opt.flag = &cfg.dsaparam,
180 }, 180 },
181 { 181 {
182 .name = "in", 182 .name = "in",
183 .argname = "file", 183 .argname = "file",
184 .desc = "Input file (default stdin)", 184 .desc = "Input file (default stdin)",
185 .type = OPTION_ARG, 185 .type = OPTION_ARG,
186 .opt.arg = &dhparam_config.infile, 186 .opt.arg = &cfg.infile,
187 }, 187 },
188 { 188 {
189 .name = "inform", 189 .name = "inform",
190 .argname = "format", 190 .argname = "format",
191 .desc = "Input format (DER or PEM (default))", 191 .desc = "Input format (DER or PEM (default))",
192 .type = OPTION_ARG_FORMAT, 192 .type = OPTION_ARG_FORMAT,
193 .opt.value = &dhparam_config.informat, 193 .opt.value = &cfg.informat,
194 }, 194 },
195 { 195 {
196 .name = "noout", 196 .name = "noout",
197 .desc = "Do not output encoded version of DH parameters", 197 .desc = "Do not output encoded version of DH parameters",
198 .type = OPTION_FLAG, 198 .type = OPTION_FLAG,
199 .opt.flag = &dhparam_config.noout, 199 .opt.flag = &cfg.noout,
200 }, 200 },
201 { 201 {
202 .name = "out", 202 .name = "out",
203 .argname = "file", 203 .argname = "file",
204 .desc = "Output file (default stdout)", 204 .desc = "Output file (default stdout)",
205 .type = OPTION_ARG, 205 .type = OPTION_ARG,
206 .opt.arg = &dhparam_config.outfile, 206 .opt.arg = &cfg.outfile,
207 }, 207 },
208 { 208 {
209 .name = "outform", 209 .name = "outform",
210 .argname = "format", 210 .argname = "format",
211 .desc = "Output format (DER or PEM (default))", 211 .desc = "Output format (DER or PEM (default))",
212 .type = OPTION_ARG_FORMAT, 212 .type = OPTION_ARG_FORMAT,
213 .opt.value = &dhparam_config.outformat, 213 .opt.value = &cfg.outformat,
214 }, 214 },
215 { 215 {
216 .name = "text", 216 .name = "text",
217 .desc = "Print DH parameters in plain text", 217 .desc = "Print DH parameters in plain text",
218 .type = OPTION_FLAG, 218 .type = OPTION_FLAG,
219 .opt.flag = &dhparam_config.text, 219 .opt.flag = &cfg.text,
220 }, 220 },
221 { NULL }, 221 { NULL },
222}; 222};
@@ -249,10 +249,10 @@ dhparam_main(int argc, char **argv)
249 exit(1); 249 exit(1);
250 } 250 }
251 251
252 memset(&dhparam_config, 0, sizeof(dhparam_config)); 252 memset(&cfg, 0, sizeof(cfg));
253 253
254 dhparam_config.informat = FORMAT_PEM; 254 cfg.informat = FORMAT_PEM;
255 dhparam_config.outformat = FORMAT_PEM; 255 cfg.outformat = FORMAT_PEM;
256 256
257 if (options_parse(argc, argv, dhparam_options, &num_bits, NULL) != 0) { 257 if (options_parse(argc, argv, dhparam_options, &num_bits, NULL) != 0) {
258 dhparam_usage(); 258 dhparam_usage();
@@ -267,18 +267,18 @@ dhparam_main(int argc, char **argv)
267 } 267 }
268 } 268 }
269 269
270 if (dhparam_config.g && !num) 270 if (cfg.g && !num)
271 num = DEFBITS; 271 num = DEFBITS;
272 272
273 if (dhparam_config.dsaparam) { 273 if (cfg.dsaparam) {
274 if (dhparam_config.g) { 274 if (cfg.g) {
275 BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); 275 BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
276 goto end; 276 goto end;
277 } 277 }
278 } else { 278 } else {
279 /* DH parameters */ 279 /* DH parameters */
280 if (num && !dhparam_config.g) 280 if (num && !cfg.g)
281 dhparam_config.g = 2; 281 cfg.g = 2;
282 } 282 }
283 283
284 if (num) { 284 if (num) {
@@ -289,7 +289,7 @@ dhparam_main(int argc, char **argv)
289 } 289 }
290 290
291 BN_GENCB_set(cb, dh_cb, bio_err); 291 BN_GENCB_set(cb, dh_cb, bio_err);
292 if (dhparam_config.dsaparam) { 292 if (cfg.dsaparam) {
293 DSA *dsa = DSA_new(); 293 DSA *dsa = DSA_new();
294 294
295 BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); 295 BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num);
@@ -307,9 +307,9 @@ dhparam_main(int argc, char **argv)
307 } 307 }
308 } else { 308 } else {
309 dh = DH_new(); 309 dh = DH_new();
310 BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, dhparam_config.g); 310 BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, cfg.g);
311 BIO_printf(bio_err, "This is going to take a long time\n"); 311 BIO_printf(bio_err, "This is going to take a long time\n");
312 if (!dh || !DH_generate_parameters_ex(dh, num, dhparam_config.g, cb)) { 312 if (!dh || !DH_generate_parameters_ex(dh, num, cfg.g, cb)) {
313 ERR_print_errors(bio_err); 313 ERR_print_errors(bio_err);
314 goto end; 314 goto end;
315 } 315 }
@@ -321,24 +321,24 @@ dhparam_main(int argc, char **argv)
321 ERR_print_errors(bio_err); 321 ERR_print_errors(bio_err);
322 goto end; 322 goto end;
323 } 323 }
324 if (dhparam_config.infile == NULL) 324 if (cfg.infile == NULL)
325 BIO_set_fp(in, stdin, BIO_NOCLOSE); 325 BIO_set_fp(in, stdin, BIO_NOCLOSE);
326 else { 326 else {
327 if (BIO_read_filename(in, dhparam_config.infile) <= 0) { 327 if (BIO_read_filename(in, cfg.infile) <= 0) {
328 perror(dhparam_config.infile); 328 perror(cfg.infile);
329 goto end; 329 goto end;
330 } 330 }
331 } 331 }
332 332
333 if (dhparam_config.informat != FORMAT_ASN1 && 333 if (cfg.informat != FORMAT_ASN1 &&
334 dhparam_config.informat != FORMAT_PEM) { 334 cfg.informat != FORMAT_PEM) {
335 BIO_printf(bio_err, "bad input format specified\n"); 335 BIO_printf(bio_err, "bad input format specified\n");
336 goto end; 336 goto end;
337 } 337 }
338 if (dhparam_config.dsaparam) { 338 if (cfg.dsaparam) {
339 DSA *dsa; 339 DSA *dsa;
340 340
341 if (dhparam_config.informat == FORMAT_ASN1) 341 if (cfg.informat == FORMAT_ASN1)
342 dsa = d2i_DSAparams_bio(in, NULL); 342 dsa = d2i_DSAparams_bio(in, NULL);
343 else /* informat == FORMAT_PEM */ 343 else /* informat == FORMAT_PEM */
344 dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); 344 dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
@@ -356,7 +356,7 @@ dhparam_main(int argc, char **argv)
356 } 356 }
357 } else 357 } else
358 { 358 {
359 if (dhparam_config.informat == FORMAT_ASN1) 359 if (cfg.informat == FORMAT_ASN1)
360 dh = d2i_DHparams_bio(in, NULL); 360 dh = d2i_DHparams_bio(in, NULL);
361 else /* informat == FORMAT_PEM */ 361 else /* informat == FORMAT_PEM */
362 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); 362 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
@@ -376,20 +376,20 @@ dhparam_main(int argc, char **argv)
376 ERR_print_errors(bio_err); 376 ERR_print_errors(bio_err);
377 goto end; 377 goto end;
378 } 378 }
379 if (dhparam_config.outfile == NULL) { 379 if (cfg.outfile == NULL) {
380 BIO_set_fp(out, stdout, BIO_NOCLOSE); 380 BIO_set_fp(out, stdout, BIO_NOCLOSE);
381 } else { 381 } else {
382 if (BIO_write_filename(out, dhparam_config.outfile) <= 0) { 382 if (BIO_write_filename(out, cfg.outfile) <= 0) {
383 perror(dhparam_config.outfile); 383 perror(cfg.outfile);
384 goto end; 384 goto end;
385 } 385 }
386 } 386 }
387 387
388 388
389 if (dhparam_config.text) { 389 if (cfg.text) {
390 DHparams_print(out, dh); 390 DHparams_print(out, dh);
391 } 391 }
392 if (dhparam_config.check) { 392 if (cfg.check) {
393 if (!DH_check(dh, &i)) { 393 if (!DH_check(dh, &i)) {
394 ERR_print_errors(bio_err); 394 ERR_print_errors(bio_err);
395 goto end; 395 goto end;
@@ -405,7 +405,7 @@ dhparam_main(int argc, char **argv)
405 if (i == 0) 405 if (i == 0)
406 printf("DH parameters appear to be ok.\n"); 406 printf("DH parameters appear to be ok.\n");
407 } 407 }
408 if (dhparam_config.C) { 408 if (cfg.C) {
409 unsigned char *data; 409 unsigned char *data;
410 int len, l, bits; 410 int len, l, bits;
411 411
@@ -454,10 +454,10 @@ dhparam_main(int argc, char **argv)
454 printf("\treturn(dh);\n\t}\n"); 454 printf("\treturn(dh);\n\t}\n");
455 free(data); 455 free(data);
456 } 456 }
457 if (!dhparam_config.noout) { 457 if (!cfg.noout) {
458 if (dhparam_config.outformat == FORMAT_ASN1) 458 if (cfg.outformat == FORMAT_ASN1)
459 i = i2d_DHparams_bio(out, dh); 459 i = i2d_DHparams_bio(out, dh);
460 else if (dhparam_config.outformat == FORMAT_PEM) 460 else if (cfg.outformat == FORMAT_PEM)
461 i = PEM_write_bio_DHparams(out, dh); 461 i = PEM_write_bio_DHparams(out, dh);
462 else { 462 else {
463 BIO_printf(bio_err, "bad output format specified for outfile\n"); 463 BIO_printf(bio_err, "bad output format specified for outfile\n");
diff --git a/src/usr.bin/openssl/dsa.c b/src/usr.bin/openssl/dsa.c
index 0a3772dff7..f1de78cf4d 100644
--- a/src/usr.bin/openssl/dsa.c
+++ b/src/usr.bin/openssl/dsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa.c,v 1.17 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: dsa.c,v 1.18 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -87,7 +87,7 @@ static struct {
87 int pubout; 87 int pubout;
88 int pvk_encr; 88 int pvk_encr;
89 int text; 89 int text;
90} dsa_config; 90} cfg;
91 91
92static int 92static int
93dsa_opt_enc(int argc, char **argv, int *argsused) 93dsa_opt_enc(int argc, char **argv, int *argsused)
@@ -97,7 +97,7 @@ dsa_opt_enc(int argc, char **argv, int *argsused)
97 if (*name++ != '-') 97 if (*name++ != '-')
98 return (1); 98 return (1);
99 99
100 if ((dsa_config.enc = EVP_get_cipherbyname(name)) != NULL) { 100 if ((cfg.enc = EVP_get_cipherbyname(name)) != NULL) {
101 *argsused = 1; 101 *argsused = 1;
102 return (0); 102 return (0);
103 } 103 }
@@ -111,7 +111,7 @@ static const struct option dsa_options[] = {
111 .argname = "file", 111 .argname = "file",
112 .desc = "Input file (default stdin)", 112 .desc = "Input file (default stdin)",
113 .type = OPTION_ARG, 113 .type = OPTION_ARG,
114 .opt.arg = &dsa_config.infile, 114 .opt.arg = &cfg.infile,
115 }, 115 },
116 { 116 {
117 .name = "inform", 117 .name = "inform",
@@ -119,87 +119,87 @@ static const struct option dsa_options[] = {
119 .desc = "Input format (PEM (default) or any other supported" 119 .desc = "Input format (PEM (default) or any other supported"
120 " format)", 120 " format)",
121 .type = OPTION_ARG_FORMAT, 121 .type = OPTION_ARG_FORMAT,
122 .opt.value = &dsa_config.informat, 122 .opt.value = &cfg.informat,
123 }, 123 },
124 { 124 {
125 .name = "modulus", 125 .name = "modulus",
126 .desc = "Print the DSA public value", 126 .desc = "Print the DSA public value",
127 .type = OPTION_FLAG, 127 .type = OPTION_FLAG,
128 .opt.flag = &dsa_config.modulus, 128 .opt.flag = &cfg.modulus,
129 }, 129 },
130 { 130 {
131 .name = "noout", 131 .name = "noout",
132 .desc = "No output", 132 .desc = "No output",
133 .type = OPTION_FLAG, 133 .type = OPTION_FLAG,
134 .opt.flag = &dsa_config.noout, 134 .opt.flag = &cfg.noout,
135 }, 135 },
136 { 136 {
137 .name = "out", 137 .name = "out",
138 .argname = "file", 138 .argname = "file",
139 .desc = "Output file (default stdout)", 139 .desc = "Output file (default stdout)",
140 .type = OPTION_ARG, 140 .type = OPTION_ARG,
141 .opt.arg = &dsa_config.outfile, 141 .opt.arg = &cfg.outfile,
142 }, 142 },
143 { 143 {
144 .name = "outform", 144 .name = "outform",
145 .argname = "format", 145 .argname = "format",
146 .desc = "Output format (DER, MSBLOB, PEM (default) or PVK)", 146 .desc = "Output format (DER, MSBLOB, PEM (default) or PVK)",
147 .type = OPTION_ARG_FORMAT, 147 .type = OPTION_ARG_FORMAT,
148 .opt.value = &dsa_config.outformat, 148 .opt.value = &cfg.outformat,
149 }, 149 },
150 { 150 {
151 .name = "passin", 151 .name = "passin",
152 .argname = "source", 152 .argname = "source",
153 .desc = "Input file passphrase source", 153 .desc = "Input file passphrase source",
154 .type = OPTION_ARG, 154 .type = OPTION_ARG,
155 .opt.arg = &dsa_config.passargin, 155 .opt.arg = &cfg.passargin,
156 }, 156 },
157 { 157 {
158 .name = "passout", 158 .name = "passout",
159 .argname = "source", 159 .argname = "source",
160 .desc = "Output file passphrase source", 160 .desc = "Output file passphrase source",
161 .type = OPTION_ARG, 161 .type = OPTION_ARG,
162 .opt.arg = &dsa_config.passargout, 162 .opt.arg = &cfg.passargout,
163 }, 163 },
164 { 164 {
165 .name = "pubin", 165 .name = "pubin",
166 .desc = "Read a public key from the input file instead of" 166 .desc = "Read a public key from the input file instead of"
167 " private key", 167 " private key",
168 .type = OPTION_FLAG, 168 .type = OPTION_FLAG,
169 .opt.flag = &dsa_config.pubin, 169 .opt.flag = &cfg.pubin,
170 }, 170 },
171 { 171 {
172 .name = "pubout", 172 .name = "pubout",
173 .desc = "Output a public key instead of private key", 173 .desc = "Output a public key instead of private key",
174 .type = OPTION_FLAG, 174 .type = OPTION_FLAG,
175 .opt.flag = &dsa_config.pubout, 175 .opt.flag = &cfg.pubout,
176 }, 176 },
177 { 177 {
178 .name = "pvk-none", 178 .name = "pvk-none",
179 .desc = "PVK encryption level", 179 .desc = "PVK encryption level",
180 .type = OPTION_VALUE, 180 .type = OPTION_VALUE,
181 .value = 0, 181 .value = 0,
182 .opt.value = &dsa_config.pvk_encr, 182 .opt.value = &cfg.pvk_encr,
183 }, 183 },
184 { 184 {
185 .name = "pvk-strong", 185 .name = "pvk-strong",
186 .desc = "PVK encryption level (default)", 186 .desc = "PVK encryption level (default)",
187 .type = OPTION_VALUE, 187 .type = OPTION_VALUE,
188 .value = 2, 188 .value = 2,
189 .opt.value = &dsa_config.pvk_encr, 189 .opt.value = &cfg.pvk_encr,
190 }, 190 },
191 { 191 {
192 .name = "pvk-weak", 192 .name = "pvk-weak",
193 .desc = "PVK encryption level", 193 .desc = "PVK encryption level",
194 .type = OPTION_VALUE, 194 .type = OPTION_VALUE,
195 .value = 1, 195 .value = 1,
196 .opt.value = &dsa_config.pvk_encr, 196 .opt.value = &cfg.pvk_encr,
197 }, 197 },
198 { 198 {
199 .name = "text", 199 .name = "text",
200 .desc = "Print the key in text form", 200 .desc = "Print the key in text form",
201 .type = OPTION_FLAG, 201 .type = OPTION_FLAG,
202 .opt.flag = &dsa_config.text, 202 .opt.flag = &cfg.text,
203 }, 203 },
204 { 204 {
205 .name = NULL, 205 .name = NULL,
@@ -241,18 +241,18 @@ dsa_main(int argc, char **argv)
241 exit(1); 241 exit(1);
242 } 242 }
243 243
244 memset(&dsa_config, 0, sizeof(dsa_config)); 244 memset(&cfg, 0, sizeof(cfg));
245 245
246 dsa_config.pvk_encr = 2; 246 cfg.pvk_encr = 2;
247 dsa_config.informat = FORMAT_PEM; 247 cfg.informat = FORMAT_PEM;
248 dsa_config.outformat = FORMAT_PEM; 248 cfg.outformat = FORMAT_PEM;
249 249
250 if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) { 250 if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) {
251 dsa_usage(); 251 dsa_usage();
252 goto end; 252 goto end;
253 } 253 }
254 254
255 if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout, 255 if (!app_passwd(bio_err, cfg.passargin, cfg.passargout,
256 &passin, &passout)) { 256 &passin, &passout)) {
257 BIO_printf(bio_err, "Error getting passwords\n"); 257 BIO_printf(bio_err, "Error getting passwords\n");
258 goto end; 258 goto end;
@@ -264,11 +264,11 @@ dsa_main(int argc, char **argv)
264 ERR_print_errors(bio_err); 264 ERR_print_errors(bio_err);
265 goto end; 265 goto end;
266 } 266 }
267 if (dsa_config.infile == NULL) 267 if (cfg.infile == NULL)
268 BIO_set_fp(in, stdin, BIO_NOCLOSE); 268 BIO_set_fp(in, stdin, BIO_NOCLOSE);
269 else { 269 else {
270 if (BIO_read_filename(in, dsa_config.infile) <= 0) { 270 if (BIO_read_filename(in, cfg.infile) <= 0) {
271 perror(dsa_config.infile); 271 perror(cfg.infile);
272 goto end; 272 goto end;
273 } 273 }
274 } 274 }
@@ -278,12 +278,12 @@ dsa_main(int argc, char **argv)
278 { 278 {
279 EVP_PKEY *pkey; 279 EVP_PKEY *pkey;
280 280
281 if (dsa_config.pubin) 281 if (cfg.pubin)
282 pkey = load_pubkey(bio_err, dsa_config.infile, 282 pkey = load_pubkey(bio_err, cfg.infile,
283 dsa_config.informat, 1, passin, "Public Key"); 283 cfg.informat, 1, passin, "Public Key");
284 else 284 else
285 pkey = load_key(bio_err, dsa_config.infile, 285 pkey = load_key(bio_err, cfg.infile,
286 dsa_config.informat, 1, passin, "Private Key"); 286 cfg.informat, 1, passin, "Private Key");
287 287
288 if (pkey) { 288 if (pkey) {
289 dsa = EVP_PKEY_get1_DSA(pkey); 289 dsa = EVP_PKEY_get1_DSA(pkey);
@@ -295,51 +295,51 @@ dsa_main(int argc, char **argv)
295 ERR_print_errors(bio_err); 295 ERR_print_errors(bio_err);
296 goto end; 296 goto end;
297 } 297 }
298 if (dsa_config.outfile == NULL) { 298 if (cfg.outfile == NULL) {
299 BIO_set_fp(out, stdout, BIO_NOCLOSE); 299 BIO_set_fp(out, stdout, BIO_NOCLOSE);
300 } else { 300 } else {
301 if (BIO_write_filename(out, dsa_config.outfile) <= 0) { 301 if (BIO_write_filename(out, cfg.outfile) <= 0) {
302 perror(dsa_config.outfile); 302 perror(cfg.outfile);
303 goto end; 303 goto end;
304 } 304 }
305 } 305 }
306 306
307 if (dsa_config.text) { 307 if (cfg.text) {
308 if (!DSA_print(out, dsa, 0)) { 308 if (!DSA_print(out, dsa, 0)) {
309 perror(dsa_config.outfile); 309 perror(cfg.outfile);
310 ERR_print_errors(bio_err); 310 ERR_print_errors(bio_err);
311 goto end; 311 goto end;
312 } 312 }
313 } 313 }
314 if (dsa_config.modulus) { 314 if (cfg.modulus) {
315 fprintf(stdout, "Public Key="); 315 fprintf(stdout, "Public Key=");
316 BN_print(out, DSA_get0_pub_key(dsa)); 316 BN_print(out, DSA_get0_pub_key(dsa));
317 fprintf(stdout, "\n"); 317 fprintf(stdout, "\n");
318 } 318 }
319 if (dsa_config.noout) 319 if (cfg.noout)
320 goto end; 320 goto end;
321 BIO_printf(bio_err, "writing DSA key\n"); 321 BIO_printf(bio_err, "writing DSA key\n");
322 if (dsa_config.outformat == FORMAT_ASN1) { 322 if (cfg.outformat == FORMAT_ASN1) {
323 if (dsa_config.pubin || dsa_config.pubout) 323 if (cfg.pubin || cfg.pubout)
324 i = i2d_DSA_PUBKEY_bio(out, dsa); 324 i = i2d_DSA_PUBKEY_bio(out, dsa);
325 else 325 else
326 i = i2d_DSAPrivateKey_bio(out, dsa); 326 i = i2d_DSAPrivateKey_bio(out, dsa);
327 } else if (dsa_config.outformat == FORMAT_PEM) { 327 } else if (cfg.outformat == FORMAT_PEM) {
328 if (dsa_config.pubin || dsa_config.pubout) 328 if (cfg.pubin || cfg.pubout)
329 i = PEM_write_bio_DSA_PUBKEY(out, dsa); 329 i = PEM_write_bio_DSA_PUBKEY(out, dsa);
330 else 330 else
331 i = PEM_write_bio_DSAPrivateKey(out, dsa, dsa_config.enc, 331 i = PEM_write_bio_DSAPrivateKey(out, dsa, cfg.enc,
332 NULL, 0, NULL, passout); 332 NULL, 0, NULL, passout);
333#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) 333#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
334 } else if (dsa_config.outformat == FORMAT_MSBLOB || 334 } else if (cfg.outformat == FORMAT_MSBLOB ||
335 dsa_config.outformat == FORMAT_PVK) { 335 cfg.outformat == FORMAT_PVK) {
336 EVP_PKEY *pk; 336 EVP_PKEY *pk;
337 pk = EVP_PKEY_new(); 337 pk = EVP_PKEY_new();
338 EVP_PKEY_set1_DSA(pk, dsa); 338 EVP_PKEY_set1_DSA(pk, dsa);
339 if (dsa_config.outformat == FORMAT_PVK) 339 if (cfg.outformat == FORMAT_PVK)
340 i = i2b_PVK_bio(out, pk, dsa_config.pvk_encr, 0, 340 i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0,
341 passout); 341 passout);
342 else if (dsa_config.pubin || dsa_config.pubout) 342 else if (cfg.pubin || cfg.pubout)
343 i = i2b_PublicKey_bio(out, pk); 343 i = i2b_PublicKey_bio(out, pk);
344 else 344 else
345 i = i2b_PrivateKey_bio(out, pk); 345 i = i2b_PrivateKey_bio(out, pk);
diff --git a/src/usr.bin/openssl/dsaparam.c b/src/usr.bin/openssl/dsaparam.c
index 892ae72ba1..bc9ccd14d8 100644
--- a/src/usr.bin/openssl/dsaparam.c
+++ b/src/usr.bin/openssl/dsaparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsaparam.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: dsaparam.c,v 1.15 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -88,60 +88,60 @@ static struct {
88 char *outfile; 88 char *outfile;
89 int outformat; 89 int outformat;
90 int text; 90 int text;
91} dsaparam_config; 91} cfg;
92 92
93static const struct option dsaparam_options[] = { 93static const struct option dsaparam_options[] = {
94 { 94 {
95 .name = "C", 95 .name = "C",
96 .desc = "Convert DSA parameters into C code", 96 .desc = "Convert DSA parameters into C code",
97 .type = OPTION_FLAG, 97 .type = OPTION_FLAG,
98 .opt.flag = &dsaparam_config.C, 98 .opt.flag = &cfg.C,
99 }, 99 },
100 { 100 {
101 .name = "genkey", 101 .name = "genkey",
102 .desc = "Generate a DSA key", 102 .desc = "Generate a DSA key",
103 .type = OPTION_FLAG, 103 .type = OPTION_FLAG,
104 .opt.flag = &dsaparam_config.genkey, 104 .opt.flag = &cfg.genkey,
105 }, 105 },
106 { 106 {
107 .name = "in", 107 .name = "in",
108 .argname = "file", 108 .argname = "file",
109 .desc = "Input file (default stdin)", 109 .desc = "Input file (default stdin)",
110 .type = OPTION_ARG, 110 .type = OPTION_ARG,
111 .opt.arg = &dsaparam_config.infile, 111 .opt.arg = &cfg.infile,
112 }, 112 },
113 { 113 {
114 .name = "inform", 114 .name = "inform",
115 .argname = "format", 115 .argname = "format",
116 .desc = "Input format (DER or PEM (default))", 116 .desc = "Input format (DER or PEM (default))",
117 .type = OPTION_ARG_FORMAT, 117 .type = OPTION_ARG_FORMAT,
118 .opt.value = &dsaparam_config.informat, 118 .opt.value = &cfg.informat,
119 }, 119 },
120 { 120 {
121 .name = "noout", 121 .name = "noout",
122 .desc = "No output", 122 .desc = "No output",
123 .type = OPTION_FLAG, 123 .type = OPTION_FLAG,
124 .opt.flag = &dsaparam_config.noout, 124 .opt.flag = &cfg.noout,
125 }, 125 },
126 { 126 {
127 .name = "out", 127 .name = "out",
128 .argname = "file", 128 .argname = "file",
129 .desc = "Output file (default stdout)", 129 .desc = "Output file (default stdout)",
130 .type = OPTION_ARG, 130 .type = OPTION_ARG,
131 .opt.arg = &dsaparam_config.outfile, 131 .opt.arg = &cfg.outfile,
132 }, 132 },
133 { 133 {
134 .name = "outform", 134 .name = "outform",
135 .argname = "format", 135 .argname = "format",
136 .desc = "Output format (DER or PEM (default))", 136 .desc = "Output format (DER or PEM (default))",
137 .type = OPTION_ARG_FORMAT, 137 .type = OPTION_ARG_FORMAT,
138 .opt.value = &dsaparam_config.outformat, 138 .opt.value = &cfg.outformat,
139 }, 139 },
140 { 140 {
141 .name = "text", 141 .name = "text",
142 .desc = "Print as text", 142 .desc = "Print as text",
143 .type = OPTION_FLAG, 143 .type = OPTION_FLAG,
144 .opt.flag = &dsaparam_config.text, 144 .opt.flag = &cfg.text,
145 }, 145 },
146 { NULL }, 146 { NULL },
147}; 147};
@@ -174,10 +174,10 @@ dsaparam_main(int argc, char **argv)
174 exit(1); 174 exit(1);
175 } 175 }
176 176
177 memset(&dsaparam_config, 0, sizeof(dsaparam_config)); 177 memset(&cfg, 0, sizeof(cfg));
178 178
179 dsaparam_config.informat = FORMAT_PEM; 179 cfg.informat = FORMAT_PEM;
180 dsaparam_config.outformat = FORMAT_PEM; 180 cfg.outformat = FORMAT_PEM;
181 181
182 if (options_parse(argc, argv, dsaparam_options, &strbits, NULL) != 0) { 182 if (options_parse(argc, argv, dsaparam_options, &strbits, NULL) != 0) {
183 dsaparam_usage(); 183 dsaparam_usage();
@@ -199,19 +199,19 @@ dsaparam_main(int argc, char **argv)
199 ERR_print_errors(bio_err); 199 ERR_print_errors(bio_err);
200 goto end; 200 goto end;
201 } 201 }
202 if (dsaparam_config.infile == NULL) 202 if (cfg.infile == NULL)
203 BIO_set_fp(in, stdin, BIO_NOCLOSE); 203 BIO_set_fp(in, stdin, BIO_NOCLOSE);
204 else { 204 else {
205 if (BIO_read_filename(in, dsaparam_config.infile) <= 0) { 205 if (BIO_read_filename(in, cfg.infile) <= 0) {
206 perror(dsaparam_config.infile); 206 perror(cfg.infile);
207 goto end; 207 goto end;
208 } 208 }
209 } 209 }
210 if (dsaparam_config.outfile == NULL) { 210 if (cfg.outfile == NULL) {
211 BIO_set_fp(out, stdout, BIO_NOCLOSE); 211 BIO_set_fp(out, stdout, BIO_NOCLOSE);
212 } else { 212 } else {
213 if (BIO_write_filename(out, dsaparam_config.outfile) <= 0) { 213 if (BIO_write_filename(out, cfg.outfile) <= 0) {
214 perror(dsaparam_config.outfile); 214 perror(cfg.outfile);
215 goto end; 215 goto end;
216 } 216 }
217 } 217 }
@@ -237,9 +237,9 @@ dsaparam_main(int argc, char **argv)
237 BIO_printf(bio_err, "Error, DSA key generation failed\n"); 237 BIO_printf(bio_err, "Error, DSA key generation failed\n");
238 goto end; 238 goto end;
239 } 239 }
240 } else if (dsaparam_config.informat == FORMAT_ASN1) 240 } else if (cfg.informat == FORMAT_ASN1)
241 dsa = d2i_DSAparams_bio(in, NULL); 241 dsa = d2i_DSAparams_bio(in, NULL);
242 else if (dsaparam_config.informat == FORMAT_PEM) 242 else if (cfg.informat == FORMAT_PEM)
243 dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); 243 dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
244 else { 244 else {
245 BIO_printf(bio_err, "bad input format specified\n"); 245 BIO_printf(bio_err, "bad input format specified\n");
@@ -250,10 +250,10 @@ dsaparam_main(int argc, char **argv)
250 ERR_print_errors(bio_err); 250 ERR_print_errors(bio_err);
251 goto end; 251 goto end;
252 } 252 }
253 if (dsaparam_config.text) { 253 if (cfg.text) {
254 DSAparams_print(out, dsa); 254 DSAparams_print(out, dsa);
255 } 255 }
256 if (dsaparam_config.C) { 256 if (cfg.C) {
257 unsigned char *data; 257 unsigned char *data;
258 int l, len, bits_p; 258 int l, len, bits_p;
259 259
@@ -307,10 +307,10 @@ dsaparam_main(int argc, char **argv)
307 printf("\tDSA_set0_pqg(dsa, p, q, g);\n"); 307 printf("\tDSA_set0_pqg(dsa, p, q, g);\n");
308 printf("\treturn(dsa);\n\t}\n"); 308 printf("\treturn(dsa);\n\t}\n");
309 } 309 }
310 if (!dsaparam_config.noout) { 310 if (!cfg.noout) {
311 if (dsaparam_config.outformat == FORMAT_ASN1) 311 if (cfg.outformat == FORMAT_ASN1)
312 i = i2d_DSAparams_bio(out, dsa); 312 i = i2d_DSAparams_bio(out, dsa);
313 else if (dsaparam_config.outformat == FORMAT_PEM) 313 else if (cfg.outformat == FORMAT_PEM)
314 i = PEM_write_bio_DSAparams(out, dsa); 314 i = PEM_write_bio_DSAparams(out, dsa);
315 else { 315 else {
316 BIO_printf(bio_err, "bad output format specified for outfile\n"); 316 BIO_printf(bio_err, "bad output format specified for outfile\n");
@@ -322,7 +322,7 @@ dsaparam_main(int argc, char **argv)
322 goto end; 322 goto end;
323 } 323 }
324 } 324 }
325 if (dsaparam_config.genkey) { 325 if (cfg.genkey) {
326 DSA *dsakey; 326 DSA *dsakey;
327 327
328 if ((dsakey = DSAparams_dup(dsa)) == NULL) 328 if ((dsakey = DSAparams_dup(dsa)) == NULL)
@@ -332,9 +332,9 @@ dsaparam_main(int argc, char **argv)
332 DSA_free(dsakey); 332 DSA_free(dsakey);
333 goto end; 333 goto end;
334 } 334 }
335 if (dsaparam_config.outformat == FORMAT_ASN1) 335 if (cfg.outformat == FORMAT_ASN1)
336 i = i2d_DSAPrivateKey_bio(out, dsakey); 336 i = i2d_DSAPrivateKey_bio(out, dsakey);
337 else if (dsaparam_config.outformat == FORMAT_PEM) 337 else if (cfg.outformat == FORMAT_PEM)
338 i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL, NULL); 338 i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL, NULL);
339 else { 339 else {
340 BIO_printf(bio_err, "bad output format specified for outfile\n"); 340 BIO_printf(bio_err, "bad output format specified for outfile\n");
diff --git a/src/usr.bin/openssl/ec.c b/src/usr.bin/openssl/ec.c
index 3dace88d6f..c6af1263d4 100644
--- a/src/usr.bin/openssl/ec.c
+++ b/src/usr.bin/openssl/ec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec.c,v 1.15 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: ec.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -88,7 +88,7 @@ static struct {
88 int pubin; 88 int pubin;
89 int pubout; 89 int pubout;
90 int text; 90 int text;
91} ec_config; 91} cfg;
92 92
93static int 93static int
94ec_opt_enc(int argc, char **argv, int *argsused) 94ec_opt_enc(int argc, char **argv, int *argsused)
@@ -98,7 +98,7 @@ ec_opt_enc(int argc, char **argv, int *argsused)
98 if (*name++ != '-') 98 if (*name++ != '-')
99 return (1); 99 return (1);
100 100
101 if ((ec_config.enc = EVP_get_cipherbyname(name)) != NULL) { 101 if ((cfg.enc = EVP_get_cipherbyname(name)) != NULL) {
102 *argsused = 1; 102 *argsused = 1;
103 return (0); 103 return (0);
104 } 104 }
@@ -110,17 +110,17 @@ static int
110ec_opt_form(char *arg) 110ec_opt_form(char *arg)
111{ 111{
112 if (strcmp(arg, "compressed") == 0) 112 if (strcmp(arg, "compressed") == 0)
113 ec_config.form = POINT_CONVERSION_COMPRESSED; 113 cfg.form = POINT_CONVERSION_COMPRESSED;
114 else if (strcmp(arg, "uncompressed") == 0) 114 else if (strcmp(arg, "uncompressed") == 0)
115 ec_config.form = POINT_CONVERSION_UNCOMPRESSED; 115 cfg.form = POINT_CONVERSION_UNCOMPRESSED;
116 else if (strcmp(arg, "hybrid") == 0) 116 else if (strcmp(arg, "hybrid") == 0)
117 ec_config.form = POINT_CONVERSION_HYBRID; 117 cfg.form = POINT_CONVERSION_HYBRID;
118 else { 118 else {
119 fprintf(stderr, "Invalid point conversion: %s\n", arg); 119 fprintf(stderr, "Invalid point conversion: %s\n", arg);
120 return (1); 120 return (1);
121 } 121 }
122 122
123 ec_config.new_form = 1; 123 cfg.new_form = 1;
124 return (0); 124 return (0);
125} 125}
126 126
@@ -128,15 +128,15 @@ static int
128ec_opt_named(char *arg) 128ec_opt_named(char *arg)
129{ 129{
130 if (strcmp(arg, "named_curve") == 0) 130 if (strcmp(arg, "named_curve") == 0)
131 ec_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; 131 cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE;
132 else if (strcmp(arg, "explicit") == 0) 132 else if (strcmp(arg, "explicit") == 0)
133 ec_config.asn1_flag = 0; 133 cfg.asn1_flag = 0;
134 else { 134 else {
135 fprintf(stderr, "Invalid curve type: %s\n", arg); 135 fprintf(stderr, "Invalid curve type: %s\n", arg);
136 return (1); 136 return (1);
137 } 137 }
138 138
139 ec_config.new_asn1_flag = 1; 139 cfg.new_asn1_flag = 1;
140 return (0); 140 return (0);
141} 141}
142 142
@@ -154,34 +154,34 @@ static const struct option ec_options[] = {
154 .argname = "file", 154 .argname = "file",
155 .desc = "Input file (default stdin)", 155 .desc = "Input file (default stdin)",
156 .type = OPTION_ARG, 156 .type = OPTION_ARG,
157 .opt.arg = &ec_config.infile, 157 .opt.arg = &cfg.infile,
158 }, 158 },
159 { 159 {
160 .name = "inform", 160 .name = "inform",
161 .argname = "format", 161 .argname = "format",
162 .desc = "Input format (DER or PEM (default))", 162 .desc = "Input format (DER or PEM (default))",
163 .type = OPTION_ARG_FORMAT, 163 .type = OPTION_ARG_FORMAT,
164 .opt.value = &ec_config.informat, 164 .opt.value = &cfg.informat,
165 }, 165 },
166 { 166 {
167 .name = "noout", 167 .name = "noout",
168 .desc = "No output", 168 .desc = "No output",
169 .type = OPTION_FLAG, 169 .type = OPTION_FLAG,
170 .opt.flag = &ec_config.noout, 170 .opt.flag = &cfg.noout,
171 }, 171 },
172 { 172 {
173 .name = "out", 173 .name = "out",
174 .argname = "file", 174 .argname = "file",
175 .desc = "Output file (default stdout)", 175 .desc = "Output file (default stdout)",
176 .type = OPTION_ARG, 176 .type = OPTION_ARG,
177 .opt.arg = &ec_config.outfile, 177 .opt.arg = &cfg.outfile,
178 }, 178 },
179 { 179 {
180 .name = "outform", 180 .name = "outform",
181 .argname = "format", 181 .argname = "format",
182 .desc = "Output format (DER or PEM (default))", 182 .desc = "Output format (DER or PEM (default))",
183 .type = OPTION_ARG_FORMAT, 183 .type = OPTION_ARG_FORMAT,
184 .opt.value = &ec_config.outformat, 184 .opt.value = &cfg.outformat,
185 }, 185 },
186 { 186 {
187 .name = "param_enc", 187 .name = "param_enc",
@@ -195,39 +195,39 @@ static const struct option ec_options[] = {
195 .name = "param_out", 195 .name = "param_out",
196 .desc = "Print the elliptic curve parameters", 196 .desc = "Print the elliptic curve parameters",
197 .type = OPTION_FLAG, 197 .type = OPTION_FLAG,
198 .opt.flag = &ec_config.param_out, 198 .opt.flag = &cfg.param_out,
199 }, 199 },
200 { 200 {
201 .name = "passin", 201 .name = "passin",
202 .argname = "source", 202 .argname = "source",
203 .desc = "Input file passphrase source", 203 .desc = "Input file passphrase source",
204 .type = OPTION_ARG, 204 .type = OPTION_ARG,
205 .opt.arg = &ec_config.passargin, 205 .opt.arg = &cfg.passargin,
206 }, 206 },
207 { 207 {
208 .name = "passout", 208 .name = "passout",
209 .argname = "source", 209 .argname = "source",
210 .desc = "Output file passphrase source", 210 .desc = "Output file passphrase source",
211 .type = OPTION_ARG, 211 .type = OPTION_ARG,
212 .opt.arg = &ec_config.passargout, 212 .opt.arg = &cfg.passargout,
213 }, 213 },
214 { 214 {
215 .name = "pubin", 215 .name = "pubin",
216 .desc = "Read public key instead of private key from input", 216 .desc = "Read public key instead of private key from input",
217 .type = OPTION_FLAG, 217 .type = OPTION_FLAG,
218 .opt.flag = &ec_config.pubin, 218 .opt.flag = &cfg.pubin,
219 }, 219 },
220 { 220 {
221 .name = "pubout", 221 .name = "pubout",
222 .desc = "Output public key instead of private key in output", 222 .desc = "Output public key instead of private key in output",
223 .type = OPTION_FLAG, 223 .type = OPTION_FLAG,
224 .opt.flag = &ec_config.pubout, 224 .opt.flag = &cfg.pubout,
225 }, 225 },
226 { 226 {
227 .name = "text", 227 .name = "text",
228 .desc = "Print the public/private key components and parameters", 228 .desc = "Print the public/private key components and parameters",
229 .type = OPTION_FLAG, 229 .type = OPTION_FLAG,
230 .opt.flag = &ec_config.text, 230 .opt.flag = &cfg.text,
231 }, 231 },
232 { 232 {
233 .name = NULL, 233 .name = NULL,
@@ -272,19 +272,19 @@ ec_main(int argc, char **argv)
272 exit(1); 272 exit(1);
273 } 273 }
274 274
275 memset(&ec_config, 0, sizeof(ec_config)); 275 memset(&cfg, 0, sizeof(cfg));
276 276
277 ec_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; 277 cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE;
278 ec_config.form = POINT_CONVERSION_UNCOMPRESSED; 278 cfg.form = POINT_CONVERSION_UNCOMPRESSED;
279 ec_config.informat = FORMAT_PEM; 279 cfg.informat = FORMAT_PEM;
280 ec_config.outformat = FORMAT_PEM; 280 cfg.outformat = FORMAT_PEM;
281 281
282 if (options_parse(argc, argv, ec_options, NULL, NULL) != 0) { 282 if (options_parse(argc, argv, ec_options, NULL, NULL) != 0) {
283 ec_usage(); 283 ec_usage();
284 goto end; 284 goto end;
285 } 285 }
286 286
287 if (!app_passwd(bio_err, ec_config.passargin, ec_config.passargout, 287 if (!app_passwd(bio_err, cfg.passargin, cfg.passargout,
288 &passin, &passout)) { 288 &passin, &passout)) {
289 BIO_printf(bio_err, "Error getting passwords\n"); 289 BIO_printf(bio_err, "Error getting passwords\n");
290 goto end; 290 goto end;
@@ -295,23 +295,23 @@ ec_main(int argc, char **argv)
295 ERR_print_errors(bio_err); 295 ERR_print_errors(bio_err);
296 goto end; 296 goto end;
297 } 297 }
298 if (ec_config.infile == NULL) 298 if (cfg.infile == NULL)
299 BIO_set_fp(in, stdin, BIO_NOCLOSE); 299 BIO_set_fp(in, stdin, BIO_NOCLOSE);
300 else { 300 else {
301 if (BIO_read_filename(in, ec_config.infile) <= 0) { 301 if (BIO_read_filename(in, cfg.infile) <= 0) {
302 perror(ec_config.infile); 302 perror(cfg.infile);
303 goto end; 303 goto end;
304 } 304 }
305 } 305 }
306 306
307 BIO_printf(bio_err, "read EC key\n"); 307 BIO_printf(bio_err, "read EC key\n");
308 if (ec_config.informat == FORMAT_ASN1) { 308 if (cfg.informat == FORMAT_ASN1) {
309 if (ec_config.pubin) 309 if (cfg.pubin)
310 eckey = d2i_EC_PUBKEY_bio(in, NULL); 310 eckey = d2i_EC_PUBKEY_bio(in, NULL);
311 else 311 else
312 eckey = d2i_ECPrivateKey_bio(in, NULL); 312 eckey = d2i_ECPrivateKey_bio(in, NULL);
313 } else if (ec_config.informat == FORMAT_PEM) { 313 } else if (cfg.informat == FORMAT_PEM) {
314 if (ec_config.pubin) 314 if (cfg.pubin)
315 eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, 315 eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,
316 NULL); 316 NULL);
317 else 317 else
@@ -326,49 +326,49 @@ ec_main(int argc, char **argv)
326 ERR_print_errors(bio_err); 326 ERR_print_errors(bio_err);
327 goto end; 327 goto end;
328 } 328 }
329 if (ec_config.outfile == NULL) { 329 if (cfg.outfile == NULL) {
330 BIO_set_fp(out, stdout, BIO_NOCLOSE); 330 BIO_set_fp(out, stdout, BIO_NOCLOSE);
331 } else { 331 } else {
332 if (BIO_write_filename(out, ec_config.outfile) <= 0) { 332 if (BIO_write_filename(out, cfg.outfile) <= 0) {
333 perror(ec_config.outfile); 333 perror(cfg.outfile);
334 goto end; 334 goto end;
335 } 335 }
336 } 336 }
337 337
338 group = EC_KEY_get0_group(eckey); 338 group = EC_KEY_get0_group(eckey);
339 339
340 if (ec_config.new_form) 340 if (cfg.new_form)
341 EC_KEY_set_conv_form(eckey, ec_config.form); 341 EC_KEY_set_conv_form(eckey, cfg.form);
342 342
343 if (ec_config.new_asn1_flag) 343 if (cfg.new_asn1_flag)
344 EC_KEY_set_asn1_flag(eckey, ec_config.asn1_flag); 344 EC_KEY_set_asn1_flag(eckey, cfg.asn1_flag);
345 345
346 if (ec_config.text) 346 if (cfg.text)
347 if (!EC_KEY_print(out, eckey, 0)) { 347 if (!EC_KEY_print(out, eckey, 0)) {
348 perror(ec_config.outfile); 348 perror(cfg.outfile);
349 ERR_print_errors(bio_err); 349 ERR_print_errors(bio_err);
350 goto end; 350 goto end;
351 } 351 }
352 if (ec_config.noout) { 352 if (cfg.noout) {
353 ret = 0; 353 ret = 0;
354 goto end; 354 goto end;
355 } 355 }
356 BIO_printf(bio_err, "writing EC key\n"); 356 BIO_printf(bio_err, "writing EC key\n");
357 if (ec_config.outformat == FORMAT_ASN1) { 357 if (cfg.outformat == FORMAT_ASN1) {
358 if (ec_config.param_out) 358 if (cfg.param_out)
359 i = i2d_ECPKParameters_bio(out, group); 359 i = i2d_ECPKParameters_bio(out, group);
360 else if (ec_config.pubin || ec_config.pubout) 360 else if (cfg.pubin || cfg.pubout)
361 i = i2d_EC_PUBKEY_bio(out, eckey); 361 i = i2d_EC_PUBKEY_bio(out, eckey);
362 else 362 else
363 i = i2d_ECPrivateKey_bio(out, eckey); 363 i = i2d_ECPrivateKey_bio(out, eckey);
364 } else if (ec_config.outformat == FORMAT_PEM) { 364 } else if (cfg.outformat == FORMAT_PEM) {
365 if (ec_config.param_out) 365 if (cfg.param_out)
366 i = PEM_write_bio_ECPKParameters(out, group); 366 i = PEM_write_bio_ECPKParameters(out, group);
367 else if (ec_config.pubin || ec_config.pubout) 367 else if (cfg.pubin || cfg.pubout)
368 i = PEM_write_bio_EC_PUBKEY(out, eckey); 368 i = PEM_write_bio_EC_PUBKEY(out, eckey);
369 else 369 else
370 i = PEM_write_bio_ECPrivateKey(out, eckey, 370 i = PEM_write_bio_ECPrivateKey(out, eckey,
371 ec_config.enc, NULL, 0, NULL, passout); 371 cfg.enc, NULL, 0, NULL, passout);
372 } else { 372 } else {
373 BIO_printf(bio_err, "bad output format specified for " 373 BIO_printf(bio_err, "bad output format specified for "
374 "outfile\n"); 374 "outfile\n");
diff --git a/src/usr.bin/openssl/ecparam.c b/src/usr.bin/openssl/ecparam.c
index 52ccc491fc..933cd3eb69 100644
--- a/src/usr.bin/openssl/ecparam.c
+++ b/src/usr.bin/openssl/ecparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecparam.c,v 1.22 2022/11/11 17:07:38 joshua Exp $ */ 1/* $OpenBSD: ecparam.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -107,21 +107,21 @@ static struct {
107 char *outfile; 107 char *outfile;
108 int outformat; 108 int outformat;
109 int text; 109 int text;
110} ecparam_config; 110} cfg;
111 111
112static int 112static int
113ecparam_opt_form(char *arg) 113ecparam_opt_form(char *arg)
114{ 114{
115 if (strcmp(arg, "compressed") == 0) 115 if (strcmp(arg, "compressed") == 0)
116 ecparam_config.form = POINT_CONVERSION_COMPRESSED; 116 cfg.form = POINT_CONVERSION_COMPRESSED;
117 else if (strcmp(arg, "uncompressed") == 0) 117 else if (strcmp(arg, "uncompressed") == 0)
118 ecparam_config.form = POINT_CONVERSION_UNCOMPRESSED; 118 cfg.form = POINT_CONVERSION_UNCOMPRESSED;
119 else if (strcmp(arg, "hybrid") == 0) 119 else if (strcmp(arg, "hybrid") == 0)
120 ecparam_config.form = POINT_CONVERSION_HYBRID; 120 cfg.form = POINT_CONVERSION_HYBRID;
121 else 121 else
122 return (1); 122 return (1);
123 123
124 ecparam_config.new_form = 1; 124 cfg.new_form = 1;
125 return (0); 125 return (0);
126} 126}
127 127
@@ -129,13 +129,13 @@ static int
129ecparam_opt_enctype(char *arg) 129ecparam_opt_enctype(char *arg)
130{ 130{
131 if (strcmp(arg, "explicit") == 0) 131 if (strcmp(arg, "explicit") == 0)
132 ecparam_config.asn1_flag = 0; 132 cfg.asn1_flag = 0;
133 else if (strcmp(arg, "named_curve") == 0) 133 else if (strcmp(arg, "named_curve") == 0)
134 ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; 134 cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE;
135 else 135 else
136 return (1); 136 return (1);
137 137
138 ecparam_config.new_asn1_flag = 1; 138 cfg.new_asn1_flag = 1;
139 return (0); 139 return (0);
140} 140}
141 141
@@ -144,13 +144,13 @@ static const struct option ecparam_options[] = {
144 .name = "C", 144 .name = "C",
145 .desc = "Convert the EC parameters into C code", 145 .desc = "Convert the EC parameters into C code",
146 .type = OPTION_FLAG, 146 .type = OPTION_FLAG,
147 .opt.flag = &ecparam_config.C, 147 .opt.flag = &cfg.C,
148 }, 148 },
149 { 149 {
150 .name = "check", 150 .name = "check",
151 .desc = "Validate the elliptic curve parameters", 151 .desc = "Validate the elliptic curve parameters",
152 .type = OPTION_FLAG, 152 .type = OPTION_FLAG,
153 .opt.flag = &ecparam_config.check, 153 .opt.flag = &cfg.check,
154 }, 154 },
155 { 155 {
156 .name = "conv_form", 156 .name = "conv_form",
@@ -165,61 +165,61 @@ static const struct option ecparam_options[] = {
165 .desc = "Generate an EC private key using the specified " 165 .desc = "Generate an EC private key using the specified "
166 "parameters", 166 "parameters",
167 .type = OPTION_FLAG, 167 .type = OPTION_FLAG,
168 .opt.flag = &ecparam_config.genkey, 168 .opt.flag = &cfg.genkey,
169 }, 169 },
170 { 170 {
171 .name = "in", 171 .name = "in",
172 .argname = "file", 172 .argname = "file",
173 .desc = "Input file to read parameters from (default stdin)", 173 .desc = "Input file to read parameters from (default stdin)",
174 .type = OPTION_ARG, 174 .type = OPTION_ARG,
175 .opt.arg = &ecparam_config.infile, 175 .opt.arg = &cfg.infile,
176 }, 176 },
177 { 177 {
178 .name = "inform", 178 .name = "inform",
179 .argname = "format", 179 .argname = "format",
180 .desc = "Input format (DER or PEM)", 180 .desc = "Input format (DER or PEM)",
181 .type = OPTION_ARG_FORMAT, 181 .type = OPTION_ARG_FORMAT,
182 .opt.value = &ecparam_config.informat, 182 .opt.value = &cfg.informat,
183 }, 183 },
184 { 184 {
185 .name = "list_curves", 185 .name = "list_curves",
186 .desc = "Print list of all currently implemented EC " 186 .desc = "Print list of all currently implemented EC "
187 "parameter names", 187 "parameter names",
188 .type = OPTION_FLAG, 188 .type = OPTION_FLAG,
189 .opt.flag = &ecparam_config.list_curves, 189 .opt.flag = &cfg.list_curves,
190 }, 190 },
191 { 191 {
192 .name = "name", 192 .name = "name",
193 .argname = "curve", 193 .argname = "curve",
194 .desc = "Use the EC parameters with the specified name", 194 .desc = "Use the EC parameters with the specified name",
195 .type = OPTION_ARG, 195 .type = OPTION_ARG,
196 .opt.arg = &ecparam_config.curve_name, 196 .opt.arg = &cfg.curve_name,
197 }, 197 },
198 { 198 {
199 .name = "no_seed", 199 .name = "no_seed",
200 .desc = "Do not output seed with explicit parameter encoding", 200 .desc = "Do not output seed with explicit parameter encoding",
201 .type = OPTION_FLAG, 201 .type = OPTION_FLAG,
202 .opt.flag = &ecparam_config.no_seed, 202 .opt.flag = &cfg.no_seed,
203 }, 203 },
204 { 204 {
205 .name = "noout", 205 .name = "noout",
206 .desc = "Do not output encoded version of EC parameters", 206 .desc = "Do not output encoded version of EC parameters",
207 .type = OPTION_FLAG, 207 .type = OPTION_FLAG,
208 .opt.flag = &ecparam_config.noout, 208 .opt.flag = &cfg.noout,
209 }, 209 },
210 { 210 {
211 .name = "out", 211 .name = "out",
212 .argname = "file", 212 .argname = "file",
213 .desc = "Output file to write parameters to (default stdout)", 213 .desc = "Output file to write parameters to (default stdout)",
214 .type = OPTION_ARG, 214 .type = OPTION_ARG,
215 .opt.arg = &ecparam_config.outfile, 215 .opt.arg = &cfg.outfile,
216 }, 216 },
217 { 217 {
218 .name = "outform", 218 .name = "outform",
219 .argname = "format", 219 .argname = "format",
220 .desc = "Output format (DER or PEM)", 220 .desc = "Output format (DER or PEM)",
221 .type = OPTION_ARG_FORMAT, 221 .type = OPTION_ARG_FORMAT,
222 .opt.value = &ecparam_config.outformat, 222 .opt.value = &cfg.outformat,
223 }, 223 },
224 { 224 {
225 .name = "param_enc", 225 .name = "param_enc",
@@ -233,7 +233,7 @@ static const struct option ecparam_options[] = {
233 .name = "text", 233 .name = "text",
234 .desc = "Print out the EC parameters in human readable form", 234 .desc = "Print out the EC parameters in human readable form",
235 .type = OPTION_FLAG, 235 .type = OPTION_FLAG,
236 .opt.flag = &ecparam_config.text, 236 .opt.flag = &cfg.text,
237 }, 237 },
238 {NULL}, 238 {NULL},
239}; 239};
@@ -264,11 +264,11 @@ ecparam_main(int argc, char **argv)
264 exit(1); 264 exit(1);
265 } 265 }
266 266
267 memset(&ecparam_config, 0, sizeof(ecparam_config)); 267 memset(&cfg, 0, sizeof(cfg));
268 ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; 268 cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE;
269 ecparam_config.form = POINT_CONVERSION_UNCOMPRESSED; 269 cfg.form = POINT_CONVERSION_UNCOMPRESSED;
270 ecparam_config.informat = FORMAT_PEM; 270 cfg.informat = FORMAT_PEM;
271 ecparam_config.outformat = FORMAT_PEM; 271 cfg.outformat = FORMAT_PEM;
272 272
273 if (options_parse(argc, argv, ecparam_options, NULL, NULL) != 0) { 273 if (options_parse(argc, argv, ecparam_options, NULL, NULL) != 0) {
274 ecparam_usage(); 274 ecparam_usage();
@@ -281,24 +281,24 @@ ecparam_main(int argc, char **argv)
281 ERR_print_errors(bio_err); 281 ERR_print_errors(bio_err);
282 goto end; 282 goto end;
283 } 283 }
284 if (ecparam_config.infile == NULL) 284 if (cfg.infile == NULL)
285 BIO_set_fp(in, stdin, BIO_NOCLOSE); 285 BIO_set_fp(in, stdin, BIO_NOCLOSE);
286 else { 286 else {
287 if (BIO_read_filename(in, ecparam_config.infile) <= 0) { 287 if (BIO_read_filename(in, cfg.infile) <= 0) {
288 perror(ecparam_config.infile); 288 perror(cfg.infile);
289 goto end; 289 goto end;
290 } 290 }
291 } 291 }
292 if (ecparam_config.outfile == NULL) { 292 if (cfg.outfile == NULL) {
293 BIO_set_fp(out, stdout, BIO_NOCLOSE); 293 BIO_set_fp(out, stdout, BIO_NOCLOSE);
294 } else { 294 } else {
295 if (BIO_write_filename(out, ecparam_config.outfile) <= 0) { 295 if (BIO_write_filename(out, cfg.outfile) <= 0) {
296 perror(ecparam_config.outfile); 296 perror(cfg.outfile);
297 goto end; 297 goto end;
298 } 298 }
299 } 299 }
300 300
301 if (ecparam_config.list_curves) { 301 if (cfg.list_curves) {
302 EC_builtin_curve *curves = NULL; 302 EC_builtin_curve *curves = NULL;
303 size_t crv_len = 0; 303 size_t crv_len = 0;
304 size_t n = 0; 304 size_t n = 0;
@@ -331,7 +331,7 @@ ecparam_main(int argc, char **argv)
331 ret = 0; 331 ret = 0;
332 goto end; 332 goto end;
333 } 333 }
334 if (ecparam_config.curve_name != NULL) { 334 if (cfg.curve_name != NULL) {
335 int nid; 335 int nid;
336 336
337 /* 337 /*
@@ -339,36 +339,36 @@ ecparam_main(int argc, char **argv)
339 * secp256r1 (which are the same as the curves prime192v1 and 339 * secp256r1 (which are the same as the curves prime192v1 and
340 * prime256v1 defined in X9.62) 340 * prime256v1 defined in X9.62)
341 */ 341 */
342 if (!strcmp(ecparam_config.curve_name, "secp192r1")) { 342 if (!strcmp(cfg.curve_name, "secp192r1")) {
343 BIO_printf(bio_err, "using curve name prime192v1 " 343 BIO_printf(bio_err, "using curve name prime192v1 "
344 "instead of secp192r1\n"); 344 "instead of secp192r1\n");
345 nid = NID_X9_62_prime192v1; 345 nid = NID_X9_62_prime192v1;
346 } else if (!strcmp(ecparam_config.curve_name, "secp256r1")) { 346 } else if (!strcmp(cfg.curve_name, "secp256r1")) {
347 BIO_printf(bio_err, "using curve name prime256v1 " 347 BIO_printf(bio_err, "using curve name prime256v1 "
348 "instead of secp256r1\n"); 348 "instead of secp256r1\n");
349 nid = NID_X9_62_prime256v1; 349 nid = NID_X9_62_prime256v1;
350 } else 350 } else
351 nid = OBJ_sn2nid(ecparam_config.curve_name); 351 nid = OBJ_sn2nid(cfg.curve_name);
352 352
353 if (nid == 0) 353 if (nid == 0)
354 nid = EC_curve_nist2nid(ecparam_config.curve_name); 354 nid = EC_curve_nist2nid(cfg.curve_name);
355 355
356 if (nid == 0) { 356 if (nid == 0) {
357 BIO_printf(bio_err, "unknown curve name (%s)\n", 357 BIO_printf(bio_err, "unknown curve name (%s)\n",
358 ecparam_config.curve_name); 358 cfg.curve_name);
359 goto end; 359 goto end;
360 } 360 }
361 group = EC_GROUP_new_by_curve_name(nid); 361 group = EC_GROUP_new_by_curve_name(nid);
362 if (group == NULL) { 362 if (group == NULL) {
363 BIO_printf(bio_err, "unable to create curve (%s)\n", 363 BIO_printf(bio_err, "unable to create curve (%s)\n",
364 ecparam_config.curve_name); 364 cfg.curve_name);
365 goto end; 365 goto end;
366 } 366 }
367 EC_GROUP_set_asn1_flag(group, ecparam_config.asn1_flag); 367 EC_GROUP_set_asn1_flag(group, cfg.asn1_flag);
368 EC_GROUP_set_point_conversion_form(group, ecparam_config.form); 368 EC_GROUP_set_point_conversion_form(group, cfg.form);
369 } else if (ecparam_config.informat == FORMAT_ASN1) { 369 } else if (cfg.informat == FORMAT_ASN1) {
370 group = d2i_ECPKParameters_bio(in, NULL); 370 group = d2i_ECPKParameters_bio(in, NULL);
371 } else if (ecparam_config.informat == FORMAT_PEM) { 371 } else if (cfg.informat == FORMAT_PEM) {
372 group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); 372 group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
373 } else { 373 } else {
374 BIO_printf(bio_err, "bad input format specified\n"); 374 BIO_printf(bio_err, "bad input format specified\n");
@@ -381,20 +381,20 @@ ecparam_main(int argc, char **argv)
381 ERR_print_errors(bio_err); 381 ERR_print_errors(bio_err);
382 goto end; 382 goto end;
383 } 383 }
384 if (ecparam_config.new_form) 384 if (cfg.new_form)
385 EC_GROUP_set_point_conversion_form(group, ecparam_config.form); 385 EC_GROUP_set_point_conversion_form(group, cfg.form);
386 386
387 if (ecparam_config.new_asn1_flag) 387 if (cfg.new_asn1_flag)
388 EC_GROUP_set_asn1_flag(group, ecparam_config.asn1_flag); 388 EC_GROUP_set_asn1_flag(group, cfg.asn1_flag);
389 389
390 if (ecparam_config.no_seed) 390 if (cfg.no_seed)
391 EC_GROUP_set_seed(group, NULL, 0); 391 EC_GROUP_set_seed(group, NULL, 0);
392 392
393 if (ecparam_config.text) { 393 if (cfg.text) {
394 if (!ECPKParameters_print(out, group, 0)) 394 if (!ECPKParameters_print(out, group, 0))
395 goto end; 395 goto end;
396 } 396 }
397 if (ecparam_config.check) { 397 if (cfg.check) {
398 BIO_printf(bio_err, "checking elliptic curve parameters: "); 398 BIO_printf(bio_err, "checking elliptic curve parameters: ");
399 if (!EC_GROUP_check(group, NULL)) { 399 if (!EC_GROUP_check(group, NULL)) {
400 BIO_printf(bio_err, "failed\n"); 400 BIO_printf(bio_err, "failed\n");
@@ -403,7 +403,7 @@ ecparam_main(int argc, char **argv)
403 BIO_printf(bio_err, "ok\n"); 403 BIO_printf(bio_err, "ok\n");
404 404
405 } 405 }
406 if (ecparam_config.C) { 406 if (cfg.C) {
407 size_t buf_len = 0, tmp_len = 0; 407 size_t buf_len = 0, tmp_len = 0;
408 const EC_POINT *point; 408 const EC_POINT *point;
409 int is_prime, len = 0; 409 int is_prime, len = 0;
@@ -516,10 +516,10 @@ ecparam_main(int argc, char **argv)
516 BIO_printf(out, "\t\t}\n"); 516 BIO_printf(out, "\t\t}\n");
517 BIO_printf(out, "\treturn(group);\n\t}\n"); 517 BIO_printf(out, "\treturn(group);\n\t}\n");
518 } 518 }
519 if (!ecparam_config.noout) { 519 if (!cfg.noout) {
520 if (ecparam_config.outformat == FORMAT_ASN1) 520 if (cfg.outformat == FORMAT_ASN1)
521 i = i2d_ECPKParameters_bio(out, group); 521 i = i2d_ECPKParameters_bio(out, group);
522 else if (ecparam_config.outformat == FORMAT_PEM) 522 else if (cfg.outformat == FORMAT_PEM)
523 i = PEM_write_bio_ECPKParameters(out, group); 523 i = PEM_write_bio_ECPKParameters(out, group);
524 else { 524 else {
525 BIO_printf(bio_err, "bad output format specified for" 525 BIO_printf(bio_err, "bad output format specified for"
@@ -533,7 +533,7 @@ ecparam_main(int argc, char **argv)
533 goto end; 533 goto end;
534 } 534 }
535 } 535 }
536 if (ecparam_config.genkey) { 536 if (cfg.genkey) {
537 EC_KEY *eckey = EC_KEY_new(); 537 EC_KEY *eckey = EC_KEY_new();
538 538
539 if (eckey == NULL) 539 if (eckey == NULL)
@@ -548,9 +548,9 @@ ecparam_main(int argc, char **argv)
548 EC_KEY_free(eckey); 548 EC_KEY_free(eckey);
549 goto end; 549 goto end;
550 } 550 }
551 if (ecparam_config.outformat == FORMAT_ASN1) 551 if (cfg.outformat == FORMAT_ASN1)
552 i = i2d_ECPrivateKey_bio(out, eckey); 552 i = i2d_ECPrivateKey_bio(out, eckey);
553 else if (ecparam_config.outformat == FORMAT_PEM) 553 else if (cfg.outformat == FORMAT_PEM)
554 i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, 554 i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
555 NULL, 0, NULL, NULL); 555 NULL, 0, NULL, NULL);
556 else { 556 else {
diff --git a/src/usr.bin/openssl/enc.c b/src/usr.bin/openssl/enc.c
index 6be0a30dec..b80a177cd8 100644
--- a/src/usr.bin/openssl/enc.c
+++ b/src/usr.bin/openssl/enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: enc.c,v 1.26 2023/03/04 21:58:54 tb Exp $ */ 1/* $OpenBSD: enc.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -100,7 +100,7 @@ static struct {
100 int pbkdf2; 100 int pbkdf2;
101 int printkey; 101 int printkey;
102 int verbose; 102 int verbose;
103} enc_config; 103} cfg;
104 104
105static int 105static int
106enc_opt_cipher(int argc, char **argv, int *argsused) 106enc_opt_cipher(int argc, char **argv, int *argsused)
@@ -111,12 +111,12 @@ enc_opt_cipher(int argc, char **argv, int *argsused)
111 return (1); 111 return (1);
112 112
113 if (strcmp(name, "none") == 0) { 113 if (strcmp(name, "none") == 0) {
114 enc_config.cipher = NULL; 114 cfg.cipher = NULL;
115 *argsused = 1; 115 *argsused = 1;
116 return (0); 116 return (0);
117 } 117 }
118 118
119 if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) { 119 if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) {
120 *argsused = 1; 120 *argsused = 1;
121 return (0); 121 return (0);
122 } 122 }
@@ -129,44 +129,44 @@ static const struct option enc_options[] = {
129 .name = "A", 129 .name = "A",
130 .desc = "Process base64 data on one line (requires -a)", 130 .desc = "Process base64 data on one line (requires -a)",
131 .type = OPTION_FLAG, 131 .type = OPTION_FLAG,
132 .opt.flag = &enc_config.olb64, 132 .opt.flag = &cfg.olb64,
133 }, 133 },
134 { 134 {
135 .name = "a", 135 .name = "a",
136 .desc = "Perform base64 encoding/decoding (alias -base64)", 136 .desc = "Perform base64 encoding/decoding (alias -base64)",
137 .type = OPTION_FLAG, 137 .type = OPTION_FLAG,
138 .opt.flag = &enc_config.base64, 138 .opt.flag = &cfg.base64,
139 }, 139 },
140 { 140 {
141 .name = "base64", 141 .name = "base64",
142 .type = OPTION_FLAG, 142 .type = OPTION_FLAG,
143 .opt.flag = &enc_config.base64, 143 .opt.flag = &cfg.base64,
144 }, 144 },
145 { 145 {
146 .name = "bufsize", 146 .name = "bufsize",
147 .argname = "size", 147 .argname = "size",
148 .desc = "Specify the buffer size to use for I/O", 148 .desc = "Specify the buffer size to use for I/O",
149 .type = OPTION_ARG, 149 .type = OPTION_ARG,
150 .opt.arg = &enc_config.bufsize, 150 .opt.arg = &cfg.bufsize,
151 }, 151 },
152 { 152 {
153 .name = "d", 153 .name = "d",
154 .desc = "Decrypt the input data", 154 .desc = "Decrypt the input data",
155 .type = OPTION_VALUE, 155 .type = OPTION_VALUE,
156 .opt.value = &enc_config.enc, 156 .opt.value = &cfg.enc,
157 .value = 0, 157 .value = 0,
158 }, 158 },
159 { 159 {
160 .name = "debug", 160 .name = "debug",
161 .desc = "Print debugging information", 161 .desc = "Print debugging information",
162 .type = OPTION_FLAG, 162 .type = OPTION_FLAG,
163 .opt.flag = &enc_config.debug, 163 .opt.flag = &cfg.debug,
164 }, 164 },
165 { 165 {
166 .name = "e", 166 .name = "e",
167 .desc = "Encrypt the input data (default)", 167 .desc = "Encrypt the input data (default)",
168 .type = OPTION_VALUE, 168 .type = OPTION_VALUE,
169 .opt.value = &enc_config.enc, 169 .opt.value = &cfg.enc,
170 .value = 1, 170 .value = 1,
171 }, 171 },
172 { 172 {
@@ -174,45 +174,45 @@ static const struct option enc_options[] = {
174 .argname = "file", 174 .argname = "file",
175 .desc = "Input file to read from (default stdin)", 175 .desc = "Input file to read from (default stdin)",
176 .type = OPTION_ARG, 176 .type = OPTION_ARG,
177 .opt.arg = &enc_config.inf, 177 .opt.arg = &cfg.inf,
178 }, 178 },
179 { 179 {
180 .name = "iter", 180 .name = "iter",
181 .argname = "iterations", 181 .argname = "iterations",
182 .desc = "Specify iteration count and force use of PBKDF2", 182 .desc = "Specify iteration count and force use of PBKDF2",
183 .type = OPTION_ARG_INT, 183 .type = OPTION_ARG_INT,
184 .opt.value = &enc_config.iter, 184 .opt.value = &cfg.iter,
185 }, 185 },
186 { 186 {
187 .name = "iv", 187 .name = "iv",
188 .argname = "IV", 188 .argname = "IV",
189 .desc = "IV to use, specified as a hexadecimal string", 189 .desc = "IV to use, specified as a hexadecimal string",
190 .type = OPTION_ARG, 190 .type = OPTION_ARG,
191 .opt.arg = &enc_config.hiv, 191 .opt.arg = &cfg.hiv,
192 }, 192 },
193 { 193 {
194 .name = "K", 194 .name = "K",
195 .argname = "key", 195 .argname = "key",
196 .desc = "Key to use, specified as a hexadecimal string", 196 .desc = "Key to use, specified as a hexadecimal string",
197 .type = OPTION_ARG, 197 .type = OPTION_ARG,
198 .opt.arg = &enc_config.hkey, 198 .opt.arg = &cfg.hkey,
199 }, 199 },
200 { 200 {
201 .name = "k", /* Superseded by -pass. */ 201 .name = "k", /* Superseded by -pass. */
202 .type = OPTION_ARG, 202 .type = OPTION_ARG,
203 .opt.arg = &enc_config.keystr, 203 .opt.arg = &cfg.keystr,
204 }, 204 },
205 { 205 {
206 .name = "kfile", /* Superseded by -pass. */ 206 .name = "kfile", /* Superseded by -pass. */
207 .type = OPTION_ARG, 207 .type = OPTION_ARG,
208 .opt.arg = &enc_config.keyfile, 208 .opt.arg = &cfg.keyfile,
209 }, 209 },
210 { 210 {
211 .name = "md", 211 .name = "md",
212 .argname = "digest", 212 .argname = "digest",
213 .desc = "Digest to use to create a key from the passphrase", 213 .desc = "Digest to use to create a key from the passphrase",
214 .type = OPTION_ARG, 214 .type = OPTION_ARG,
215 .opt.arg = &enc_config.md, 215 .opt.arg = &cfg.md,
216 }, 216 },
217 { 217 {
218 .name = "none", 218 .name = "none",
@@ -224,12 +224,12 @@ static const struct option enc_options[] = {
224 .name = "nopad", 224 .name = "nopad",
225 .desc = "Disable standard block padding", 225 .desc = "Disable standard block padding",
226 .type = OPTION_FLAG, 226 .type = OPTION_FLAG,
227 .opt.flag = &enc_config.nopad, 227 .opt.flag = &cfg.nopad,
228 }, 228 },
229 { 229 {
230 .name = "nosalt", 230 .name = "nosalt",
231 .type = OPTION_VALUE, 231 .type = OPTION_VALUE,
232 .opt.value = &enc_config.nosalt, 232 .opt.value = &cfg.nosalt,
233 .value = 1, 233 .value = 1,
234 }, 234 },
235 { 235 {
@@ -237,21 +237,21 @@ static const struct option enc_options[] = {
237 .argname = "file", 237 .argname = "file",
238 .desc = "Output file to write to (default stdout)", 238 .desc = "Output file to write to (default stdout)",
239 .type = OPTION_ARG, 239 .type = OPTION_ARG,
240 .opt.arg = &enc_config.outf, 240 .opt.arg = &cfg.outf,
241 }, 241 },
242 { 242 {
243 .name = "P", 243 .name = "P",
244 .desc = "Print out the salt, key and IV used, then exit\n" 244 .desc = "Print out the salt, key and IV used, then exit\n"
245 " (no encryption or decryption is performed)", 245 " (no encryption or decryption is performed)",
246 .type = OPTION_VALUE, 246 .type = OPTION_VALUE,
247 .opt.value = &enc_config.printkey, 247 .opt.value = &cfg.printkey,
248 .value = 2, 248 .value = 2,
249 }, 249 },
250 { 250 {
251 .name = "p", 251 .name = "p",
252 .desc = "Print out the salt, key and IV used", 252 .desc = "Print out the salt, key and IV used",
253 .type = OPTION_VALUE, 253 .type = OPTION_VALUE,
254 .opt.value = &enc_config.printkey, 254 .opt.value = &cfg.printkey,
255 .value = 1, 255 .value = 1,
256 }, 256 },
257 { 257 {
@@ -259,40 +259,40 @@ static const struct option enc_options[] = {
259 .argname = "source", 259 .argname = "source",
260 .desc = "Password source", 260 .desc = "Password source",
261 .type = OPTION_ARG, 261 .type = OPTION_ARG,
262 .opt.arg = &enc_config.passarg, 262 .opt.arg = &cfg.passarg,
263 }, 263 },
264 { 264 {
265 .name = "pbkdf2", 265 .name = "pbkdf2",
266 .desc = "Use the pbkdf2 key derivation function", 266 .desc = "Use the pbkdf2 key derivation function",
267 .type = OPTION_FLAG, 267 .type = OPTION_FLAG,
268 .opt.flag = &enc_config.pbkdf2, 268 .opt.flag = &cfg.pbkdf2,
269 }, 269 },
270 { 270 {
271 .name = "S", 271 .name = "S",
272 .argname = "salt", 272 .argname = "salt",
273 .desc = "Salt to use, specified as a hexadecimal string", 273 .desc = "Salt to use, specified as a hexadecimal string",
274 .type = OPTION_ARG, 274 .type = OPTION_ARG,
275 .opt.arg = &enc_config.hsalt, 275 .opt.arg = &cfg.hsalt,
276 }, 276 },
277 { 277 {
278 .name = "salt", 278 .name = "salt",
279 .desc = "Use a salt in the key derivation routines (default)", 279 .desc = "Use a salt in the key derivation routines (default)",
280 .type = OPTION_VALUE, 280 .type = OPTION_VALUE,
281 .opt.value = &enc_config.nosalt, 281 .opt.value = &cfg.nosalt,
282 .value = 0, 282 .value = 0,
283 }, 283 },
284 { 284 {
285 .name = "v", 285 .name = "v",
286 .desc = "Verbose", 286 .desc = "Verbose",
287 .type = OPTION_FLAG, 287 .type = OPTION_FLAG,
288 .opt.flag = &enc_config.verbose, 288 .opt.flag = &cfg.verbose,
289 }, 289 },
290#ifdef ZLIB 290#ifdef ZLIB
291 { 291 {
292 .name = "z", 292 .name = "z",
293 .desc = "Perform zlib compression/decompression", 293 .desc = "Perform zlib compression/decompression",
294 .type = OPTION_FLAG, 294 .type = OPTION_FLAG,
295 .opt.flag = &enc_config.do_zlib, 295 .opt.flag = &cfg.do_zlib,
296 }, 296 },
297#endif 297#endif
298 { 298 {
@@ -365,27 +365,27 @@ enc_main(int argc, char **argv)
365 exit(1); 365 exit(1);
366 } 366 }
367 367
368 memset(&enc_config, 0, sizeof(enc_config)); 368 memset(&cfg, 0, sizeof(cfg));
369 enc_config.enc = 1; 369 cfg.enc = 1;
370 370
371 /* first check the program name */ 371 /* first check the program name */
372 program_name(argv[0], pname, sizeof(pname)); 372 program_name(argv[0], pname, sizeof(pname));
373 373
374 if (strcmp(pname, "base64") == 0) 374 if (strcmp(pname, "base64") == 0)
375 enc_config.base64 = 1; 375 cfg.base64 = 1;
376 376
377#ifdef ZLIB 377#ifdef ZLIB
378 if (strcmp(pname, "zlib") == 0) 378 if (strcmp(pname, "zlib") == 0)
379 enc_config.do_zlib = 1; 379 cfg.do_zlib = 1;
380#endif 380#endif
381 381
382 enc_config.cipher = EVP_get_cipherbyname(pname); 382 cfg.cipher = EVP_get_cipherbyname(pname);
383 383
384#ifdef ZLIB 384#ifdef ZLIB
385 if (!enc_config.do_zlib && !enc_config.base64 && 385 if (!cfg.do_zlib && !cfg.base64 &&
386 enc_config.cipher == NULL && strcmp(pname, "enc") != 0) 386 cfg.cipher == NULL && strcmp(pname, "enc") != 0)
387#else 387#else
388 if (!enc_config.base64 && enc_config.cipher == NULL && 388 if (!cfg.base64 && cfg.cipher == NULL &&
389 strcmp(pname, "enc") != 0) 389 strcmp(pname, "enc") != 0)
390#endif 390#endif
391 { 391 {
@@ -398,20 +398,20 @@ enc_main(int argc, char **argv)
398 goto end; 398 goto end;
399 } 399 }
400 400
401 if (enc_config.keyfile != NULL) { 401 if (cfg.keyfile != NULL) {
402 static char buf[128]; 402 static char buf[128];
403 FILE *infile; 403 FILE *infile;
404 404
405 infile = fopen(enc_config.keyfile, "r"); 405 infile = fopen(cfg.keyfile, "r");
406 if (infile == NULL) { 406 if (infile == NULL) {
407 BIO_printf(bio_err, "unable to read key from '%s'\n", 407 BIO_printf(bio_err, "unable to read key from '%s'\n",
408 enc_config.keyfile); 408 cfg.keyfile);
409 goto end; 409 goto end;
410 } 410 }
411 buf[0] = '\0'; 411 buf[0] = '\0';
412 if (!fgets(buf, sizeof buf, infile)) { 412 if (!fgets(buf, sizeof buf, infile)) {
413 BIO_printf(bio_err, "unable to read key from '%s'\n", 413 BIO_printf(bio_err, "unable to read key from '%s'\n",
414 enc_config.keyfile); 414 cfg.keyfile);
415 fclose(infile); 415 fclose(infile);
416 goto end; 416 goto end;
417 } 417 }
@@ -425,34 +425,34 @@ enc_main(int argc, char **argv)
425 BIO_printf(bio_err, "zero length password\n"); 425 BIO_printf(bio_err, "zero length password\n");
426 goto end; 426 goto end;
427 } 427 }
428 enc_config.keystr = buf; 428 cfg.keystr = buf;
429 } 429 }
430 430
431 if (enc_config.cipher != NULL && 431 if (cfg.cipher != NULL &&
432 (EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { 432 (EVP_CIPHER_flags(cfg.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
433 BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); 433 BIO_printf(bio_err, "enc does not support AEAD ciphers\n");
434 goto end; 434 goto end;
435 } 435 }
436 436
437 if (enc_config.cipher != NULL && 437 if (cfg.cipher != NULL &&
438 EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) { 438 EVP_CIPHER_mode(cfg.cipher) == EVP_CIPH_XTS_MODE) {
439 BIO_printf(bio_err, "enc does not support XTS mode\n"); 439 BIO_printf(bio_err, "enc does not support XTS mode\n");
440 goto end; 440 goto end;
441 } 441 }
442 442
443 if (enc_config.md != NULL && 443 if (cfg.md != NULL &&
444 (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { 444 (dgst = EVP_get_digestbyname(cfg.md)) == NULL) {
445 BIO_printf(bio_err, 445 BIO_printf(bio_err,
446 "%s is an unsupported message digest type\n", 446 "%s is an unsupported message digest type\n",
447 enc_config.md); 447 cfg.md);
448 goto end; 448 goto end;
449 } 449 }
450 if (dgst == NULL) { 450 if (dgst == NULL) {
451 dgst = EVP_sha256(); 451 dgst = EVP_sha256();
452 } 452 }
453 453
454 if (enc_config.bufsize != NULL) { 454 if (cfg.bufsize != NULL) {
455 char *p = enc_config.bufsize; 455 char *p = cfg.bufsize;
456 unsigned long n; 456 unsigned long n;
457 457
458 /* XXX - provide an OPTION_ARG_DISKUNIT. */ 458 /* XXX - provide an OPTION_ARG_DISKUNIT. */
@@ -471,11 +471,11 @@ enc_main(int argc, char **argv)
471 goto end; 471 goto end;
472 } 472 }
473 /* It must be large enough for a base64 encoded line. */ 473 /* It must be large enough for a base64 encoded line. */
474 if (enc_config.base64 && n < 80) 474 if (cfg.base64 && n < 80)
475 n = 80; 475 n = 80;
476 476
477 bsize = (int)n; 477 bsize = (int)n;
478 if (enc_config.verbose) 478 if (cfg.verbose)
479 BIO_printf(bio_err, "bufsize=%d\n", bsize); 479 BIO_printf(bio_err, "bufsize=%d\n", bsize);
480 } 480 }
481 strbuf = malloc(SIZE); 481 strbuf = malloc(SIZE);
@@ -490,41 +490,41 @@ enc_main(int argc, char **argv)
490 ERR_print_errors(bio_err); 490 ERR_print_errors(bio_err);
491 goto end; 491 goto end;
492 } 492 }
493 if (enc_config.debug) { 493 if (cfg.debug) {
494 BIO_set_callback(in, BIO_debug_callback); 494 BIO_set_callback(in, BIO_debug_callback);
495 BIO_set_callback(out, BIO_debug_callback); 495 BIO_set_callback(out, BIO_debug_callback);
496 BIO_set_callback_arg(in, (char *) bio_err); 496 BIO_set_callback_arg(in, (char *) bio_err);
497 BIO_set_callback_arg(out, (char *) bio_err); 497 BIO_set_callback_arg(out, (char *) bio_err);
498 } 498 }
499 if (enc_config.inf == NULL) { 499 if (cfg.inf == NULL) {
500 if (enc_config.bufsize != NULL) 500 if (cfg.bufsize != NULL)
501 setvbuf(stdin, (char *) NULL, _IONBF, 0); 501 setvbuf(stdin, (char *) NULL, _IONBF, 0);
502 BIO_set_fp(in, stdin, BIO_NOCLOSE); 502 BIO_set_fp(in, stdin, BIO_NOCLOSE);
503 } else { 503 } else {
504 if (BIO_read_filename(in, enc_config.inf) <= 0) { 504 if (BIO_read_filename(in, cfg.inf) <= 0) {
505 perror(enc_config.inf); 505 perror(cfg.inf);
506 goto end; 506 goto end;
507 } 507 }
508 } 508 }
509 509
510 if (!enc_config.keystr && enc_config.passarg) { 510 if (!cfg.keystr && cfg.passarg) {
511 if (!app_passwd(bio_err, enc_config.passarg, NULL, 511 if (!app_passwd(bio_err, cfg.passarg, NULL,
512 &pass, NULL)) { 512 &pass, NULL)) {
513 BIO_printf(bio_err, "Error getting password\n"); 513 BIO_printf(bio_err, "Error getting password\n");
514 goto end; 514 goto end;
515 } 515 }
516 enc_config.keystr = pass; 516 cfg.keystr = pass;
517 } 517 }
518 if (enc_config.keystr == NULL && enc_config.cipher != NULL && 518 if (cfg.keystr == NULL && cfg.cipher != NULL &&
519 enc_config.hkey == NULL) { 519 cfg.hkey == NULL) {
520 for (;;) { 520 for (;;) {
521 char buf[200]; 521 char buf[200];
522 int retval; 522 int retval;
523 523
524 retval = snprintf(buf, sizeof buf, 524 retval = snprintf(buf, sizeof buf,
525 "enter %s %s password:", 525 "enter %s %s password:",
526 OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)), 526 OBJ_nid2ln(EVP_CIPHER_nid(cfg.cipher)),
527 enc_config.enc ? "encryption" : "decryption"); 527 cfg.enc ? "encryption" : "decryption");
528 if ((size_t)retval >= sizeof buf) { 528 if ((size_t)retval >= sizeof buf) {
529 BIO_printf(bio_err, 529 BIO_printf(bio_err,
530 "Password prompt too long\n"); 530 "Password prompt too long\n");
@@ -532,13 +532,13 @@ enc_main(int argc, char **argv)
532 } 532 }
533 strbuf[0] = '\0'; 533 strbuf[0] = '\0';
534 i = EVP_read_pw_string((char *)strbuf, SIZE, buf, 534 i = EVP_read_pw_string((char *)strbuf, SIZE, buf,
535 enc_config.enc); 535 cfg.enc);
536 if (i == 0) { 536 if (i == 0) {
537 if (strbuf[0] == '\0') { 537 if (strbuf[0] == '\0') {
538 ret = 1; 538 ret = 1;
539 goto end; 539 goto end;
540 } 540 }
541 enc_config.keystr = strbuf; 541 cfg.keystr = strbuf;
542 break; 542 break;
543 } 543 }
544 if (i < 0) { 544 if (i < 0) {
@@ -547,13 +547,13 @@ enc_main(int argc, char **argv)
547 } 547 }
548 } 548 }
549 } 549 }
550 if (enc_config.outf == NULL) { 550 if (cfg.outf == NULL) {
551 BIO_set_fp(out, stdout, BIO_NOCLOSE); 551 BIO_set_fp(out, stdout, BIO_NOCLOSE);
552 if (enc_config.bufsize != NULL) 552 if (cfg.bufsize != NULL)
553 setvbuf(stdout, (char *)NULL, _IONBF, 0); 553 setvbuf(stdout, (char *)NULL, _IONBF, 0);
554 } else { 554 } else {
555 if (BIO_write_filename(out, enc_config.outf) <= 0) { 555 if (BIO_write_filename(out, cfg.outf) <= 0) {
556 perror(enc_config.outf); 556 perror(cfg.outf);
557 goto end; 557 goto end;
558 } 558 }
559 } 559 }
@@ -572,38 +572,38 @@ enc_main(int argc, char **argv)
572 } 572 }
573#endif 573#endif
574 574
575 if (enc_config.base64) { 575 if (cfg.base64) {
576 if ((b64 = BIO_new(BIO_f_base64())) == NULL) 576 if ((b64 = BIO_new(BIO_f_base64())) == NULL)
577 goto end; 577 goto end;
578 if (enc_config.debug) { 578 if (cfg.debug) {
579 BIO_set_callback(b64, BIO_debug_callback); 579 BIO_set_callback(b64, BIO_debug_callback);
580 BIO_set_callback_arg(b64, (char *) bio_err); 580 BIO_set_callback_arg(b64, (char *) bio_err);
581 } 581 }
582 if (enc_config.olb64) 582 if (cfg.olb64)
583 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); 583 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
584 if (enc_config.enc) 584 if (cfg.enc)
585 wbio = BIO_push(b64, wbio); 585 wbio = BIO_push(b64, wbio);
586 else 586 else
587 rbio = BIO_push(b64, rbio); 587 rbio = BIO_push(b64, rbio);
588 } 588 }
589 if (enc_config.cipher != NULL) { 589 if (cfg.cipher != NULL) {
590 /* 590 /*
591 * Note that keystr is NULL if a key was passed on the command 591 * Note that keystr is NULL if a key was passed on the command
592 * line, so we get no salt in that case. Is this a bug? 592 * line, so we get no salt in that case. Is this a bug?
593 */ 593 */
594 if (enc_config.keystr != NULL) { 594 if (cfg.keystr != NULL) {
595 /* 595 /*
596 * Salt handling: if encrypting generate a salt and 596 * Salt handling: if encrypting generate a salt and
597 * write to output BIO. If decrypting read salt from 597 * write to output BIO. If decrypting read salt from
598 * input BIO. 598 * input BIO.
599 */ 599 */
600 unsigned char *sptr; 600 unsigned char *sptr;
601 if (enc_config.nosalt) 601 if (cfg.nosalt)
602 sptr = NULL; 602 sptr = NULL;
603 else { 603 else {
604 if (enc_config.enc) { 604 if (cfg.enc) {
605 if (enc_config.hsalt) { 605 if (cfg.hsalt) {
606 if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { 606 if (!set_hex(cfg.hsalt, salt, sizeof salt)) {
607 BIO_printf(bio_err, 607 BIO_printf(bio_err,
608 "invalid hex salt value\n"); 608 "invalid hex salt value\n");
609 goto end; 609 goto end;
@@ -615,7 +615,7 @@ enc_main(int argc, char **argv)
615 * If -P option then don't bother 615 * If -P option then don't bother
616 * writing 616 * writing
617 */ 617 */
618 if ((enc_config.printkey != 2) 618 if ((cfg.printkey != 2)
619 && (BIO_write(wbio, magic, 619 && (BIO_write(wbio, magic,
620 sizeof magic - 1) != sizeof magic - 1 620 sizeof magic - 1) != sizeof magic - 1
621 || BIO_write(wbio, 621 || BIO_write(wbio,
@@ -636,23 +636,23 @@ enc_main(int argc, char **argv)
636 } 636 }
637 sptr = salt; 637 sptr = salt;
638 } 638 }
639 if (enc_config.pbkdf2 == 1 || enc_config.iter > 0) { 639 if (cfg.pbkdf2 == 1 || cfg.iter > 0) {
640 /* 640 /*
641 * derive key and default iv 641 * derive key and default iv
642 * concatenated into a temporary buffer 642 * concatenated into a temporary buffer
643 */ 643 */
644 unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; 644 unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
645 int iklen = EVP_CIPHER_key_length(enc_config.cipher); 645 int iklen = EVP_CIPHER_key_length(cfg.cipher);
646 int ivlen = EVP_CIPHER_iv_length(enc_config.cipher); 646 int ivlen = EVP_CIPHER_iv_length(cfg.cipher);
647 /* not needed if HASH_UPDATE() is fixed : */ 647 /* not needed if HASH_UPDATE() is fixed : */
648 int islen = (sptr != NULL ? sizeof(salt) : 0); 648 int islen = (sptr != NULL ? sizeof(salt) : 0);
649 649
650 if (enc_config.iter == 0) 650 if (cfg.iter == 0)
651 enc_config.iter = 10000; 651 cfg.iter = 10000;
652 652
653 if (!PKCS5_PBKDF2_HMAC(enc_config.keystr, 653 if (!PKCS5_PBKDF2_HMAC(cfg.keystr,
654 strlen(enc_config.keystr), sptr, islen, 654 strlen(cfg.keystr), sptr, islen,
655 enc_config.iter, dgst, iklen+ivlen, tmpkeyiv)) { 655 cfg.iter, dgst, iklen+ivlen, tmpkeyiv)) {
656 BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); 656 BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
657 goto end; 657 goto end;
658 } 658 }
@@ -661,9 +661,9 @@ enc_main(int argc, char **argv)
661 memcpy(iv, tmpkeyiv + iklen, ivlen); 661 memcpy(iv, tmpkeyiv + iklen, ivlen);
662 explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); 662 explicit_bzero(tmpkeyiv, sizeof tmpkeyiv);
663 } else { 663 } else {
664 EVP_BytesToKey(enc_config.cipher, dgst, sptr, 664 EVP_BytesToKey(cfg.cipher, dgst, sptr,
665 (unsigned char *)enc_config.keystr, 665 (unsigned char *)cfg.keystr,
666 strlen(enc_config.keystr), 1, key, iv); 666 strlen(cfg.keystr), 1, key, iv);
667 } 667 }
668 668
669 /* 669 /*
@@ -671,19 +671,19 @@ enc_main(int argc, char **argv)
671 * the command line bug picked up by Larry J. Hughes 671 * the command line bug picked up by Larry J. Hughes
672 * Jr. <hughes@indiana.edu> 672 * Jr. <hughes@indiana.edu>
673 */ 673 */
674 if (enc_config.keystr == strbuf) 674 if (cfg.keystr == strbuf)
675 explicit_bzero(enc_config.keystr, SIZE); 675 explicit_bzero(cfg.keystr, SIZE);
676 else 676 else
677 explicit_bzero(enc_config.keystr, 677 explicit_bzero(cfg.keystr,
678 strlen(enc_config.keystr)); 678 strlen(cfg.keystr));
679 } 679 }
680 if (enc_config.hiv != NULL && 680 if (cfg.hiv != NULL &&
681 !set_hex(enc_config.hiv, iv, sizeof iv)) { 681 !set_hex(cfg.hiv, iv, sizeof iv)) {
682 BIO_printf(bio_err, "invalid hex iv value\n"); 682 BIO_printf(bio_err, "invalid hex iv value\n");
683 goto end; 683 goto end;
684 } 684 }
685 if (enc_config.hiv == NULL && enc_config.keystr == NULL && 685 if (cfg.hiv == NULL && cfg.keystr == NULL &&
686 EVP_CIPHER_iv_length(enc_config.cipher) != 0) { 686 EVP_CIPHER_iv_length(cfg.cipher) != 0) {
687 /* 687 /*
688 * No IV was explicitly set and no IV was generated 688 * No IV was explicitly set and no IV was generated
689 * during EVP_BytesToKey. Hence the IV is undefined, 689 * during EVP_BytesToKey. Hence the IV is undefined,
@@ -692,8 +692,8 @@ enc_main(int argc, char **argv)
692 BIO_printf(bio_err, "iv undefined\n"); 692 BIO_printf(bio_err, "iv undefined\n");
693 goto end; 693 goto end;
694 } 694 }
695 if (enc_config.hkey != NULL && 695 if (cfg.hkey != NULL &&
696 !set_hex(enc_config.hkey, key, sizeof key)) { 696 !set_hex(cfg.hkey, key, sizeof key)) {
697 BIO_printf(bio_err, "invalid hex key value\n"); 697 BIO_printf(bio_err, "invalid hex key value\n");
698 goto end; 698 goto end;
699 } 699 }
@@ -707,51 +707,51 @@ enc_main(int argc, char **argv)
707 707
708 BIO_get_cipher_ctx(benc, &ctx); 708 BIO_get_cipher_ctx(benc, &ctx);
709 709
710 if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, 710 if (!EVP_CipherInit_ex(ctx, cfg.cipher, NULL, NULL,
711 NULL, enc_config.enc)) { 711 NULL, cfg.enc)) {
712 BIO_printf(bio_err, "Error setting cipher %s\n", 712 BIO_printf(bio_err, "Error setting cipher %s\n",
713 EVP_CIPHER_name(enc_config.cipher)); 713 EVP_CIPHER_name(cfg.cipher));
714 ERR_print_errors(bio_err); 714 ERR_print_errors(bio_err);
715 goto end; 715 goto end;
716 } 716 }
717 if (enc_config.nopad) 717 if (cfg.nopad)
718 EVP_CIPHER_CTX_set_padding(ctx, 0); 718 EVP_CIPHER_CTX_set_padding(ctx, 0);
719 719
720 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 720 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv,
721 enc_config.enc)) { 721 cfg.enc)) {
722 BIO_printf(bio_err, "Error setting cipher %s\n", 722 BIO_printf(bio_err, "Error setting cipher %s\n",
723 EVP_CIPHER_name(enc_config.cipher)); 723 EVP_CIPHER_name(cfg.cipher));
724 ERR_print_errors(bio_err); 724 ERR_print_errors(bio_err);
725 goto end; 725 goto end;
726 } 726 }
727 if (enc_config.debug) { 727 if (cfg.debug) {
728 BIO_set_callback(benc, BIO_debug_callback); 728 BIO_set_callback(benc, BIO_debug_callback);
729 BIO_set_callback_arg(benc, (char *) bio_err); 729 BIO_set_callback_arg(benc, (char *) bio_err);
730 } 730 }
731 if (enc_config.printkey) { 731 if (cfg.printkey) {
732 int key_len, iv_len; 732 int key_len, iv_len;
733 733
734 if (!enc_config.nosalt) { 734 if (!cfg.nosalt) {
735 printf("salt="); 735 printf("salt=");
736 for (i = 0; i < (int) sizeof(salt); i++) 736 for (i = 0; i < (int) sizeof(salt); i++)
737 printf("%02X", salt[i]); 737 printf("%02X", salt[i]);
738 printf("\n"); 738 printf("\n");
739 } 739 }
740 key_len = EVP_CIPHER_key_length(enc_config.cipher); 740 key_len = EVP_CIPHER_key_length(cfg.cipher);
741 if (key_len > 0) { 741 if (key_len > 0) {
742 printf("key="); 742 printf("key=");
743 for (i = 0; i < key_len; i++) 743 for (i = 0; i < key_len; i++)
744 printf("%02X", key[i]); 744 printf("%02X", key[i]);
745 printf("\n"); 745 printf("\n");
746 } 746 }
747 iv_len = EVP_CIPHER_iv_length(enc_config.cipher); 747 iv_len = EVP_CIPHER_iv_length(cfg.cipher);
748 if (iv_len > 0) { 748 if (iv_len > 0) {
749 printf("iv ="); 749 printf("iv =");
750 for (i = 0; i < iv_len; i++) 750 for (i = 0; i < iv_len; i++)
751 printf("%02X", iv[i]); 751 printf("%02X", iv[i]);
752 printf("\n"); 752 printf("\n");
753 } 753 }
754 if (enc_config.printkey == 2) { 754 if (cfg.printkey == 2) {
755 ret = 0; 755 ret = 0;
756 goto end; 756 goto end;
757 } 757 }
@@ -775,7 +775,7 @@ enc_main(int argc, char **argv)
775 goto end; 775 goto end;
776 } 776 }
777 ret = 0; 777 ret = 0;
778 if (enc_config.verbose) { 778 if (cfg.verbose) {
779 BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); 779 BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
780 BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); 780 BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
781 } 781 }
diff --git a/src/usr.bin/openssl/errstr.c b/src/usr.bin/openssl/errstr.c
index 64f0141ba0..cb7cf1d5a3 100644
--- a/src/usr.bin/openssl/errstr.c
+++ b/src/usr.bin/openssl/errstr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: errstr.c,v 1.9 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: errstr.c,v 1.10 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -70,14 +70,14 @@
70 70
71static struct { 71static struct {
72 int stats; 72 int stats;
73} errstr_config; 73} cfg;
74 74
75static const struct option errstr_options[] = { 75static const struct option errstr_options[] = {
76 { 76 {
77 .name = "stats", 77 .name = "stats",
78 .desc = "Print debugging statistics for the hash table", 78 .desc = "Print debugging statistics for the hash table",
79 .type = OPTION_FLAG, 79 .type = OPTION_FLAG,
80 .opt.flag = &errstr_config.stats, 80 .opt.flag = &cfg.stats,
81 }, 81 },
82 { NULL }, 82 { NULL },
83}; 83};
@@ -103,14 +103,14 @@ errstr_main(int argc, char **argv)
103 exit(1); 103 exit(1);
104 } 104 }
105 105
106 memset(&errstr_config, 0, sizeof(errstr_config)); 106 memset(&cfg, 0, sizeof(cfg));
107 107
108 if (options_parse(argc, argv, errstr_options, NULL, &argsused) != 0) { 108 if (options_parse(argc, argv, errstr_options, NULL, &argsused) != 0) {
109 errstr_usage(); 109 errstr_usage();
110 return (1); 110 return (1);
111 } 111 }
112 112
113 if (errstr_config.stats) { 113 if (cfg.stats) {
114 BIO *out; 114 BIO *out;
115 115
116 if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) { 116 if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) {
diff --git a/src/usr.bin/openssl/gendh.c b/src/usr.bin/openssl/gendh.c
index b4e4f29111..b9dde3c773 100644
--- a/src/usr.bin/openssl/gendh.c
+++ b/src/usr.bin/openssl/gendh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gendh.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: gendh.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -89,7 +89,7 @@ static int dh_cb(int p, int n, BN_GENCB *cb);
89static struct { 89static struct {
90 int g; 90 int g;
91 char *outfile; 91 char *outfile;
92} gendh_config; 92} cfg;
93 93
94static const struct option gendh_options[] = { 94static const struct option gendh_options[] = {
95 { 95 {
@@ -98,21 +98,21 @@ static const struct option gendh_options[] = {
98 "(default)", 98 "(default)",
99 .type = OPTION_VALUE, 99 .type = OPTION_VALUE,
100 .value = 2, 100 .value = 2,
101 .opt.value = &gendh_config.g, 101 .opt.value = &cfg.g,
102 }, 102 },
103 { 103 {
104 .name = "5", 104 .name = "5",
105 .desc = "Generate DH parameters with a generator value of 5", 105 .desc = "Generate DH parameters with a generator value of 5",
106 .type = OPTION_VALUE, 106 .type = OPTION_VALUE,
107 .value = 5, 107 .value = 5,
108 .opt.value = &gendh_config.g, 108 .opt.value = &cfg.g,
109 }, 109 },
110 { 110 {
111 .name = "out", 111 .name = "out",
112 .argname = "file", 112 .argname = "file",
113 .desc = "Output file (default stdout)", 113 .desc = "Output file (default stdout)",
114 .type = OPTION_ARG, 114 .type = OPTION_ARG,
115 .opt.arg = &gendh_config.outfile, 115 .opt.arg = &cfg.outfile,
116 }, 116 },
117 { NULL }, 117 { NULL },
118}; 118};
@@ -146,9 +146,9 @@ gendh_main(int argc, char **argv)
146 146
147 BN_GENCB_set(cb, dh_cb, bio_err); 147 BN_GENCB_set(cb, dh_cb, bio_err);
148 148
149 memset(&gendh_config, 0, sizeof(gendh_config)); 149 memset(&cfg, 0, sizeof(cfg));
150 150
151 gendh_config.g = 2; 151 cfg.g = 2;
152 152
153 if (options_parse(argc, argv, gendh_options, &strbits, NULL) != 0) { 153 if (options_parse(argc, argv, gendh_options, &strbits, NULL) != 0) {
154 gendh_usage(); 154 gendh_usage();
@@ -169,21 +169,21 @@ gendh_main(int argc, char **argv)
169 ERR_print_errors(bio_err); 169 ERR_print_errors(bio_err);
170 goto end; 170 goto end;
171 } 171 }
172 if (gendh_config.outfile == NULL) { 172 if (cfg.outfile == NULL) {
173 BIO_set_fp(out, stdout, BIO_NOCLOSE); 173 BIO_set_fp(out, stdout, BIO_NOCLOSE);
174 } else { 174 } else {
175 if (BIO_write_filename(out, gendh_config.outfile) <= 0) { 175 if (BIO_write_filename(out, cfg.outfile) <= 0) {
176 perror(gendh_config.outfile); 176 perror(cfg.outfile);
177 goto end; 177 goto end;
178 } 178 }
179 } 179 }
180 180
181 BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime," 181 BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime,"
182 " generator %d\n", numbits, gendh_config.g); 182 " generator %d\n", numbits, cfg.g);
183 BIO_printf(bio_err, "This is going to take a long time\n"); 183 BIO_printf(bio_err, "This is going to take a long time\n");
184 184
185 if (((dh = DH_new()) == NULL) || 185 if (((dh = DH_new()) == NULL) ||
186 !DH_generate_parameters_ex(dh, numbits, gendh_config.g, cb)) 186 !DH_generate_parameters_ex(dh, numbits, cfg.g, cb))
187 goto end; 187 goto end;
188 188
189 if (!PEM_write_bio_DHparams(out, dh)) 189 if (!PEM_write_bio_DHparams(out, dh))
diff --git a/src/usr.bin/openssl/gendsa.c b/src/usr.bin/openssl/gendsa.c
index fa83ea2c67..00635c4551 100644
--- a/src/usr.bin/openssl/gendsa.c
+++ b/src/usr.bin/openssl/gendsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gendsa.c,v 1.16 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: gendsa.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -78,7 +78,7 @@ static struct {
78 const EVP_CIPHER *enc; 78 const EVP_CIPHER *enc;
79 char *outfile; 79 char *outfile;
80 char *passargout; 80 char *passargout;
81} gendsa_config; 81} cfg;
82 82
83static const EVP_CIPHER *get_cipher_by_name(char *name) 83static const EVP_CIPHER *get_cipher_by_name(char *name)
84{ 84{
@@ -122,7 +122,7 @@ set_enc(int argc, char **argv, int *argsused)
122 if (*name++ != '-') 122 if (*name++ != '-')
123 return (1); 123 return (1);
124 124
125 if ((gendsa_config.enc = get_cipher_by_name(name)) == NULL) 125 if ((cfg.enc = get_cipher_by_name(name)) == NULL)
126 return (1); 126 return (1);
127 127
128 *argsused = 1; 128 *argsused = 1;
@@ -197,14 +197,14 @@ static const struct option gendsa_options[] = {
197 .argname = "file", 197 .argname = "file",
198 .desc = "Output the key to 'file'", 198 .desc = "Output the key to 'file'",
199 .type = OPTION_ARG, 199 .type = OPTION_ARG,
200 .opt.arg = &gendsa_config.outfile, 200 .opt.arg = &cfg.outfile,
201 }, 201 },
202 { 202 {
203 .name = "passout", 203 .name = "passout",
204 .argname = "src", 204 .argname = "src",
205 .desc = "Output file passphrase source", 205 .desc = "Output file passphrase source",
206 .type = OPTION_ARG, 206 .type = OPTION_ARG,
207 .opt.arg = &gendsa_config.passargout, 207 .opt.arg = &cfg.passargout,
208 }, 208 },
209 { NULL }, 209 { NULL },
210}; 210};
@@ -234,7 +234,7 @@ gendsa_main(int argc, char **argv)
234 exit(1); 234 exit(1);
235 } 235 }
236 236
237 memset(&gendsa_config, 0, sizeof(gendsa_config)); 237 memset(&cfg, 0, sizeof(cfg));
238 238
239 if (options_parse(argc, argv, gendsa_options, &dsaparams, NULL) != 0) { 239 if (options_parse(argc, argv, gendsa_options, &dsaparams, NULL) != 0) {
240 gendsa_usage(); 240 gendsa_usage();
@@ -245,7 +245,7 @@ gendsa_main(int argc, char **argv)
245 gendsa_usage(); 245 gendsa_usage();
246 goto end; 246 goto end;
247 } 247 }
248 if (!app_passwd(bio_err, NULL, gendsa_config.passargout, NULL, 248 if (!app_passwd(bio_err, NULL, cfg.passargout, NULL,
249 &passout)) { 249 &passout)) {
250 BIO_printf(bio_err, "Error getting password\n"); 250 BIO_printf(bio_err, "Error getting password\n");
251 goto end; 251 goto end;
@@ -266,11 +266,11 @@ gendsa_main(int argc, char **argv)
266 if (out == NULL) 266 if (out == NULL)
267 goto end; 267 goto end;
268 268
269 if (gendsa_config.outfile == NULL) { 269 if (cfg.outfile == NULL) {
270 BIO_set_fp(out, stdout, BIO_NOCLOSE); 270 BIO_set_fp(out, stdout, BIO_NOCLOSE);
271 } else { 271 } else {
272 if (BIO_write_filename(out, gendsa_config.outfile) <= 0) { 272 if (BIO_write_filename(out, cfg.outfile) <= 0) {
273 perror(gendsa_config.outfile); 273 perror(cfg.outfile);
274 goto end; 274 goto end;
275 } 275 }
276 } 276 }
@@ -280,7 +280,7 @@ gendsa_main(int argc, char **argv)
280 if (!DSA_generate_key(dsa)) 280 if (!DSA_generate_key(dsa))
281 goto end; 281 goto end;
282 282
283 if (!PEM_write_bio_DSAPrivateKey(out, dsa, gendsa_config.enc, NULL, 0, 283 if (!PEM_write_bio_DSAPrivateKey(out, dsa, cfg.enc, NULL, 0,
284 NULL, passout)) 284 NULL, passout))
285 goto end; 285 goto end;
286 ret = 0; 286 ret = 0;
diff --git a/src/usr.bin/openssl/genpkey.c b/src/usr.bin/openssl/genpkey.c
index ce266f404c..e2445c1433 100644
--- a/src/usr.bin/openssl/genpkey.c
+++ b/src/usr.bin/openssl/genpkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: genpkey.c,v 1.15 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: genpkey.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -76,13 +76,13 @@ static struct {
76 int outformat; 76 int outformat;
77 char *passarg; 77 char *passarg;
78 int text; 78 int text;
79} genpkey_config; 79} cfg;
80 80
81static int 81static int
82genpkey_opt_algorithm(char *arg) 82genpkey_opt_algorithm(char *arg)
83{ 83{
84 if (!init_gen_str(bio_err, genpkey_config.ctx, arg, 84 if (!init_gen_str(bio_err, cfg.ctx, arg,
85 genpkey_config.do_param)) 85 cfg.do_param))
86 return (1); 86 return (1);
87 87
88 return (0); 88 return (0);
@@ -96,16 +96,16 @@ genpkey_opt_cipher(int argc, char **argv, int *argsused)
96 if (*name++ != '-') 96 if (*name++ != '-')
97 return (1); 97 return (1);
98 98
99 if (genpkey_config.do_param == 1) 99 if (cfg.do_param == 1)
100 return (1); 100 return (1);
101 101
102 if (strcmp(name, "none") == 0) { 102 if (strcmp(name, "none") == 0) {
103 genpkey_config.cipher = NULL; 103 cfg.cipher = NULL;
104 *argsused = 1; 104 *argsused = 1;
105 return (0); 105 return (0);
106 } 106 }
107 107
108 if ((genpkey_config.cipher = EVP_get_cipherbyname(name)) != NULL) { 108 if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) {
109 *argsused = 1; 109 *argsused = 1;
110 return (0); 110 return (0);
111 } 111 }
@@ -116,9 +116,9 @@ genpkey_opt_cipher(int argc, char **argv, int *argsused)
116static int 116static int
117genpkey_opt_paramfile(char *arg) 117genpkey_opt_paramfile(char *arg)
118{ 118{
119 if (genpkey_config.do_param == 1) 119 if (cfg.do_param == 1)
120 return (1); 120 return (1);
121 if (!init_keygen_file(bio_err, genpkey_config.ctx, arg)) 121 if (!init_keygen_file(bio_err, cfg.ctx, arg))
122 return (1); 122 return (1);
123 123
124 return (0); 124 return (0);
@@ -127,12 +127,12 @@ genpkey_opt_paramfile(char *arg)
127static int 127static int
128genpkey_opt_pkeyopt(char *arg) 128genpkey_opt_pkeyopt(char *arg)
129{ 129{
130 if (*genpkey_config.ctx == NULL) { 130 if (*cfg.ctx == NULL) {
131 BIO_puts(bio_err, "No keytype specified\n"); 131 BIO_puts(bio_err, "No keytype specified\n");
132 return (1); 132 return (1);
133 } 133 }
134 134
135 if (pkey_ctrl_string(*genpkey_config.ctx, arg) <= 0) { 135 if (pkey_ctrl_string(*cfg.ctx, arg) <= 0) {
136 BIO_puts(bio_err, "parameter setting error\n"); 136 BIO_puts(bio_err, "parameter setting error\n");
137 ERR_print_errors(bio_err); 137 ERR_print_errors(bio_err);
138 return (1); 138 return (1);
@@ -153,21 +153,21 @@ static const struct option genpkey_options[] = {
153 .name = "genparam", 153 .name = "genparam",
154 .desc = "Generate a set of parameters instead of a private key", 154 .desc = "Generate a set of parameters instead of a private key",
155 .type = OPTION_FLAG, 155 .type = OPTION_FLAG,
156 .opt.flag = &genpkey_config.do_param, 156 .opt.flag = &cfg.do_param,
157 }, 157 },
158 { 158 {
159 .name = "out", 159 .name = "out",
160 .argname = "file", 160 .argname = "file",
161 .desc = "Output file to write to (default stdout)", 161 .desc = "Output file to write to (default stdout)",
162 .type = OPTION_ARG, 162 .type = OPTION_ARG,
163 .opt.arg = &genpkey_config.outfile, 163 .opt.arg = &cfg.outfile,
164 }, 164 },
165 { 165 {
166 .name = "outform", 166 .name = "outform",
167 .argname = "format", 167 .argname = "format",
168 .desc = "Output format (DER or PEM)", 168 .desc = "Output format (DER or PEM)",
169 .type = OPTION_ARG_FORMAT, 169 .type = OPTION_ARG_FORMAT,
170 .opt.value = &genpkey_config.outformat, 170 .opt.value = &cfg.outformat,
171 }, 171 },
172 { 172 {
173 .name = "paramfile", 173 .name = "paramfile",
@@ -182,7 +182,7 @@ static const struct option genpkey_options[] = {
182 .argname = "arg", 182 .argname = "arg",
183 .desc = "Output file password source", 183 .desc = "Output file password source",
184 .type = OPTION_ARG, 184 .type = OPTION_ARG,
185 .opt.arg = &genpkey_config.passarg, 185 .opt.arg = &cfg.passarg,
186 }, 186 },
187 { 187 {
188 .name = "pkeyopt", 188 .name = "pkeyopt",
@@ -195,7 +195,7 @@ static const struct option genpkey_options[] = {
195 .name = "text", 195 .name = "text",
196 .desc = "Print the private/public key in human readable form", 196 .desc = "Print the private/public key in human readable form",
197 .type = OPTION_FLAG, 197 .type = OPTION_FLAG,
198 .opt.flag = &genpkey_config.text, 198 .opt.flag = &cfg.text,
199 }, 199 },
200 { 200 {
201 .name = NULL, 201 .name = NULL,
@@ -229,9 +229,9 @@ genpkey_main(int argc, char **argv)
229 exit(1); 229 exit(1);
230 } 230 }
231 231
232 memset(&genpkey_config, 0, sizeof(genpkey_config)); 232 memset(&cfg, 0, sizeof(cfg));
233 genpkey_config.ctx = &ctx; 233 cfg.ctx = &ctx;
234 genpkey_config.outformat = FORMAT_PEM; 234 cfg.outformat = FORMAT_PEM;
235 235
236 if (options_parse(argc, argv, genpkey_options, NULL, NULL) != 0) { 236 if (options_parse(argc, argv, genpkey_options, NULL, NULL) != 0) {
237 genpkey_usage(); 237 genpkey_usage();
@@ -243,15 +243,15 @@ genpkey_main(int argc, char **argv)
243 goto end; 243 goto end;
244 } 244 }
245 245
246 if (!app_passwd(bio_err, genpkey_config.passarg, NULL, &pass, NULL)) { 246 if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) {
247 BIO_puts(bio_err, "Error getting password\n"); 247 BIO_puts(bio_err, "Error getting password\n");
248 goto end; 248 goto end;
249 } 249 }
250 if (genpkey_config.outfile != NULL) { 250 if (cfg.outfile != NULL) {
251 if ((out = BIO_new_file(genpkey_config.outfile, "wb")) == 251 if ((out = BIO_new_file(cfg.outfile, "wb")) ==
252 NULL) { 252 NULL) {
253 BIO_printf(bio_err, "Can't open output file %s\n", 253 BIO_printf(bio_err, "Can't open output file %s\n",
254 genpkey_config.outfile); 254 cfg.outfile);
255 goto end; 255 goto end;
256 } 256 }
257 } else { 257 } else {
@@ -261,7 +261,7 @@ genpkey_main(int argc, char **argv)
261 EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); 261 EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
262 EVP_PKEY_CTX_set_app_data(ctx, bio_err); 262 EVP_PKEY_CTX_set_app_data(ctx, bio_err);
263 263
264 if (genpkey_config.do_param) { 264 if (cfg.do_param) {
265 if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) { 265 if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
266 BIO_puts(bio_err, "Error generating parameters\n"); 266 BIO_puts(bio_err, "Error generating parameters\n");
267 ERR_print_errors(bio_err); 267 ERR_print_errors(bio_err);
@@ -275,12 +275,12 @@ genpkey_main(int argc, char **argv)
275 } 275 }
276 } 276 }
277 277
278 if (genpkey_config.do_param) 278 if (cfg.do_param)
279 rv = PEM_write_bio_Parameters(out, pkey); 279 rv = PEM_write_bio_Parameters(out, pkey);
280 else if (genpkey_config.outformat == FORMAT_PEM) 280 else if (cfg.outformat == FORMAT_PEM)
281 rv = PEM_write_bio_PrivateKey(out, pkey, genpkey_config.cipher, 281 rv = PEM_write_bio_PrivateKey(out, pkey, cfg.cipher,
282 NULL, 0, NULL, pass); 282 NULL, 0, NULL, pass);
283 else if (genpkey_config.outformat == FORMAT_ASN1) 283 else if (cfg.outformat == FORMAT_ASN1)
284 rv = i2d_PrivateKey_bio(out, pkey); 284 rv = i2d_PrivateKey_bio(out, pkey);
285 else { 285 else {
286 BIO_printf(bio_err, "Bad format specified for key\n"); 286 BIO_printf(bio_err, "Bad format specified for key\n");
@@ -291,8 +291,8 @@ genpkey_main(int argc, char **argv)
291 BIO_puts(bio_err, "Error writing key\n"); 291 BIO_puts(bio_err, "Error writing key\n");
292 ERR_print_errors(bio_err); 292 ERR_print_errors(bio_err);
293 } 293 }
294 if (genpkey_config.text) { 294 if (cfg.text) {
295 if (genpkey_config.do_param) 295 if (cfg.do_param)
296 rv = EVP_PKEY_print_params(out, pkey, 0, NULL); 296 rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
297 else 297 else
298 rv = EVP_PKEY_print_private(out, pkey, 0, NULL); 298 rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
diff --git a/src/usr.bin/openssl/genrsa.c b/src/usr.bin/openssl/genrsa.c
index e1628a682e..0b5323fa5f 100644
--- a/src/usr.bin/openssl/genrsa.c
+++ b/src/usr.bin/openssl/genrsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: genrsa.c,v 1.21 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: genrsa.c,v 1.22 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -90,7 +90,7 @@ static struct {
90 unsigned long f4; 90 unsigned long f4;
91 char *outfile; 91 char *outfile;
92 char *passargout; 92 char *passargout;
93} genrsa_config; 93} cfg;
94 94
95static int 95static int
96set_public_exponent(int argc, char **argv, int *argsused) 96set_public_exponent(int argc, char **argv, int *argsused)
@@ -98,9 +98,9 @@ set_public_exponent(int argc, char **argv, int *argsused)
98 char *option = argv[0]; 98 char *option = argv[0];
99 99
100 if (strcmp(option, "-3") == 0) 100 if (strcmp(option, "-3") == 0)
101 genrsa_config.f4 = 3; 101 cfg.f4 = 3;
102 else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0) 102 else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0)
103 genrsa_config.f4 = RSA_F4; 103 cfg.f4 = RSA_F4;
104 else 104 else
105 return (1); 105 return (1);
106 106
@@ -150,7 +150,7 @@ set_enc(int argc, char **argv, int *argsused)
150 if (*name++ != '-') 150 if (*name++ != '-')
151 return (1); 151 return (1);
152 152
153 if ((genrsa_config.enc = get_cipher_by_name(name)) == NULL) 153 if ((cfg.enc = get_cipher_by_name(name)) == NULL)
154 return (1); 154 return (1);
155 155
156 *argsused = 1; 156 *argsused = 1;
@@ -243,14 +243,14 @@ static const struct option genrsa_options[] = {
243 .argname = "file", 243 .argname = "file",
244 .desc = "Output the key to 'file'", 244 .desc = "Output the key to 'file'",
245 .type = OPTION_ARG, 245 .type = OPTION_ARG,
246 .opt.arg = &genrsa_config.outfile, 246 .opt.arg = &cfg.outfile,
247 }, 247 },
248 { 248 {
249 .name = "passout", 249 .name = "passout",
250 .argname = "arg", 250 .argname = "arg",
251 .desc = "Output file passphrase source", 251 .desc = "Output file passphrase source",
252 .type = OPTION_ARG, 252 .type = OPTION_ARG,
253 .opt.arg = &genrsa_config.passargout, 253 .opt.arg = &cfg.passargout,
254 }, 254 },
255 { NULL }, 255 { NULL },
256}; 256};
@@ -300,8 +300,8 @@ genrsa_main(int argc, char **argv)
300 goto err; 300 goto err;
301 } 301 }
302 302
303 memset(&genrsa_config, 0, sizeof(genrsa_config)); 303 memset(&cfg, 0, sizeof(cfg));
304 genrsa_config.f4 = RSA_F4; 304 cfg.f4 = RSA_F4;
305 305
306 if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) { 306 if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) {
307 genrsa_usage(); 307 genrsa_usage();
@@ -314,17 +314,17 @@ genrsa_main(int argc, char **argv)
314 goto err; 314 goto err;
315 } 315 }
316 316
317 if (!app_passwd(bio_err, NULL, genrsa_config.passargout, NULL, 317 if (!app_passwd(bio_err, NULL, cfg.passargout, NULL,
318 &passout)) { 318 &passout)) {
319 BIO_printf(bio_err, "Error getting password\n"); 319 BIO_printf(bio_err, "Error getting password\n");
320 goto err; 320 goto err;
321 } 321 }
322 322
323 if (genrsa_config.outfile == NULL) { 323 if (cfg.outfile == NULL) {
324 BIO_set_fp(out, stdout, BIO_NOCLOSE); 324 BIO_set_fp(out, stdout, BIO_NOCLOSE);
325 } else { 325 } else {
326 if (BIO_write_filename(out, genrsa_config.outfile) <= 0) { 326 if (BIO_write_filename(out, cfg.outfile) <= 0) {
327 perror(genrsa_config.outfile); 327 perror(cfg.outfile);
328 goto err; 328 goto err;
329 } 329 }
330 } 330 }
@@ -335,7 +335,7 @@ genrsa_main(int argc, char **argv)
335 if (!rsa) 335 if (!rsa)
336 goto err; 336 goto err;
337 337
338 if (!BN_set_word(bn, genrsa_config.f4) || 338 if (!BN_set_word(bn, cfg.f4) ||
339 !RSA_generate_key_ex(rsa, num, bn, cb)) 339 !RSA_generate_key_ex(rsa, num, bn, cb))
340 goto err; 340 goto err;
341 341
@@ -348,8 +348,8 @@ genrsa_main(int argc, char **argv)
348 { 348 {
349 PW_CB_DATA cb_data; 349 PW_CB_DATA cb_data;
350 cb_data.password = passout; 350 cb_data.password = passout;
351 cb_data.prompt_info = genrsa_config.outfile; 351 cb_data.prompt_info = cfg.outfile;
352 if (!PEM_write_bio_RSAPrivateKey(out, rsa, genrsa_config.enc, 352 if (!PEM_write_bio_RSAPrivateKey(out, rsa, cfg.enc,
353 NULL, 0, password_callback, &cb_data)) 353 NULL, 0, password_callback, &cb_data))
354 goto err; 354 goto err;
355 } 355 }
diff --git a/src/usr.bin/openssl/nseq.c b/src/usr.bin/openssl/nseq.c
index 7be116e67b..fb0dda5dca 100644
--- a/src/usr.bin/openssl/nseq.c
+++ b/src/usr.bin/openssl/nseq.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: nseq.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: nseq.c,v 1.11 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -68,7 +68,7 @@ static struct {
68 char *infile; 68 char *infile;
69 char *outfile; 69 char *outfile;
70 int toseq; 70 int toseq;
71} nseq_config; 71} cfg;
72 72
73static const struct option nseq_options[] = { 73static const struct option nseq_options[] = {
74 { 74 {
@@ -76,20 +76,20 @@ static const struct option nseq_options[] = {
76 .argname = "file", 76 .argname = "file",
77 .desc = "Input file to read from (default stdin)", 77 .desc = "Input file to read from (default stdin)",
78 .type = OPTION_ARG, 78 .type = OPTION_ARG,
79 .opt.arg = &nseq_config.infile, 79 .opt.arg = &cfg.infile,
80 }, 80 },
81 { 81 {
82 .name = "out", 82 .name = "out",
83 .argname = "file", 83 .argname = "file",
84 .desc = "Output file to write to (default stdout)", 84 .desc = "Output file to write to (default stdout)",
85 .type = OPTION_ARG, 85 .type = OPTION_ARG,
86 .opt.arg = &nseq_config.outfile, 86 .opt.arg = &cfg.outfile,
87 }, 87 },
88 { 88 {
89 .name = "toseq", 89 .name = "toseq",
90 .desc = "Convert certificates to Netscape certificate sequence", 90 .desc = "Convert certificates to Netscape certificate sequence",
91 .type = OPTION_FLAG, 91 .type = OPTION_FLAG,
92 .opt.flag = &nseq_config.toseq, 92 .opt.flag = &cfg.toseq,
93 }, 93 },
94 { NULL }, 94 { NULL },
95}; 95};
@@ -114,39 +114,39 @@ nseq_main(int argc, char **argv)
114 exit(1); 114 exit(1);
115 } 115 }
116 116
117 memset(&nseq_config, 0, sizeof(nseq_config)); 117 memset(&cfg, 0, sizeof(cfg));
118 118
119 if (options_parse(argc, argv, nseq_options, NULL, NULL) != 0) { 119 if (options_parse(argc, argv, nseq_options, NULL, NULL) != 0) {
120 nseq_usage(); 120 nseq_usage();
121 return (1); 121 return (1);
122 } 122 }
123 123
124 if (nseq_config.infile) { 124 if (cfg.infile) {
125 if (!(in = BIO_new_file(nseq_config.infile, "r"))) { 125 if (!(in = BIO_new_file(cfg.infile, "r"))) {
126 BIO_printf(bio_err, 126 BIO_printf(bio_err,
127 "Can't open input file %s\n", nseq_config.infile); 127 "Can't open input file %s\n", cfg.infile);
128 goto end; 128 goto end;
129 } 129 }
130 } else 130 } else
131 in = BIO_new_fp(stdin, BIO_NOCLOSE); 131 in = BIO_new_fp(stdin, BIO_NOCLOSE);
132 132
133 if (nseq_config.outfile) { 133 if (cfg.outfile) {
134 if (!(out = BIO_new_file(nseq_config.outfile, "w"))) { 134 if (!(out = BIO_new_file(cfg.outfile, "w"))) {
135 BIO_printf(bio_err, 135 BIO_printf(bio_err,
136 "Can't open output file %s\n", nseq_config.outfile); 136 "Can't open output file %s\n", cfg.outfile);
137 goto end; 137 goto end;
138 } 138 }
139 } else { 139 } else {
140 out = BIO_new_fp(stdout, BIO_NOCLOSE); 140 out = BIO_new_fp(stdout, BIO_NOCLOSE);
141 } 141 }
142 if (nseq_config.toseq) { 142 if (cfg.toseq) {
143 seq = NETSCAPE_CERT_SEQUENCE_new(); 143 seq = NETSCAPE_CERT_SEQUENCE_new();
144 seq->certs = sk_X509_new_null(); 144 seq->certs = sk_X509_new_null();
145 while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 145 while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
146 sk_X509_push(seq->certs, x509); 146 sk_X509_push(seq->certs, x509);
147 147
148 if (!sk_X509_num(seq->certs)) { 148 if (!sk_X509_num(seq->certs)) {
149 BIO_printf(bio_err, "Error reading certs file %s\n", nseq_config.infile); 149 BIO_printf(bio_err, "Error reading certs file %s\n", cfg.infile);
150 ERR_print_errors(bio_err); 150 ERR_print_errors(bio_err);
151 goto end; 151 goto end;
152 } 152 }
@@ -155,7 +155,7 @@ nseq_main(int argc, char **argv)
155 goto end; 155 goto end;
156 } 156 }
157 if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { 157 if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
158 BIO_printf(bio_err, "Error reading sequence file %s\n", nseq_config.infile); 158 BIO_printf(bio_err, "Error reading sequence file %s\n", cfg.infile);
159 ERR_print_errors(bio_err); 159 ERR_print_errors(bio_err);
160 goto end; 160 goto end;
161 } 161 }
diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c
index 026bd49b0a..cc942a459c 100644
--- a/src/usr.bin/openssl/ocsp.c
+++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocsp.c,v 1.22 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: ocsp.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -143,27 +143,27 @@ static struct {
143 int use_ssl; 143 int use_ssl;
144 char *verify_certfile; 144 char *verify_certfile;
145 unsigned long verify_flags; 145 unsigned long verify_flags;
146} ocsp_config; 146} cfg;
147 147
148static int 148static int
149ocsp_opt_cert(char *arg) 149ocsp_opt_cert(char *arg)
150{ 150{
151 X509_free(ocsp_config.cert); 151 X509_free(cfg.cert);
152 ocsp_config.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL, 152 cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL,
153 "certificate"); 153 "certificate");
154 if (ocsp_config.cert == NULL) { 154 if (cfg.cert == NULL) {
155 ocsp_config.no_usage = 1; 155 cfg.no_usage = 1;
156 return (1); 156 return (1);
157 } 157 }
158 if (ocsp_config.cert_id_md == NULL) 158 if (cfg.cert_id_md == NULL)
159 ocsp_config.cert_id_md = EVP_sha1(); 159 cfg.cert_id_md = EVP_sha1();
160 if (!add_ocsp_cert(&ocsp_config.req, ocsp_config.cert, 160 if (!add_ocsp_cert(&cfg.req, cfg.cert,
161 ocsp_config.cert_id_md, ocsp_config.issuer, ocsp_config.ids)) { 161 cfg.cert_id_md, cfg.issuer, cfg.ids)) {
162 ocsp_config.no_usage = 1; 162 cfg.no_usage = 1;
163 return (1); 163 return (1);
164 } 164 }
165 if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { 165 if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) {
166 ocsp_config.no_usage = 1; 166 cfg.no_usage = 1;
167 return (1); 167 return (1);
168 } 168 }
169 return (0); 169 return (0);
@@ -177,7 +177,7 @@ ocsp_opt_cert_id_md(int argc, char **argv, int *argsused)
177 if (*name++ != '-') 177 if (*name++ != '-')
178 return (1); 178 return (1);
179 179
180 if ((ocsp_config.cert_id_md = EVP_get_digestbyname(name)) == NULL) 180 if ((cfg.cert_id_md = EVP_get_digestbyname(name)) == NULL)
181 return (1); 181 return (1);
182 182
183 *argsused = 1; 183 *argsused = 1;
@@ -190,8 +190,8 @@ ocsp_opt_header(int argc, char **argv, int *argsused)
190 if (argc < 3 || argv[1] == NULL || argv[2] == NULL) 190 if (argc < 3 || argv[1] == NULL || argv[2] == NULL)
191 return (1); 191 return (1);
192 192
193 if (!X509V3_add_value(argv[1], argv[2], &ocsp_config.headers)) { 193 if (!X509V3_add_value(argv[1], argv[2], &cfg.headers)) {
194 ocsp_config.no_usage = 1; 194 cfg.no_usage = 1;
195 return (1); 195 return (1);
196 } 196 }
197 197
@@ -202,21 +202,21 @@ ocsp_opt_header(int argc, char **argv, int *argsused)
202static int 202static int
203ocsp_opt_host(char *arg) 203ocsp_opt_host(char *arg)
204{ 204{
205 if (ocsp_config.use_ssl != -1) 205 if (cfg.use_ssl != -1)
206 return (1); 206 return (1);
207 207
208 ocsp_config.host = arg; 208 cfg.host = arg;
209 return (0); 209 return (0);
210} 210}
211 211
212static int 212static int
213ocsp_opt_issuer(char *arg) 213ocsp_opt_issuer(char *arg)
214{ 214{
215 X509_free(ocsp_config.issuer); 215 X509_free(cfg.issuer);
216 ocsp_config.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL, 216 cfg.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL,
217 "issuer certificate"); 217 "issuer certificate");
218 if (ocsp_config.issuer == NULL) { 218 if (cfg.issuer == NULL) {
219 ocsp_config.no_usage = 1; 219 cfg.no_usage = 1;
220 return (1); 220 return (1);
221 } 221 }
222 return (0); 222 return (0);
@@ -227,7 +227,7 @@ ocsp_opt_ndays(char *arg)
227{ 227{
228 const char *errstr = NULL; 228 const char *errstr = NULL;
229 229
230 ocsp_config.ndays = strtonum(arg, 0, INT_MAX, &errstr); 230 cfg.ndays = strtonum(arg, 0, INT_MAX, &errstr);
231 if (errstr != NULL) { 231 if (errstr != NULL) {
232 BIO_printf(bio_err, "Illegal update period %s: %s\n", 232 BIO_printf(bio_err, "Illegal update period %s: %s\n",
233 arg, errstr); 233 arg, errstr);
@@ -241,17 +241,17 @@ ocsp_opt_nmin(char *arg)
241{ 241{
242 const char *errstr = NULL; 242 const char *errstr = NULL;
243 243
244 ocsp_config.nmin = strtonum(arg, 0, INT_MAX, &errstr); 244 cfg.nmin = strtonum(arg, 0, INT_MAX, &errstr);
245 if (errstr != NULL) { 245 if (errstr != NULL) {
246 BIO_printf(bio_err, "Illegal update period %s: %s\n", 246 BIO_printf(bio_err, "Illegal update period %s: %s\n",
247 arg, errstr); 247 arg, errstr);
248 return (1); 248 return (1);
249 } 249 }
250 250
251 if (ocsp_config.ndays != -1) 251 if (cfg.ndays != -1)
252 return (1); 252 return (1);
253 253
254 ocsp_config.ndays = 0; 254 cfg.ndays = 0;
255 return (0); 255 return (0);
256} 256}
257 257
@@ -260,7 +260,7 @@ ocsp_opt_nrequest(char *arg)
260{ 260{
261 const char *errstr = NULL; 261 const char *errstr = NULL;
262 262
263 ocsp_config.accept_count = strtonum(arg, 0, INT_MAX, &errstr); 263 cfg.accept_count = strtonum(arg, 0, INT_MAX, &errstr);
264 if (errstr != NULL) { 264 if (errstr != NULL) {
265 BIO_printf(bio_err, "Illegal accept count %s: %s\n", 265 BIO_printf(bio_err, "Illegal accept count %s: %s\n",
266 arg, errstr); 266 arg, errstr);
@@ -272,25 +272,25 @@ ocsp_opt_nrequest(char *arg)
272static int 272static int
273ocsp_opt_port(char *arg) 273ocsp_opt_port(char *arg)
274{ 274{
275 if (ocsp_config.use_ssl != -1) 275 if (cfg.use_ssl != -1)
276 return (1); 276 return (1);
277 277
278 ocsp_config.port = arg; 278 cfg.port = arg;
279 return (0); 279 return (0);
280} 280}
281 281
282static int 282static int
283ocsp_opt_serial(char *arg) 283ocsp_opt_serial(char *arg)
284{ 284{
285 if (ocsp_config.cert_id_md == NULL) 285 if (cfg.cert_id_md == NULL)
286 ocsp_config.cert_id_md = EVP_sha1(); 286 cfg.cert_id_md = EVP_sha1();
287 if (!add_ocsp_serial(&ocsp_config.req, arg, ocsp_config.cert_id_md, 287 if (!add_ocsp_serial(&cfg.req, arg, cfg.cert_id_md,
288 ocsp_config.issuer, ocsp_config.ids)) { 288 cfg.issuer, cfg.ids)) {
289 ocsp_config.no_usage = 1; 289 cfg.no_usage = 1;
290 return (1); 290 return (1);
291 } 291 }
292 if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { 292 if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) {
293 ocsp_config.no_usage = 1; 293 cfg.no_usage = 1;
294 return (1); 294 return (1);
295 } 295 }
296 return (0); 296 return (0);
@@ -301,7 +301,7 @@ ocsp_opt_status_age(char *arg)
301{ 301{
302 const char *errstr = NULL; 302 const char *errstr = NULL;
303 303
304 ocsp_config.maxage = strtonum(arg, 0, LONG_MAX, &errstr); 304 cfg.maxage = strtonum(arg, 0, LONG_MAX, &errstr);
305 if (errstr != NULL) { 305 if (errstr != NULL) {
306 BIO_printf(bio_err, "Illegal validity age %s: %s\n", 306 BIO_printf(bio_err, "Illegal validity age %s: %s\n",
307 arg, errstr); 307 arg, errstr);
@@ -313,8 +313,8 @@ ocsp_opt_status_age(char *arg)
313static int 313static int
314ocsp_opt_text(void) 314ocsp_opt_text(void)
315{ 315{
316 ocsp_config.req_text = 1; 316 cfg.req_text = 1;
317 ocsp_config.resp_text = 1; 317 cfg.resp_text = 1;
318 return (0); 318 return (0);
319} 319}
320 320
@@ -323,7 +323,7 @@ ocsp_opt_timeout(char *arg)
323{ 323{
324 const char *errstr = NULL; 324 const char *errstr = NULL;
325 325
326 ocsp_config.req_timeout = strtonum(arg, 0, INT_MAX, &errstr); 326 cfg.req_timeout = strtonum(arg, 0, INT_MAX, &errstr);
327 if (errstr != NULL) { 327 if (errstr != NULL) {
328 BIO_printf(bio_err, "Illegal timeout value %s: %s\n", 328 BIO_printf(bio_err, "Illegal timeout value %s: %s\n",
329 arg, errstr); 329 arg, errstr);
@@ -335,10 +335,10 @@ ocsp_opt_timeout(char *arg)
335static int 335static int
336ocsp_opt_url(char *arg) 336ocsp_opt_url(char *arg)
337{ 337{
338 if (ocsp_config.host == NULL && ocsp_config.port == NULL && 338 if (cfg.host == NULL && cfg.port == NULL &&
339 ocsp_config.path == NULL) { 339 cfg.path == NULL) {
340 if (!OCSP_parse_url(arg, &ocsp_config.host, &ocsp_config.port, 340 if (!OCSP_parse_url(arg, &cfg.host, &cfg.port,
341 &ocsp_config.path, &ocsp_config.use_ssl)) { 341 &cfg.path, &cfg.use_ssl)) {
342 BIO_printf(bio_err, "Error parsing URL\n"); 342 BIO_printf(bio_err, "Error parsing URL\n");
343 return (1); 343 return (1);
344 } 344 }
@@ -349,8 +349,8 @@ ocsp_opt_url(char *arg)
349static int 349static int
350ocsp_opt_vafile(char *arg) 350ocsp_opt_vafile(char *arg)
351{ 351{
352 ocsp_config.verify_certfile = arg; 352 cfg.verify_certfile = arg;
353 ocsp_config.verify_flags |= OCSP_TRUSTOTHER; 353 cfg.verify_flags |= OCSP_TRUSTOTHER;
354 return (0); 354 return (0);
355} 355}
356 356
@@ -359,7 +359,7 @@ ocsp_opt_validity_period(char *arg)
359{ 359{
360 const char *errstr = NULL; 360 const char *errstr = NULL;
361 361
362 ocsp_config.nsec = strtonum(arg, 0, LONG_MAX, &errstr); 362 cfg.nsec = strtonum(arg, 0, LONG_MAX, &errstr);
363 if (errstr != NULL) { 363 if (errstr != NULL) {
364 BIO_printf(bio_err, "Illegal validity period %s: %s\n", 364 BIO_printf(bio_err, "Illegal validity period %s: %s\n",
365 arg, errstr); 365 arg, errstr);
@@ -374,21 +374,21 @@ static const struct option ocsp_options[] = {
374 .argname = "file", 374 .argname = "file",
375 .desc = "CA certificate corresponding to the revocation information", 375 .desc = "CA certificate corresponding to the revocation information",
376 .type = OPTION_ARG, 376 .type = OPTION_ARG,
377 .opt.arg = &ocsp_config.rca_filename, 377 .opt.arg = &cfg.rca_filename,
378 }, 378 },
379 { 379 {
380 .name = "CAfile", 380 .name = "CAfile",
381 .argname = "file", 381 .argname = "file",
382 .desc = "Trusted certificates file", 382 .desc = "Trusted certificates file",
383 .type = OPTION_ARG, 383 .type = OPTION_ARG,
384 .opt.arg = &ocsp_config.CAfile, 384 .opt.arg = &cfg.CAfile,
385 }, 385 },
386 { 386 {
387 .name = "CApath", 387 .name = "CApath",
388 .argname = "directory", 388 .argname = "directory",
389 .desc = "Trusted certificates directory", 389 .desc = "Trusted certificates directory",
390 .type = OPTION_ARG, 390 .type = OPTION_ARG,
391 .opt.arg = &ocsp_config.CApath, 391 .opt.arg = &cfg.CApath,
392 }, 392 },
393 { 393 {
394 .name = "cert", 394 .name = "cert",
@@ -415,14 +415,14 @@ static const struct option ocsp_options[] = {
415 .name = "ignore_err", 415 .name = "ignore_err",
416 .desc = "Ignore the invalid response", 416 .desc = "Ignore the invalid response",
417 .type = OPTION_FLAG, 417 .type = OPTION_FLAG,
418 .opt.flag = &ocsp_config.ignore_err, 418 .opt.flag = &cfg.ignore_err,
419 }, 419 },
420 { 420 {
421 .name = "index", 421 .name = "index",
422 .argname = "indexfile", 422 .argname = "indexfile",
423 .desc = "Certificate status index file", 423 .desc = "Certificate status index file",
424 .type = OPTION_ARG, 424 .type = OPTION_ARG,
425 .opt.arg = &ocsp_config.ridx_filename, 425 .opt.arg = &cfg.ridx_filename,
426 }, 426 },
427 { 427 {
428 .name = "issuer", 428 .name = "issuer",
@@ -449,70 +449,70 @@ static const struct option ocsp_options[] = {
449 .name = "no_cert_checks", 449 .name = "no_cert_checks",
450 .desc = "Don't do additional checks on signing certificate", 450 .desc = "Don't do additional checks on signing certificate",
451 .type = OPTION_UL_VALUE_OR, 451 .type = OPTION_UL_VALUE_OR,
452 .opt.ulvalue = &ocsp_config.verify_flags, 452 .opt.ulvalue = &cfg.verify_flags,
453 .ulvalue = OCSP_NOCHECKS, 453 .ulvalue = OCSP_NOCHECKS,
454 }, 454 },
455 { 455 {
456 .name = "no_cert_verify", 456 .name = "no_cert_verify",
457 .desc = "Don't check signing certificate", 457 .desc = "Don't check signing certificate",
458 .type = OPTION_UL_VALUE_OR, 458 .type = OPTION_UL_VALUE_OR,
459 .opt.ulvalue = &ocsp_config.verify_flags, 459 .opt.ulvalue = &cfg.verify_flags,
460 .ulvalue = OCSP_NOVERIFY, 460 .ulvalue = OCSP_NOVERIFY,
461 }, 461 },
462 { 462 {
463 .name = "no_certs", 463 .name = "no_certs",
464 .desc = "Don't include any certificates in signed request", 464 .desc = "Don't include any certificates in signed request",
465 .type = OPTION_UL_VALUE_OR, 465 .type = OPTION_UL_VALUE_OR,
466 .opt.ulvalue = &ocsp_config.sign_flags, 466 .opt.ulvalue = &cfg.sign_flags,
467 .ulvalue = OCSP_NOCERTS, 467 .ulvalue = OCSP_NOCERTS,
468 }, 468 },
469 { 469 {
470 .name = "no_chain", 470 .name = "no_chain",
471 .desc = "Don't use certificates in the response", 471 .desc = "Don't use certificates in the response",
472 .type = OPTION_UL_VALUE_OR, 472 .type = OPTION_UL_VALUE_OR,
473 .opt.ulvalue = &ocsp_config.verify_flags, 473 .opt.ulvalue = &cfg.verify_flags,
474 .ulvalue = OCSP_NOCHAIN, 474 .ulvalue = OCSP_NOCHAIN,
475 }, 475 },
476 { 476 {
477 .name = "no_explicit", 477 .name = "no_explicit",
478 .desc = "Don't check the explicit trust for OCSP signing", 478 .desc = "Don't check the explicit trust for OCSP signing",
479 .type = OPTION_UL_VALUE_OR, 479 .type = OPTION_UL_VALUE_OR,
480 .opt.ulvalue = &ocsp_config.verify_flags, 480 .opt.ulvalue = &cfg.verify_flags,
481 .ulvalue = OCSP_NOEXPLICIT, 481 .ulvalue = OCSP_NOEXPLICIT,
482 }, 482 },
483 { 483 {
484 .name = "no_intern", 484 .name = "no_intern",
485 .desc = "Don't search certificates contained in response for signer", 485 .desc = "Don't search certificates contained in response for signer",
486 .type = OPTION_UL_VALUE_OR, 486 .type = OPTION_UL_VALUE_OR,
487 .opt.ulvalue = &ocsp_config.verify_flags, 487 .opt.ulvalue = &cfg.verify_flags,
488 .ulvalue = OCSP_NOINTERN, 488 .ulvalue = OCSP_NOINTERN,
489 }, 489 },
490 { 490 {
491 .name = "no_nonce", 491 .name = "no_nonce",
492 .desc = "Don't add OCSP nonce to request", 492 .desc = "Don't add OCSP nonce to request",
493 .type = OPTION_VALUE, 493 .type = OPTION_VALUE,
494 .opt.value = &ocsp_config.add_nonce, 494 .opt.value = &cfg.add_nonce,
495 .value = 0, 495 .value = 0,
496 }, 496 },
497 { 497 {
498 .name = "no_signature_verify", 498 .name = "no_signature_verify",
499 .desc = "Don't check signature on response", 499 .desc = "Don't check signature on response",
500 .type = OPTION_UL_VALUE_OR, 500 .type = OPTION_UL_VALUE_OR,
501 .opt.ulvalue = &ocsp_config.verify_flags, 501 .opt.ulvalue = &cfg.verify_flags,
502 .ulvalue = OCSP_NOSIGS, 502 .ulvalue = OCSP_NOSIGS,
503 }, 503 },
504 { 504 {
505 .name = "nonce", 505 .name = "nonce",
506 .desc = "Add OCSP nonce to request", 506 .desc = "Add OCSP nonce to request",
507 .type = OPTION_VALUE, 507 .type = OPTION_VALUE,
508 .opt.value = &ocsp_config.add_nonce, 508 .opt.value = &cfg.add_nonce,
509 .value = 2, 509 .value = 2,
510 }, 510 },
511 { 511 {
512 .name = "noverify", 512 .name = "noverify",
513 .desc = "Don't verify response at all", 513 .desc = "Don't verify response at all",
514 .type = OPTION_FLAG, 514 .type = OPTION_FLAG,
515 .opt.flag = &ocsp_config.noverify, 515 .opt.flag = &cfg.noverify,
516 }, 516 },
517 { 517 {
518 .name = "nrequest", 518 .name = "nrequest",
@@ -526,14 +526,14 @@ static const struct option ocsp_options[] = {
526 .argname = "file", 526 .argname = "file",
527 .desc = "Output filename", 527 .desc = "Output filename",
528 .type = OPTION_ARG, 528 .type = OPTION_ARG,
529 .opt.arg = &ocsp_config.outfile, 529 .opt.arg = &cfg.outfile,
530 }, 530 },
531 { 531 {
532 .name = "path", 532 .name = "path",
533 .argname = "path", 533 .argname = "path",
534 .desc = "Path to use in OCSP request", 534 .desc = "Path to use in OCSP request",
535 .type = OPTION_ARG, 535 .type = OPTION_ARG,
536 .opt.arg = &ocsp_config.path, 536 .opt.arg = &cfg.path,
537 }, 537 },
538 { 538 {
539 .name = "port", 539 .name = "port",
@@ -546,76 +546,76 @@ static const struct option ocsp_options[] = {
546 .name = "req_text", 546 .name = "req_text",
547 .desc = "Print text form of request", 547 .desc = "Print text form of request",
548 .type = OPTION_FLAG, 548 .type = OPTION_FLAG,
549 .opt.flag = &ocsp_config.req_text, 549 .opt.flag = &cfg.req_text,
550 }, 550 },
551 { 551 {
552 .name = "reqin", 552 .name = "reqin",
553 .argname = "file", 553 .argname = "file",
554 .desc = "Read DER encoded OCSP request from \"file\"", 554 .desc = "Read DER encoded OCSP request from \"file\"",
555 .type = OPTION_ARG, 555 .type = OPTION_ARG,
556 .opt.arg = &ocsp_config.reqin, 556 .opt.arg = &cfg.reqin,
557 }, 557 },
558 { 558 {
559 .name = "reqout", 559 .name = "reqout",
560 .argname = "file", 560 .argname = "file",
561 .desc = "Write DER encoded OCSP request to \"file\"", 561 .desc = "Write DER encoded OCSP request to \"file\"",
562 .type = OPTION_ARG, 562 .type = OPTION_ARG,
563 .opt.arg = &ocsp_config.reqout, 563 .opt.arg = &cfg.reqout,
564 }, 564 },
565 { 565 {
566 .name = "resp_key_id", 566 .name = "resp_key_id",
567 .desc = "Identify response by signing certificate key ID", 567 .desc = "Identify response by signing certificate key ID",
568 .type = OPTION_UL_VALUE_OR, 568 .type = OPTION_UL_VALUE_OR,
569 .opt.ulvalue = &ocsp_config.rflags, 569 .opt.ulvalue = &cfg.rflags,
570 .ulvalue = OCSP_RESPID_KEY, 570 .ulvalue = OCSP_RESPID_KEY,
571 }, 571 },
572 { 572 {
573 .name = "resp_no_certs", 573 .name = "resp_no_certs",
574 .desc = "Don't include any certificates in response", 574 .desc = "Don't include any certificates in response",
575 .type = OPTION_UL_VALUE_OR, 575 .type = OPTION_UL_VALUE_OR,
576 .opt.ulvalue = &ocsp_config.rflags, 576 .opt.ulvalue = &cfg.rflags,
577 .ulvalue = OCSP_NOCERTS, 577 .ulvalue = OCSP_NOCERTS,
578 }, 578 },
579 { 579 {
580 .name = "resp_text", 580 .name = "resp_text",
581 .desc = "Print text form of response", 581 .desc = "Print text form of response",
582 .type = OPTION_FLAG, 582 .type = OPTION_FLAG,
583 .opt.flag = &ocsp_config.resp_text, 583 .opt.flag = &cfg.resp_text,
584 }, 584 },
585 { 585 {
586 .name = "respin", 586 .name = "respin",
587 .argname = "file", 587 .argname = "file",
588 .desc = "Read DER encoded OCSP response from \"file\"", 588 .desc = "Read DER encoded OCSP response from \"file\"",
589 .type = OPTION_ARG, 589 .type = OPTION_ARG,
590 .opt.arg = &ocsp_config.respin, 590 .opt.arg = &cfg.respin,
591 }, 591 },
592 { 592 {
593 .name = "respout", 593 .name = "respout",
594 .argname = "file", 594 .argname = "file",
595 .desc = "Write DER encoded OCSP response to \"file\"", 595 .desc = "Write DER encoded OCSP response to \"file\"",
596 .type = OPTION_ARG, 596 .type = OPTION_ARG,
597 .opt.arg = &ocsp_config.respout, 597 .opt.arg = &cfg.respout,
598 }, 598 },
599 { 599 {
600 .name = "rkey", 600 .name = "rkey",
601 .argname = "file", 601 .argname = "file",
602 .desc = "Responder key to sign responses with", 602 .desc = "Responder key to sign responses with",
603 .type = OPTION_ARG, 603 .type = OPTION_ARG,
604 .opt.arg = &ocsp_config.rkeyfile, 604 .opt.arg = &cfg.rkeyfile,
605 }, 605 },
606 { 606 {
607 .name = "rother", 607 .name = "rother",
608 .argname = "file", 608 .argname = "file",
609 .desc = "Other certificates to include in response", 609 .desc = "Other certificates to include in response",
610 .type = OPTION_ARG, 610 .type = OPTION_ARG,
611 .opt.arg = &ocsp_config.rcertfile, 611 .opt.arg = &cfg.rcertfile,
612 }, 612 },
613 { 613 {
614 .name = "rsigner", 614 .name = "rsigner",
615 .argname = "file", 615 .argname = "file",
616 .desc = "Responder certificate to sign responses with", 616 .desc = "Responder certificate to sign responses with",
617 .type = OPTION_ARG, 617 .type = OPTION_ARG,
618 .opt.arg = &ocsp_config.rsignfile, 618 .opt.arg = &cfg.rsignfile,
619 }, 619 },
620 { 620 {
621 .name = "serial", 621 .name = "serial",
@@ -629,21 +629,21 @@ static const struct option ocsp_options[] = {
629 .argname = "file", 629 .argname = "file",
630 .desc = "Additional certificates to include in signed request", 630 .desc = "Additional certificates to include in signed request",
631 .type = OPTION_ARG, 631 .type = OPTION_ARG,
632 .opt.arg = &ocsp_config.sign_certfile, 632 .opt.arg = &cfg.sign_certfile,
633 }, 633 },
634 { 634 {
635 .name = "signer", 635 .name = "signer",
636 .argname = "file", 636 .argname = "file",
637 .desc = "Certificate to sign OCSP request with", 637 .desc = "Certificate to sign OCSP request with",
638 .type = OPTION_ARG, 638 .type = OPTION_ARG,
639 .opt.arg = &ocsp_config.signfile, 639 .opt.arg = &cfg.signfile,
640 }, 640 },
641 { 641 {
642 .name = "signkey", 642 .name = "signkey",
643 .argname = "file", 643 .argname = "file",
644 .desc = "Private key to sign OCSP request with", 644 .desc = "Private key to sign OCSP request with",
645 .type = OPTION_ARG, 645 .type = OPTION_ARG,
646 .opt.arg = &ocsp_config.keyfile, 646 .opt.arg = &cfg.keyfile,
647 }, 647 },
648 { 648 {
649 .name = "status_age", 649 .name = "status_age",
@@ -669,7 +669,7 @@ static const struct option ocsp_options[] = {
669 .name = "trust_other", 669 .name = "trust_other",
670 .desc = "Don't verify additional certificates", 670 .desc = "Don't verify additional certificates",
671 .type = OPTION_UL_VALUE_OR, 671 .type = OPTION_UL_VALUE_OR,
672 .opt.ulvalue = &ocsp_config.verify_flags, 672 .opt.ulvalue = &cfg.verify_flags,
673 .ulvalue = OCSP_TRUSTOTHER, 673 .ulvalue = OCSP_TRUSTOTHER,
674 }, 674 },
675 { 675 {
@@ -698,7 +698,7 @@ static const struct option ocsp_options[] = {
698 .argname = "file", 698 .argname = "file",
699 .desc = "Additional certificates to search for signer", 699 .desc = "Additional certificates to search for signer",
700 .type = OPTION_ARG, 700 .type = OPTION_ARG,
701 .opt.arg = &ocsp_config.verify_certfile, 701 .opt.arg = &cfg.verify_certfile,
702 }, 702 },
703 { 703 {
704 .name = NULL, 704 .name = NULL,
@@ -755,37 +755,37 @@ ocsp_main(int argc, char **argv)
755 exit(1); 755 exit(1);
756 } 756 }
757 757
758 memset(&ocsp_config, 0, sizeof(ocsp_config)); 758 memset(&cfg, 0, sizeof(cfg));
759 ocsp_config.accept_count = -1; 759 cfg.accept_count = -1;
760 ocsp_config.add_nonce = 1; 760 cfg.add_nonce = 1;
761 if ((ocsp_config.ids = sk_OCSP_CERTID_new_null()) == NULL) 761 if ((cfg.ids = sk_OCSP_CERTID_new_null()) == NULL)
762 goto end; 762 goto end;
763 ocsp_config.maxage = -1; 763 cfg.maxage = -1;
764 ocsp_config.ndays = -1; 764 cfg.ndays = -1;
765 ocsp_config.nsec = MAX_VALIDITY_PERIOD; 765 cfg.nsec = MAX_VALIDITY_PERIOD;
766 ocsp_config.req_timeout = -1; 766 cfg.req_timeout = -1;
767 if ((ocsp_config.reqnames = sk_OPENSSL_STRING_new_null()) == NULL) 767 if ((cfg.reqnames = sk_OPENSSL_STRING_new_null()) == NULL)
768 goto end; 768 goto end;
769 ocsp_config.use_ssl = -1; 769 cfg.use_ssl = -1;
770 770
771 if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) { 771 if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) {
772 if (ocsp_config.no_usage) 772 if (cfg.no_usage)
773 goto end; 773 goto end;
774 else 774 else
775 badarg = 1; 775 badarg = 1;
776 } 776 }
777 777
778 /* Have we anything to do? */ 778 /* Have we anything to do? */
779 if (!ocsp_config.req && !ocsp_config.reqin && !ocsp_config.respin && 779 if (!cfg.req && !cfg.reqin && !cfg.respin &&
780 !(ocsp_config.port && ocsp_config.ridx_filename)) 780 !(cfg.port && cfg.ridx_filename))
781 badarg = 1; 781 badarg = 1;
782 782
783 if (badarg) { 783 if (badarg) {
784 ocsp_usage(); 784 ocsp_usage();
785 goto end; 785 goto end;
786 } 786 }
787 if (ocsp_config.outfile) 787 if (cfg.outfile)
788 out = BIO_new_file(ocsp_config.outfile, "w"); 788 out = BIO_new_file(cfg.outfile, "w");
789 else 789 else
790 out = BIO_new_fp(stdout, BIO_NOCLOSE); 790 out = BIO_new_fp(stdout, BIO_NOCLOSE);
791 791
@@ -793,47 +793,47 @@ ocsp_main(int argc, char **argv)
793 BIO_printf(bio_err, "Error opening output file\n"); 793 BIO_printf(bio_err, "Error opening output file\n");
794 goto end; 794 goto end;
795 } 795 }
796 if (!ocsp_config.req && (ocsp_config.add_nonce != 2)) 796 if (!cfg.req && (cfg.add_nonce != 2))
797 ocsp_config.add_nonce = 0; 797 cfg.add_nonce = 0;
798 798
799 if (!ocsp_config.req && ocsp_config.reqin) { 799 if (!cfg.req && cfg.reqin) {
800 derbio = BIO_new_file(ocsp_config.reqin, "rb"); 800 derbio = BIO_new_file(cfg.reqin, "rb");
801 if (!derbio) { 801 if (!derbio) {
802 BIO_printf(bio_err, 802 BIO_printf(bio_err,
803 "Error Opening OCSP request file\n"); 803 "Error Opening OCSP request file\n");
804 goto end; 804 goto end;
805 } 805 }
806 ocsp_config.req = d2i_OCSP_REQUEST_bio(derbio, NULL); 806 cfg.req = d2i_OCSP_REQUEST_bio(derbio, NULL);
807 BIO_free(derbio); 807 BIO_free(derbio);
808 if (!ocsp_config.req) { 808 if (!cfg.req) {
809 BIO_printf(bio_err, "Error reading OCSP request\n"); 809 BIO_printf(bio_err, "Error reading OCSP request\n");
810 goto end; 810 goto end;
811 } 811 }
812 } 812 }
813 if (!ocsp_config.req && ocsp_config.port) { 813 if (!cfg.req && cfg.port) {
814 acbio = init_responder(ocsp_config.port); 814 acbio = init_responder(cfg.port);
815 if (!acbio) 815 if (!acbio)
816 goto end; 816 goto end;
817 } 817 }
818 if (ocsp_config.rsignfile && !rdb) { 818 if (cfg.rsignfile && !rdb) {
819 if (!ocsp_config.rkeyfile) 819 if (!cfg.rkeyfile)
820 ocsp_config.rkeyfile = ocsp_config.rsignfile; 820 cfg.rkeyfile = cfg.rsignfile;
821 rsigner = load_cert(bio_err, ocsp_config.rsignfile, FORMAT_PEM, 821 rsigner = load_cert(bio_err, cfg.rsignfile, FORMAT_PEM,
822 NULL, "responder certificate"); 822 NULL, "responder certificate");
823 if (!rsigner) { 823 if (!rsigner) {
824 BIO_printf(bio_err, 824 BIO_printf(bio_err,
825 "Error loading responder certificate\n"); 825 "Error loading responder certificate\n");
826 goto end; 826 goto end;
827 } 827 }
828 rca_cert = load_cert(bio_err, ocsp_config.rca_filename, 828 rca_cert = load_cert(bio_err, cfg.rca_filename,
829 FORMAT_PEM, NULL, "CA certificate"); 829 FORMAT_PEM, NULL, "CA certificate");
830 if (ocsp_config.rcertfile) { 830 if (cfg.rcertfile) {
831 rother = load_certs(bio_err, ocsp_config.rcertfile, 831 rother = load_certs(bio_err, cfg.rcertfile,
832 FORMAT_PEM, NULL, "responder other certificates"); 832 FORMAT_PEM, NULL, "responder other certificates");
833 if (!rother) 833 if (!rother)
834 goto end; 834 goto end;
835 } 835 }
836 rkey = load_key(bio_err, ocsp_config.rkeyfile, FORMAT_PEM, 0, 836 rkey = load_key(bio_err, cfg.rkeyfile, FORMAT_PEM, 0,
837 NULL, "responder private key"); 837 NULL, "responder private key");
838 if (!rkey) 838 if (!rkey)
839 goto end; 839 goto end;
@@ -844,95 +844,95 @@ ocsp_main(int argc, char **argv)
844 redo_accept: 844 redo_accept:
845 845
846 if (acbio) { 846 if (acbio) {
847 if (!do_responder(&ocsp_config.req, &cbio, acbio, 847 if (!do_responder(&cfg.req, &cbio, acbio,
848 ocsp_config.port)) 848 cfg.port))
849 goto end; 849 goto end;
850 if (!ocsp_config.req) { 850 if (!cfg.req) {
851 resp = OCSP_response_create( 851 resp = OCSP_response_create(
852 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); 852 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
853 send_ocsp_response(cbio, resp); 853 send_ocsp_response(cbio, resp);
854 goto done_resp; 854 goto done_resp;
855 } 855 }
856 } 856 }
857 if (!ocsp_config.req && 857 if (!cfg.req &&
858 (ocsp_config.signfile || ocsp_config.reqout || ocsp_config.host || 858 (cfg.signfile || cfg.reqout || cfg.host ||
859 ocsp_config.add_nonce || ocsp_config.ridx_filename)) { 859 cfg.add_nonce || cfg.ridx_filename)) {
860 BIO_printf(bio_err, 860 BIO_printf(bio_err,
861 "Need an OCSP request for this operation!\n"); 861 "Need an OCSP request for this operation!\n");
862 goto end; 862 goto end;
863 } 863 }
864 if (ocsp_config.req && ocsp_config.add_nonce) 864 if (cfg.req && cfg.add_nonce)
865 OCSP_request_add1_nonce(ocsp_config.req, NULL, -1); 865 OCSP_request_add1_nonce(cfg.req, NULL, -1);
866 866
867 if (ocsp_config.signfile) { 867 if (cfg.signfile) {
868 if (!ocsp_config.keyfile) 868 if (!cfg.keyfile)
869 ocsp_config.keyfile = ocsp_config.signfile; 869 cfg.keyfile = cfg.signfile;
870 signer = load_cert(bio_err, ocsp_config.signfile, FORMAT_PEM, 870 signer = load_cert(bio_err, cfg.signfile, FORMAT_PEM,
871 NULL, "signer certificate"); 871 NULL, "signer certificate");
872 if (!signer) { 872 if (!signer) {
873 BIO_printf(bio_err, 873 BIO_printf(bio_err,
874 "Error loading signer certificate\n"); 874 "Error loading signer certificate\n");
875 goto end; 875 goto end;
876 } 876 }
877 if (ocsp_config.sign_certfile) { 877 if (cfg.sign_certfile) {
878 sign_other = load_certs(bio_err, 878 sign_other = load_certs(bio_err,
879 ocsp_config.sign_certfile, FORMAT_PEM, NULL, 879 cfg.sign_certfile, FORMAT_PEM, NULL,
880 "signer certificates"); 880 "signer certificates");
881 if (!sign_other) 881 if (!sign_other)
882 goto end; 882 goto end;
883 } 883 }
884 key = load_key(bio_err, ocsp_config.keyfile, FORMAT_PEM, 0, 884 key = load_key(bio_err, cfg.keyfile, FORMAT_PEM, 0,
885 NULL, "signer private key"); 885 NULL, "signer private key");
886 if (!key) 886 if (!key)
887 goto end; 887 goto end;
888 888
889 if (!OCSP_request_sign(ocsp_config.req, signer, key, NULL, 889 if (!OCSP_request_sign(cfg.req, signer, key, NULL,
890 sign_other, ocsp_config.sign_flags)) { 890 sign_other, cfg.sign_flags)) {
891 BIO_printf(bio_err, "Error signing OCSP request\n"); 891 BIO_printf(bio_err, "Error signing OCSP request\n");
892 goto end; 892 goto end;
893 } 893 }
894 } 894 }
895 if (ocsp_config.req_text && ocsp_config.req) 895 if (cfg.req_text && cfg.req)
896 OCSP_REQUEST_print(out, ocsp_config.req, 0); 896 OCSP_REQUEST_print(out, cfg.req, 0);
897 897
898 if (ocsp_config.reqout) { 898 if (cfg.reqout) {
899 derbio = BIO_new_file(ocsp_config.reqout, "wb"); 899 derbio = BIO_new_file(cfg.reqout, "wb");
900 if (!derbio) { 900 if (!derbio) {
901 BIO_printf(bio_err, "Error opening file %s\n", 901 BIO_printf(bio_err, "Error opening file %s\n",
902 ocsp_config.reqout); 902 cfg.reqout);
903 goto end; 903 goto end;
904 } 904 }
905 i2d_OCSP_REQUEST_bio(derbio, ocsp_config.req); 905 i2d_OCSP_REQUEST_bio(derbio, cfg.req);
906 BIO_free(derbio); 906 BIO_free(derbio);
907 } 907 }
908 if (ocsp_config.ridx_filename && (!rkey || !rsigner || !rca_cert)) { 908 if (cfg.ridx_filename && (!rkey || !rsigner || !rca_cert)) {
909 BIO_printf(bio_err, 909 BIO_printf(bio_err,
910 "Need a responder certificate, key and CA for this operation!\n"); 910 "Need a responder certificate, key and CA for this operation!\n");
911 goto end; 911 goto end;
912 } 912 }
913 if (ocsp_config.ridx_filename && !rdb) { 913 if (cfg.ridx_filename && !rdb) {
914 rdb = load_index(ocsp_config.ridx_filename, NULL); 914 rdb = load_index(cfg.ridx_filename, NULL);
915 if (!rdb) 915 if (!rdb)
916 goto end; 916 goto end;
917 if (!index_index(rdb)) 917 if (!index_index(rdb))
918 goto end; 918 goto end;
919 } 919 }
920 if (rdb) { 920 if (rdb) {
921 i = make_ocsp_response(&resp, ocsp_config.req, rdb, rca_cert, 921 i = make_ocsp_response(&resp, cfg.req, rdb, rca_cert,
922 rsigner, rkey, rother, ocsp_config.rflags, 922 rsigner, rkey, rother, cfg.rflags,
923 ocsp_config.nmin, ocsp_config.ndays); 923 cfg.nmin, cfg.ndays);
924 if (cbio) 924 if (cbio)
925 send_ocsp_response(cbio, resp); 925 send_ocsp_response(cbio, resp);
926 } else if (ocsp_config.host) { 926 } else if (cfg.host) {
927 resp = process_responder(bio_err, ocsp_config.req, 927 resp = process_responder(bio_err, cfg.req,
928 ocsp_config.host, 928 cfg.host,
929 ocsp_config.path ? ocsp_config.path : "/", 929 cfg.path ? cfg.path : "/",
930 ocsp_config.port, ocsp_config.use_ssl, ocsp_config.headers, 930 cfg.port, cfg.use_ssl, cfg.headers,
931 ocsp_config.req_timeout); 931 cfg.req_timeout);
932 if (!resp) 932 if (!resp)
933 goto end; 933 goto end;
934 } else if (ocsp_config.respin) { 934 } else if (cfg.respin) {
935 derbio = BIO_new_file(ocsp_config.respin, "rb"); 935 derbio = BIO_new_file(cfg.respin, "rb");
936 if (!derbio) { 936 if (!derbio) {
937 BIO_printf(bio_err, 937 BIO_printf(bio_err,
938 "Error Opening OCSP response file\n"); 938 "Error Opening OCSP response file\n");
@@ -951,11 +951,11 @@ ocsp_main(int argc, char **argv)
951 951
952 done_resp: 952 done_resp:
953 953
954 if (ocsp_config.respout) { 954 if (cfg.respout) {
955 derbio = BIO_new_file(ocsp_config.respout, "wb"); 955 derbio = BIO_new_file(cfg.respout, "wb");
956 if (!derbio) { 956 if (!derbio) {
957 BIO_printf(bio_err, "Error opening file %s\n", 957 BIO_printf(bio_err, "Error opening file %s\n",
958 ocsp_config.respout); 958 cfg.respout);
959 goto end; 959 goto end;
960 } 960 }
961 i2d_OCSP_RESPONSE_bio(derbio, resp); 961 i2d_OCSP_RESPONSE_bio(derbio, resp);
@@ -966,24 +966,24 @@ ocsp_main(int argc, char **argv)
966 if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { 966 if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
967 BIO_printf(bio_err, "Responder Error: %s (%d)\n", 967 BIO_printf(bio_err, "Responder Error: %s (%d)\n",
968 OCSP_response_status_str(i), i); 968 OCSP_response_status_str(i), i);
969 if (ocsp_config.ignore_err) 969 if (cfg.ignore_err)
970 goto redo_accept; 970 goto redo_accept;
971 ret = 1; 971 ret = 1;
972 goto end; 972 goto end;
973 } 973 }
974 if (ocsp_config.resp_text) 974 if (cfg.resp_text)
975 OCSP_RESPONSE_print(out, resp, 0); 975 OCSP_RESPONSE_print(out, resp, 0);
976 976
977 /* If running as responder don't verify our own response */ 977 /* If running as responder don't verify our own response */
978 if (cbio) { 978 if (cbio) {
979 if (ocsp_config.accept_count > 0) 979 if (cfg.accept_count > 0)
980 ocsp_config.accept_count--; 980 cfg.accept_count--;
981 /* Redo if more connections needed */ 981 /* Redo if more connections needed */
982 if (ocsp_config.accept_count) { 982 if (cfg.accept_count) {
983 BIO_free_all(cbio); 983 BIO_free_all(cbio);
984 cbio = NULL; 984 cbio = NULL;
985 OCSP_REQUEST_free(ocsp_config.req); 985 OCSP_REQUEST_free(cfg.req);
986 ocsp_config.req = NULL; 986 cfg.req = NULL;
987 OCSP_RESPONSE_free(resp); 987 OCSP_RESPONSE_free(resp);
988 resp = NULL; 988 resp = NULL;
989 goto redo_accept; 989 goto redo_accept;
@@ -991,12 +991,12 @@ ocsp_main(int argc, char **argv)
991 goto end; 991 goto end;
992 } 992 }
993 if (!store) 993 if (!store)
994 store = setup_verify(bio_err, ocsp_config.CAfile, 994 store = setup_verify(bio_err, cfg.CAfile,
995 ocsp_config.CApath); 995 cfg.CApath);
996 if (!store) 996 if (!store)
997 goto end; 997 goto end;
998 if (ocsp_config.verify_certfile) { 998 if (cfg.verify_certfile) {
999 verify_other = load_certs(bio_err, ocsp_config.verify_certfile, 999 verify_other = load_certs(bio_err, cfg.verify_certfile,
1000 FORMAT_PEM, NULL, "validator certificate"); 1000 FORMAT_PEM, NULL, "validator certificate");
1001 if (!verify_other) 1001 if (!verify_other)
1002 goto end; 1002 goto end;
@@ -1007,9 +1007,9 @@ ocsp_main(int argc, char **argv)
1007 BIO_printf(bio_err, "Error parsing response\n"); 1007 BIO_printf(bio_err, "Error parsing response\n");
1008 goto end; 1008 goto end;
1009 } 1009 }
1010 if (!ocsp_config.noverify) { 1010 if (!cfg.noverify) {
1011 if (ocsp_config.req && 1011 if (cfg.req &&
1012 ((i = OCSP_check_nonce(ocsp_config.req, bs)) <= 0)) { 1012 ((i = OCSP_check_nonce(cfg.req, bs)) <= 0)) {
1013 if (i == -1) { 1013 if (i == -1) {
1014 BIO_printf(bio_err, 1014 BIO_printf(bio_err,
1015 "WARNING: no nonce in response\n"); 1015 "WARNING: no nonce in response\n");
@@ -1019,7 +1019,7 @@ ocsp_main(int argc, char **argv)
1019 } 1019 }
1020 } 1020 }
1021 i = OCSP_basic_verify(bs, verify_other, store, 1021 i = OCSP_basic_verify(bs, verify_other, store,
1022 ocsp_config.verify_flags); 1022 cfg.verify_flags);
1023 if (i < 0) 1023 if (i < 0)
1024 i = OCSP_basic_verify(bs, NULL, store, 0); 1024 i = OCSP_basic_verify(bs, NULL, store, 0);
1025 1025
@@ -1030,8 +1030,8 @@ ocsp_main(int argc, char **argv)
1030 BIO_printf(bio_err, "Response verify OK\n"); 1030 BIO_printf(bio_err, "Response verify OK\n");
1031 } 1031 }
1032 } 1032 }
1033 if (!print_ocsp_summary(out, bs, ocsp_config.req, ocsp_config.reqnames, 1033 if (!print_ocsp_summary(out, bs, cfg.req, cfg.reqnames,
1034 ocsp_config.ids, ocsp_config.nsec, ocsp_config.maxage)) 1034 cfg.ids, cfg.nsec, cfg.maxage))
1035 goto end; 1035 goto end;
1036 1036
1037 ret = 0; 1037 ret = 0;
@@ -1042,27 +1042,27 @@ ocsp_main(int argc, char **argv)
1042 X509_STORE_free(store); 1042 X509_STORE_free(store);
1043 EVP_PKEY_free(key); 1043 EVP_PKEY_free(key);
1044 EVP_PKEY_free(rkey); 1044 EVP_PKEY_free(rkey);
1045 X509_free(ocsp_config.issuer); 1045 X509_free(cfg.issuer);
1046 X509_free(ocsp_config.cert); 1046 X509_free(cfg.cert);
1047 X509_free(rsigner); 1047 X509_free(rsigner);
1048 X509_free(rca_cert); 1048 X509_free(rca_cert);
1049 free_index(rdb); 1049 free_index(rdb);
1050 BIO_free_all(cbio); 1050 BIO_free_all(cbio);
1051 BIO_free_all(acbio); 1051 BIO_free_all(acbio);
1052 BIO_free(out); 1052 BIO_free(out);
1053 OCSP_REQUEST_free(ocsp_config.req); 1053 OCSP_REQUEST_free(cfg.req);
1054 OCSP_RESPONSE_free(resp); 1054 OCSP_RESPONSE_free(resp);
1055 OCSP_BASICRESP_free(bs); 1055 OCSP_BASICRESP_free(bs);
1056 sk_OPENSSL_STRING_free(ocsp_config.reqnames); 1056 sk_OPENSSL_STRING_free(cfg.reqnames);
1057 sk_OCSP_CERTID_free(ocsp_config.ids); 1057 sk_OCSP_CERTID_free(cfg.ids);
1058 sk_X509_pop_free(sign_other, X509_free); 1058 sk_X509_pop_free(sign_other, X509_free);
1059 sk_X509_pop_free(verify_other, X509_free); 1059 sk_X509_pop_free(verify_other, X509_free);
1060 sk_CONF_VALUE_pop_free(ocsp_config.headers, X509V3_conf_free); 1060 sk_CONF_VALUE_pop_free(cfg.headers, X509V3_conf_free);
1061 1061
1062 if (ocsp_config.use_ssl != -1) { 1062 if (cfg.use_ssl != -1) {
1063 free(ocsp_config.host); 1063 free(cfg.host);
1064 free(ocsp_config.port); 1064 free(cfg.port);
1065 free(ocsp_config.path); 1065 free(cfg.path);
1066 } 1066 }
1067 return (ret); 1067 return (ret);
1068} 1068}
diff --git a/src/usr.bin/openssl/passwd.c b/src/usr.bin/openssl/passwd.c
index f05751f165..a8dfa27db1 100644
--- a/src/usr.bin/openssl/passwd.c
+++ b/src/usr.bin/openssl/passwd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: passwd.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: passwd.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */
2 2
3#if defined OPENSSL_NO_MD5 3#if defined OPENSSL_NO_MD5
4#define NO_MD5CRYPT_1 4#define NO_MD5CRYPT_1
@@ -51,7 +51,7 @@ static struct {
51 int use1; 51 int use1;
52 int useapr1; 52 int useapr1;
53 int usecrypt; 53 int usecrypt;
54} passwd_config; 54} cfg;
55 55
56static const struct option passwd_options[] = { 56static const struct option passwd_options[] = {
57#ifndef NO_MD5CRYPT_1 57#ifndef NO_MD5CRYPT_1
@@ -59,13 +59,13 @@ static const struct option passwd_options[] = {
59 .name = "1", 59 .name = "1",
60 .desc = "Use MD5 based BSD password algorithm 1", 60 .desc = "Use MD5 based BSD password algorithm 1",
61 .type = OPTION_FLAG, 61 .type = OPTION_FLAG,
62 .opt.flag = &passwd_config.use1, 62 .opt.flag = &cfg.use1,
63 }, 63 },
64 { 64 {
65 .name = "apr1", 65 .name = "apr1",
66 .desc = "Use apr1 algorithm (Apache variant of BSD algorithm)", 66 .desc = "Use apr1 algorithm (Apache variant of BSD algorithm)",
67 .type = OPTION_FLAG, 67 .type = OPTION_FLAG,
68 .opt.flag = &passwd_config.useapr1, 68 .opt.flag = &cfg.useapr1,
69 }, 69 },
70#endif 70#endif
71#ifndef OPENSSL_NO_DES 71#ifndef OPENSSL_NO_DES
@@ -73,7 +73,7 @@ static const struct option passwd_options[] = {
73 .name = "crypt", 73 .name = "crypt",
74 .desc = "Use crypt algorithm (default)", 74 .desc = "Use crypt algorithm (default)",
75 .type = OPTION_FLAG, 75 .type = OPTION_FLAG,
76 .opt.flag = &passwd_config.usecrypt, 76 .opt.flag = &cfg.usecrypt,
77 }, 77 },
78#endif 78#endif
79 { 79 {
@@ -81,44 +81,44 @@ static const struct option passwd_options[] = {
81 .argname = "file", 81 .argname = "file",
82 .desc = "Read passwords from specified file", 82 .desc = "Read passwords from specified file",
83 .type = OPTION_ARG, 83 .type = OPTION_ARG,
84 .opt.arg = &passwd_config.infile, 84 .opt.arg = &cfg.infile,
85 }, 85 },
86 { 86 {
87 .name = "noverify", 87 .name = "noverify",
88 .desc = "Do not verify password", 88 .desc = "Do not verify password",
89 .type = OPTION_FLAG, 89 .type = OPTION_FLAG,
90 .opt.flag = &passwd_config.noverify, 90 .opt.flag = &cfg.noverify,
91 }, 91 },
92 { 92 {
93 .name = "quiet", 93 .name = "quiet",
94 .desc = "Do not output warnings", 94 .desc = "Do not output warnings",
95 .type = OPTION_FLAG, 95 .type = OPTION_FLAG,
96 .opt.flag = &passwd_config.quiet, 96 .opt.flag = &cfg.quiet,
97 }, 97 },
98 { 98 {
99 .name = "reverse", 99 .name = "reverse",
100 .desc = "Reverse table columns (requires -table)", 100 .desc = "Reverse table columns (requires -table)",
101 .type = OPTION_FLAG, 101 .type = OPTION_FLAG,
102 .opt.flag = &passwd_config.reverse, 102 .opt.flag = &cfg.reverse,
103 }, 103 },
104 { 104 {
105 .name = "salt", 105 .name = "salt",
106 .argname = "string", 106 .argname = "string",
107 .desc = "Use specified salt", 107 .desc = "Use specified salt",
108 .type = OPTION_ARG, 108 .type = OPTION_ARG,
109 .opt.arg = &passwd_config.salt, 109 .opt.arg = &cfg.salt,
110 }, 110 },
111 { 111 {
112 .name = "stdin", 112 .name = "stdin",
113 .desc = "Read passwords from stdin", 113 .desc = "Read passwords from stdin",
114 .type = OPTION_FLAG, 114 .type = OPTION_FLAG,
115 .opt.flag = &passwd_config.in_stdin, 115 .opt.flag = &cfg.in_stdin,
116 }, 116 },
117 { 117 {
118 .name = "table", 118 .name = "table",
119 .desc = "Output cleartext and hashed passwords (tab separated)", 119 .desc = "Output cleartext and hashed passwords (tab separated)",
120 .type = OPTION_FLAG, 120 .type = OPTION_FLAG,
121 .opt.flag = &passwd_config.table, 121 .opt.flag = &cfg.table,
122 }, 122 },
123 { NULL }, 123 { NULL },
124}; 124};
@@ -150,7 +150,7 @@ passwd_main(int argc, char **argv)
150 exit(1); 150 exit(1);
151 } 151 }
152 152
153 memset(&passwd_config, 0, sizeof(passwd_config)); 153 memset(&cfg, 0, sizeof(cfg));
154 154
155 if (options_parse(argc, argv, passwd_options, NULL, &argsused) != 0) { 155 if (options_parse(argc, argv, passwd_options, NULL, &argsused) != 0) {
156 passwd_usage(); 156 passwd_usage();
@@ -159,23 +159,23 @@ passwd_main(int argc, char **argv)
159 159
160 if (argsused < argc) 160 if (argsused < argc)
161 passwds = &argv[argsused]; 161 passwds = &argv[argsused];
162 if (passwd_config.salt != NULL) 162 if (cfg.salt != NULL)
163 passed_salt = 1; 163 passed_salt = 1;
164 164
165 if (!passwd_config.usecrypt && !passwd_config.use1 && 165 if (!cfg.usecrypt && !cfg.use1 &&
166 !passwd_config.useapr1) 166 !cfg.useapr1)
167 passwd_config.usecrypt = 1; /* use default */ 167 cfg.usecrypt = 1; /* use default */
168 if (passwd_config.usecrypt + passwd_config.use1 + 168 if (cfg.usecrypt + cfg.use1 +
169 passwd_config.useapr1 > 1) 169 cfg.useapr1 > 1)
170 badopt = 1; /* conflicting options */ 170 badopt = 1; /* conflicting options */
171 171
172 /* Reject unsupported algorithms */ 172 /* Reject unsupported algorithms */
173#ifdef OPENSSL_NO_DES 173#ifdef OPENSSL_NO_DES
174 if (passwd_config.usecrypt) 174 if (cfg.usecrypt)
175 badopt = 1; 175 badopt = 1;
176#endif 176#endif
177#ifdef NO_MD5CRYPT_1 177#ifdef NO_MD5CRYPT_1
178 if (passwd_config.use1 || passwd_config.useapr1) 178 if (cfg.use1 || cfg.useapr1)
179 badopt = 1; 179 badopt = 1;
180#endif 180#endif
181 181
@@ -188,21 +188,21 @@ passwd_main(int argc, char **argv)
188 goto err; 188 goto err;
189 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 189 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
190 190
191 if (passwd_config.infile != NULL || passwd_config.in_stdin) { 191 if (cfg.infile != NULL || cfg.in_stdin) {
192 if ((in = BIO_new(BIO_s_file())) == NULL) 192 if ((in = BIO_new(BIO_s_file())) == NULL)
193 goto err; 193 goto err;
194 if (passwd_config.infile != NULL) { 194 if (cfg.infile != NULL) {
195 assert(passwd_config.in_stdin == 0); 195 assert(cfg.in_stdin == 0);
196 if (BIO_read_filename(in, passwd_config.infile) <= 0) 196 if (BIO_read_filename(in, cfg.infile) <= 0)
197 goto err; 197 goto err;
198 } else { 198 } else {
199 assert(passwd_config.in_stdin); 199 assert(cfg.in_stdin);
200 BIO_set_fp(in, stdin, BIO_NOCLOSE); 200 BIO_set_fp(in, stdin, BIO_NOCLOSE);
201 } 201 }
202 } 202 }
203 if (passwd_config.usecrypt) 203 if (cfg.usecrypt)
204 pw_maxlen = 8; 204 pw_maxlen = 8;
205 else if (passwd_config.use1 || passwd_config.useapr1) 205 else if (cfg.use1 || cfg.useapr1)
206 pw_maxlen = 256;/* arbitrary limit, should be enough for most 206 pw_maxlen = 256;/* arbitrary limit, should be enough for most
207 * passwords */ 207 * passwords */
208 208
@@ -223,7 +223,7 @@ passwd_main(int argc, char **argv)
223 if (in == NULL) 223 if (in == NULL)
224 if (EVP_read_pw_string(passwd_malloc, 224 if (EVP_read_pw_string(passwd_malloc,
225 passwd_malloc_size, "Password: ", 225 passwd_malloc_size, "Password: ",
226 !(passed_salt || passwd_config.noverify)) != 0) 226 !(passed_salt || cfg.noverify)) != 0)
227 goto err; 227 goto err;
228 passwds[0] = passwd_malloc; 228 passwds[0] = passwd_malloc;
229 } 229 }
@@ -233,11 +233,11 @@ passwd_main(int argc, char **argv)
233 233
234 do { /* loop over list of passwords */ 234 do { /* loop over list of passwords */
235 passwd = *passwds++; 235 passwd = *passwds++;
236 if (!do_passwd(passed_salt, &passwd_config.salt, 236 if (!do_passwd(passed_salt, &cfg.salt,
237 &salt_malloc, passwd, out, passwd_config.quiet, 237 &salt_malloc, passwd, out, cfg.quiet,
238 passwd_config.table, passwd_config.reverse, 238 cfg.table, cfg.reverse,
239 pw_maxlen, passwd_config.usecrypt, 239 pw_maxlen, cfg.usecrypt,
240 passwd_config.use1, passwd_config.useapr1)) 240 cfg.use1, cfg.useapr1))
241 goto err; 241 goto err;
242 } while (*passwds != NULL); 242 } while (*passwds != NULL);
243 } else { 243 } else {
@@ -258,12 +258,12 @@ passwd_main(int argc, char **argv)
258 while ((r > 0) && (!strchr(trash, '\n'))); 258 while ((r > 0) && (!strchr(trash, '\n')));
259 } 259 }
260 260
261 if (!do_passwd(passed_salt, &passwd_config.salt, 261 if (!do_passwd(passed_salt, &cfg.salt,
262 &salt_malloc, passwd, out, 262 &salt_malloc, passwd, out,
263 passwd_config.quiet, passwd_config.table, 263 cfg.quiet, cfg.table,
264 passwd_config.reverse, pw_maxlen, 264 cfg.reverse, pw_maxlen,
265 passwd_config.usecrypt, passwd_config.use1, 265 cfg.usecrypt, cfg.use1,
266 passwd_config.useapr1)) 266 cfg.useapr1))
267 goto err; 267 goto err;
268 } 268 }
269 done = (r <= 0); 269 done = (r <= 0);
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index 6e671e9275..aedae640e3 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -118,16 +118,16 @@ static struct {
118 char *passargin; 118 char *passargin;
119 char *passargout; 119 char *passargout;
120 int twopass; 120 int twopass;
121} pkcs12_config; 121} cfg;
122 122
123static int 123static int
124pkcs12_opt_canames(char *arg) 124pkcs12_opt_canames(char *arg)
125{ 125{
126 if (pkcs12_config.canames == NULL && 126 if (cfg.canames == NULL &&
127 (pkcs12_config.canames = sk_OPENSSL_STRING_new_null()) == NULL) 127 (cfg.canames = sk_OPENSSL_STRING_new_null()) == NULL)
128 return (1); 128 return (1);
129 129
130 if (!sk_OPENSSL_STRING_push(pkcs12_config.canames, arg)) 130 if (!sk_OPENSSL_STRING_push(cfg.canames, arg))
131 return (1); 131 return (1);
132 132
133 return (0); 133 return (0);
@@ -136,20 +136,20 @@ pkcs12_opt_canames(char *arg)
136static int 136static int
137pkcs12_opt_cert_pbe(char *arg) 137pkcs12_opt_cert_pbe(char *arg)
138{ 138{
139 return (!set_pbe(bio_err, &pkcs12_config.cert_pbe, arg)); 139 return (!set_pbe(bio_err, &cfg.cert_pbe, arg));
140} 140}
141 141
142static int 142static int
143pkcs12_opt_key_pbe(char *arg) 143pkcs12_opt_key_pbe(char *arg)
144{ 144{
145 return (!set_pbe(bio_err, &pkcs12_config.key_pbe, arg)); 145 return (!set_pbe(bio_err, &cfg.key_pbe, arg));
146} 146}
147 147
148static int 148static int
149pkcs12_opt_passarg(char *arg) 149pkcs12_opt_passarg(char *arg)
150{ 150{
151 pkcs12_config.passarg = arg; 151 cfg.passarg = arg;
152 pkcs12_config.noprompt = 1; 152 cfg.noprompt = 1;
153 return (0); 153 return (0);
154} 154}
155 155
@@ -196,8 +196,8 @@ pkcs12_opt_enc(int argc, char **argv, int *argsused)
196 return (1); 196 return (1);
197 197
198 if (strcmp(name, "nodes") == 0) 198 if (strcmp(name, "nodes") == 0)
199 pkcs12_config.enc = NULL; 199 cfg.enc = NULL;
200 else if ((pkcs12_config.enc = get_cipher_by_name(name)) == NULL) 200 else if ((cfg.enc = get_cipher_by_name(name)) == NULL)
201 return (1); 201 return (1);
202 202
203 *argsused = 1; 203 *argsused = 1;
@@ -269,7 +269,7 @@ static const struct option pkcs12_options[] = {
269 .name = "cacerts", 269 .name = "cacerts",
270 .desc = "Only output CA certificates", 270 .desc = "Only output CA certificates",
271 .type = OPTION_VALUE_OR, 271 .type = OPTION_VALUE_OR,
272 .opt.value = &pkcs12_config.options, 272 .opt.value = &cfg.options,
273 .value = CACERTS, 273 .value = CACERTS,
274 }, 274 },
275 { 275 {
@@ -277,7 +277,7 @@ static const struct option pkcs12_options[] = {
277 .argname = "file", 277 .argname = "file",
278 .desc = "PEM format file of CA certificates", 278 .desc = "PEM format file of CA certificates",
279 .type = OPTION_ARG, 279 .type = OPTION_ARG,
280 .opt.arg = &pkcs12_config.CAfile, 280 .opt.arg = &cfg.CAfile,
281 }, 281 },
282 { 282 {
283 .name = "caname", 283 .name = "caname",
@@ -291,14 +291,14 @@ static const struct option pkcs12_options[] = {
291 .argname = "directory", 291 .argname = "directory",
292 .desc = "PEM format directory of CA certificates", 292 .desc = "PEM format directory of CA certificates",
293 .type = OPTION_ARG, 293 .type = OPTION_ARG,
294 .opt.arg = &pkcs12_config.CApath, 294 .opt.arg = &cfg.CApath,
295 }, 295 },
296 { 296 {
297 .name = "certfile", 297 .name = "certfile",
298 .argname = "file", 298 .argname = "file",
299 .desc = "Add all certs in file", 299 .desc = "Add all certs in file",
300 .type = OPTION_ARG, 300 .type = OPTION_ARG,
301 .opt.arg = &pkcs12_config.certfile, 301 .opt.arg = &cfg.certfile,
302 }, 302 },
303 { 303 {
304 .name = "certpbe", 304 .name = "certpbe",
@@ -311,13 +311,13 @@ static const struct option pkcs12_options[] = {
311 .name = "chain", 311 .name = "chain",
312 .desc = "Add certificate chain", 312 .desc = "Add certificate chain",
313 .type = OPTION_FLAG, 313 .type = OPTION_FLAG,
314 .opt.flag = &pkcs12_config.chain, 314 .opt.flag = &cfg.chain,
315 }, 315 },
316 { 316 {
317 .name = "clcerts", 317 .name = "clcerts",
318 .desc = "Only output client certificates", 318 .desc = "Only output client certificates",
319 .type = OPTION_VALUE_OR, 319 .type = OPTION_VALUE_OR,
320 .opt.value = &pkcs12_config.options, 320 .opt.value = &cfg.options,
321 .value = CLCERTS, 321 .value = CLCERTS,
322 }, 322 },
323 { 323 {
@@ -325,33 +325,33 @@ static const struct option pkcs12_options[] = {
325 .argname = "name", 325 .argname = "name",
326 .desc = "Microsoft CSP name", 326 .desc = "Microsoft CSP name",
327 .type = OPTION_ARG, 327 .type = OPTION_ARG,
328 .opt.arg = &pkcs12_config.csp_name, 328 .opt.arg = &cfg.csp_name,
329 }, 329 },
330 { 330 {
331 .name = "descert", 331 .name = "descert",
332 .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)", 332 .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)",
333 .type = OPTION_VALUE, 333 .type = OPTION_VALUE,
334 .opt.value = &pkcs12_config.cert_pbe, 334 .opt.value = &cfg.cert_pbe,
335 .value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 335 .value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
336 }, 336 },
337 { 337 {
338 .name = "export", 338 .name = "export",
339 .desc = "Output PKCS#12 file", 339 .desc = "Output PKCS#12 file",
340 .type = OPTION_FLAG, 340 .type = OPTION_FLAG,
341 .opt.flag = &pkcs12_config.export_cert, 341 .opt.flag = &cfg.export_cert,
342 }, 342 },
343 { 343 {
344 .name = "in", 344 .name = "in",
345 .argname = "file", 345 .argname = "file",
346 .desc = "Input filename", 346 .desc = "Input filename",
347 .type = OPTION_ARG, 347 .type = OPTION_ARG,
348 .opt.arg = &pkcs12_config.infile, 348 .opt.arg = &cfg.infile,
349 }, 349 },
350 { 350 {
351 .name = "info", 351 .name = "info",
352 .desc = "Give info about PKCS#12 structure", 352 .desc = "Give info about PKCS#12 structure",
353 .type = OPTION_VALUE_OR, 353 .type = OPTION_VALUE_OR,
354 .opt.value = &pkcs12_config.options, 354 .opt.value = &cfg.options,
355 .value = INFO, 355 .value = INFO,
356 }, 356 },
357 { 357 {
@@ -359,13 +359,13 @@ static const struct option pkcs12_options[] = {
359 .argname = "file", 359 .argname = "file",
360 .desc = "Private key if not infile", 360 .desc = "Private key if not infile",
361 .type = OPTION_ARG, 361 .type = OPTION_ARG,
362 .opt.arg = &pkcs12_config.keyname, 362 .opt.arg = &cfg.keyname,
363 }, 363 },
364 { 364 {
365 .name = "keyex", 365 .name = "keyex",
366 .desc = "Set MS key exchange type", 366 .desc = "Set MS key exchange type",
367 .type = OPTION_VALUE, 367 .type = OPTION_VALUE,
368 .opt.value = &pkcs12_config.keytype, 368 .opt.value = &cfg.keytype,
369 .value = KEY_EX, 369 .value = KEY_EX,
370 }, 370 },
371 { 371 {
@@ -379,27 +379,27 @@ static const struct option pkcs12_options[] = {
379 .name = "keysig", 379 .name = "keysig",
380 .desc = "Set MS key signature type", 380 .desc = "Set MS key signature type",
381 .type = OPTION_VALUE, 381 .type = OPTION_VALUE,
382 .opt.value = &pkcs12_config.keytype, 382 .opt.value = &cfg.keytype,
383 .value = KEY_SIG, 383 .value = KEY_SIG,
384 }, 384 },
385 { 385 {
386 .name = "LMK", 386 .name = "LMK",
387 .desc = "Add local machine keyset attribute to private key", 387 .desc = "Add local machine keyset attribute to private key",
388 .type = OPTION_FLAG, 388 .type = OPTION_FLAG,
389 .opt.flag = &pkcs12_config.add_lmk, 389 .opt.flag = &cfg.add_lmk,
390 }, 390 },
391 { 391 {
392 .name = "macalg", 392 .name = "macalg",
393 .argname = "alg", 393 .argname = "alg",
394 .desc = "Digest algorithm used in MAC (default SHA1)", 394 .desc = "Digest algorithm used in MAC (default SHA1)",
395 .type = OPTION_ARG, 395 .type = OPTION_ARG,
396 .opt.arg = &pkcs12_config.macalg, 396 .opt.arg = &cfg.macalg,
397 }, 397 },
398 { 398 {
399 .name = "maciter", 399 .name = "maciter",
400 .desc = "Use MAC iteration", 400 .desc = "Use MAC iteration",
401 .type = OPTION_VALUE, 401 .type = OPTION_VALUE,
402 .opt.value = &pkcs12_config.maciter, 402 .opt.value = &cfg.maciter,
403 .value = PKCS12_DEFAULT_ITER, 403 .value = PKCS12_DEFAULT_ITER,
404 }, 404 },
405 { 405 {
@@ -407,13 +407,13 @@ static const struct option pkcs12_options[] = {
407 .argname = "name", 407 .argname = "name",
408 .desc = "Use name as friendly name", 408 .desc = "Use name as friendly name",
409 .type = OPTION_ARG, 409 .type = OPTION_ARG,
410 .opt.arg = &pkcs12_config.name, 410 .opt.arg = &cfg.name,
411 }, 411 },
412 { 412 {
413 .name = "nocerts", 413 .name = "nocerts",
414 .desc = "Don't output certificates", 414 .desc = "Don't output certificates",
415 .type = OPTION_VALUE_OR, 415 .type = OPTION_VALUE_OR,
416 .opt.value = &pkcs12_config.options, 416 .opt.value = &cfg.options,
417 .value = NOCERTS, 417 .value = NOCERTS,
418 }, 418 },
419 { 419 {
@@ -426,42 +426,42 @@ static const struct option pkcs12_options[] = {
426 .name = "noiter", 426 .name = "noiter",
427 .desc = "Don't use encryption iteration", 427 .desc = "Don't use encryption iteration",
428 .type = OPTION_VALUE, 428 .type = OPTION_VALUE,
429 .opt.value = &pkcs12_config.iter, 429 .opt.value = &cfg.iter,
430 .value = 1, 430 .value = 1,
431 }, 431 },
432 { 432 {
433 .name = "nokeys", 433 .name = "nokeys",
434 .desc = "Don't output private keys", 434 .desc = "Don't output private keys",
435 .type = OPTION_VALUE_OR, 435 .type = OPTION_VALUE_OR,
436 .opt.value = &pkcs12_config.options, 436 .opt.value = &cfg.options,
437 .value = NOKEYS, 437 .value = NOKEYS,
438 }, 438 },
439 { 439 {
440 .name = "nomac", 440 .name = "nomac",
441 .desc = "Don't generate MAC", 441 .desc = "Don't generate MAC",
442 .type = OPTION_VALUE, 442 .type = OPTION_VALUE,
443 .opt.value = &pkcs12_config.maciter, 443 .opt.value = &cfg.maciter,
444 .value = -1, 444 .value = -1,
445 }, 445 },
446 { 446 {
447 .name = "nomaciter", 447 .name = "nomaciter",
448 .desc = "Don't use MAC iteration", 448 .desc = "Don't use MAC iteration",
449 .type = OPTION_VALUE, 449 .type = OPTION_VALUE,
450 .opt.value = &pkcs12_config.maciter, 450 .opt.value = &cfg.maciter,
451 .value = 1, 451 .value = 1,
452 }, 452 },
453 { 453 {
454 .name = "nomacver", 454 .name = "nomacver",
455 .desc = "Don't verify MAC", 455 .desc = "Don't verify MAC",
456 .type = OPTION_VALUE, 456 .type = OPTION_VALUE,
457 .opt.value = &pkcs12_config.macver, 457 .opt.value = &cfg.macver,
458 .value = 0, 458 .value = 0,
459 }, 459 },
460 { 460 {
461 .name = "noout", 461 .name = "noout",
462 .desc = "Don't output anything, just verify", 462 .desc = "Don't output anything, just verify",
463 .type = OPTION_VALUE_OR, 463 .type = OPTION_VALUE_OR,
464 .opt.value = &pkcs12_config.options, 464 .opt.value = &cfg.options,
465 .value = (NOKEYS | NOCERTS), 465 .value = (NOKEYS | NOCERTS),
466 }, 466 },
467 { 467 {
@@ -469,21 +469,21 @@ static const struct option pkcs12_options[] = {
469 .argname = "file", 469 .argname = "file",
470 .desc = "Output filename", 470 .desc = "Output filename",
471 .type = OPTION_ARG, 471 .type = OPTION_ARG,
472 .opt.arg = &pkcs12_config.outfile, 472 .opt.arg = &cfg.outfile,
473 }, 473 },
474 { 474 {
475 .name = "passin", 475 .name = "passin",
476 .argname = "arg", 476 .argname = "arg",
477 .desc = "Input file passphrase source", 477 .desc = "Input file passphrase source",
478 .type = OPTION_ARG, 478 .type = OPTION_ARG,
479 .opt.arg = &pkcs12_config.passargin, 479 .opt.arg = &cfg.passargin,
480 }, 480 },
481 { 481 {
482 .name = "passout", 482 .name = "passout",
483 .argname = "arg", 483 .argname = "arg",
484 .desc = "Output file passphrase source", 484 .desc = "Output file passphrase source",
485 .type = OPTION_ARG, 485 .type = OPTION_ARG,
486 .opt.arg = &pkcs12_config.passargout, 486 .opt.arg = &cfg.passargout,
487 }, 487 },
488 { 488 {
489 .name = "password", 489 .name = "password",
@@ -496,7 +496,7 @@ static const struct option pkcs12_options[] = {
496 .name = "twopass", 496 .name = "twopass",
497 .desc = "Separate MAC, encryption passwords", 497 .desc = "Separate MAC, encryption passwords",
498 .type = OPTION_FLAG, 498 .type = OPTION_FLAG,
499 .opt.flag = &pkcs12_config.twopass, 499 .opt.flag = &cfg.twopass,
500 }, 500 },
501 { NULL }, 501 { NULL },
502}; 502};
@@ -541,73 +541,73 @@ pkcs12_main(int argc, char **argv)
541 exit(1); 541 exit(1);
542 } 542 }
543 543
544 memset(&pkcs12_config, 0, sizeof(pkcs12_config)); 544 memset(&cfg, 0, sizeof(cfg));
545 pkcs12_config.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; 545 cfg.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
546 pkcs12_config.enc = EVP_des_ede3_cbc(); 546 cfg.enc = EVP_des_ede3_cbc();
547 pkcs12_config.iter = PKCS12_DEFAULT_ITER; 547 cfg.iter = PKCS12_DEFAULT_ITER;
548 pkcs12_config.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 548 cfg.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
549 pkcs12_config.maciter = PKCS12_DEFAULT_ITER; 549 cfg.maciter = PKCS12_DEFAULT_ITER;
550 pkcs12_config.macver = 1; 550 cfg.macver = 1;
551 551
552 if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) { 552 if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) {
553 pkcs12_usage(); 553 pkcs12_usage();
554 goto end; 554 goto end;
555 } 555 }
556 556
557 if (pkcs12_config.passarg != NULL) { 557 if (cfg.passarg != NULL) {
558 if (pkcs12_config.export_cert) 558 if (cfg.export_cert)
559 pkcs12_config.passargout = pkcs12_config.passarg; 559 cfg.passargout = cfg.passarg;
560 else 560 else
561 pkcs12_config.passargin = pkcs12_config.passarg; 561 cfg.passargin = cfg.passarg;
562 } 562 }
563 if (!app_passwd(bio_err, pkcs12_config.passargin, 563 if (!app_passwd(bio_err, cfg.passargin,
564 pkcs12_config.passargout, &passin, &passout)) { 564 cfg.passargout, &passin, &passout)) {
565 BIO_printf(bio_err, "Error getting passwords\n"); 565 BIO_printf(bio_err, "Error getting passwords\n");
566 goto end; 566 goto end;
567 } 567 }
568 if (cpass == NULL) { 568 if (cpass == NULL) {
569 if (pkcs12_config.export_cert) 569 if (cfg.export_cert)
570 cpass = passout; 570 cpass = passout;
571 else 571 else
572 cpass = passin; 572 cpass = passin;
573 } 573 }
574 if (cpass != NULL) { 574 if (cpass != NULL) {
575 mpass = cpass; 575 mpass = cpass;
576 pkcs12_config.noprompt = 1; 576 cfg.noprompt = 1;
577 } else { 577 } else {
578 cpass = pass; 578 cpass = pass;
579 mpass = macpass; 579 mpass = macpass;
580 } 580 }
581 581
582 if (pkcs12_config.infile == NULL) 582 if (cfg.infile == NULL)
583 in = BIO_new_fp(stdin, BIO_NOCLOSE); 583 in = BIO_new_fp(stdin, BIO_NOCLOSE);
584 else 584 else
585 in = BIO_new_file(pkcs12_config.infile, "rb"); 585 in = BIO_new_file(cfg.infile, "rb");
586 if (in == NULL) { 586 if (in == NULL) {
587 BIO_printf(bio_err, "Error opening input file %s\n", 587 BIO_printf(bio_err, "Error opening input file %s\n",
588 pkcs12_config.infile ? pkcs12_config.infile : "<stdin>"); 588 cfg.infile ? cfg.infile : "<stdin>");
589 perror(pkcs12_config.infile); 589 perror(cfg.infile);
590 goto end; 590 goto end;
591 } 591 }
592 592
593 if (pkcs12_config.outfile == NULL) { 593 if (cfg.outfile == NULL) {
594 out = BIO_new_fp(stdout, BIO_NOCLOSE); 594 out = BIO_new_fp(stdout, BIO_NOCLOSE);
595 } else 595 } else
596 out = BIO_new_file(pkcs12_config.outfile, "wb"); 596 out = BIO_new_file(cfg.outfile, "wb");
597 if (out == NULL) { 597 if (out == NULL) {
598 BIO_printf(bio_err, "Error opening output file %s\n", 598 BIO_printf(bio_err, "Error opening output file %s\n",
599 pkcs12_config.outfile ? pkcs12_config.outfile : "<stdout>"); 599 cfg.outfile ? cfg.outfile : "<stdout>");
600 perror(pkcs12_config.outfile); 600 perror(cfg.outfile);
601 goto end; 601 goto end;
602 } 602 }
603 if (pkcs12_config.twopass) { 603 if (cfg.twopass) {
604 if (EVP_read_pw_string(macpass, sizeof macpass, 604 if (EVP_read_pw_string(macpass, sizeof macpass,
605 "Enter MAC Password:", pkcs12_config.export_cert)) { 605 "Enter MAC Password:", cfg.export_cert)) {
606 BIO_printf(bio_err, "Can't read Password\n"); 606 BIO_printf(bio_err, "Can't read Password\n");
607 goto end; 607 goto end;
608 } 608 }
609 } 609 }
610 if (pkcs12_config.export_cert) { 610 if (cfg.export_cert) {
611 EVP_PKEY *key = NULL; 611 EVP_PKEY *key = NULL;
612 X509 *ucert = NULL, *x = NULL; 612 X509 *ucert = NULL, *x = NULL;
613 STACK_OF(X509) *certs = NULL; 613 STACK_OF(X509) *certs = NULL;
@@ -615,25 +615,25 @@ pkcs12_main(int argc, char **argv)
615 unsigned char *catmp = NULL; 615 unsigned char *catmp = NULL;
616 int i; 616 int i;
617 617
618 if ((pkcs12_config.options & (NOCERTS | NOKEYS)) == 618 if ((cfg.options & (NOCERTS | NOKEYS)) ==
619 (NOCERTS | NOKEYS)) { 619 (NOCERTS | NOKEYS)) {
620 BIO_printf(bio_err, "Nothing to do!\n"); 620 BIO_printf(bio_err, "Nothing to do!\n");
621 goto export_end; 621 goto export_end;
622 } 622 }
623 if (pkcs12_config.options & NOCERTS) 623 if (cfg.options & NOCERTS)
624 pkcs12_config.chain = 0; 624 cfg.chain = 0;
625 625
626 if (!(pkcs12_config.options & NOKEYS)) { 626 if (!(cfg.options & NOKEYS)) {
627 key = load_key(bio_err, pkcs12_config.keyname ? 627 key = load_key(bio_err, cfg.keyname ?
628 pkcs12_config.keyname : pkcs12_config.infile, 628 cfg.keyname : cfg.infile,
629 FORMAT_PEM, 1, passin, "private key"); 629 FORMAT_PEM, 1, passin, "private key");
630 if (!key) 630 if (!key)
631 goto export_end; 631 goto export_end;
632 } 632 }
633 633
634 /* Load in all certs in input file */ 634 /* Load in all certs in input file */
635 if (!(pkcs12_config.options & NOCERTS)) { 635 if (!(cfg.options & NOCERTS)) {
636 certs = load_certs(bio_err, pkcs12_config.infile, 636 certs = load_certs(bio_err, cfg.infile,
637 FORMAT_PEM, NULL, "certificates"); 637 FORMAT_PEM, NULL, "certificates");
638 if (certs == NULL) 638 if (certs == NULL)
639 goto export_end; 639 goto export_end;
@@ -661,10 +661,10 @@ pkcs12_main(int argc, char **argv)
661 } 661 }
662 662
663 /* Add any more certificates asked for */ 663 /* Add any more certificates asked for */
664 if (pkcs12_config.certfile != NULL) { 664 if (cfg.certfile != NULL) {
665 STACK_OF(X509) *morecerts = NULL; 665 STACK_OF(X509) *morecerts = NULL;
666 if ((morecerts = load_certs(bio_err, 666 if ((morecerts = load_certs(bio_err,
667 pkcs12_config.certfile, FORMAT_PEM, NULL, 667 cfg.certfile, FORMAT_PEM, NULL,
668 "certificates from certfile")) == NULL) 668 "certificates from certfile")) == NULL)
669 goto export_end; 669 goto export_end;
670 while (sk_X509_num(morecerts) > 0) 670 while (sk_X509_num(morecerts) > 0)
@@ -674,7 +674,7 @@ pkcs12_main(int argc, char **argv)
674 674
675 675
676 /* If chaining get chain from user cert */ 676 /* If chaining get chain from user cert */
677 if (pkcs12_config.chain) { 677 if (cfg.chain) {
678 int vret; 678 int vret;
679 STACK_OF(X509) *chain2; 679 STACK_OF(X509) *chain2;
680 X509_STORE *store = X509_STORE_new(); 680 X509_STORE *store = X509_STORE_new();
@@ -684,7 +684,7 @@ pkcs12_main(int argc, char **argv)
684 goto export_end; 684 goto export_end;
685 } 685 }
686 if (!X509_STORE_load_locations(store, 686 if (!X509_STORE_load_locations(store,
687 pkcs12_config.CAfile, pkcs12_config.CApath)) 687 cfg.CAfile, cfg.CApath))
688 X509_STORE_set_default_paths(store); 688 X509_STORE_set_default_paths(store);
689 689
690 vret = get_cert_chain(ucert, store, &chain2); 690 vret = get_cert_chain(ucert, store, &chain2);
@@ -711,51 +711,51 @@ pkcs12_main(int argc, char **argv)
711 } 711 }
712 /* Add any CA names */ 712 /* Add any CA names */
713 713
714 for (i = 0; i < sk_OPENSSL_STRING_num(pkcs12_config.canames); 714 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.canames);
715 i++) { 715 i++) {
716 catmp = (unsigned char *) sk_OPENSSL_STRING_value( 716 catmp = (unsigned char *) sk_OPENSSL_STRING_value(
717 pkcs12_config.canames, i); 717 cfg.canames, i);
718 X509_alias_set1(sk_X509_value(certs, i), catmp, -1); 718 X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
719 } 719 }
720 720
721 if (pkcs12_config.csp_name != NULL && key != NULL) 721 if (cfg.csp_name != NULL && key != NULL)
722 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, 722 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
723 MBSTRING_ASC, 723 MBSTRING_ASC,
724 (unsigned char *) pkcs12_config.csp_name, -1); 724 (unsigned char *) cfg.csp_name, -1);
725 725
726 if (pkcs12_config.add_lmk && key != NULL) 726 if (cfg.add_lmk && key != NULL)
727 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, 727 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL,
728 -1); 728 -1);
729 729
730 if (!pkcs12_config.noprompt && 730 if (!cfg.noprompt &&
731 EVP_read_pw_string(pass, sizeof pass, 731 EVP_read_pw_string(pass, sizeof pass,
732 "Enter Export Password:", 1)) { 732 "Enter Export Password:", 1)) {
733 BIO_printf(bio_err, "Can't read Password\n"); 733 BIO_printf(bio_err, "Can't read Password\n");
734 goto export_end; 734 goto export_end;
735 } 735 }
736 if (!pkcs12_config.twopass) 736 if (!cfg.twopass)
737 strlcpy(macpass, pass, sizeof macpass); 737 strlcpy(macpass, pass, sizeof macpass);
738 738
739 739
740 p12 = PKCS12_create(cpass, pkcs12_config.name, key, ucert, 740 p12 = PKCS12_create(cpass, cfg.name, key, ucert,
741 certs, pkcs12_config.key_pbe, pkcs12_config.cert_pbe, 741 certs, cfg.key_pbe, cfg.cert_pbe,
742 pkcs12_config.iter, -1, pkcs12_config.keytype); 742 cfg.iter, -1, cfg.keytype);
743 743
744 if (p12 == NULL) { 744 if (p12 == NULL) {
745 ERR_print_errors(bio_err); 745 ERR_print_errors(bio_err);
746 goto export_end; 746 goto export_end;
747 } 747 }
748 if (pkcs12_config.macalg != NULL) { 748 if (cfg.macalg != NULL) {
749 macmd = EVP_get_digestbyname(pkcs12_config.macalg); 749 macmd = EVP_get_digestbyname(cfg.macalg);
750 if (macmd == NULL) { 750 if (macmd == NULL) {
751 BIO_printf(bio_err, 751 BIO_printf(bio_err,
752 "Unknown digest algorithm %s\n", 752 "Unknown digest algorithm %s\n",
753 pkcs12_config.macalg); 753 cfg.macalg);
754 } 754 }
755 } 755 }
756 if (pkcs12_config.maciter != -1) 756 if (cfg.maciter != -1)
757 PKCS12_set_mac(p12, mpass, -1, NULL, 0, 757 PKCS12_set_mac(p12, mpass, -1, NULL, 0,
758 pkcs12_config.maciter, macmd); 758 cfg.maciter, macmd);
759 759
760 i2d_PKCS12_bio(out, p12); 760 i2d_PKCS12_bio(out, p12);
761 761
@@ -773,27 +773,27 @@ pkcs12_main(int argc, char **argv)
773 ERR_print_errors(bio_err); 773 ERR_print_errors(bio_err);
774 goto end; 774 goto end;
775 } 775 }
776 if (!pkcs12_config.noprompt && EVP_read_pw_string(pass, sizeof pass, 776 if (!cfg.noprompt && EVP_read_pw_string(pass, sizeof pass,
777 "Enter Import Password:", 0)) { 777 "Enter Import Password:", 0)) {
778 BIO_printf(bio_err, "Can't read Password\n"); 778 BIO_printf(bio_err, "Can't read Password\n");
779 goto end; 779 goto end;
780 } 780 }
781 781
782 if (!pkcs12_config.twopass) 782 if (!cfg.twopass)
783 strlcpy(macpass, pass, sizeof macpass); 783 strlcpy(macpass, pass, sizeof macpass);
784 784
785 if ((pkcs12_config.options & INFO) != 0 && PKCS12_mac_present(p12)) { 785 if ((cfg.options & INFO) != 0 && PKCS12_mac_present(p12)) {
786 const ASN1_INTEGER *iter; 786 const ASN1_INTEGER *iter;
787 787
788 PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12); 788 PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12);
789 BIO_printf(bio_err, "MAC Iteration %ld\n", 789 BIO_printf(bio_err, "MAC Iteration %ld\n",
790 iter != NULL ? ASN1_INTEGER_get(iter) : 1); 790 iter != NULL ? ASN1_INTEGER_get(iter) : 1);
791 } 791 }
792 if (pkcs12_config.macver) { 792 if (cfg.macver) {
793 /* If we enter empty password try no password first */ 793 /* If we enter empty password try no password first */
794 if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { 794 if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
795 /* If mac and crypto pass the same set it to NULL too */ 795 /* If mac and crypto pass the same set it to NULL too */
796 if (!pkcs12_config.twopass) 796 if (!cfg.twopass)
797 cpass = NULL; 797 cpass = NULL;
798 } else if (!PKCS12_verify_mac(p12, mpass, -1)) { 798 } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
799 BIO_printf(bio_err, 799 BIO_printf(bio_err,
@@ -803,7 +803,7 @@ pkcs12_main(int argc, char **argv)
803 } 803 }
804 BIO_printf(bio_err, "MAC verified OK\n"); 804 BIO_printf(bio_err, "MAC verified OK\n");
805 } 805 }
806 if (!dump_certs_keys_p12(out, p12, cpass, -1, pkcs12_config.options, 806 if (!dump_certs_keys_p12(out, p12, cpass, -1, cfg.options,
807 passout)) { 807 passout)) {
808 BIO_printf(bio_err, "Error outputting keys and certificates\n"); 808 BIO_printf(bio_err, "Error outputting keys and certificates\n");
809 ERR_print_errors(bio_err); 809 ERR_print_errors(bio_err);
@@ -814,7 +814,7 @@ pkcs12_main(int argc, char **argv)
814 PKCS12_free(p12); 814 PKCS12_free(p12);
815 BIO_free(in); 815 BIO_free(in);
816 BIO_free_all(out); 816 BIO_free_all(out);
817 sk_OPENSSL_STRING_free(pkcs12_config.canames); 817 sk_OPENSSL_STRING_free(cfg.canames);
818 free(passin); 818 free(passin);
819 free(passout); 819 free(passout);
820 820
@@ -907,7 +907,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen,
907 if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) 907 if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
908 return 0; 908 return 0;
909 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); 909 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
910 PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, 910 PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0,
911 NULL, pempass); 911 NULL, pempass);
912 EVP_PKEY_free(pkey); 912 EVP_PKEY_free(pkey);
913 break; 913 break;
@@ -938,7 +938,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen,
938 } 938 }
939 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); 939 print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
940 PKCS8_PRIV_KEY_INFO_free(p8); 940 PKCS8_PRIV_KEY_INFO_free(p8);
941 PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, 941 PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0,
942 NULL, pempass); 942 NULL, pempass);
943 EVP_PKEY_free(pkey); 943 EVP_PKEY_free(pkey);
944 break; 944 break;
diff --git a/src/usr.bin/openssl/pkcs7.c b/src/usr.bin/openssl/pkcs7.c
index b0acf3fd98..4e66855a8d 100644
--- a/src/usr.bin/openssl/pkcs7.c
+++ b/src/usr.bin/openssl/pkcs7.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs7.c,v 1.13 2023/02/08 07:59:24 tb Exp $ */ 1/* $OpenBSD: pkcs7.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -79,7 +79,7 @@ static struct {
79 int p7_print; 79 int p7_print;
80 int print_certs; 80 int print_certs;
81 int text; 81 int text;
82} pkcs7_config; 82} cfg;
83 83
84static const struct option pkcs7_options[] = { 84static const struct option pkcs7_options[] = {
85 { 85 {
@@ -87,52 +87,52 @@ static const struct option pkcs7_options[] = {
87 .argname = "file", 87 .argname = "file",
88 .desc = "Input file (default stdin)", 88 .desc = "Input file (default stdin)",
89 .type = OPTION_ARG, 89 .type = OPTION_ARG,
90 .opt.arg = &pkcs7_config.infile, 90 .opt.arg = &cfg.infile,
91 }, 91 },
92 { 92 {
93 .name = "inform", 93 .name = "inform",
94 .argname = "format", 94 .argname = "format",
95 .desc = "Input format (DER or PEM (default))", 95 .desc = "Input format (DER or PEM (default))",
96 .type = OPTION_ARG_FORMAT, 96 .type = OPTION_ARG_FORMAT,
97 .opt.value = &pkcs7_config.informat, 97 .opt.value = &cfg.informat,
98 }, 98 },
99 { 99 {
100 .name = "noout", 100 .name = "noout",
101 .desc = "Do not output encoded version of PKCS#7 structure", 101 .desc = "Do not output encoded version of PKCS#7 structure",
102 .type = OPTION_FLAG, 102 .type = OPTION_FLAG,
103 .opt.flag = &pkcs7_config.noout, 103 .opt.flag = &cfg.noout,
104 }, 104 },
105 { 105 {
106 .name = "out", 106 .name = "out",
107 .argname = "file", 107 .argname = "file",
108 .desc = "Output file (default stdout)", 108 .desc = "Output file (default stdout)",
109 .type = OPTION_ARG, 109 .type = OPTION_ARG,
110 .opt.arg = &pkcs7_config.outfile, 110 .opt.arg = &cfg.outfile,
111 }, 111 },
112 { 112 {
113 .name = "outform", 113 .name = "outform",
114 .argname = "format", 114 .argname = "format",
115 .desc = "Output format (DER or PEM (default))", 115 .desc = "Output format (DER or PEM (default))",
116 .type = OPTION_ARG_FORMAT, 116 .type = OPTION_ARG_FORMAT,
117 .opt.value = &pkcs7_config.outformat, 117 .opt.value = &cfg.outformat,
118 }, 118 },
119 { 119 {
120 .name = "print", 120 .name = "print",
121 .desc = "Output ASN.1 representation of PKCS#7 structure", 121 .desc = "Output ASN.1 representation of PKCS#7 structure",
122 .type = OPTION_FLAG, 122 .type = OPTION_FLAG,
123 .opt.flag = &pkcs7_config.p7_print, 123 .opt.flag = &cfg.p7_print,
124 }, 124 },
125 { 125 {
126 .name = "print_certs", 126 .name = "print_certs",
127 .desc = "Print out any certificates or CRLs contained in file", 127 .desc = "Print out any certificates or CRLs contained in file",
128 .type = OPTION_FLAG, 128 .type = OPTION_FLAG,
129 .opt.flag = &pkcs7_config.print_certs, 129 .opt.flag = &cfg.print_certs,
130 }, 130 },
131 { 131 {
132 .name = "text", 132 .name = "text",
133 .desc = "Print out full certificate details", 133 .desc = "Print out full certificate details",
134 .type = OPTION_FLAG, 134 .type = OPTION_FLAG,
135 .opt.flag = &pkcs7_config.text, 135 .opt.flag = &cfg.text,
136 }, 136 },
137 { NULL }, 137 { NULL },
138}; 138};
@@ -159,10 +159,10 @@ pkcs7_main(int argc, char **argv)
159 exit(1); 159 exit(1);
160 } 160 }
161 161
162 memset(&pkcs7_config, 0, sizeof(pkcs7_config)); 162 memset(&cfg, 0, sizeof(cfg));
163 163
164 pkcs7_config.informat = FORMAT_PEM; 164 cfg.informat = FORMAT_PEM;
165 pkcs7_config.outformat = FORMAT_PEM; 165 cfg.outformat = FORMAT_PEM;
166 166
167 if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) { 167 if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) {
168 pkcs7_usage(); 168 pkcs7_usage();
@@ -175,18 +175,18 @@ pkcs7_main(int argc, char **argv)
175 ERR_print_errors(bio_err); 175 ERR_print_errors(bio_err);
176 goto end; 176 goto end;
177 } 177 }
178 if (pkcs7_config.infile == NULL) 178 if (cfg.infile == NULL)
179 BIO_set_fp(in, stdin, BIO_NOCLOSE); 179 BIO_set_fp(in, stdin, BIO_NOCLOSE);
180 else { 180 else {
181 if (BIO_read_filename(in, pkcs7_config.infile) <= 0) { 181 if (BIO_read_filename(in, cfg.infile) <= 0) {
182 perror(pkcs7_config.infile); 182 perror(cfg.infile);
183 goto end; 183 goto end;
184 } 184 }
185 } 185 }
186 186
187 if (pkcs7_config.informat == FORMAT_ASN1) 187 if (cfg.informat == FORMAT_ASN1)
188 p7 = d2i_PKCS7_bio(in, NULL); 188 p7 = d2i_PKCS7_bio(in, NULL);
189 else if (pkcs7_config.informat == FORMAT_PEM) 189 else if (cfg.informat == FORMAT_PEM)
190 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); 190 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
191 else { 191 else {
192 BIO_printf(bio_err, "bad input format specified for pkcs7 object\n"); 192 BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
@@ -197,19 +197,19 @@ pkcs7_main(int argc, char **argv)
197 ERR_print_errors(bio_err); 197 ERR_print_errors(bio_err);
198 goto end; 198 goto end;
199 } 199 }
200 if (pkcs7_config.outfile == NULL) { 200 if (cfg.outfile == NULL) {
201 BIO_set_fp(out, stdout, BIO_NOCLOSE); 201 BIO_set_fp(out, stdout, BIO_NOCLOSE);
202 } else { 202 } else {
203 if (BIO_write_filename(out, pkcs7_config.outfile) <= 0) { 203 if (BIO_write_filename(out, cfg.outfile) <= 0) {
204 perror(pkcs7_config.outfile); 204 perror(cfg.outfile);
205 goto end; 205 goto end;
206 } 206 }
207 } 207 }
208 208
209 if (pkcs7_config.p7_print) 209 if (cfg.p7_print)
210 PKCS7_print_ctx(out, p7, 0, NULL); 210 PKCS7_print_ctx(out, p7, 0, NULL);
211 211
212 if (pkcs7_config.print_certs) { 212 if (cfg.print_certs) {
213 STACK_OF(X509) * certs = NULL; 213 STACK_OF(X509) * certs = NULL;
214 STACK_OF(X509_CRL) * crls = NULL; 214 STACK_OF(X509_CRL) * crls = NULL;
215 215
@@ -236,12 +236,12 @@ pkcs7_main(int argc, char **argv)
236 236
237 for (i = 0; i < sk_X509_num(certs); i++) { 237 for (i = 0; i < sk_X509_num(certs); i++) {
238 x = sk_X509_value(certs, i); 238 x = sk_X509_value(certs, i);
239 if (pkcs7_config.text) 239 if (cfg.text)
240 X509_print(out, x); 240 X509_print(out, x);
241 else 241 else
242 dump_cert_text(out, x); 242 dump_cert_text(out, x);
243 243
244 if (!pkcs7_config.noout) 244 if (!cfg.noout)
245 PEM_write_bio_X509(out, x); 245 PEM_write_bio_X509(out, x);
246 BIO_puts(out, "\n"); 246 BIO_puts(out, "\n");
247 } 247 }
@@ -254,7 +254,7 @@ pkcs7_main(int argc, char **argv)
254 254
255 X509_CRL_print(out, crl); 255 X509_CRL_print(out, crl);
256 256
257 if (!pkcs7_config.noout) 257 if (!cfg.noout)
258 PEM_write_bio_X509_CRL(out, crl); 258 PEM_write_bio_X509_CRL(out, crl);
259 BIO_puts(out, "\n"); 259 BIO_puts(out, "\n");
260 } 260 }
@@ -262,10 +262,10 @@ pkcs7_main(int argc, char **argv)
262 ret = 0; 262 ret = 0;
263 goto end; 263 goto end;
264 } 264 }
265 if (!pkcs7_config.noout) { 265 if (!cfg.noout) {
266 if (pkcs7_config.outformat == FORMAT_ASN1) 266 if (cfg.outformat == FORMAT_ASN1)
267 i = i2d_PKCS7_bio(out, p7); 267 i = i2d_PKCS7_bio(out, p7);
268 else if (pkcs7_config.outformat == FORMAT_PEM) 268 else if (cfg.outformat == FORMAT_PEM)
269 i = PEM_write_bio_PKCS7(out, p7); 269 i = PEM_write_bio_PKCS7(out, p7);
270 else { 270 else {
271 BIO_printf(bio_err, "bad output format specified for outfile\n"); 271 BIO_printf(bio_err, "bad output format specified for outfile\n");
diff --git a/src/usr.bin/openssl/pkcs8.c b/src/usr.bin/openssl/pkcs8.c
index ea12230006..d78202e03f 100644
--- a/src/usr.bin/openssl/pkcs8.c
+++ b/src/usr.bin/openssl/pkcs8.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs8.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: pkcs8.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999-2004. 3 * project 1999-2004.
4 */ 4 */
@@ -79,12 +79,12 @@ static struct {
79 char *passargout; 79 char *passargout;
80 int pbe_nid; 80 int pbe_nid;
81 int topk8; 81 int topk8;
82} pkcs8_config; 82} cfg;
83 83
84static int 84static int
85pkcs8_opt_v1(char *arg) 85pkcs8_opt_v1(char *arg)
86{ 86{
87 if ((pkcs8_config.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) { 87 if ((cfg.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) {
88 fprintf(stderr, "Unknown PBE algorithm '%s'\n", arg); 88 fprintf(stderr, "Unknown PBE algorithm '%s'\n", arg);
89 return (1); 89 return (1);
90 } 90 }
@@ -95,7 +95,7 @@ pkcs8_opt_v1(char *arg)
95static int 95static int
96pkcs8_opt_v2(char *arg) 96pkcs8_opt_v2(char *arg)
97{ 97{
98 if ((pkcs8_config.cipher = EVP_get_cipherbyname(arg)) == NULL) { 98 if ((cfg.cipher = EVP_get_cipherbyname(arg)) == NULL) {
99 fprintf(stderr, "Unknown cipher '%s'\n", arg); 99 fprintf(stderr, "Unknown cipher '%s'\n", arg);
100 return (1); 100 return (1);
101 } 101 }
@@ -109,62 +109,62 @@ static const struct option pkcs8_options[] = {
109 .argname = "file", 109 .argname = "file",
110 .desc = "Input file (default stdin)", 110 .desc = "Input file (default stdin)",
111 .type = OPTION_ARG, 111 .type = OPTION_ARG,
112 .opt.arg = &pkcs8_config.infile, 112 .opt.arg = &cfg.infile,
113 }, 113 },
114 { 114 {
115 .name = "inform", 115 .name = "inform",
116 .argname = "der | pem", 116 .argname = "der | pem",
117 .desc = "Input format (default PEM)", 117 .desc = "Input format (default PEM)",
118 .type = OPTION_ARG_FORMAT, 118 .type = OPTION_ARG_FORMAT,
119 .opt.value = &pkcs8_config.informat, 119 .opt.value = &cfg.informat,
120 }, 120 },
121 { 121 {
122 .name = "nocrypt", 122 .name = "nocrypt",
123 .desc = "Use or expect unencrypted private key", 123 .desc = "Use or expect unencrypted private key",
124 .type = OPTION_FLAG, 124 .type = OPTION_FLAG,
125 .opt.flag = &pkcs8_config.nocrypt, 125 .opt.flag = &cfg.nocrypt,
126 }, 126 },
127 { 127 {
128 .name = "noiter", 128 .name = "noiter",
129 .desc = "Use 1 as iteration count", 129 .desc = "Use 1 as iteration count",
130 .type = OPTION_VALUE, 130 .type = OPTION_VALUE,
131 .value = 1, 131 .value = 1,
132 .opt.value = &pkcs8_config.iter, 132 .opt.value = &cfg.iter,
133 }, 133 },
134 { 134 {
135 .name = "out", 135 .name = "out",
136 .argname = "file", 136 .argname = "file",
137 .desc = "Output file (default stdout)", 137 .desc = "Output file (default stdout)",
138 .type = OPTION_ARG, 138 .type = OPTION_ARG,
139 .opt.arg = &pkcs8_config.outfile, 139 .opt.arg = &cfg.outfile,
140 }, 140 },
141 { 141 {
142 .name = "outform", 142 .name = "outform",
143 .argname = "der | pem", 143 .argname = "der | pem",
144 .desc = "Output format (default PEM)", 144 .desc = "Output format (default PEM)",
145 .type = OPTION_ARG_FORMAT, 145 .type = OPTION_ARG_FORMAT,
146 .opt.value = &pkcs8_config.outformat, 146 .opt.value = &cfg.outformat,
147 }, 147 },
148 { 148 {
149 .name = "passin", 149 .name = "passin",
150 .argname = "source", 150 .argname = "source",
151 .desc = "Input file passphrase source", 151 .desc = "Input file passphrase source",
152 .type = OPTION_ARG, 152 .type = OPTION_ARG,
153 .opt.arg = &pkcs8_config.passargin, 153 .opt.arg = &cfg.passargin,
154 }, 154 },
155 { 155 {
156 .name = "passout", 156 .name = "passout",
157 .argname = "source", 157 .argname = "source",
158 .desc = "Output file passphrase source", 158 .desc = "Output file passphrase source",
159 .type = OPTION_ARG, 159 .type = OPTION_ARG,
160 .opt.arg = &pkcs8_config.passargout, 160 .opt.arg = &cfg.passargout,
161 }, 161 },
162 { 162 {
163 .name = "topk8", 163 .name = "topk8",
164 .desc = "Read traditional format key and write PKCS#8 format" 164 .desc = "Read traditional format key and write PKCS#8 format"
165 " key", 165 " key",
166 .type = OPTION_FLAG, 166 .type = OPTION_FLAG,
167 .opt.flag = &pkcs8_config.topk8, 167 .opt.flag = &cfg.topk8,
168 }, 168 },
169 { 169 {
170 .name = "v1", 170 .name = "v1",
@@ -208,48 +208,48 @@ pkcs8_main(int argc, char **argv)
208 exit(1); 208 exit(1);
209 } 209 }
210 210
211 memset(&pkcs8_config, 0, sizeof(pkcs8_config)); 211 memset(&cfg, 0, sizeof(cfg));
212 212
213 pkcs8_config.iter = PKCS12_DEFAULT_ITER; 213 cfg.iter = PKCS12_DEFAULT_ITER;
214 pkcs8_config.informat = FORMAT_PEM; 214 cfg.informat = FORMAT_PEM;
215 pkcs8_config.outformat = FORMAT_PEM; 215 cfg.outformat = FORMAT_PEM;
216 pkcs8_config.pbe_nid = -1; 216 cfg.pbe_nid = -1;
217 217
218 if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) { 218 if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) {
219 pkcs8_usage(); 219 pkcs8_usage();
220 return (1); 220 return (1);
221 } 221 }
222 222
223 if (!app_passwd(bio_err, pkcs8_config.passargin, 223 if (!app_passwd(bio_err, cfg.passargin,
224 pkcs8_config.passargout, &passin, &passout)) { 224 cfg.passargout, &passin, &passout)) {
225 BIO_printf(bio_err, "Error getting passwords\n"); 225 BIO_printf(bio_err, "Error getting passwords\n");
226 goto end; 226 goto end;
227 } 227 }
228 if ((pkcs8_config.pbe_nid == -1) && !pkcs8_config.cipher) 228 if ((cfg.pbe_nid == -1) && !cfg.cipher)
229 pkcs8_config.pbe_nid = NID_pbeWithMD5AndDES_CBC; 229 cfg.pbe_nid = NID_pbeWithMD5AndDES_CBC;
230 230
231 if (pkcs8_config.infile) { 231 if (cfg.infile) {
232 if (!(in = BIO_new_file(pkcs8_config.infile, "rb"))) { 232 if (!(in = BIO_new_file(cfg.infile, "rb"))) {
233 BIO_printf(bio_err, 233 BIO_printf(bio_err,
234 "Can't open input file '%s'\n", 234 "Can't open input file '%s'\n",
235 pkcs8_config.infile); 235 cfg.infile);
236 goto end; 236 goto end;
237 } 237 }
238 } else 238 } else
239 in = BIO_new_fp(stdin, BIO_NOCLOSE); 239 in = BIO_new_fp(stdin, BIO_NOCLOSE);
240 240
241 if (pkcs8_config.outfile) { 241 if (cfg.outfile) {
242 if (!(out = BIO_new_file(pkcs8_config.outfile, "wb"))) { 242 if (!(out = BIO_new_file(cfg.outfile, "wb"))) {
243 BIO_printf(bio_err, "Can't open output file '%s'\n", 243 BIO_printf(bio_err, "Can't open output file '%s'\n",
244 pkcs8_config.outfile); 244 cfg.outfile);
245 goto end; 245 goto end;
246 } 246 }
247 } else { 247 } else {
248 out = BIO_new_fp(stdout, BIO_NOCLOSE); 248 out = BIO_new_fp(stdout, BIO_NOCLOSE);
249 } 249 }
250 if (pkcs8_config.topk8) { 250 if (cfg.topk8) {
251 pkey = load_key(bio_err, pkcs8_config.infile, 251 pkey = load_key(bio_err, cfg.infile,
252 pkcs8_config.informat, 1, passin, "key"); 252 cfg.informat, 1, passin, "key");
253 if (!pkey) 253 if (!pkey)
254 goto end; 254 goto end;
255 if (!(p8inf = EVP_PKEY2PKCS8(pkey))) { 255 if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
@@ -257,10 +257,10 @@ pkcs8_main(int argc, char **argv)
257 ERR_print_errors(bio_err); 257 ERR_print_errors(bio_err);
258 goto end; 258 goto end;
259 } 259 }
260 if (pkcs8_config.nocrypt) { 260 if (cfg.nocrypt) {
261 if (pkcs8_config.outformat == FORMAT_PEM) 261 if (cfg.outformat == FORMAT_PEM)
262 PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); 262 PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
263 else if (pkcs8_config.outformat == FORMAT_ASN1) 263 else if (cfg.outformat == FORMAT_ASN1)
264 i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); 264 i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
265 else { 265 else {
266 BIO_printf(bio_err, 266 BIO_printf(bio_err,
@@ -276,16 +276,16 @@ pkcs8_main(int argc, char **argv)
276 "Enter Encryption Password:", 1)) 276 "Enter Encryption Password:", 1))
277 goto end; 277 goto end;
278 } 278 }
279 if (!(p8 = PKCS8_encrypt(pkcs8_config.pbe_nid, 279 if (!(p8 = PKCS8_encrypt(cfg.pbe_nid,
280 pkcs8_config.cipher, p8pass, strlen(p8pass), 280 cfg.cipher, p8pass, strlen(p8pass),
281 NULL, 0, pkcs8_config.iter, p8inf))) { 281 NULL, 0, cfg.iter, p8inf))) {
282 BIO_printf(bio_err, "Error encrypting key\n"); 282 BIO_printf(bio_err, "Error encrypting key\n");
283 ERR_print_errors(bio_err); 283 ERR_print_errors(bio_err);
284 goto end; 284 goto end;
285 } 285 }
286 if (pkcs8_config.outformat == FORMAT_PEM) 286 if (cfg.outformat == FORMAT_PEM)
287 PEM_write_bio_PKCS8(out, p8); 287 PEM_write_bio_PKCS8(out, p8);
288 else if (pkcs8_config.outformat == FORMAT_ASN1) 288 else if (cfg.outformat == FORMAT_ASN1)
289 i2d_PKCS8_bio(out, p8); 289 i2d_PKCS8_bio(out, p8);
290 else { 290 else {
291 BIO_printf(bio_err, 291 BIO_printf(bio_err,
@@ -297,20 +297,20 @@ pkcs8_main(int argc, char **argv)
297 ret = 0; 297 ret = 0;
298 goto end; 298 goto end;
299 } 299 }
300 if (pkcs8_config.nocrypt) { 300 if (cfg.nocrypt) {
301 if (pkcs8_config.informat == FORMAT_PEM) 301 if (cfg.informat == FORMAT_PEM)
302 p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, 302 p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL,
303 NULL, NULL); 303 NULL, NULL);
304 else if (pkcs8_config.informat == FORMAT_ASN1) 304 else if (cfg.informat == FORMAT_ASN1)
305 p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); 305 p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
306 else { 306 else {
307 BIO_printf(bio_err, "Bad format specified for key\n"); 307 BIO_printf(bio_err, "Bad format specified for key\n");
308 goto end; 308 goto end;
309 } 309 }
310 } else { 310 } else {
311 if (pkcs8_config.informat == FORMAT_PEM) 311 if (cfg.informat == FORMAT_PEM)
312 p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); 312 p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
313 else if (pkcs8_config.informat == FORMAT_ASN1) 313 else if (cfg.informat == FORMAT_ASN1)
314 p8 = d2i_PKCS8_bio(in, NULL); 314 p8 = d2i_PKCS8_bio(in, NULL);
315 else { 315 else {
316 BIO_printf(bio_err, "Bad format specified for key\n"); 316 BIO_printf(bio_err, "Bad format specified for key\n");
@@ -342,10 +342,10 @@ pkcs8_main(int argc, char **argv)
342 ERR_print_errors(bio_err); 342 ERR_print_errors(bio_err);
343 goto end; 343 goto end;
344 } 344 }
345 if (pkcs8_config.outformat == FORMAT_PEM) 345 if (cfg.outformat == FORMAT_PEM)
346 PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, 346 PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL,
347 passout); 347 passout);
348 else if (pkcs8_config.outformat == FORMAT_ASN1) 348 else if (cfg.outformat == FORMAT_ASN1)
349 i2d_PrivateKey_bio(out, pkey); 349 i2d_PrivateKey_bio(out, pkey);
350 else { 350 else {
351 BIO_printf(bio_err, "Bad format specified for key\n"); 351 BIO_printf(bio_err, "Bad format specified for key\n");
diff --git a/src/usr.bin/openssl/pkey.c b/src/usr.bin/openssl/pkey.c
index 2d9b69f5c3..cb558f5ac8 100644
--- a/src/usr.bin/openssl/pkey.c
+++ b/src/usr.bin/openssl/pkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkey.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: pkey.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -80,7 +80,7 @@ static struct {
80 int pubout; 80 int pubout;
81 int pubtext; 81 int pubtext;
82 int text; 82 int text;
83} pkey_config; 83} cfg;
84 84
85static int 85static int
86pkey_opt_cipher(int argc, char **argv, int *argsused) 86pkey_opt_cipher(int argc, char **argv, int *argsused)
@@ -90,7 +90,7 @@ pkey_opt_cipher(int argc, char **argv, int *argsused)
90 if (*name++ != '-') 90 if (*name++ != '-')
91 return (1); 91 return (1);
92 92
93 if ((pkey_config.cipher = EVP_get_cipherbyname(name)) == NULL) { 93 if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) {
94 BIO_printf(bio_err, "Unknown cipher %s\n", name); 94 BIO_printf(bio_err, "Unknown cipher %s\n", name);
95 return (1); 95 return (1);
96 } 96 }
@@ -104,87 +104,87 @@ static const struct option pkey_options[] = {
104 .name = "check", 104 .name = "check",
105 .desc = "Check validity of key", 105 .desc = "Check validity of key",
106 .type = OPTION_FLAG, 106 .type = OPTION_FLAG,
107 .opt.flag = &pkey_config.check, 107 .opt.flag = &cfg.check,
108 }, 108 },
109 { 109 {
110 .name = "in", 110 .name = "in",
111 .argname = "file", 111 .argname = "file",
112 .desc = "Input file (default stdin)", 112 .desc = "Input file (default stdin)",
113 .type = OPTION_ARG, 113 .type = OPTION_ARG,
114 .opt.arg = &pkey_config.infile, 114 .opt.arg = &cfg.infile,
115 }, 115 },
116 { 116 {
117 .name = "inform", 117 .name = "inform",
118 .argname = "format", 118 .argname = "format",
119 .desc = "Input format (DER or PEM (default))", 119 .desc = "Input format (DER or PEM (default))",
120 .type = OPTION_ARG_FORMAT, 120 .type = OPTION_ARG_FORMAT,
121 .opt.value = &pkey_config.informat, 121 .opt.value = &cfg.informat,
122 }, 122 },
123 { 123 {
124 .name = "noout", 124 .name = "noout",
125 .desc = "Do not print encoded version of the key", 125 .desc = "Do not print encoded version of the key",
126 .type = OPTION_FLAG, 126 .type = OPTION_FLAG,
127 .opt.flag = &pkey_config.noout, 127 .opt.flag = &cfg.noout,
128 }, 128 },
129 { 129 {
130 .name = "out", 130 .name = "out",
131 .argname = "file", 131 .argname = "file",
132 .desc = "Output file (default stdout)", 132 .desc = "Output file (default stdout)",
133 .type = OPTION_ARG, 133 .type = OPTION_ARG,
134 .opt.arg = &pkey_config.outfile, 134 .opt.arg = &cfg.outfile,
135 }, 135 },
136 { 136 {
137 .name = "outform", 137 .name = "outform",
138 .argname = "format", 138 .argname = "format",
139 .desc = "Output format (DER or PEM (default))", 139 .desc = "Output format (DER or PEM (default))",
140 .type = OPTION_ARG_FORMAT, 140 .type = OPTION_ARG_FORMAT,
141 .opt.value = &pkey_config.outformat, 141 .opt.value = &cfg.outformat,
142 }, 142 },
143 { 143 {
144 .name = "passin", 144 .name = "passin",
145 .argname = "src", 145 .argname = "src",
146 .desc = "Input file passphrase source", 146 .desc = "Input file passphrase source",
147 .type = OPTION_ARG, 147 .type = OPTION_ARG,
148 .opt.arg = &pkey_config.passargin, 148 .opt.arg = &cfg.passargin,
149 }, 149 },
150 { 150 {
151 .name = "passout", 151 .name = "passout",
152 .argname = "src", 152 .argname = "src",
153 .desc = "Output file passphrase source", 153 .desc = "Output file passphrase source",
154 .type = OPTION_ARG, 154 .type = OPTION_ARG,
155 .opt.arg = &pkey_config.passargout, 155 .opt.arg = &cfg.passargout,
156 }, 156 },
157 { 157 {
158 .name = "pubcheck", 158 .name = "pubcheck",
159 .desc = "Check validity of public key", 159 .desc = "Check validity of public key",
160 .type = OPTION_FLAG, 160 .type = OPTION_FLAG,
161 .opt.flag = &pkey_config.pubcheck, 161 .opt.flag = &cfg.pubcheck,
162 }, 162 },
163 { 163 {
164 .name = "pubin", 164 .name = "pubin",
165 .desc = "Expect a public key (default private key)", 165 .desc = "Expect a public key (default private key)",
166 .type = OPTION_VALUE, 166 .type = OPTION_VALUE,
167 .value = 1, 167 .value = 1,
168 .opt.value = &pkey_config.pubin, 168 .opt.value = &cfg.pubin,
169 }, 169 },
170 { 170 {
171 .name = "pubout", 171 .name = "pubout",
172 .desc = "Output a public key (default private key)", 172 .desc = "Output a public key (default private key)",
173 .type = OPTION_VALUE, 173 .type = OPTION_VALUE,
174 .value = 1, 174 .value = 1,
175 .opt.value = &pkey_config.pubout, 175 .opt.value = &cfg.pubout,
176 }, 176 },
177 { 177 {
178 .name = "text", 178 .name = "text",
179 .desc = "Print the public/private key in plain text", 179 .desc = "Print the public/private key in plain text",
180 .type = OPTION_FLAG, 180 .type = OPTION_FLAG,
181 .opt.flag = &pkey_config.text, 181 .opt.flag = &cfg.text,
182 }, 182 },
183 { 183 {
184 .name = "text_pub", 184 .name = "text_pub",
185 .desc = "Print out only public key in plain text", 185 .desc = "Print out only public key in plain text",
186 .type = OPTION_FLAG, 186 .type = OPTION_FLAG,
187 .opt.flag = &pkey_config.pubtext, 187 .opt.flag = &cfg.pubtext,
188 }, 188 },
189 { 189 {
190 .name = NULL, 190 .name = NULL,
@@ -226,61 +226,61 @@ pkey_main(int argc, char **argv)
226 exit(1); 226 exit(1);
227 } 227 }
228 228
229 memset(&pkey_config, 0, sizeof(pkey_config)); 229 memset(&cfg, 0, sizeof(cfg));
230 pkey_config.informat = FORMAT_PEM; 230 cfg.informat = FORMAT_PEM;
231 pkey_config.outformat = FORMAT_PEM; 231 cfg.outformat = FORMAT_PEM;
232 232
233 if (options_parse(argc, argv, pkey_options, NULL, NULL) != 0) { 233 if (options_parse(argc, argv, pkey_options, NULL, NULL) != 0) {
234 pkey_usage(); 234 pkey_usage();
235 goto end; 235 goto end;
236 } 236 }
237 237
238 if (pkey_config.pubtext) 238 if (cfg.pubtext)
239 pkey_config.text = 1; 239 cfg.text = 1;
240 if (pkey_config.pubin) 240 if (cfg.pubin)
241 pkey_config.pubout = pkey_config.pubtext = 1; 241 cfg.pubout = cfg.pubtext = 1;
242 242
243 if (!app_passwd(bio_err, pkey_config.passargin, pkey_config.passargout, 243 if (!app_passwd(bio_err, cfg.passargin, cfg.passargout,
244 &passin, &passout)) { 244 &passin, &passout)) {
245 BIO_printf(bio_err, "Error getting passwords\n"); 245 BIO_printf(bio_err, "Error getting passwords\n");
246 goto end; 246 goto end;
247 } 247 }
248 if (pkey_config.outfile) { 248 if (cfg.outfile) {
249 if (!(out = BIO_new_file(pkey_config.outfile, "wb"))) { 249 if (!(out = BIO_new_file(cfg.outfile, "wb"))) {
250 BIO_printf(bio_err, 250 BIO_printf(bio_err,
251 "Can't open output file %s\n", pkey_config.outfile); 251 "Can't open output file %s\n", cfg.outfile);
252 goto end; 252 goto end;
253 } 253 }
254 } else { 254 } else {
255 out = BIO_new_fp(stdout, BIO_NOCLOSE); 255 out = BIO_new_fp(stdout, BIO_NOCLOSE);
256 } 256 }
257 257
258 if (pkey_config.pubin) 258 if (cfg.pubin)
259 pkey = load_pubkey(bio_err, pkey_config.infile, 259 pkey = load_pubkey(bio_err, cfg.infile,
260 pkey_config.informat, 1, passin, "Public Key"); 260 cfg.informat, 1, passin, "Public Key");
261 else 261 else
262 pkey = load_key(bio_err, pkey_config.infile, 262 pkey = load_key(bio_err, cfg.infile,
263 pkey_config.informat, 1, passin, "key"); 263 cfg.informat, 1, passin, "key");
264 if (!pkey) 264 if (!pkey)
265 goto end; 265 goto end;
266 266
267 if (pkey_config.check) { 267 if (cfg.check) {
268 if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair")) 268 if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair"))
269 goto end; 269 goto end;
270 } else if (pkey_config.pubcheck) { 270 } else if (cfg.pubcheck) {
271 if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key")) 271 if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key"))
272 goto end; 272 goto end;
273 } 273 }
274 274
275 if (!pkey_config.noout) { 275 if (!cfg.noout) {
276 if (pkey_config.outformat == FORMAT_PEM) { 276 if (cfg.outformat == FORMAT_PEM) {
277 if (pkey_config.pubout) 277 if (cfg.pubout)
278 PEM_write_bio_PUBKEY(out, pkey); 278 PEM_write_bio_PUBKEY(out, pkey);
279 else 279 else
280 PEM_write_bio_PrivateKey(out, pkey, 280 PEM_write_bio_PrivateKey(out, pkey,
281 pkey_config.cipher, NULL, 0, NULL, passout); 281 cfg.cipher, NULL, 0, NULL, passout);
282 } else if (pkey_config.outformat == FORMAT_ASN1) { 282 } else if (cfg.outformat == FORMAT_ASN1) {
283 if (pkey_config.pubout) 283 if (cfg.pubout)
284 i2d_PUBKEY_bio(out, pkey); 284 i2d_PUBKEY_bio(out, pkey);
285 else 285 else
286 i2d_PrivateKey_bio(out, pkey); 286 i2d_PrivateKey_bio(out, pkey);
@@ -290,8 +290,8 @@ pkey_main(int argc, char **argv)
290 } 290 }
291 291
292 } 292 }
293 if (pkey_config.text) { 293 if (cfg.text) {
294 if (pkey_config.pubtext) 294 if (cfg.pubtext)
295 EVP_PKEY_print_public(out, pkey, 0, NULL); 295 EVP_PKEY_print_public(out, pkey, 0, NULL);
296 else 296 else
297 EVP_PKEY_print_private(out, pkey, 0, NULL); 297 EVP_PKEY_print_private(out, pkey, 0, NULL);
diff --git a/src/usr.bin/openssl/pkeyparam.c b/src/usr.bin/openssl/pkeyparam.c
index 57b5ad8042..946195640e 100644
--- a/src/usr.bin/openssl/pkeyparam.c
+++ b/src/usr.bin/openssl/pkeyparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkeyparam.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: pkeyparam.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -71,40 +71,40 @@ static struct {
71 int noout; 71 int noout;
72 char *outfile; 72 char *outfile;
73 int text; 73 int text;
74} pkeyparam_config; 74} cfg;
75 75
76static const struct option pkeyparam_options[] = { 76static const struct option pkeyparam_options[] = {
77 { 77 {
78 .name = "check", 78 .name = "check",
79 .desc = "Check validity of key parameters", 79 .desc = "Check validity of key parameters",
80 .type = OPTION_FLAG, 80 .type = OPTION_FLAG,
81 .opt.flag = &pkeyparam_config.check, 81 .opt.flag = &cfg.check,
82 }, 82 },
83 { 83 {
84 .name = "in", 84 .name = "in",
85 .argname = "file", 85 .argname = "file",
86 .desc = "Input file (default stdin)", 86 .desc = "Input file (default stdin)",
87 .type = OPTION_ARG, 87 .type = OPTION_ARG,
88 .opt.arg = &pkeyparam_config.infile, 88 .opt.arg = &cfg.infile,
89 }, 89 },
90 { 90 {
91 .name = "noout", 91 .name = "noout",
92 .desc = "Do not print encoded version of the parameters", 92 .desc = "Do not print encoded version of the parameters",
93 .type = OPTION_FLAG, 93 .type = OPTION_FLAG,
94 .opt.flag = &pkeyparam_config.noout, 94 .opt.flag = &cfg.noout,
95 }, 95 },
96 { 96 {
97 .name = "out", 97 .name = "out",
98 .argname = "file", 98 .argname = "file",
99 .desc = "Output file (default stdout)", 99 .desc = "Output file (default stdout)",
100 .type = OPTION_ARG, 100 .type = OPTION_ARG,
101 .opt.arg = &pkeyparam_config.outfile, 101 .opt.arg = &cfg.outfile,
102 }, 102 },
103 { 103 {
104 .name = "text", 104 .name = "text",
105 .desc = "Print out the parameters in plain text", 105 .desc = "Print out the parameters in plain text",
106 .type = OPTION_FLAG, 106 .type = OPTION_FLAG,
107 .opt.flag = &pkeyparam_config.text, 107 .opt.flag = &cfg.text,
108 }, 108 },
109 { NULL }, 109 { NULL },
110}; 110};
@@ -130,26 +130,26 @@ pkeyparam_main(int argc, char **argv)
130 exit(1); 130 exit(1);
131 } 131 }
132 132
133 memset(&pkeyparam_config, 0, sizeof(pkeyparam_config)); 133 memset(&cfg, 0, sizeof(cfg));
134 134
135 if (options_parse(argc, argv, pkeyparam_options, NULL, NULL) != 0) { 135 if (options_parse(argc, argv, pkeyparam_options, NULL, NULL) != 0) {
136 pkeyparam_usage(); 136 pkeyparam_usage();
137 return (1); 137 return (1);
138 } 138 }
139 139
140 if (pkeyparam_config.infile) { 140 if (cfg.infile) {
141 if (!(in = BIO_new_file(pkeyparam_config.infile, "r"))) { 141 if (!(in = BIO_new_file(cfg.infile, "r"))) {
142 BIO_printf(bio_err, "Can't open input file %s\n", 142 BIO_printf(bio_err, "Can't open input file %s\n",
143 pkeyparam_config.infile); 143 cfg.infile);
144 goto end; 144 goto end;
145 } 145 }
146 } else 146 } else
147 in = BIO_new_fp(stdin, BIO_NOCLOSE); 147 in = BIO_new_fp(stdin, BIO_NOCLOSE);
148 148
149 if (pkeyparam_config.outfile) { 149 if (cfg.outfile) {
150 if (!(out = BIO_new_file(pkeyparam_config.outfile, "w"))) { 150 if (!(out = BIO_new_file(cfg.outfile, "w"))) {
151 BIO_printf(bio_err, "Can't open output file %s\n", 151 BIO_printf(bio_err, "Can't open output file %s\n",
152 pkeyparam_config.outfile); 152 cfg.outfile);
153 goto end; 153 goto end;
154 } 154 }
155 } else { 155 } else {
@@ -163,15 +163,15 @@ pkeyparam_main(int argc, char **argv)
163 goto end; 163 goto end;
164 } 164 }
165 165
166 if (pkeyparam_config.check) { 166 if (cfg.check) {
167 if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters")) 167 if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters"))
168 goto end; 168 goto end;
169 } 169 }
170 170
171 if (!pkeyparam_config.noout) 171 if (!cfg.noout)
172 PEM_write_bio_Parameters(out, pkey); 172 PEM_write_bio_Parameters(out, pkey);
173 173
174 if (pkeyparam_config.text) 174 if (cfg.text)
175 EVP_PKEY_print_params(out, pkey, 0, NULL); 175 EVP_PKEY_print_params(out, pkey, 0, NULL);
176 176
177 ret = 0; 177 ret = 0;
diff --git a/src/usr.bin/openssl/pkeyutl.c b/src/usr.bin/openssl/pkeyutl.c
index 8c0fd28b29..efd0896c02 100644
--- a/src/usr.bin/openssl/pkeyutl.c
+++ b/src/usr.bin/openssl/pkeyutl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkeyutl.c,v 1.18 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: pkeyutl.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -82,7 +82,7 @@ static struct {
82 int pkey_op; 82 int pkey_op;
83 int rev; 83 int rev;
84 char *sigfile; 84 char *sigfile;
85} pkeyutl_config; 85} cfg;
86 86
87static void pkeyutl_usage(void); 87static void pkeyutl_usage(void);
88 88
@@ -101,48 +101,48 @@ static const struct option pkeyutl_options[] = {
101 .name = "asn1parse", 101 .name = "asn1parse",
102 .desc = "ASN.1 parse the output data", 102 .desc = "ASN.1 parse the output data",
103 .type = OPTION_FLAG, 103 .type = OPTION_FLAG,
104 .opt.flag = &pkeyutl_config.asn1parse, 104 .opt.flag = &cfg.asn1parse,
105 }, 105 },
106 { 106 {
107 .name = "certin", 107 .name = "certin",
108 .desc = "Input is a certificate containing a public key", 108 .desc = "Input is a certificate containing a public key",
109 .type = OPTION_VALUE, 109 .type = OPTION_VALUE,
110 .value = KEY_CERT, 110 .value = KEY_CERT,
111 .opt.value = &pkeyutl_config.key_type, 111 .opt.value = &cfg.key_type,
112 }, 112 },
113 { 113 {
114 .name = "decrypt", 114 .name = "decrypt",
115 .desc = "Decrypt the input data using a private key", 115 .desc = "Decrypt the input data using a private key",
116 .type = OPTION_VALUE, 116 .type = OPTION_VALUE,
117 .value = EVP_PKEY_OP_DECRYPT, 117 .value = EVP_PKEY_OP_DECRYPT,
118 .opt.value = &pkeyutl_config.pkey_op, 118 .opt.value = &cfg.pkey_op,
119 }, 119 },
120 { 120 {
121 .name = "derive", 121 .name = "derive",
122 .desc = "Derive a shared secret using the peer key", 122 .desc = "Derive a shared secret using the peer key",
123 .type = OPTION_VALUE, 123 .type = OPTION_VALUE,
124 .value = EVP_PKEY_OP_DERIVE, 124 .value = EVP_PKEY_OP_DERIVE,
125 .opt.value = &pkeyutl_config.pkey_op, 125 .opt.value = &cfg.pkey_op,
126 }, 126 },
127 { 127 {
128 .name = "encrypt", 128 .name = "encrypt",
129 .desc = "Encrypt the input data using a public key", 129 .desc = "Encrypt the input data using a public key",
130 .type = OPTION_VALUE, 130 .type = OPTION_VALUE,
131 .value = EVP_PKEY_OP_ENCRYPT, 131 .value = EVP_PKEY_OP_ENCRYPT,
132 .opt.value = &pkeyutl_config.pkey_op, 132 .opt.value = &cfg.pkey_op,
133 }, 133 },
134 { 134 {
135 .name = "hexdump", 135 .name = "hexdump",
136 .desc = "Hex dump the output data", 136 .desc = "Hex dump the output data",
137 .type = OPTION_FLAG, 137 .type = OPTION_FLAG,
138 .opt.flag = &pkeyutl_config.hexdump, 138 .opt.flag = &cfg.hexdump,
139 }, 139 },
140 { 140 {
141 .name = "in", 141 .name = "in",
142 .argname = "file", 142 .argname = "file",
143 .desc = "Input file (default stdin)", 143 .desc = "Input file (default stdin)",
144 .type = OPTION_ARG, 144 .type = OPTION_ARG,
145 .opt.arg = &pkeyutl_config.infile, 145 .opt.arg = &cfg.infile,
146 }, 146 },
147 { 147 {
148 .name = "inkey", 148 .name = "inkey",
@@ -156,28 +156,28 @@ static const struct option pkeyutl_options[] = {
156 .argname = "fmt", 156 .argname = "fmt",
157 .desc = "Input key format (DER or PEM (default))", 157 .desc = "Input key format (DER or PEM (default))",
158 .type = OPTION_ARG_FORMAT, 158 .type = OPTION_ARG_FORMAT,
159 .opt.value = &pkeyutl_config.keyform, 159 .opt.value = &cfg.keyform,
160 }, 160 },
161 { 161 {
162 .name = "out", 162 .name = "out",
163 .argname = "file", 163 .argname = "file",
164 .desc = "Output file (default stdout)", 164 .desc = "Output file (default stdout)",
165 .type = OPTION_ARG, 165 .type = OPTION_ARG,
166 .opt.arg = &pkeyutl_config.outfile, 166 .opt.arg = &cfg.outfile,
167 }, 167 },
168 { 168 {
169 .name = "passin", 169 .name = "passin",
170 .argname = "arg", 170 .argname = "arg",
171 .desc = "Key password source", 171 .desc = "Key password source",
172 .type = OPTION_ARG, 172 .type = OPTION_ARG,
173 .opt.arg = &pkeyutl_config.passargin, 173 .opt.arg = &cfg.passargin,
174 }, 174 },
175 { 175 {
176 .name = "peerform", 176 .name = "peerform",
177 .argname = "fmt", 177 .argname = "fmt",
178 .desc = "Input key format (DER or PEM (default))", 178 .desc = "Input key format (DER or PEM (default))",
179 .type = OPTION_ARG_FORMAT, 179 .type = OPTION_ARG_FORMAT,
180 .opt.value = &pkeyutl_config.peerform, 180 .opt.value = &cfg.peerform,
181 }, 181 },
182 { 182 {
183 .name = "peerkey", 183 .name = "peerkey",
@@ -198,41 +198,41 @@ static const struct option pkeyutl_options[] = {
198 .desc = "Input is a public key", 198 .desc = "Input is a public key",
199 .type = OPTION_VALUE, 199 .type = OPTION_VALUE,
200 .value = KEY_PUBKEY, 200 .value = KEY_PUBKEY,
201 .opt.value = &pkeyutl_config.key_type, 201 .opt.value = &cfg.key_type,
202 }, 202 },
203 { 203 {
204 .name = "rev", 204 .name = "rev",
205 .desc = "Reverse the input data", 205 .desc = "Reverse the input data",
206 .type = OPTION_FLAG, 206 .type = OPTION_FLAG,
207 .opt.flag = &pkeyutl_config.rev, 207 .opt.flag = &cfg.rev,
208 }, 208 },
209 { 209 {
210 .name = "sigfile", 210 .name = "sigfile",
211 .argname = "file", 211 .argname = "file",
212 .desc = "Signature file (verify operation only)", 212 .desc = "Signature file (verify operation only)",
213 .type = OPTION_ARG, 213 .type = OPTION_ARG,
214 .opt.arg = &pkeyutl_config.sigfile, 214 .opt.arg = &cfg.sigfile,
215 }, 215 },
216 { 216 {
217 .name = "sign", 217 .name = "sign",
218 .desc = "Sign the input data using private key", 218 .desc = "Sign the input data using private key",
219 .type = OPTION_VALUE, 219 .type = OPTION_VALUE,
220 .value = EVP_PKEY_OP_SIGN, 220 .value = EVP_PKEY_OP_SIGN,
221 .opt.value = &pkeyutl_config.pkey_op, 221 .opt.value = &cfg.pkey_op,
222 }, 222 },
223 { 223 {
224 .name = "verify", 224 .name = "verify",
225 .desc = "Verify the input data using public key", 225 .desc = "Verify the input data using public key",
226 .type = OPTION_VALUE, 226 .type = OPTION_VALUE,
227 .value = EVP_PKEY_OP_VERIFY, 227 .value = EVP_PKEY_OP_VERIFY,
228 .opt.value = &pkeyutl_config.pkey_op, 228 .opt.value = &cfg.pkey_op,
229 }, 229 },
230 { 230 {
231 .name = "verifyrecover", 231 .name = "verifyrecover",
232 .desc = "Verify with public key, recover original data", 232 .desc = "Verify with public key, recover original data",
233 .type = OPTION_VALUE, 233 .type = OPTION_VALUE,
234 .value = EVP_PKEY_OP_VERIFYRECOVER, 234 .value = EVP_PKEY_OP_VERIFYRECOVER,
235 .opt.value = &pkeyutl_config.pkey_op, 235 .opt.value = &cfg.pkey_op,
236 }, 236 },
237 237
238 {NULL}, 238 {NULL},
@@ -268,36 +268,36 @@ pkeyutl_main(int argc, char **argv)
268 exit(1); 268 exit(1);
269 } 269 }
270 270
271 memset(&pkeyutl_config, 0, sizeof(pkeyutl_config)); 271 memset(&cfg, 0, sizeof(cfg));
272 pkeyutl_config.pkey_op = EVP_PKEY_OP_SIGN; 272 cfg.pkey_op = EVP_PKEY_OP_SIGN;
273 pkeyutl_config.key_type = KEY_PRIVKEY; 273 cfg.key_type = KEY_PRIVKEY;
274 pkeyutl_config.keyform = FORMAT_PEM; 274 cfg.keyform = FORMAT_PEM;
275 pkeyutl_config.peerform = FORMAT_PEM; 275 cfg.peerform = FORMAT_PEM;
276 pkeyutl_config.keysize = -1; 276 cfg.keysize = -1;
277 277
278 if (options_parse(argc, argv, pkeyutl_options, NULL, NULL) != 0) { 278 if (options_parse(argc, argv, pkeyutl_options, NULL, NULL) != 0) {
279 pkeyutl_usage(); 279 pkeyutl_usage();
280 goto end; 280 goto end;
281 } 281 }
282 282
283 if (!pkeyutl_config.ctx) { 283 if (!cfg.ctx) {
284 pkeyutl_usage(); 284 pkeyutl_usage();
285 goto end; 285 goto end;
286 } 286 }
287 if (pkeyutl_config.sigfile && 287 if (cfg.sigfile &&
288 (pkeyutl_config.pkey_op != EVP_PKEY_OP_VERIFY)) { 288 (cfg.pkey_op != EVP_PKEY_OP_VERIFY)) {
289 BIO_puts(bio_err, "Signature file specified for non verify\n"); 289 BIO_puts(bio_err, "Signature file specified for non verify\n");
290 goto end; 290 goto end;
291 } 291 }
292 if (!pkeyutl_config.sigfile && 292 if (!cfg.sigfile &&
293 (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY)) { 293 (cfg.pkey_op == EVP_PKEY_OP_VERIFY)) {
294 BIO_puts(bio_err, "No signature file specified for verify\n"); 294 BIO_puts(bio_err, "No signature file specified for verify\n");
295 goto end; 295 goto end;
296 } 296 }
297 297
298 if (pkeyutl_config.pkey_op != EVP_PKEY_OP_DERIVE) { 298 if (cfg.pkey_op != EVP_PKEY_OP_DERIVE) {
299 if (pkeyutl_config.infile) { 299 if (cfg.infile) {
300 if (!(in = BIO_new_file(pkeyutl_config.infile, "rb"))) { 300 if (!(in = BIO_new_file(cfg.infile, "rb"))) {
301 BIO_puts(bio_err, 301 BIO_puts(bio_err,
302 "Error Opening Input File\n"); 302 "Error Opening Input File\n");
303 ERR_print_errors(bio_err); 303 ERR_print_errors(bio_err);
@@ -306,8 +306,8 @@ pkeyutl_main(int argc, char **argv)
306 } else 306 } else
307 in = BIO_new_fp(stdin, BIO_NOCLOSE); 307 in = BIO_new_fp(stdin, BIO_NOCLOSE);
308 } 308 }
309 if (pkeyutl_config.outfile) { 309 if (cfg.outfile) {
310 if (!(out = BIO_new_file(pkeyutl_config.outfile, "wb"))) { 310 if (!(out = BIO_new_file(cfg.outfile, "wb"))) {
311 BIO_printf(bio_err, "Error Creating Output File\n"); 311 BIO_printf(bio_err, "Error Creating Output File\n");
312 ERR_print_errors(bio_err); 312 ERR_print_errors(bio_err);
313 goto end; 313 goto end;
@@ -316,14 +316,14 @@ pkeyutl_main(int argc, char **argv)
316 out = BIO_new_fp(stdout, BIO_NOCLOSE); 316 out = BIO_new_fp(stdout, BIO_NOCLOSE);
317 } 317 }
318 318
319 if (pkeyutl_config.sigfile) { 319 if (cfg.sigfile) {
320 BIO *sigbio = BIO_new_file(pkeyutl_config.sigfile, "rb"); 320 BIO *sigbio = BIO_new_file(cfg.sigfile, "rb");
321 if (!sigbio) { 321 if (!sigbio) {
322 BIO_printf(bio_err, "Can't open signature file %s\n", 322 BIO_printf(bio_err, "Can't open signature file %s\n",
323 pkeyutl_config.sigfile); 323 cfg.sigfile);
324 goto end; 324 goto end;
325 } 325 }
326 siglen = bio_to_mem(&sig, pkeyutl_config.keysize * 10, sigbio); 326 siglen = bio_to_mem(&sig, cfg.keysize * 10, sigbio);
327 BIO_free(sigbio); 327 BIO_free(sigbio);
328 if (siglen <= 0) { 328 if (siglen <= 0) {
329 BIO_printf(bio_err, "Error reading signature data\n"); 329 BIO_printf(bio_err, "Error reading signature data\n");
@@ -332,12 +332,12 @@ pkeyutl_main(int argc, char **argv)
332 } 332 }
333 if (in) { 333 if (in) {
334 /* Read the input data */ 334 /* Read the input data */
335 buf_inlen = bio_to_mem(&buf_in, pkeyutl_config.keysize * 10, in); 335 buf_inlen = bio_to_mem(&buf_in, cfg.keysize * 10, in);
336 if (buf_inlen <= 0) { 336 if (buf_inlen <= 0) {
337 BIO_printf(bio_err, "Error reading input Data\n"); 337 BIO_printf(bio_err, "Error reading input Data\n");
338 exit(1); 338 exit(1);
339 } 339 }
340 if (pkeyutl_config.rev) { 340 if (cfg.rev) {
341 size_t i; 341 size_t i;
342 unsigned char ctmp; 342 unsigned char ctmp;
343 size_t l = (size_t) buf_inlen; 343 size_t l = (size_t) buf_inlen;
@@ -348,8 +348,8 @@ pkeyutl_main(int argc, char **argv)
348 } 348 }
349 } 349 }
350 } 350 }
351 if (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY) { 351 if (cfg.pkey_op == EVP_PKEY_OP_VERIFY) {
352 rv = EVP_PKEY_verify(pkeyutl_config.ctx, sig, (size_t) siglen, 352 rv = EVP_PKEY_verify(cfg.ctx, sig, (size_t) siglen,
353 buf_in, (size_t) buf_inlen); 353 buf_in, (size_t) buf_inlen);
354 if (rv == 1) { 354 if (rv == 1) {
355 BIO_puts(out, "Signature Verified Successfully\n"); 355 BIO_puts(out, "Signature Verified Successfully\n");
@@ -359,15 +359,15 @@ pkeyutl_main(int argc, char **argv)
359 if (rv >= 0) 359 if (rv >= 0)
360 goto end; 360 goto end;
361 } else { 361 } else {
362 rv = do_keyop(pkeyutl_config.ctx, pkeyutl_config.pkey_op, NULL, 362 rv = do_keyop(cfg.ctx, cfg.pkey_op, NULL,
363 (size_t *)&buf_outlen, buf_in, (size_t) buf_inlen); 363 (size_t *)&buf_outlen, buf_in, (size_t) buf_inlen);
364 if (rv > 0) { 364 if (rv > 0) {
365 buf_out = malloc(buf_outlen); 365 buf_out = malloc(buf_outlen);
366 if (!buf_out) 366 if (!buf_out)
367 rv = -1; 367 rv = -1;
368 else 368 else
369 rv = do_keyop(pkeyutl_config.ctx, 369 rv = do_keyop(cfg.ctx,
370 pkeyutl_config.pkey_op, 370 cfg.pkey_op,
371 buf_out, (size_t *) & buf_outlen, 371 buf_out, (size_t *) & buf_outlen,
372 buf_in, (size_t) buf_inlen); 372 buf_in, (size_t) buf_inlen);
373 } 373 }
@@ -379,16 +379,16 @@ pkeyutl_main(int argc, char **argv)
379 goto end; 379 goto end;
380 } 380 }
381 ret = 0; 381 ret = 0;
382 if (pkeyutl_config.asn1parse) { 382 if (cfg.asn1parse) {
383 if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) 383 if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
384 ERR_print_errors(bio_err); 384 ERR_print_errors(bio_err);
385 } else if (pkeyutl_config.hexdump) 385 } else if (cfg.hexdump)
386 BIO_dump(out, (char *) buf_out, buf_outlen); 386 BIO_dump(out, (char *) buf_out, buf_outlen);
387 else 387 else
388 BIO_write(out, buf_out, buf_outlen); 388 BIO_write(out, buf_out, buf_outlen);
389 389
390 end: 390 end:
391 EVP_PKEY_CTX_free(pkeyutl_config.ctx); 391 EVP_PKEY_CTX_free(cfg.ctx);
392 BIO_free(in); 392 BIO_free(in);
393 BIO_free_all(out); 393 BIO_free_all(out);
394 free(buf_in); 394 free(buf_in);
@@ -406,32 +406,32 @@ init_ctx(char *keyfile)
406 int rv = -1; 406 int rv = -1;
407 X509 *x; 407 X509 *x;
408 408
409 if (((pkeyutl_config.pkey_op == EVP_PKEY_OP_SIGN) 409 if (((cfg.pkey_op == EVP_PKEY_OP_SIGN)
410 || (pkeyutl_config.pkey_op == EVP_PKEY_OP_DECRYPT) 410 || (cfg.pkey_op == EVP_PKEY_OP_DECRYPT)
411 || (pkeyutl_config.pkey_op == EVP_PKEY_OP_DERIVE)) 411 || (cfg.pkey_op == EVP_PKEY_OP_DERIVE))
412 && (pkeyutl_config.key_type != KEY_PRIVKEY)) { 412 && (cfg.key_type != KEY_PRIVKEY)) {
413 BIO_printf(bio_err, 413 BIO_printf(bio_err,
414 "A private key is needed for this operation\n"); 414 "A private key is needed for this operation\n");
415 goto end; 415 goto end;
416 } 416 }
417 if (!app_passwd(bio_err, pkeyutl_config.passargin, NULL, &passin, 417 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin,
418 NULL)) { 418 NULL)) {
419 BIO_printf(bio_err, "Error getting password\n"); 419 BIO_printf(bio_err, "Error getting password\n");
420 goto end; 420 goto end;
421 } 421 }
422 switch (pkeyutl_config.key_type) { 422 switch (cfg.key_type) {
423 case KEY_PRIVKEY: 423 case KEY_PRIVKEY:
424 pkey = load_key(bio_err, keyfile, pkeyutl_config.keyform, 0, 424 pkey = load_key(bio_err, keyfile, cfg.keyform, 0,
425 passin, "Private Key"); 425 passin, "Private Key");
426 break; 426 break;
427 427
428 case KEY_PUBKEY: 428 case KEY_PUBKEY:
429 pkey = load_pubkey(bio_err, keyfile, pkeyutl_config.keyform, 0, 429 pkey = load_pubkey(bio_err, keyfile, cfg.keyform, 0,
430 NULL, "Public Key"); 430 NULL, "Public Key");
431 break; 431 break;
432 432
433 case KEY_CERT: 433 case KEY_CERT:
434 x = load_cert(bio_err, keyfile, pkeyutl_config.keyform, 434 x = load_cert(bio_err, keyfile, cfg.keyform,
435 NULL, "Certificate"); 435 NULL, "Certificate");
436 if (x) { 436 if (x) {
437 pkey = X509_get_pubkey(x); 437 pkey = X509_get_pubkey(x);
@@ -440,53 +440,53 @@ init_ctx(char *keyfile)
440 break; 440 break;
441 } 441 }
442 442
443 pkeyutl_config.keysize = EVP_PKEY_size(pkey); 443 cfg.keysize = EVP_PKEY_size(pkey);
444 444
445 if (!pkey) 445 if (!pkey)
446 goto end; 446 goto end;
447 447
448 pkeyutl_config.ctx = EVP_PKEY_CTX_new(pkey, NULL); 448 cfg.ctx = EVP_PKEY_CTX_new(pkey, NULL);
449 449
450 EVP_PKEY_free(pkey); 450 EVP_PKEY_free(pkey);
451 451
452 if (!pkeyutl_config.ctx) 452 if (!cfg.ctx)
453 goto end; 453 goto end;
454 454
455 switch (pkeyutl_config.pkey_op) { 455 switch (cfg.pkey_op) {
456 case EVP_PKEY_OP_SIGN: 456 case EVP_PKEY_OP_SIGN:
457 rv = EVP_PKEY_sign_init(pkeyutl_config.ctx); 457 rv = EVP_PKEY_sign_init(cfg.ctx);
458 break; 458 break;
459 459
460 case EVP_PKEY_OP_VERIFY: 460 case EVP_PKEY_OP_VERIFY:
461 rv = EVP_PKEY_verify_init(pkeyutl_config.ctx); 461 rv = EVP_PKEY_verify_init(cfg.ctx);
462 break; 462 break;
463 463
464 case EVP_PKEY_OP_VERIFYRECOVER: 464 case EVP_PKEY_OP_VERIFYRECOVER:
465 rv = EVP_PKEY_verify_recover_init(pkeyutl_config.ctx); 465 rv = EVP_PKEY_verify_recover_init(cfg.ctx);
466 break; 466 break;
467 467
468 case EVP_PKEY_OP_ENCRYPT: 468 case EVP_PKEY_OP_ENCRYPT:
469 rv = EVP_PKEY_encrypt_init(pkeyutl_config.ctx); 469 rv = EVP_PKEY_encrypt_init(cfg.ctx);
470 break; 470 break;
471 471
472 case EVP_PKEY_OP_DECRYPT: 472 case EVP_PKEY_OP_DECRYPT:
473 rv = EVP_PKEY_decrypt_init(pkeyutl_config.ctx); 473 rv = EVP_PKEY_decrypt_init(cfg.ctx);
474 break; 474 break;
475 475
476 case EVP_PKEY_OP_DERIVE: 476 case EVP_PKEY_OP_DERIVE:
477 rv = EVP_PKEY_derive_init(pkeyutl_config.ctx); 477 rv = EVP_PKEY_derive_init(cfg.ctx);
478 break; 478 break;
479 } 479 }
480 480
481 if (rv <= 0) { 481 if (rv <= 0) {
482 EVP_PKEY_CTX_free(pkeyutl_config.ctx); 482 EVP_PKEY_CTX_free(cfg.ctx);
483 pkeyutl_config.ctx = NULL; 483 cfg.ctx = NULL;
484 } 484 }
485 485
486 end: 486 end:
487 free(passin); 487 free(passin);
488 488
489 if (!pkeyutl_config.ctx) { 489 if (!cfg.ctx) {
490 BIO_puts(bio_err, "Error initializing context\n"); 490 BIO_puts(bio_err, "Error initializing context\n");
491 ERR_print_errors(bio_err); 491 ERR_print_errors(bio_err);
492 return (1); 492 return (1);
@@ -501,11 +501,11 @@ setup_peer(char *file)
501 EVP_PKEY *peer = NULL; 501 EVP_PKEY *peer = NULL;
502 int ret; 502 int ret;
503 503
504 if (!pkeyutl_config.ctx) { 504 if (!cfg.ctx) {
505 BIO_puts(bio_err, "-peerkey command before -inkey\n"); 505 BIO_puts(bio_err, "-peerkey command before -inkey\n");
506 return (1); 506 return (1);
507 } 507 }
508 peer = load_pubkey(bio_err, file, pkeyutl_config.peerform, 0, NULL, 508 peer = load_pubkey(bio_err, file, cfg.peerform, 0, NULL,
509 "Peer Key"); 509 "Peer Key");
510 510
511 if (!peer) { 511 if (!peer) {
@@ -513,7 +513,7 @@ setup_peer(char *file)
513 ERR_print_errors(bio_err); 513 ERR_print_errors(bio_err);
514 return (1); 514 return (1);
515 } 515 }
516 ret = EVP_PKEY_derive_set_peer(pkeyutl_config.ctx, peer); 516 ret = EVP_PKEY_derive_set_peer(cfg.ctx, peer);
517 517
518 EVP_PKEY_free(peer); 518 EVP_PKEY_free(peer);
519 if (ret <= 0) { 519 if (ret <= 0) {
@@ -527,10 +527,10 @@ setup_peer(char *file)
527static int 527static int
528pkeyutl_pkeyopt(char *pkeyopt) 528pkeyutl_pkeyopt(char *pkeyopt)
529{ 529{
530 if (!pkeyutl_config.ctx) { 530 if (!cfg.ctx) {
531 BIO_puts(bio_err, "-pkeyopt command before -inkey\n"); 531 BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
532 return (1); 532 return (1);
533 } else if (pkey_ctrl_string(pkeyutl_config.ctx, pkeyopt) <= 0) { 533 } else if (pkey_ctrl_string(cfg.ctx, pkeyopt) <= 0) {
534 BIO_puts(bio_err, "parameter setting error\n"); 534 BIO_puts(bio_err, "parameter setting error\n");
535 ERR_print_errors(bio_err); 535 ERR_print_errors(bio_err);
536 return (1); 536 return (1);
diff --git a/src/usr.bin/openssl/prime.c b/src/usr.bin/openssl/prime.c
index 64b1953e33..d704d882fc 100644
--- a/src/usr.bin/openssl/prime.c
+++ b/src/usr.bin/openssl/prime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: prime.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: prime.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -62,7 +62,7 @@ static struct {
62 int generate; 62 int generate;
63 int hex; 63 int hex;
64 int safe; 64 int safe;
65} prime_config; 65} cfg;
66 66
67static const struct option prime_options[] = { 67static const struct option prime_options[] = {
68 { 68 {
@@ -70,32 +70,32 @@ static const struct option prime_options[] = {
70 .argname = "n", 70 .argname = "n",
71 .desc = "Number of bits in the generated prime number", 71 .desc = "Number of bits in the generated prime number",
72 .type = OPTION_ARG_INT, 72 .type = OPTION_ARG_INT,
73 .opt.value = &prime_config.bits, 73 .opt.value = &cfg.bits,
74 }, 74 },
75 { 75 {
76 .name = "checks", 76 .name = "checks",
77 .argname = "n", 77 .argname = "n",
78 .desc = "Miller-Rabin probabilistic primality test iterations", 78 .desc = "Miller-Rabin probabilistic primality test iterations",
79 .type = OPTION_ARG_INT, 79 .type = OPTION_ARG_INT,
80 .opt.value = &prime_config.checks, 80 .opt.value = &cfg.checks,
81 }, 81 },
82 { 82 {
83 .name = "generate", 83 .name = "generate",
84 .desc = "Generate a pseudo-random prime number", 84 .desc = "Generate a pseudo-random prime number",
85 .type = OPTION_FLAG, 85 .type = OPTION_FLAG,
86 .opt.flag = &prime_config.generate, 86 .opt.flag = &cfg.generate,
87 }, 87 },
88 { 88 {
89 .name = "hex", 89 .name = "hex",
90 .desc = "Hexadecimal prime numbers", 90 .desc = "Hexadecimal prime numbers",
91 .type = OPTION_FLAG, 91 .type = OPTION_FLAG,
92 .opt.flag = &prime_config.hex, 92 .opt.flag = &cfg.hex,
93 }, 93 },
94 { 94 {
95 .name = "safe", 95 .name = "safe",
96 .desc = "Generate only \"safe\" prime numbers", 96 .desc = "Generate only \"safe\" prime numbers",
97 .type = OPTION_FLAG, 97 .type = OPTION_FLAG,
98 .opt.flag = &prime_config.safe, 98 .opt.flag = &cfg.safe,
99 }, 99 },
100 {NULL}, 100 {NULL},
101}; 101};
@@ -123,17 +123,17 @@ prime_main(int argc, char **argv)
123 exit(1); 123 exit(1);
124 } 124 }
125 125
126 memset(&prime_config, 0, sizeof(prime_config)); 126 memset(&cfg, 0, sizeof(cfg));
127 127
128 /* Default iterations for Miller-Rabin probabilistic primality test. */ 128 /* Default iterations for Miller-Rabin probabilistic primality test. */
129 prime_config.checks = 20; 129 cfg.checks = 20;
130 130
131 if (options_parse(argc, argv, prime_options, &prime, NULL) != 0) { 131 if (options_parse(argc, argv, prime_options, &prime, NULL) != 0) {
132 prime_usage(); 132 prime_usage();
133 return (1); 133 return (1);
134 } 134 }
135 135
136 if (prime == NULL && prime_config.generate == 0) { 136 if (prime == NULL && cfg.generate == 0) {
137 BIO_printf(bio_err, "No prime specified.\n"); 137 BIO_printf(bio_err, "No prime specified.\n");
138 prime_usage(); 138 prime_usage();
139 return (1); 139 return (1);
@@ -145,8 +145,8 @@ prime_main(int argc, char **argv)
145 } 145 }
146 BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); 146 BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
147 147
148 if (prime_config.generate != 0) { 148 if (cfg.generate != 0) {
149 if (prime_config.bits == 0) { 149 if (cfg.bits == 0) {
150 BIO_printf(bio_err, "Specify the number of bits.\n"); 150 BIO_printf(bio_err, "Specify the number of bits.\n");
151 goto end; 151 goto end;
152 } 152 }
@@ -155,12 +155,12 @@ prime_main(int argc, char **argv)
155 BIO_printf(bio_err, "Out of memory.\n"); 155 BIO_printf(bio_err, "Out of memory.\n");
156 goto end; 156 goto end;
157 } 157 }
158 if (!BN_generate_prime_ex(bn, prime_config.bits, 158 if (!BN_generate_prime_ex(bn, cfg.bits,
159 prime_config.safe, NULL, NULL, NULL)) { 159 cfg.safe, NULL, NULL, NULL)) {
160 BIO_printf(bio_err, "Prime generation error.\n"); 160 BIO_printf(bio_err, "Prime generation error.\n");
161 goto end; 161 goto end;
162 } 162 }
163 s = prime_config.hex ? BN_bn2hex(bn) : BN_bn2dec(bn); 163 s = cfg.hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
164 if (s == NULL) { 164 if (s == NULL) {
165 BIO_printf(bio_err, "Out of memory.\n"); 165 BIO_printf(bio_err, "Out of memory.\n");
166 goto end; 166 goto end;
@@ -168,7 +168,7 @@ prime_main(int argc, char **argv)
168 BIO_printf(bio_out, "%s\n", s); 168 BIO_printf(bio_out, "%s\n", s);
169 free(s); 169 free(s);
170 } else { 170 } else {
171 if (prime_config.hex) { 171 if (cfg.hex) {
172 if (!BN_hex2bn(&bn, prime)) { 172 if (!BN_hex2bn(&bn, prime)) {
173 BIO_printf(bio_err, "%s is an invalid hex " 173 BIO_printf(bio_err, "%s is an invalid hex "
174 "value.\n", prime); 174 "value.\n", prime);
@@ -182,7 +182,7 @@ prime_main(int argc, char **argv)
182 } 182 }
183 } 183 }
184 184
185 is_prime = BN_is_prime_ex(bn, prime_config.checks, NULL, NULL); 185 is_prime = BN_is_prime_ex(bn, cfg.checks, NULL, NULL);
186 if (is_prime < 0) { 186 if (is_prime < 0) {
187 BIO_printf(bio_err, "BN_is_prime_ex failed.\n"); 187 BIO_printf(bio_err, "BN_is_prime_ex failed.\n");
188 goto end; 188 goto end;
diff --git a/src/usr.bin/openssl/rand.c b/src/usr.bin/openssl/rand.c
index 6ae6a8d8ee..a0f3b44664 100644
--- a/src/usr.bin/openssl/rand.c
+++ b/src/usr.bin/openssl/rand.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rand.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: rand.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -66,27 +66,27 @@ static struct {
66 int base64; 66 int base64;
67 int hex; 67 int hex;
68 char *outfile; 68 char *outfile;
69} rand_config; 69} cfg;
70 70
71static const struct option rand_options[] = { 71static const struct option rand_options[] = {
72 { 72 {
73 .name = "base64", 73 .name = "base64",
74 .desc = "Perform base64 encoding on output", 74 .desc = "Perform base64 encoding on output",
75 .type = OPTION_FLAG, 75 .type = OPTION_FLAG,
76 .opt.flag = &rand_config.base64, 76 .opt.flag = &cfg.base64,
77 }, 77 },
78 { 78 {
79 .name = "hex", 79 .name = "hex",
80 .desc = "Hexadecimal output", 80 .desc = "Hexadecimal output",
81 .type = OPTION_FLAG, 81 .type = OPTION_FLAG,
82 .opt.flag = &rand_config.hex, 82 .opt.flag = &cfg.hex,
83 }, 83 },
84 { 84 {
85 .name = "out", 85 .name = "out",
86 .argname = "file", 86 .argname = "file",
87 .desc = "Write to the given file instead of standard output", 87 .desc = "Write to the given file instead of standard output",
88 .type = OPTION_ARG, 88 .type = OPTION_ARG,
89 .opt.arg = &rand_config.outfile, 89 .opt.arg = &cfg.outfile,
90 }, 90 },
91 {NULL}, 91 {NULL},
92}; 92};
@@ -114,7 +114,7 @@ rand_main(int argc, char **argv)
114 exit(1); 114 exit(1);
115 } 115 }
116 116
117 memset(&rand_config, 0, sizeof(rand_config)); 117 memset(&cfg, 0, sizeof(cfg));
118 118
119 if (options_parse(argc, argv, rand_options, &num_bytes, NULL) != 0) { 119 if (options_parse(argc, argv, rand_options, &num_bytes, NULL) != 0) {
120 rand_usage(); 120 rand_usage();
@@ -128,7 +128,7 @@ rand_main(int argc, char **argv)
128 } else 128 } else
129 badopt = 1; 129 badopt = 1;
130 130
131 if (rand_config.hex && rand_config.base64) 131 if (cfg.hex && cfg.base64)
132 badopt = 1; 132 badopt = 1;
133 133
134 if (badopt) { 134 if (badopt) {
@@ -139,13 +139,13 @@ rand_main(int argc, char **argv)
139 out = BIO_new(BIO_s_file()); 139 out = BIO_new(BIO_s_file());
140 if (out == NULL) 140 if (out == NULL)
141 goto err; 141 goto err;
142 if (rand_config.outfile != NULL) 142 if (cfg.outfile != NULL)
143 r = BIO_write_filename(out, rand_config.outfile); 143 r = BIO_write_filename(out, cfg.outfile);
144 else 144 else
145 r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 145 r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
146 if (r <= 0) 146 if (r <= 0)
147 goto err; 147 goto err;
148 if (rand_config.base64) { 148 if (cfg.base64) {
149 BIO *b64 = BIO_new(BIO_f_base64()); 149 BIO *b64 = BIO_new(BIO_f_base64());
150 if (b64 == NULL) 150 if (b64 == NULL)
151 goto err; 151 goto err;
@@ -160,7 +160,7 @@ rand_main(int argc, char **argv)
160 if (chunk > (int) sizeof(buf)) 160 if (chunk > (int) sizeof(buf))
161 chunk = sizeof(buf); 161 chunk = sizeof(buf);
162 arc4random_buf(buf, chunk); 162 arc4random_buf(buf, chunk);
163 if (rand_config.hex) { 163 if (cfg.hex) {
164 for (i = 0; i < chunk; i++) 164 for (i = 0; i < chunk; i++)
165 BIO_printf(out, "%02x", buf[i]); 165 BIO_printf(out, "%02x", buf[i]);
166 } else 166 } else
@@ -168,7 +168,7 @@ rand_main(int argc, char **argv)
168 num -= chunk; 168 num -= chunk;
169 } 169 }
170 170
171 if (rand_config.hex) 171 if (cfg.hex)
172 BIO_puts(out, "\n"); 172 BIO_puts(out, "\n");
173 (void) BIO_flush(out); 173 (void) BIO_flush(out);
174 174
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 797cbfa718..0994d0b288 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: req.c,v 1.26 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: req.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -168,26 +168,26 @@ static struct {
168 int verbose; 168 int verbose;
169 int verify; 169 int verify;
170 int x509; 170 int x509;
171} req_config; 171} cfg;
172 172
173static int 173static int
174req_opt_addext(char *arg) 174req_opt_addext(char *arg)
175{ 175{
176 int i; 176 int i;
177 177
178 if (req_config.addexts == NULL) { 178 if (cfg.addexts == NULL) {
179 req_config.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new( 179 cfg.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new(
180 (LHASH_HASH_FN_TYPE)ext_name_hash, 180 (LHASH_HASH_FN_TYPE)ext_name_hash,
181 (LHASH_COMP_FN_TYPE)ext_name_cmp); 181 (LHASH_COMP_FN_TYPE)ext_name_cmp);
182 req_config.addext_bio = BIO_new(BIO_s_mem()); 182 cfg.addext_bio = BIO_new(BIO_s_mem());
183 if (req_config.addexts == NULL || 183 if (cfg.addexts == NULL ||
184 req_config.addext_bio == NULL) 184 cfg.addext_bio == NULL)
185 return (1); 185 return (1);
186 } 186 }
187 i = duplicated(req_config.addexts, arg); 187 i = duplicated(cfg.addexts, arg);
188 if (i == 1) 188 if (i == 1)
189 return (1); 189 return (1);
190 if (i < 0 || BIO_printf(req_config.addext_bio, "%s\n", arg) < 0) 190 if (i < 0 || BIO_printf(cfg.addext_bio, "%s\n", arg) < 0)
191 return (1); 191 return (1);
192 192
193 return (0); 193 return (0);
@@ -198,11 +198,11 @@ req_opt_days(char *arg)
198{ 198{
199 const char *errstr; 199 const char *errstr;
200 200
201 req_config.days = strtonum(arg, 1, INT_MAX, &errstr); 201 cfg.days = strtonum(arg, 1, INT_MAX, &errstr);
202 if (errstr != NULL) { 202 if (errstr != NULL) {
203 BIO_printf(bio_err, "bad -days %s, using 0: %s\n", 203 BIO_printf(bio_err, "bad -days %s, using 0: %s\n",
204 arg, errstr); 204 arg, errstr);
205 req_config.days = 30; 205 cfg.days = 30;
206 } 206 }
207 return (0); 207 return (0);
208} 208}
@@ -215,7 +215,7 @@ req_opt_digest(int argc, char **argv, int *argsused)
215 if (*name++ != '-') 215 if (*name++ != '-')
216 return (1); 216 return (1);
217 217
218 if ((req_config.digest = EVP_get_digestbyname(name)) == NULL) 218 if ((cfg.digest = EVP_get_digestbyname(name)) == NULL)
219 return (1); 219 return (1);
220 220
221 *argsused = 1; 221 *argsused = 1;
@@ -225,15 +225,15 @@ req_opt_digest(int argc, char **argv, int *argsused)
225static int 225static int
226req_opt_newkey(char *arg) 226req_opt_newkey(char *arg)
227{ 227{
228 req_config.keyalg = arg; 228 cfg.keyalg = arg;
229 req_config.newreq = 1; 229 cfg.newreq = 1;
230 return (0); 230 return (0);
231} 231}
232 232
233static int 233static int
234req_opt_nameopt(char *arg) 234req_opt_nameopt(char *arg)
235{ 235{
236 if (!set_name_ex(&req_config.nmflag, arg)) 236 if (!set_name_ex(&cfg.nmflag, arg))
237 return (1); 237 return (1);
238 return (0); 238 return (0);
239} 239}
@@ -241,11 +241,11 @@ req_opt_nameopt(char *arg)
241static int 241static int
242req_opt_pkeyopt(char *arg) 242req_opt_pkeyopt(char *arg)
243{ 243{
244 if (req_config.pkeyopts == NULL) 244 if (cfg.pkeyopts == NULL)
245 req_config.pkeyopts = sk_OPENSSL_STRING_new_null(); 245 cfg.pkeyopts = sk_OPENSSL_STRING_new_null();
246 if (req_config.pkeyopts == NULL) 246 if (cfg.pkeyopts == NULL)
247 return (1); 247 return (1);
248 if (!sk_OPENSSL_STRING_push(req_config.pkeyopts, arg)) 248 if (!sk_OPENSSL_STRING_push(cfg.pkeyopts, arg))
249 return (1); 249 return (1);
250 return (0); 250 return (0);
251} 251}
@@ -253,7 +253,7 @@ req_opt_pkeyopt(char *arg)
253static int 253static int
254req_opt_reqopt(char *arg) 254req_opt_reqopt(char *arg)
255{ 255{
256 if (!set_cert_ex(&req_config.reqflag, arg)) 256 if (!set_cert_ex(&cfg.reqflag, arg))
257 return (1); 257 return (1);
258 return (0); 258 return (0);
259} 259}
@@ -261,8 +261,8 @@ req_opt_reqopt(char *arg)
261static int 261static int
262req_opt_set_serial(char *arg) 262req_opt_set_serial(char *arg)
263{ 263{
264 req_config.serial = s2i_ASN1_INTEGER(NULL, arg); 264 cfg.serial = s2i_ASN1_INTEGER(NULL, arg);
265 if (req_config.serial == NULL) 265 if (cfg.serial == NULL)
266 return (1); 266 return (1);
267 return (0); 267 return (0);
268} 268}
@@ -270,11 +270,11 @@ req_opt_set_serial(char *arg)
270static int 270static int
271req_opt_sigopt(char *arg) 271req_opt_sigopt(char *arg)
272{ 272{
273 if (req_config.sigopts == NULL) 273 if (cfg.sigopts == NULL)
274 req_config.sigopts = sk_OPENSSL_STRING_new_null(); 274 cfg.sigopts = sk_OPENSSL_STRING_new_null();
275 if (req_config.sigopts == NULL) 275 if (cfg.sigopts == NULL)
276 return (1); 276 return (1);
277 if (!sk_OPENSSL_STRING_push(req_config.sigopts, arg)) 277 if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
278 return (1); 278 return (1);
279 return (0); 279 return (0);
280} 280}
@@ -282,7 +282,7 @@ req_opt_sigopt(char *arg)
282static int 282static int
283req_opt_utf8(void) 283req_opt_utf8(void)
284{ 284{
285 req_config.chtype = MBSTRING_UTF8; 285 cfg.chtype = MBSTRING_UTF8;
286 return (0); 286 return (0);
287} 287}
288 288
@@ -298,14 +298,14 @@ static const struct option req_options[] = {
298 .name = "batch", 298 .name = "batch",
299 .desc = "Operate in batch mode", 299 .desc = "Operate in batch mode",
300 .type = OPTION_FLAG, 300 .type = OPTION_FLAG,
301 .opt.flag = &req_config.batch, 301 .opt.flag = &cfg.batch,
302 }, 302 },
303 { 303 {
304 .name = "config", 304 .name = "config",
305 .argname = "file", 305 .argname = "file",
306 .desc = "Configuration file to use as request template", 306 .desc = "Configuration file to use as request template",
307 .type = OPTION_ARG, 307 .type = OPTION_ARG,
308 .opt.arg = &req_config.template, 308 .opt.arg = &cfg.template,
309 }, 309 },
310 { 310 {
311 .name = "days", 311 .name = "days",
@@ -319,54 +319,54 @@ static const struct option req_options[] = {
319 .argname = "section", 319 .argname = "section",
320 .desc = "Config section to use for certificate extensions", 320 .desc = "Config section to use for certificate extensions",
321 .type = OPTION_ARG, 321 .type = OPTION_ARG,
322 .opt.arg = &req_config.extensions, 322 .opt.arg = &cfg.extensions,
323 }, 323 },
324 { 324 {
325 .name = "in", 325 .name = "in",
326 .argname = "file", 326 .argname = "file",
327 .desc = "Input file (default stdin)", 327 .desc = "Input file (default stdin)",
328 .type = OPTION_ARG, 328 .type = OPTION_ARG,
329 .opt.arg = &req_config.infile, 329 .opt.arg = &cfg.infile,
330 }, 330 },
331 { 331 {
332 .name = "inform", 332 .name = "inform",
333 .argname = "format", 333 .argname = "format",
334 .desc = "Input format (DER or PEM (default))", 334 .desc = "Input format (DER or PEM (default))",
335 .type = OPTION_ARG_FORMAT, 335 .type = OPTION_ARG_FORMAT,
336 .opt.value = &req_config.informat, 336 .opt.value = &cfg.informat,
337 }, 337 },
338 { 338 {
339 .name = "key", 339 .name = "key",
340 .argname = "file", 340 .argname = "file",
341 .desc = "Private key file", 341 .desc = "Private key file",
342 .type = OPTION_ARG, 342 .type = OPTION_ARG,
343 .opt.arg = &req_config.keyfile, 343 .opt.arg = &cfg.keyfile,
344 }, 344 },
345 { 345 {
346 .name = "keyform", 346 .name = "keyform",
347 .argname = "format", 347 .argname = "format",
348 .desc = "Private key format (DER or PEM (default))", 348 .desc = "Private key format (DER or PEM (default))",
349 .type = OPTION_ARG_FORMAT, 349 .type = OPTION_ARG_FORMAT,
350 .opt.value = &req_config.keyform, 350 .opt.value = &cfg.keyform,
351 }, 351 },
352 { 352 {
353 .name = "keyout", 353 .name = "keyout",
354 .argname = "file", 354 .argname = "file",
355 .desc = "Private key output file", 355 .desc = "Private key output file",
356 .type = OPTION_ARG, 356 .type = OPTION_ARG,
357 .opt.arg = &req_config.keyout, 357 .opt.arg = &cfg.keyout,
358 }, 358 },
359 { 359 {
360 .name = "modulus", 360 .name = "modulus",
361 .desc = "Print RSA modulus", 361 .desc = "Print RSA modulus",
362 .type = OPTION_FLAG, 362 .type = OPTION_FLAG,
363 .opt.flag = &req_config.modulus, 363 .opt.flag = &cfg.modulus,
364 }, 364 },
365 { 365 {
366 .name = "multivalue-rdn", 366 .name = "multivalue-rdn",
367 .desc = "Enable support for multivalued RDNs", 367 .desc = "Enable support for multivalued RDNs",
368 .type = OPTION_FLAG, 368 .type = OPTION_FLAG,
369 .opt.flag = &req_config.multirdn, 369 .opt.flag = &cfg.multirdn,
370 }, 370 },
371 { 371 {
372 .name = "nameopt", 372 .name = "nameopt",
@@ -379,13 +379,13 @@ static const struct option req_options[] = {
379 .name = "new", 379 .name = "new",
380 .desc = "New request", 380 .desc = "New request",
381 .type = OPTION_FLAG, 381 .type = OPTION_FLAG,
382 .opt.flag = &req_config.newreq, 382 .opt.flag = &cfg.newreq,
383 }, 383 },
384 { 384 {
385 .name = "newhdr", 385 .name = "newhdr",
386 .desc = "Include 'NEW' in header lines", 386 .desc = "Include 'NEW' in header lines",
387 .type = OPTION_FLAG, 387 .type = OPTION_FLAG,
388 .opt.flag = &req_config.newhdr, 388 .opt.flag = &cfg.newhdr,
389 }, 389 },
390 { 390 {
391 .name = "newkey", 391 .name = "newkey",
@@ -398,41 +398,41 @@ static const struct option req_options[] = {
398 .name = "nodes", 398 .name = "nodes",
399 .desc = "Do not encrypt output private key", 399 .desc = "Do not encrypt output private key",
400 .type = OPTION_FLAG, 400 .type = OPTION_FLAG,
401 .opt.flag = &req_config.nodes, 401 .opt.flag = &cfg.nodes,
402 }, 402 },
403 { 403 {
404 .name = "noout", 404 .name = "noout",
405 .desc = "Do not output request", 405 .desc = "Do not output request",
406 .type = OPTION_FLAG, 406 .type = OPTION_FLAG,
407 .opt.flag = &req_config.noout, 407 .opt.flag = &cfg.noout,
408 }, 408 },
409 { 409 {
410 .name = "out", 410 .name = "out",
411 .argname = "file", 411 .argname = "file",
412 .desc = "Output file (default stdout)", 412 .desc = "Output file (default stdout)",
413 .type = OPTION_ARG, 413 .type = OPTION_ARG,
414 .opt.arg = &req_config.outfile, 414 .opt.arg = &cfg.outfile,
415 }, 415 },
416 { 416 {
417 .name = "outform", 417 .name = "outform",
418 .argname = "format", 418 .argname = "format",
419 .desc = "Output format (DER or PEM (default))", 419 .desc = "Output format (DER or PEM (default))",
420 .type = OPTION_ARG_FORMAT, 420 .type = OPTION_ARG_FORMAT,
421 .opt.value = &req_config.outformat, 421 .opt.value = &cfg.outformat,
422 }, 422 },
423 { 423 {
424 .name = "passin", 424 .name = "passin",
425 .argname = "source", 425 .argname = "source",
426 .desc = "Private key input password source", 426 .desc = "Private key input password source",
427 .type = OPTION_ARG, 427 .type = OPTION_ARG,
428 .opt.arg = &req_config.passargin, 428 .opt.arg = &cfg.passargin,
429 }, 429 },
430 { 430 {
431 .name = "passout", 431 .name = "passout",
432 .argname = "source", 432 .argname = "source",
433 .desc = "Private key output password source", 433 .desc = "Private key output password source",
434 .type = OPTION_ARG, 434 .type = OPTION_ARG,
435 .opt.arg = &req_config.passargout, 435 .opt.arg = &cfg.passargout,
436 }, 436 },
437 { 437 {
438 .name = "pkeyopt", 438 .name = "pkeyopt",
@@ -445,14 +445,14 @@ static const struct option req_options[] = {
445 .name = "pubkey", 445 .name = "pubkey",
446 .desc = "Output the public key", 446 .desc = "Output the public key",
447 .type = OPTION_FLAG, 447 .type = OPTION_FLAG,
448 .opt.flag = &req_config.pubkey, 448 .opt.flag = &cfg.pubkey,
449 }, 449 },
450 { 450 {
451 .name = "reqexts", 451 .name = "reqexts",
452 .argname = "section", 452 .argname = "section",
453 .desc = "Config section to use for request extensions", 453 .desc = "Config section to use for request extensions",
454 .type = OPTION_ARG, 454 .type = OPTION_ARG,
455 .opt.arg = &req_config.req_exts, 455 .opt.arg = &cfg.req_exts,
456 }, 456 },
457 { 457 {
458 .name = "reqopt", 458 .name = "reqopt",
@@ -480,19 +480,19 @@ static const struct option req_options[] = {
480 .argname = "name", 480 .argname = "name",
481 .desc = "Set or modify the request subject", 481 .desc = "Set or modify the request subject",
482 .type = OPTION_ARG, 482 .type = OPTION_ARG,
483 .opt.arg = &req_config.subj, 483 .opt.arg = &cfg.subj,
484 }, 484 },
485 { 485 {
486 .name = "subject", 486 .name = "subject",
487 .desc = "Output the subject of the request", 487 .desc = "Output the subject of the request",
488 .type = OPTION_FLAG, 488 .type = OPTION_FLAG,
489 .opt.flag = &req_config.subject, 489 .opt.flag = &cfg.subject,
490 }, 490 },
491 { 491 {
492 .name = "text", 492 .name = "text",
493 .desc = "Print request in text form", 493 .desc = "Print request in text form",
494 .type = OPTION_FLAG, 494 .type = OPTION_FLAG,
495 .opt.flag = &req_config.text, 495 .opt.flag = &cfg.text,
496 }, 496 },
497 { 497 {
498 .name = "utf8", 498 .name = "utf8",
@@ -504,19 +504,19 @@ static const struct option req_options[] = {
504 .name = "verbose", 504 .name = "verbose",
505 .desc = "Verbose", 505 .desc = "Verbose",
506 .type = OPTION_FLAG, 506 .type = OPTION_FLAG,
507 .opt.flag = &req_config.verbose, 507 .opt.flag = &cfg.verbose,
508 }, 508 },
509 { 509 {
510 .name = "verify", 510 .name = "verify",
511 .desc = "Verify signature on request", 511 .desc = "Verify signature on request",
512 .type = OPTION_FLAG, 512 .type = OPTION_FLAG,
513 .opt.flag = &req_config.verify, 513 .opt.flag = &cfg.verify,
514 }, 514 },
515 { 515 {
516 .name = "x509", 516 .name = "x509",
517 .desc = "Output an X.509 structure instead of a certificate request", 517 .desc = "Output an X.509 structure instead of a certificate request",
518 .type = OPTION_FLAG, 518 .type = OPTION_FLAG,
519 .opt.flag = &req_config.x509, 519 .opt.flag = &cfg.x509,
520 }, 520 },
521 { 521 {
522 .name = NULL, 522 .name = NULL,
@@ -568,15 +568,15 @@ req_main(int argc, char **argv)
568 exit(1); 568 exit(1);
569 } 569 }
570 570
571 memset(&req_config, 0, sizeof(req_config)); 571 memset(&cfg, 0, sizeof(cfg));
572 572
573 req_config.chtype = MBSTRING_ASC; 573 cfg.chtype = MBSTRING_ASC;
574 req_config.days = 30; 574 cfg.days = 30;
575 req_config.digest = EVP_sha256(); 575 cfg.digest = EVP_sha256();
576 req_config.newkey = -1; 576 cfg.newkey = -1;
577 req_config.informat = FORMAT_PEM; 577 cfg.informat = FORMAT_PEM;
578 req_config.keyform = FORMAT_PEM; 578 cfg.keyform = FORMAT_PEM;
579 req_config.outformat = FORMAT_PEM; 579 cfg.outformat = FORMAT_PEM;
580 580
581 if (options_parse(argc, argv, req_options, NULL, NULL) != 0) { 581 if (options_parse(argc, argv, req_options, NULL, NULL) != 0) {
582 req_usage(); 582 req_usage();
@@ -586,19 +586,19 @@ req_main(int argc, char **argv)
586 req_conf = NULL; 586 req_conf = NULL;
587 cipher = EVP_aes_256_cbc(); 587 cipher = EVP_aes_256_cbc();
588 588
589 if (!app_passwd(bio_err, req_config.passargin, req_config.passargout, &passin, &passout)) { 589 if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, &passin, &passout)) {
590 BIO_printf(bio_err, "Error getting passwords\n"); 590 BIO_printf(bio_err, "Error getting passwords\n");
591 goto end; 591 goto end;
592 } 592 }
593 if (req_config.template != NULL) { 593 if (cfg.template != NULL) {
594 long errline = -1; 594 long errline = -1;
595 595
596 if (req_config.verbose) 596 if (cfg.verbose)
597 BIO_printf(bio_err, "Using configuration from %s\n", req_config.template); 597 BIO_printf(bio_err, "Using configuration from %s\n", cfg.template);
598 if ((req_conf = NCONF_new(NULL)) == NULL) 598 if ((req_conf = NCONF_new(NULL)) == NULL)
599 goto end; 599 goto end;
600 if(!NCONF_load(req_conf, req_config.template, &errline)) { 600 if(!NCONF_load(req_conf, cfg.template, &errline)) {
601 BIO_printf(bio_err, "error on line %ld of %s\n", errline, req_config.template); 601 BIO_printf(bio_err, "error on line %ld of %s\n", errline, cfg.template);
602 goto end; 602 goto end;
603 } 603 }
604 } else { 604 } else {
@@ -606,21 +606,21 @@ req_main(int argc, char **argv)
606 606
607 if (req_conf == NULL) { 607 if (req_conf == NULL) {
608 BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file); 608 BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file);
609 if (req_config.newreq) 609 if (cfg.newreq)
610 goto end; 610 goto end;
611 } else if (req_config.verbose) 611 } else if (cfg.verbose)
612 BIO_printf(bio_err, "Using configuration from %s\n", 612 BIO_printf(bio_err, "Using configuration from %s\n",
613 default_config_file); 613 default_config_file);
614 } 614 }
615 615
616 if (req_config.addext_bio != NULL) { 616 if (cfg.addext_bio != NULL) {
617 long errline = -1; 617 long errline = -1;
618 if (req_config.verbose) 618 if (cfg.verbose)
619 BIO_printf(bio_err, 619 BIO_printf(bio_err,
620 "Using additional configuration from command line\n"); 620 "Using additional configuration from command line\n");
621 if ((addext_conf = NCONF_new(NULL)) == NULL) 621 if ((addext_conf = NCONF_new(NULL)) == NULL)
622 goto end; 622 goto end;
623 if (!NCONF_load_bio(addext_conf, req_config.addext_bio, &errline)) { 623 if (!NCONF_load_bio(addext_conf, cfg.addext_bio, &errline)) {
624 BIO_printf(bio_err, 624 BIO_printf(bio_err,
625 "req: Error on line %ld of config input\n", 625 "req: Error on line %ld of config input\n",
626 errline); 626 errline);
@@ -658,22 +658,22 @@ req_main(int argc, char **argv)
658 ERR_clear_error(); 658 ERR_clear_error();
659 if (p != NULL) { 659 if (p != NULL) {
660 if ((md_alg = EVP_get_digestbyname(p)) != NULL) 660 if ((md_alg = EVP_get_digestbyname(p)) != NULL)
661 req_config.digest = md_alg; 661 cfg.digest = md_alg;
662 } 662 }
663 } 663 }
664 if (!req_config.extensions) { 664 if (!cfg.extensions) {
665 req_config.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); 665 cfg.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
666 if (!req_config.extensions) 666 if (!cfg.extensions)
667 ERR_clear_error(); 667 ERR_clear_error();
668 } 668 }
669 if (req_config.extensions) { 669 if (cfg.extensions) {
670 /* Check syntax of file */ 670 /* Check syntax of file */
671 X509V3_CTX ctx; 671 X509V3_CTX ctx;
672 X509V3_set_ctx_test(&ctx); 672 X509V3_set_ctx_test(&ctx);
673 X509V3_set_nconf(&ctx, req_conf); 673 X509V3_set_nconf(&ctx, req_conf);
674 if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.extensions, NULL)) { 674 if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.extensions, NULL)) {
675 BIO_printf(bio_err, 675 BIO_printf(bio_err,
676 "Error Loading extension section %s\n", req_config.extensions); 676 "Error Loading extension section %s\n", cfg.extensions);
677 goto end; 677 goto end;
678 } 678 }
679 } 679 }
@@ -706,27 +706,27 @@ req_main(int argc, char **argv)
706 BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); 706 BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
707 goto end; 707 goto end;
708 } 708 }
709 if (req_config.chtype != MBSTRING_UTF8) { 709 if (cfg.chtype != MBSTRING_UTF8) {
710 p = NCONF_get_string(req_conf, SECTION, UTF8_IN); 710 p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
711 if (!p) 711 if (!p)
712 ERR_clear_error(); 712 ERR_clear_error();
713 else if (!strcmp(p, "yes")) 713 else if (!strcmp(p, "yes"))
714 req_config.chtype = MBSTRING_UTF8; 714 cfg.chtype = MBSTRING_UTF8;
715 } 715 }
716 if (!req_config.req_exts) { 716 if (!cfg.req_exts) {
717 req_config.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); 717 cfg.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
718 if (!req_config.req_exts) 718 if (!cfg.req_exts)
719 ERR_clear_error(); 719 ERR_clear_error();
720 } 720 }
721 if (req_config.req_exts) { 721 if (cfg.req_exts) {
722 /* Check syntax of file */ 722 /* Check syntax of file */
723 X509V3_CTX ctx; 723 X509V3_CTX ctx;
724 X509V3_set_ctx_test(&ctx); 724 X509V3_set_ctx_test(&ctx);
725 X509V3_set_nconf(&ctx, req_conf); 725 X509V3_set_nconf(&ctx, req_conf);
726 if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.req_exts, NULL)) { 726 if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.req_exts, NULL)) {
727 BIO_printf(bio_err, 727 BIO_printf(bio_err,
728 "Error Loading request extension section %s\n", 728 "Error Loading request extension section %s\n",
729 req_config.req_exts); 729 cfg.req_exts);
730 goto end; 730 goto end;
731 } 731 }
732 } 732 }
@@ -735,8 +735,8 @@ req_main(int argc, char **argv)
735 if ((in == NULL) || (out == NULL)) 735 if ((in == NULL) || (out == NULL))
736 goto end; 736 goto end;
737 737
738 if (req_config.keyfile != NULL) { 738 if (cfg.keyfile != NULL) {
739 pkey = load_key(bio_err, req_config.keyfile, req_config.keyform, 0, passin, 739 pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0, passin,
740 "Private Key"); 740 "Private Key");
741 if (!pkey) { 741 if (!pkey) {
742 /* 742 /*
@@ -746,31 +746,31 @@ req_main(int argc, char **argv)
746 goto end; 746 goto end;
747 } 747 }
748 } 748 }
749 if (req_config.newreq && (pkey == NULL)) { 749 if (cfg.newreq && (pkey == NULL)) {
750 if (!NCONF_get_number(req_conf, SECTION, BITS, &req_config.newkey)) { 750 if (!NCONF_get_number(req_conf, SECTION, BITS, &cfg.newkey)) {
751 req_config.newkey = DEFAULT_KEY_LENGTH; 751 cfg.newkey = DEFAULT_KEY_LENGTH;
752 } 752 }
753 if (req_config.keyalg) { 753 if (cfg.keyalg) {
754 genctx = set_keygen_ctx(bio_err, req_config.keyalg, &pkey_type, &req_config.newkey, 754 genctx = set_keygen_ctx(bio_err, cfg.keyalg, &pkey_type, &cfg.newkey,
755 &keyalgstr); 755 &keyalgstr);
756 if (!genctx) 756 if (!genctx)
757 goto end; 757 goto end;
758 } 758 }
759 if (req_config.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { 759 if (cfg.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
760 BIO_printf(bio_err, "private key length is too short,\n"); 760 BIO_printf(bio_err, "private key length is too short,\n");
761 BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, req_config.newkey); 761 BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, cfg.newkey);
762 goto end; 762 goto end;
763 } 763 }
764 if (!genctx) { 764 if (!genctx) {
765 genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &req_config.newkey, 765 genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &cfg.newkey,
766 &keyalgstr); 766 &keyalgstr);
767 if (!genctx) 767 if (!genctx)
768 goto end; 768 goto end;
769 } 769 }
770 if (req_config.pkeyopts) { 770 if (cfg.pkeyopts) {
771 char *genopt; 771 char *genopt;
772 for (i = 0; i < sk_OPENSSL_STRING_num(req_config.pkeyopts); i++) { 772 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.pkeyopts); i++) {
773 genopt = sk_OPENSSL_STRING_value(req_config.pkeyopts, i); 773 genopt = sk_OPENSSL_STRING_value(cfg.pkeyopts, i);
774 if (pkey_ctrl_string(genctx, genopt) <= 0) { 774 if (pkey_ctrl_string(genctx, genopt) <= 0) {
775 BIO_printf(bio_err, 775 BIO_printf(bio_err,
776 "parameter error \"%s\"\n", 776 "parameter error \"%s\"\n",
@@ -781,7 +781,7 @@ req_main(int argc, char **argv)
781 } 781 }
782 } 782 }
783 BIO_printf(bio_err, "Generating a %ld bit %s private key\n", 783 BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
784 req_config.newkey, keyalgstr); 784 cfg.newkey, keyalgstr);
785 785
786 EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); 786 EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
787 EVP_PKEY_CTX_set_app_data(genctx, bio_err); 787 EVP_PKEY_CTX_set_app_data(genctx, bio_err);
@@ -793,18 +793,18 @@ req_main(int argc, char **argv)
793 EVP_PKEY_CTX_free(genctx); 793 EVP_PKEY_CTX_free(genctx);
794 genctx = NULL; 794 genctx = NULL;
795 795
796 if (req_config.keyout == NULL) { 796 if (cfg.keyout == NULL) {
797 req_config.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); 797 cfg.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
798 if (req_config.keyout == NULL) 798 if (cfg.keyout == NULL)
799 ERR_clear_error(); 799 ERR_clear_error();
800 } 800 }
801 if (req_config.keyout == NULL) { 801 if (cfg.keyout == NULL) {
802 BIO_printf(bio_err, "writing new private key to stdout\n"); 802 BIO_printf(bio_err, "writing new private key to stdout\n");
803 BIO_set_fp(out, stdout, BIO_NOCLOSE); 803 BIO_set_fp(out, stdout, BIO_NOCLOSE);
804 } else { 804 } else {
805 BIO_printf(bio_err, "writing new private key to '%s'\n", req_config.keyout); 805 BIO_printf(bio_err, "writing new private key to '%s'\n", cfg.keyout);
806 if (BIO_write_filename(out, req_config.keyout) <= 0) { 806 if (BIO_write_filename(out, cfg.keyout) <= 0) {
807 perror(req_config.keyout); 807 perror(cfg.keyout);
808 goto end; 808 goto end;
809 } 809 }
810 } 810 }
@@ -818,7 +818,7 @@ req_main(int argc, char **argv)
818 } 818 }
819 if ((p != NULL) && (strcmp(p, "no") == 0)) 819 if ((p != NULL) && (strcmp(p, "no") == 0))
820 cipher = NULL; 820 cipher = NULL;
821 if (req_config.nodes) 821 if (cfg.nodes)
822 cipher = NULL; 822 cipher = NULL;
823 823
824 i = 0; 824 i = 0;
@@ -835,19 +835,19 @@ req_main(int argc, char **argv)
835 } 835 }
836 BIO_printf(bio_err, "-----\n"); 836 BIO_printf(bio_err, "-----\n");
837 } 837 }
838 if (!req_config.newreq) { 838 if (!cfg.newreq) {
839 if (req_config.infile == NULL) 839 if (cfg.infile == NULL)
840 BIO_set_fp(in, stdin, BIO_NOCLOSE); 840 BIO_set_fp(in, stdin, BIO_NOCLOSE);
841 else { 841 else {
842 if (BIO_read_filename(in, req_config.infile) <= 0) { 842 if (BIO_read_filename(in, cfg.infile) <= 0) {
843 perror(req_config.infile); 843 perror(cfg.infile);
844 goto end; 844 goto end;
845 } 845 }
846 } 846 }
847 847
848 if (req_config.informat == FORMAT_ASN1) 848 if (cfg.informat == FORMAT_ASN1)
849 req = d2i_X509_REQ_bio(in, NULL); 849 req = d2i_X509_REQ_bio(in, NULL);
850 else if (req_config.informat == FORMAT_PEM) 850 else if (cfg.informat == FORMAT_PEM)
851 req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); 851 req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
852 else { 852 else {
853 BIO_printf(bio_err, "bad input format specified for X509 request\n"); 853 BIO_printf(bio_err, "bad input format specified for X509 request\n");
@@ -858,7 +858,7 @@ req_main(int argc, char **argv)
858 goto end; 858 goto end;
859 } 859 }
860 } 860 }
861 if (req_config.newreq || req_config.x509) { 861 if (cfg.newreq || cfg.x509) {
862 if (pkey == NULL) { 862 if (pkey == NULL) {
863 BIO_printf(bio_err, "you need to specify a private key\n"); 863 BIO_printf(bio_err, "you need to specify a private key\n");
864 goto end; 864 goto end;
@@ -868,14 +868,14 @@ req_main(int argc, char **argv)
868 if (req == NULL) { 868 if (req == NULL) {
869 goto end; 869 goto end;
870 } 870 }
871 i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype); 871 i = make_REQ(req, pkey, cfg.subj, cfg.multirdn, !cfg.x509, cfg.chtype);
872 req_config.subj = NULL; /* done processing '-subj' option */ 872 cfg.subj = NULL; /* done processing '-subj' option */
873 if (!i) { 873 if (!i) {
874 BIO_printf(bio_err, "problems making Certificate Request\n"); 874 BIO_printf(bio_err, "problems making Certificate Request\n");
875 goto end; 875 goto end;
876 } 876 }
877 } 877 }
878 if (req_config.x509) { 878 if (cfg.x509) {
879 EVP_PKEY *tmppkey; 879 EVP_PKEY *tmppkey;
880 880
881 X509V3_CTX ext_ctx; 881 X509V3_CTX ext_ctx;
@@ -883,11 +883,11 @@ req_main(int argc, char **argv)
883 goto end; 883 goto end;
884 884
885 /* Set version to V3 */ 885 /* Set version to V3 */
886 if ((req_config.extensions != NULL || addext_conf != NULL) && 886 if ((cfg.extensions != NULL || addext_conf != NULL) &&
887 !X509_set_version(x509ss, 2)) 887 !X509_set_version(x509ss, 2))
888 goto end; 888 goto end;
889 if (req_config.serial) { 889 if (cfg.serial) {
890 if (!X509_set_serialNumber(x509ss, req_config.serial)) 890 if (!X509_set_serialNumber(x509ss, cfg.serial))
891 goto end; 891 goto end;
892 } else { 892 } else {
893 if (!rand_serial(NULL, 893 if (!rand_serial(NULL,
@@ -899,7 +899,7 @@ req_main(int argc, char **argv)
899 goto end; 899 goto end;
900 if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0)) 900 if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
901 goto end; 901 goto end;
902 if (!X509_time_adj_ex(X509_get_notAfter(x509ss), req_config.days, 0, NULL)) 902 if (!X509_time_adj_ex(X509_get_notAfter(x509ss), cfg.days, 0, NULL))
903 goto end; 903 goto end;
904 if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) 904 if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req)))
905 goto end; 905 goto end;
@@ -914,11 +914,11 @@ req_main(int argc, char **argv)
914 X509V3_set_nconf(&ext_ctx, req_conf); 914 X509V3_set_nconf(&ext_ctx, req_conf);
915 915
916 /* Add extensions */ 916 /* Add extensions */
917 if (req_config.extensions && !X509V3_EXT_add_nconf(req_conf, 917 if (cfg.extensions && !X509V3_EXT_add_nconf(req_conf,
918 &ext_ctx, req_config.extensions, x509ss)) { 918 &ext_ctx, cfg.extensions, x509ss)) {
919 BIO_printf(bio_err, 919 BIO_printf(bio_err,
920 "Error Loading extension section %s\n", 920 "Error Loading extension section %s\n",
921 req_config.extensions); 921 cfg.extensions);
922 goto end; 922 goto end;
923 } 923 }
924 if (addext_conf != NULL && 924 if (addext_conf != NULL &&
@@ -928,7 +928,7 @@ req_main(int argc, char **argv)
928 "Error Loading command line extensions\n"); 928 "Error Loading command line extensions\n");
929 goto end; 929 goto end;
930 } 930 }
931 i = do_X509_sign(bio_err, x509ss, pkey, req_config.digest, req_config.sigopts); 931 i = do_X509_sign(bio_err, x509ss, pkey, cfg.digest, cfg.sigopts);
932 if (!i) { 932 if (!i) {
933 ERR_print_errors(bio_err); 933 ERR_print_errors(bio_err);
934 goto end; 934 goto end;
@@ -942,11 +942,11 @@ req_main(int argc, char **argv)
942 X509V3_set_nconf(&ext_ctx, req_conf); 942 X509V3_set_nconf(&ext_ctx, req_conf);
943 943
944 /* Add extensions */ 944 /* Add extensions */
945 if (req_config.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, 945 if (cfg.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
946 &ext_ctx, req_config.req_exts, req)) { 946 &ext_ctx, cfg.req_exts, req)) {
947 BIO_printf(bio_err, 947 BIO_printf(bio_err,
948 "Error Loading extension section %s\n", 948 "Error Loading extension section %s\n",
949 req_config.req_exts); 949 cfg.req_exts);
950 goto end; 950 goto end;
951 } 951 }
952 if (addext_conf != NULL && 952 if (addext_conf != NULL &&
@@ -956,33 +956,33 @@ req_main(int argc, char **argv)
956 "Error Loading command line extensions\n"); 956 "Error Loading command line extensions\n");
957 goto end; 957 goto end;
958 } 958 }
959 i = do_X509_REQ_sign(bio_err, req, pkey, req_config.digest, req_config.sigopts); 959 i = do_X509_REQ_sign(bio_err, req, pkey, cfg.digest, cfg.sigopts);
960 if (!i) { 960 if (!i) {
961 ERR_print_errors(bio_err); 961 ERR_print_errors(bio_err);
962 goto end; 962 goto end;
963 } 963 }
964 } 964 }
965 } 965 }
966 if (req_config.subj && req_config.x509) { 966 if (cfg.subj && cfg.x509) {
967 BIO_printf(bio_err, "Cannot modify certificate subject\n"); 967 BIO_printf(bio_err, "Cannot modify certificate subject\n");
968 goto end; 968 goto end;
969 } 969 }
970 if (req_config.subj && !req_config.x509) { 970 if (cfg.subj && !cfg.x509) {
971 if (req_config.verbose) { 971 if (cfg.verbose) {
972 BIO_printf(bio_err, "Modifying Request's Subject\n"); 972 BIO_printf(bio_err, "Modifying Request's Subject\n");
973 print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), req_config.nmflag); 973 print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), cfg.nmflag);
974 } 974 }
975 if (build_subject(req, req_config.subj, req_config.chtype, req_config.multirdn) == 0) { 975 if (build_subject(req, cfg.subj, cfg.chtype, cfg.multirdn) == 0) {
976 BIO_printf(bio_err, "ERROR: cannot modify subject\n"); 976 BIO_printf(bio_err, "ERROR: cannot modify subject\n");
977 ex = 1; 977 ex = 1;
978 goto end; 978 goto end;
979 } 979 }
980 980
981 if (req_config.verbose) { 981 if (cfg.verbose) {
982 print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), req_config.nmflag); 982 print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), cfg.nmflag);
983 } 983 }
984 } 984 }
985 if (req_config.verify && !req_config.x509) { 985 if (cfg.verify && !cfg.x509) {
986 EVP_PKEY *pubkey = pkey; 986 EVP_PKEY *pubkey = pkey;
987 987
988 if (pubkey == NULL) 988 if (pubkey == NULL)
@@ -998,24 +998,24 @@ req_main(int argc, char **argv)
998 } else /* if (i > 0) */ 998 } else /* if (i > 0) */
999 BIO_printf(bio_err, "verify OK\n"); 999 BIO_printf(bio_err, "verify OK\n");
1000 } 1000 }
1001 if (req_config.noout && !req_config.text && !req_config.modulus && !req_config.subject && !req_config.pubkey) { 1001 if (cfg.noout && !cfg.text && !cfg.modulus && !cfg.subject && !cfg.pubkey) {
1002 ex = 0; 1002 ex = 0;
1003 goto end; 1003 goto end;
1004 } 1004 }
1005 if (req_config.outfile == NULL) { 1005 if (cfg.outfile == NULL) {
1006 BIO_set_fp(out, stdout, BIO_NOCLOSE); 1006 BIO_set_fp(out, stdout, BIO_NOCLOSE);
1007 } else { 1007 } else {
1008 if ((req_config.keyout != NULL) && (strcmp(req_config.outfile, req_config.keyout) == 0)) 1008 if ((cfg.keyout != NULL) && (strcmp(cfg.outfile, cfg.keyout) == 0))
1009 i = (int) BIO_append_filename(out, req_config.outfile); 1009 i = (int) BIO_append_filename(out, cfg.outfile);
1010 else 1010 else
1011 i = (int) BIO_write_filename(out, req_config.outfile); 1011 i = (int) BIO_write_filename(out, cfg.outfile);
1012 if (!i) { 1012 if (!i) {
1013 perror(req_config.outfile); 1013 perror(cfg.outfile);
1014 goto end; 1014 goto end;
1015 } 1015 }
1016 } 1016 }
1017 1017
1018 if (req_config.pubkey) { 1018 if (cfg.pubkey) {
1019 EVP_PKEY *tpubkey; 1019 EVP_PKEY *tpubkey;
1020 1020
1021 if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) { 1021 if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) {
@@ -1025,22 +1025,22 @@ req_main(int argc, char **argv)
1025 } 1025 }
1026 PEM_write_bio_PUBKEY(out, tpubkey); 1026 PEM_write_bio_PUBKEY(out, tpubkey);
1027 } 1027 }
1028 if (req_config.text) { 1028 if (cfg.text) {
1029 if (req_config.x509) 1029 if (cfg.x509)
1030 X509_print_ex(out, x509ss, req_config.nmflag, req_config.reqflag); 1030 X509_print_ex(out, x509ss, cfg.nmflag, cfg.reqflag);
1031 else 1031 else
1032 X509_REQ_print_ex(out, req, req_config.nmflag, req_config.reqflag); 1032 X509_REQ_print_ex(out, req, cfg.nmflag, cfg.reqflag);
1033 } 1033 }
1034 if (req_config.subject) { 1034 if (cfg.subject) {
1035 if (req_config.x509) 1035 if (cfg.x509)
1036 print_name(out, "subject=", X509_get_subject_name(x509ss), req_config.nmflag); 1036 print_name(out, "subject=", X509_get_subject_name(x509ss), cfg.nmflag);
1037 else 1037 else
1038 print_name(out, "subject=", X509_REQ_get_subject_name(req), req_config.nmflag); 1038 print_name(out, "subject=", X509_REQ_get_subject_name(req), cfg.nmflag);
1039 } 1039 }
1040 if (req_config.modulus) { 1040 if (cfg.modulus) {
1041 EVP_PKEY *tpubkey; 1041 EVP_PKEY *tpubkey;
1042 1042
1043 if (req_config.x509) 1043 if (cfg.x509)
1044 tpubkey = X509_get0_pubkey(x509ss); 1044 tpubkey = X509_get0_pubkey(x509ss);
1045 else 1045 else
1046 tpubkey = X509_REQ_get0_pubkey(req); 1046 tpubkey = X509_REQ_get0_pubkey(req);
@@ -1059,11 +1059,11 @@ req_main(int argc, char **argv)
1059 fprintf(stdout, "Wrong Algorithm type"); 1059 fprintf(stdout, "Wrong Algorithm type");
1060 fprintf(stdout, "\n"); 1060 fprintf(stdout, "\n");
1061 } 1061 }
1062 if (!req_config.noout && !req_config.x509) { 1062 if (!cfg.noout && !cfg.x509) {
1063 if (req_config.outformat == FORMAT_ASN1) 1063 if (cfg.outformat == FORMAT_ASN1)
1064 i = i2d_X509_REQ_bio(out, req); 1064 i = i2d_X509_REQ_bio(out, req);
1065 else if (req_config.outformat == FORMAT_PEM) { 1065 else if (cfg.outformat == FORMAT_PEM) {
1066 if (req_config.newhdr) 1066 if (cfg.newhdr)
1067 i = PEM_write_bio_X509_REQ_NEW(out, req); 1067 i = PEM_write_bio_X509_REQ_NEW(out, req);
1068 else 1068 else
1069 i = PEM_write_bio_X509_REQ(out, req); 1069 i = PEM_write_bio_X509_REQ(out, req);
@@ -1076,10 +1076,10 @@ req_main(int argc, char **argv)
1076 goto end; 1076 goto end;
1077 } 1077 }
1078 } 1078 }
1079 if (!req_config.noout && req_config.x509 && (x509ss != NULL)) { 1079 if (!cfg.noout && cfg.x509 && (x509ss != NULL)) {
1080 if (req_config.outformat == FORMAT_ASN1) 1080 if (cfg.outformat == FORMAT_ASN1)
1081 i = i2d_X509_bio(out, x509ss); 1081 i = i2d_X509_bio(out, x509ss);
1082 else if (req_config.outformat == FORMAT_PEM) 1082 else if (cfg.outformat == FORMAT_PEM)
1083 i = PEM_write_bio_X509(out, x509ss); 1083 i = PEM_write_bio_X509(out, x509ss);
1084 else { 1084 else {
1085 BIO_printf(bio_err, "bad output format specified for outfile\n"); 1085 BIO_printf(bio_err, "bad output format specified for outfile\n");
@@ -1098,25 +1098,25 @@ req_main(int argc, char **argv)
1098 if ((req_conf != NULL) && (req_conf != config)) 1098 if ((req_conf != NULL) && (req_conf != config))
1099 NCONF_free(req_conf); 1099 NCONF_free(req_conf);
1100 NCONF_free(addext_conf); 1100 NCONF_free(addext_conf);
1101 BIO_free(req_config.addext_bio); 1101 BIO_free(cfg.addext_bio);
1102 BIO_free(in); 1102 BIO_free(in);
1103 BIO_free_all(out); 1103 BIO_free_all(out);
1104 EVP_PKEY_free(pkey); 1104 EVP_PKEY_free(pkey);
1105 if (genctx) 1105 if (genctx)
1106 EVP_PKEY_CTX_free(genctx); 1106 EVP_PKEY_CTX_free(genctx);
1107 if (req_config.pkeyopts) 1107 if (cfg.pkeyopts)
1108 sk_OPENSSL_STRING_free(req_config.pkeyopts); 1108 sk_OPENSSL_STRING_free(cfg.pkeyopts);
1109 if (req_config.sigopts) 1109 if (cfg.sigopts)
1110 sk_OPENSSL_STRING_free(req_config.sigopts); 1110 sk_OPENSSL_STRING_free(cfg.sigopts);
1111 lh_OPENSSL_STRING_doall(req_config.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup); 1111 lh_OPENSSL_STRING_doall(cfg.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup);
1112 lh_OPENSSL_STRING_free(req_config.addexts); 1112 lh_OPENSSL_STRING_free(cfg.addexts);
1113 free(keyalgstr); 1113 free(keyalgstr);
1114 X509_REQ_free(req); 1114 X509_REQ_free(req);
1115 X509_free(x509ss); 1115 X509_free(x509ss);
1116 ASN1_INTEGER_free(req_config.serial); 1116 ASN1_INTEGER_free(cfg.serial);
1117 if (req_config.passargin && passin) 1117 if (cfg.passargin && passin)
1118 free(passin); 1118 free(passin);
1119 if (req_config.passargout && passout) 1119 if (cfg.passargout && passout)
1120 free(passout); 1120 free(passout);
1121 OBJ_cleanup(); 1121 OBJ_cleanup();
1122 1122
@@ -1222,7 +1222,7 @@ prompt_info(X509_REQ * req,
1222 X509_NAME *subj; 1222 X509_NAME *subj;
1223 subj = X509_REQ_get_subject_name(req); 1223 subj = X509_REQ_get_subject_name(req);
1224 1224
1225 if (!req_config.batch) { 1225 if (!cfg.batch) {
1226 BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n"); 1226 BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n");
1227 BIO_printf(bio_err, "into your certificate request.\n"); 1227 BIO_printf(bio_err, "into your certificate request.\n");
1228 BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n"); 1228 BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n");
@@ -1316,7 +1316,7 @@ prompt_info(X509_REQ * req,
1316 } 1316 }
1317 if (attribs) { 1317 if (attribs) {
1318 if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && 1318 if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) &&
1319 (!req_config.batch)) { 1319 (!cfg.batch)) {
1320 BIO_printf(bio_err, 1320 BIO_printf(bio_err,
1321 "\nPlease enter the following 'extra' attributes\n"); 1321 "\nPlease enter the following 'extra' attributes\n");
1322 BIO_printf(bio_err, 1322 BIO_printf(bio_err,
@@ -1452,7 +1452,7 @@ add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
1452 int i, ret = 0; 1452 int i, ret = 0;
1453 char buf[1024]; 1453 char buf[1024];
1454 start: 1454 start:
1455 if (!req_config.batch) 1455 if (!cfg.batch)
1456 BIO_printf(bio_err, "%s [%s]:", text, def); 1456 BIO_printf(bio_err, "%s [%s]:", text, def);
1457 (void) BIO_flush(bio_err); 1457 (void) BIO_flush(bio_err);
1458 if (value != NULL) { 1458 if (value != NULL) {
@@ -1461,7 +1461,7 @@ add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
1461 BIO_printf(bio_err, "%s\n", value); 1461 BIO_printf(bio_err, "%s\n", value);
1462 } else { 1462 } else {
1463 buf[0] = '\0'; 1463 buf[0] = '\0';
1464 if (!req_config.batch) { 1464 if (!cfg.batch) {
1465 if (!fgets(buf, sizeof buf, stdin)) 1465 if (!fgets(buf, sizeof buf, stdin))
1466 return 0; 1466 return 0;
1467 } else { 1467 } else {
@@ -1505,7 +1505,7 @@ add_attribute_object(X509_REQ * req, char *text, const char *def,
1505 static char buf[1024]; 1505 static char buf[1024];
1506 1506
1507 start: 1507 start:
1508 if (!req_config.batch) 1508 if (!cfg.batch)
1509 BIO_printf(bio_err, "%s [%s]:", text, def); 1509 BIO_printf(bio_err, "%s [%s]:", text, def);
1510 (void) BIO_flush(bio_err); 1510 (void) BIO_flush(bio_err);
1511 if (value != NULL) { 1511 if (value != NULL) {
@@ -1514,7 +1514,7 @@ add_attribute_object(X509_REQ * req, char *text, const char *def,
1514 BIO_printf(bio_err, "%s\n", value); 1514 BIO_printf(bio_err, "%s\n", value);
1515 } else { 1515 } else {
1516 buf[0] = '\0'; 1516 buf[0] = '\0';
1517 if (!req_config.batch) { 1517 if (!cfg.batch) {
1518 if (!fgets(buf, sizeof buf, stdin)) 1518 if (!fgets(buf, sizeof buf, stdin))
1519 return 0; 1519 return 0;
1520 } else { 1520 } else {
diff --git a/src/usr.bin/openssl/rsa.c b/src/usr.bin/openssl/rsa.c
index bdd263ce7c..953daaacf7 100644
--- a/src/usr.bin/openssl/rsa.c
+++ b/src/usr.bin/openssl/rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa.c,v 1.17 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: rsa.c,v 1.18 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -89,7 +89,7 @@ static struct {
89 int pubout; 89 int pubout;
90 int pvk_encr; 90 int pvk_encr;
91 int text; 91 int text;
92} rsa_config; 92} cfg;
93 93
94static int 94static int
95rsa_opt_cipher(int argc, char **argv, int *argsused) 95rsa_opt_cipher(int argc, char **argv, int *argsused)
@@ -99,7 +99,7 @@ rsa_opt_cipher(int argc, char **argv, int *argsused)
99 if (*name++ != '-') 99 if (*name++ != '-')
100 return (1); 100 return (1);
101 101
102 if ((rsa_config.enc = EVP_get_cipherbyname(name)) == NULL) { 102 if ((cfg.enc = EVP_get_cipherbyname(name)) == NULL) {
103 fprintf(stderr, "Invalid cipher '%s'\n", name); 103 fprintf(stderr, "Invalid cipher '%s'\n", name);
104 return (1); 104 return (1);
105 } 105 }
@@ -113,111 +113,111 @@ static const struct option rsa_options[] = {
113 .name = "check", 113 .name = "check",
114 .desc = "Check consistency of RSA private key", 114 .desc = "Check consistency of RSA private key",
115 .type = OPTION_FLAG, 115 .type = OPTION_FLAG,
116 .opt.flag = &rsa_config.check, 116 .opt.flag = &cfg.check,
117 }, 117 },
118 { 118 {
119 .name = "in", 119 .name = "in",
120 .argname = "file", 120 .argname = "file",
121 .desc = "Input file (default stdin)", 121 .desc = "Input file (default stdin)",
122 .type = OPTION_ARG, 122 .type = OPTION_ARG,
123 .opt.arg = &rsa_config.infile, 123 .opt.arg = &cfg.infile,
124 }, 124 },
125 { 125 {
126 .name = "inform", 126 .name = "inform",
127 .argname = "format", 127 .argname = "format",
128 .desc = "Input format (DER, NET or PEM (default))", 128 .desc = "Input format (DER, NET or PEM (default))",
129 .type = OPTION_ARG_FORMAT, 129 .type = OPTION_ARG_FORMAT,
130 .opt.value = &rsa_config.informat, 130 .opt.value = &cfg.informat,
131 }, 131 },
132 { 132 {
133 .name = "modulus", 133 .name = "modulus",
134 .desc = "Print the RSA key modulus", 134 .desc = "Print the RSA key modulus",
135 .type = OPTION_FLAG, 135 .type = OPTION_FLAG,
136 .opt.flag = &rsa_config.modulus, 136 .opt.flag = &cfg.modulus,
137 }, 137 },
138 { 138 {
139 .name = "noout", 139 .name = "noout",
140 .desc = "Do not print encoded version of the key", 140 .desc = "Do not print encoded version of the key",
141 .type = OPTION_FLAG, 141 .type = OPTION_FLAG,
142 .opt.flag = &rsa_config.noout, 142 .opt.flag = &cfg.noout,
143 }, 143 },
144 { 144 {
145 .name = "out", 145 .name = "out",
146 .argname = "file", 146 .argname = "file",
147 .desc = "Output file (default stdout)", 147 .desc = "Output file (default stdout)",
148 .type = OPTION_ARG, 148 .type = OPTION_ARG,
149 .opt.arg = &rsa_config.outfile, 149 .opt.arg = &cfg.outfile,
150 }, 150 },
151 { 151 {
152 .name = "outform", 152 .name = "outform",
153 .argname = "format", 153 .argname = "format",
154 .desc = "Output format (DER, NET or PEM (default PEM))", 154 .desc = "Output format (DER, NET or PEM (default PEM))",
155 .type = OPTION_ARG_FORMAT, 155 .type = OPTION_ARG_FORMAT,
156 .opt.value = &rsa_config.outformat, 156 .opt.value = &cfg.outformat,
157 }, 157 },
158 { 158 {
159 .name = "passin", 159 .name = "passin",
160 .argname = "src", 160 .argname = "src",
161 .desc = "Input file passphrase source", 161 .desc = "Input file passphrase source",
162 .type = OPTION_ARG, 162 .type = OPTION_ARG,
163 .opt.arg = &rsa_config.passargin, 163 .opt.arg = &cfg.passargin,
164 }, 164 },
165 { 165 {
166 .name = "passout", 166 .name = "passout",
167 .argname = "src", 167 .argname = "src",
168 .desc = "Output file passphrase source", 168 .desc = "Output file passphrase source",
169 .type = OPTION_ARG, 169 .type = OPTION_ARG,
170 .opt.arg = &rsa_config.passargout, 170 .opt.arg = &cfg.passargout,
171 }, 171 },
172 { 172 {
173 .name = "pubin", 173 .name = "pubin",
174 .desc = "Expect a public key (default private key)", 174 .desc = "Expect a public key (default private key)",
175 .type = OPTION_VALUE, 175 .type = OPTION_VALUE,
176 .value = 1, 176 .value = 1,
177 .opt.value = &rsa_config.pubin, 177 .opt.value = &cfg.pubin,
178 }, 178 },
179 { 179 {
180 .name = "pubout", 180 .name = "pubout",
181 .desc = "Output a public key (default private key)", 181 .desc = "Output a public key (default private key)",
182 .type = OPTION_VALUE, 182 .type = OPTION_VALUE,
183 .value = 1, 183 .value = 1,
184 .opt.value = &rsa_config.pubout, 184 .opt.value = &cfg.pubout,
185 }, 185 },
186 { 186 {
187 .name = "pvk-none", 187 .name = "pvk-none",
188 .type = OPTION_VALUE, 188 .type = OPTION_VALUE,
189 .value = 0, 189 .value = 0,
190 .opt.value = &rsa_config.pvk_encr, 190 .opt.value = &cfg.pvk_encr,
191 }, 191 },
192 { 192 {
193 .name = "pvk-strong", 193 .name = "pvk-strong",
194 .type = OPTION_VALUE, 194 .type = OPTION_VALUE,
195 .value = 2, 195 .value = 2,
196 .opt.value = &rsa_config.pvk_encr, 196 .opt.value = &cfg.pvk_encr,
197 }, 197 },
198 { 198 {
199 .name = "pvk-weak", 199 .name = "pvk-weak",
200 .type = OPTION_VALUE, 200 .type = OPTION_VALUE,
201 .value = 1, 201 .value = 1,
202 .opt.value = &rsa_config.pvk_encr, 202 .opt.value = &cfg.pvk_encr,
203 }, 203 },
204 { 204 {
205 .name = "RSAPublicKey_in", 205 .name = "RSAPublicKey_in",
206 .type = OPTION_VALUE, 206 .type = OPTION_VALUE,
207 .value = 2, 207 .value = 2,
208 .opt.value = &rsa_config.pubin, 208 .opt.value = &cfg.pubin,
209 }, 209 },
210 { 210 {
211 .name = "RSAPublicKey_out", 211 .name = "RSAPublicKey_out",
212 .type = OPTION_VALUE, 212 .type = OPTION_VALUE,
213 .value = 2, 213 .value = 2,
214 .opt.value = &rsa_config.pubout, 214 .opt.value = &cfg.pubout,
215 }, 215 },
216 { 216 {
217 .name = "text", 217 .name = "text",
218 .desc = "Print in plain text in addition to encoded", 218 .desc = "Print in plain text in addition to encoded",
219 .type = OPTION_FLAG, 219 .type = OPTION_FLAG,
220 .opt.flag = &rsa_config.text, 220 .opt.flag = &cfg.text,
221 }, 221 },
222 { 222 {
223 .name = NULL, 223 .name = NULL,
@@ -260,22 +260,22 @@ rsa_main(int argc, char **argv)
260 exit(1); 260 exit(1);
261 } 261 }
262 262
263 memset(&rsa_config, 0, sizeof(rsa_config)); 263 memset(&cfg, 0, sizeof(cfg));
264 rsa_config.pvk_encr = 2; 264 cfg.pvk_encr = 2;
265 rsa_config.informat = FORMAT_PEM; 265 cfg.informat = FORMAT_PEM;
266 rsa_config.outformat = FORMAT_PEM; 266 cfg.outformat = FORMAT_PEM;
267 267
268 if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) { 268 if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) {
269 rsa_usage(); 269 rsa_usage();
270 goto end; 270 goto end;
271 } 271 }
272 272
273 if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout, 273 if (!app_passwd(bio_err, cfg.passargin, cfg.passargout,
274 &passin, &passout)) { 274 &passin, &passout)) {
275 BIO_printf(bio_err, "Error getting passwords\n"); 275 BIO_printf(bio_err, "Error getting passwords\n");
276 goto end; 276 goto end;
277 } 277 }
278 if (rsa_config.check && rsa_config.pubin) { 278 if (cfg.check && cfg.pubin) {
279 BIO_printf(bio_err, "Only private keys can be checked\n"); 279 BIO_printf(bio_err, "Only private keys can be checked\n");
280 goto end; 280 goto end;
281 } 281 }
@@ -284,21 +284,21 @@ rsa_main(int argc, char **argv)
284 { 284 {
285 EVP_PKEY *pkey; 285 EVP_PKEY *pkey;
286 286
287 if (rsa_config.pubin) { 287 if (cfg.pubin) {
288 int tmpformat = -1; 288 int tmpformat = -1;
289 if (rsa_config.pubin == 2) { 289 if (cfg.pubin == 2) {
290 if (rsa_config.informat == FORMAT_PEM) 290 if (cfg.informat == FORMAT_PEM)
291 tmpformat = FORMAT_PEMRSA; 291 tmpformat = FORMAT_PEMRSA;
292 else if (rsa_config.informat == FORMAT_ASN1) 292 else if (cfg.informat == FORMAT_ASN1)
293 tmpformat = FORMAT_ASN1RSA; 293 tmpformat = FORMAT_ASN1RSA;
294 } else 294 } else
295 tmpformat = rsa_config.informat; 295 tmpformat = cfg.informat;
296 296
297 pkey = load_pubkey(bio_err, rsa_config.infile, 297 pkey = load_pubkey(bio_err, cfg.infile,
298 tmpformat, 1, passin, "Public Key"); 298 tmpformat, 1, passin, "Public Key");
299 } else 299 } else
300 pkey = load_key(bio_err, rsa_config.infile, 300 pkey = load_key(bio_err, cfg.infile,
301 rsa_config.informat, 1, passin, "Private Key"); 301 cfg.informat, 1, passin, "Private Key");
302 302
303 if (pkey != NULL) 303 if (pkey != NULL)
304 rsa = EVP_PKEY_get1_RSA(pkey); 304 rsa = EVP_PKEY_get1_RSA(pkey);
@@ -309,27 +309,27 @@ rsa_main(int argc, char **argv)
309 ERR_print_errors(bio_err); 309 ERR_print_errors(bio_err);
310 goto end; 310 goto end;
311 } 311 }
312 if (rsa_config.outfile == NULL) { 312 if (cfg.outfile == NULL) {
313 BIO_set_fp(out, stdout, BIO_NOCLOSE); 313 BIO_set_fp(out, stdout, BIO_NOCLOSE);
314 } else { 314 } else {
315 if (BIO_write_filename(out, rsa_config.outfile) <= 0) { 315 if (BIO_write_filename(out, cfg.outfile) <= 0) {
316 perror(rsa_config.outfile); 316 perror(cfg.outfile);
317 goto end; 317 goto end;
318 } 318 }
319 } 319 }
320 320
321 if (rsa_config.text) 321 if (cfg.text)
322 if (!RSA_print(out, rsa, 0)) { 322 if (!RSA_print(out, rsa, 0)) {
323 perror(rsa_config.outfile); 323 perror(cfg.outfile);
324 ERR_print_errors(bio_err); 324 ERR_print_errors(bio_err);
325 goto end; 325 goto end;
326 } 326 }
327 if (rsa_config.modulus) { 327 if (cfg.modulus) {
328 BIO_printf(out, "Modulus="); 328 BIO_printf(out, "Modulus=");
329 BN_print(out, RSA_get0_n(rsa)); 329 BN_print(out, RSA_get0_n(rsa));
330 BIO_printf(out, "\n"); 330 BIO_printf(out, "\n");
331 } 331 }
332 if (rsa_config.check) { 332 if (cfg.check) {
333 int r = RSA_check_key(rsa); 333 int r = RSA_check_key(rsa);
334 334
335 if (r == 1) 335 if (r == 1)
@@ -353,38 +353,38 @@ rsa_main(int argc, char **argv)
353 goto end; 353 goto end;
354 } 354 }
355 } 355 }
356 if (rsa_config.noout) { 356 if (cfg.noout) {
357 ret = 0; 357 ret = 0;
358 goto end; 358 goto end;
359 } 359 }
360 BIO_printf(bio_err, "writing RSA key\n"); 360 BIO_printf(bio_err, "writing RSA key\n");
361 if (rsa_config.outformat == FORMAT_ASN1) { 361 if (cfg.outformat == FORMAT_ASN1) {
362 if (rsa_config.pubout || rsa_config.pubin) { 362 if (cfg.pubout || cfg.pubin) {
363 if (rsa_config.pubout == 2) 363 if (cfg.pubout == 2)
364 i = i2d_RSAPublicKey_bio(out, rsa); 364 i = i2d_RSAPublicKey_bio(out, rsa);
365 else 365 else
366 i = i2d_RSA_PUBKEY_bio(out, rsa); 366 i = i2d_RSA_PUBKEY_bio(out, rsa);
367 } else 367 } else
368 i = i2d_RSAPrivateKey_bio(out, rsa); 368 i = i2d_RSAPrivateKey_bio(out, rsa);
369 } else if (rsa_config.outformat == FORMAT_PEM) { 369 } else if (cfg.outformat == FORMAT_PEM) {
370 if (rsa_config.pubout || rsa_config.pubin) { 370 if (cfg.pubout || cfg.pubin) {
371 if (rsa_config.pubout == 2) 371 if (cfg.pubout == 2)
372 i = PEM_write_bio_RSAPublicKey(out, rsa); 372 i = PEM_write_bio_RSAPublicKey(out, rsa);
373 else 373 else
374 i = PEM_write_bio_RSA_PUBKEY(out, rsa); 374 i = PEM_write_bio_RSA_PUBKEY(out, rsa);
375 } else 375 } else
376 i = PEM_write_bio_RSAPrivateKey(out, rsa, 376 i = PEM_write_bio_RSAPrivateKey(out, rsa,
377 rsa_config.enc, NULL, 0, NULL, passout); 377 cfg.enc, NULL, 0, NULL, passout);
378#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) 378#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
379 } else if (rsa_config.outformat == FORMAT_MSBLOB || 379 } else if (cfg.outformat == FORMAT_MSBLOB ||
380 rsa_config.outformat == FORMAT_PVK) { 380 cfg.outformat == FORMAT_PVK) {
381 EVP_PKEY *pk; 381 EVP_PKEY *pk;
382 pk = EVP_PKEY_new(); 382 pk = EVP_PKEY_new();
383 EVP_PKEY_set1_RSA(pk, rsa); 383 EVP_PKEY_set1_RSA(pk, rsa);
384 if (rsa_config.outformat == FORMAT_PVK) 384 if (cfg.outformat == FORMAT_PVK)
385 i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0, 385 i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0,
386 passout); 386 passout);
387 else if (rsa_config.pubin || rsa_config.pubout) 387 else if (cfg.pubin || cfg.pubout)
388 i = i2b_PublicKey_bio(out, pk); 388 i = i2b_PublicKey_bio(out, pk);
389 else 389 else
390 i = i2b_PrivateKey_bio(out, pk); 390 i = i2b_PrivateKey_bio(out, pk);
diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c
index 2916b2d9a0..9327223123 100644
--- a/src/usr.bin/openssl/rsautl.c
+++ b/src/usr.bin/openssl/rsautl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsautl.c,v 1.20 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: rsautl.c,v 1.21 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -87,131 +87,131 @@ static struct {
87 char *passargin; 87 char *passargin;
88 int rev; 88 int rev;
89 int rsa_mode; 89 int rsa_mode;
90} rsautl_config; 90} cfg;
91 91
92static const struct option rsautl_options[] = { 92static const struct option rsautl_options[] = {
93 { 93 {
94 .name = "asn1parse", 94 .name = "asn1parse",
95 .desc = "ASN.1 parse the output data", 95 .desc = "ASN.1 parse the output data",
96 .type = OPTION_FLAG, 96 .type = OPTION_FLAG,
97 .opt.flag = &rsautl_config.asn1parse, 97 .opt.flag = &cfg.asn1parse,
98 }, 98 },
99 { 99 {
100 .name = "certin", 100 .name = "certin",
101 .desc = "Input is a certificate containing an RSA public key", 101 .desc = "Input is a certificate containing an RSA public key",
102 .type = OPTION_VALUE, 102 .type = OPTION_VALUE,
103 .value = KEY_CERT, 103 .value = KEY_CERT,
104 .opt.value = &rsautl_config.key_type, 104 .opt.value = &cfg.key_type,
105 }, 105 },
106 { 106 {
107 .name = "decrypt", 107 .name = "decrypt",
108 .desc = "Decrypt the input data using RSA private key", 108 .desc = "Decrypt the input data using RSA private key",
109 .type = OPTION_VALUE, 109 .type = OPTION_VALUE,
110 .value = RSA_DECRYPT, 110 .value = RSA_DECRYPT,
111 .opt.value = &rsautl_config.rsa_mode, 111 .opt.value = &cfg.rsa_mode,
112 }, 112 },
113 { 113 {
114 .name = "encrypt", 114 .name = "encrypt",
115 .desc = "Encrypt the input data using RSA public key", 115 .desc = "Encrypt the input data using RSA public key",
116 .type = OPTION_VALUE, 116 .type = OPTION_VALUE,
117 .value = RSA_ENCRYPT, 117 .value = RSA_ENCRYPT,
118 .opt.value = &rsautl_config.rsa_mode, 118 .opt.value = &cfg.rsa_mode,
119 }, 119 },
120 { 120 {
121 .name = "hexdump", 121 .name = "hexdump",
122 .desc = "Hex dump the output data", 122 .desc = "Hex dump the output data",
123 .type = OPTION_FLAG, 123 .type = OPTION_FLAG,
124 .opt.flag = &rsautl_config.hexdump, 124 .opt.flag = &cfg.hexdump,
125 }, 125 },
126 { 126 {
127 .name = "in", 127 .name = "in",
128 .argname = "file", 128 .argname = "file",
129 .desc = "Input file (default stdin)", 129 .desc = "Input file (default stdin)",
130 .type = OPTION_ARG, 130 .type = OPTION_ARG,
131 .opt.arg = &rsautl_config.infile, 131 .opt.arg = &cfg.infile,
132 }, 132 },
133 { 133 {
134 .name = "inkey", 134 .name = "inkey",
135 .argname = "file", 135 .argname = "file",
136 .desc = "Input key file", 136 .desc = "Input key file",
137 .type = OPTION_ARG, 137 .type = OPTION_ARG,
138 .opt.arg = &rsautl_config.keyfile, 138 .opt.arg = &cfg.keyfile,
139 }, 139 },
140 { 140 {
141 .name = "keyform", 141 .name = "keyform",
142 .argname = "fmt", 142 .argname = "fmt",
143 .desc = "Input key format (DER, TXT or PEM (default))", 143 .desc = "Input key format (DER, TXT or PEM (default))",
144 .type = OPTION_ARG_FORMAT, 144 .type = OPTION_ARG_FORMAT,
145 .opt.value = &rsautl_config.keyform, 145 .opt.value = &cfg.keyform,
146 }, 146 },
147 { 147 {
148 .name = "oaep", 148 .name = "oaep",
149 .desc = "Use PKCS#1 OAEP padding", 149 .desc = "Use PKCS#1 OAEP padding",
150 .type = OPTION_VALUE, 150 .type = OPTION_VALUE,
151 .value = RSA_PKCS1_OAEP_PADDING, 151 .value = RSA_PKCS1_OAEP_PADDING,
152 .opt.value = &rsautl_config.pad, 152 .opt.value = &cfg.pad,
153 }, 153 },
154 { 154 {
155 .name = "out", 155 .name = "out",
156 .argname = "file", 156 .argname = "file",
157 .desc = "Output file (default stdout)", 157 .desc = "Output file (default stdout)",
158 .type = OPTION_ARG, 158 .type = OPTION_ARG,
159 .opt.arg = &rsautl_config.outfile, 159 .opt.arg = &cfg.outfile,
160 }, 160 },
161 { 161 {
162 .name = "passin", 162 .name = "passin",
163 .argname = "arg", 163 .argname = "arg",
164 .desc = "Key password source", 164 .desc = "Key password source",
165 .type = OPTION_ARG, 165 .type = OPTION_ARG,
166 .opt.arg = &rsautl_config.passargin, 166 .opt.arg = &cfg.passargin,
167 }, 167 },
168 { 168 {
169 .name = "pkcs", 169 .name = "pkcs",
170 .desc = "Use PKCS#1 v1.5 padding (default)", 170 .desc = "Use PKCS#1 v1.5 padding (default)",
171 .type = OPTION_VALUE, 171 .type = OPTION_VALUE,
172 .value = RSA_PKCS1_PADDING, 172 .value = RSA_PKCS1_PADDING,
173 .opt.value = &rsautl_config.pad, 173 .opt.value = &cfg.pad,
174 }, 174 },
175 { 175 {
176 .name = "pubin", 176 .name = "pubin",
177 .desc = "Input is an RSA public key", 177 .desc = "Input is an RSA public key",
178 .type = OPTION_VALUE, 178 .type = OPTION_VALUE,
179 .value = KEY_PUBKEY, 179 .value = KEY_PUBKEY,
180 .opt.value = &rsautl_config.key_type, 180 .opt.value = &cfg.key_type,
181 }, 181 },
182 { 182 {
183 .name = "raw", 183 .name = "raw",
184 .desc = "Use no padding", 184 .desc = "Use no padding",
185 .type = OPTION_VALUE, 185 .type = OPTION_VALUE,
186 .value = RSA_NO_PADDING, 186 .value = RSA_NO_PADDING,
187 .opt.value = &rsautl_config.pad, 187 .opt.value = &cfg.pad,
188 }, 188 },
189 { 189 {
190 .name = "rev", 190 .name = "rev",
191 .desc = "Reverse the input data", 191 .desc = "Reverse the input data",
192 .type = OPTION_FLAG, 192 .type = OPTION_FLAG,
193 .opt.flag = &rsautl_config.rev, 193 .opt.flag = &cfg.rev,
194 }, 194 },
195 { 195 {
196 .name = "sign", 196 .name = "sign",
197 .desc = "Sign the input data using RSA private key", 197 .desc = "Sign the input data using RSA private key",
198 .type = OPTION_VALUE, 198 .type = OPTION_VALUE,
199 .value = RSA_SIGN, 199 .value = RSA_SIGN,
200 .opt.value = &rsautl_config.rsa_mode, 200 .opt.value = &cfg.rsa_mode,
201 }, 201 },
202 { 202 {
203 .name = "verify", 203 .name = "verify",
204 .desc = "Verify the input data using RSA public key", 204 .desc = "Verify the input data using RSA public key",
205 .type = OPTION_VALUE, 205 .type = OPTION_VALUE,
206 .value = RSA_VERIFY, 206 .value = RSA_VERIFY,
207 .opt.value = &rsautl_config.rsa_mode, 207 .opt.value = &cfg.rsa_mode,
208 }, 208 },
209 { 209 {
210 .name = "x931", 210 .name = "x931",
211 .desc = "Use ANSI X9.31 padding", 211 .desc = "Use ANSI X9.31 padding",
212 .type = OPTION_VALUE, 212 .type = OPTION_VALUE,
213 .value = RSA_X931_PADDING, 213 .value = RSA_X931_PADDING,
214 .opt.value = &rsautl_config.pad, 214 .opt.value = &cfg.pad,
215 }, 215 },
216 216
217 {NULL}, 217 {NULL},
@@ -249,44 +249,44 @@ rsautl_main(int argc, char **argv)
249 exit(1); 249 exit(1);
250 } 250 }
251 251
252 memset(&rsautl_config, 0, sizeof(rsautl_config)); 252 memset(&cfg, 0, sizeof(cfg));
253 rsautl_config.keyform = FORMAT_PEM; 253 cfg.keyform = FORMAT_PEM;
254 rsautl_config.key_type = KEY_PRIVKEY; 254 cfg.key_type = KEY_PRIVKEY;
255 rsautl_config.pad = RSA_PKCS1_PADDING; 255 cfg.pad = RSA_PKCS1_PADDING;
256 rsautl_config.rsa_mode = RSA_VERIFY; 256 cfg.rsa_mode = RSA_VERIFY;
257 257
258 if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) { 258 if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) {
259 rsautl_usage(); 259 rsautl_usage();
260 return (1); 260 return (1);
261 } 261 }
262 262
263 if (rsautl_config.rsa_mode == RSA_SIGN || 263 if (cfg.rsa_mode == RSA_SIGN ||
264 rsautl_config.rsa_mode == RSA_DECRYPT) 264 cfg.rsa_mode == RSA_DECRYPT)
265 need_priv = 1; 265 need_priv = 1;
266 266
267 if (need_priv && rsautl_config.key_type != KEY_PRIVKEY) { 267 if (need_priv && cfg.key_type != KEY_PRIVKEY) {
268 BIO_printf(bio_err, "A private key is needed for this operation\n"); 268 BIO_printf(bio_err, "A private key is needed for this operation\n");
269 goto end; 269 goto end;
270 } 270 }
271 if (!app_passwd(bio_err, rsautl_config.passargin, NULL, &passin, NULL)) { 271 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
272 BIO_printf(bio_err, "Error getting password\n"); 272 BIO_printf(bio_err, "Error getting password\n");
273 goto end; 273 goto end;
274 } 274 }
275 275
276 switch (rsautl_config.key_type) { 276 switch (cfg.key_type) {
277 case KEY_PRIVKEY: 277 case KEY_PRIVKEY:
278 pkey = load_key(bio_err, rsautl_config.keyfile, 278 pkey = load_key(bio_err, cfg.keyfile,
279 rsautl_config.keyform, 0, passin, "Private Key"); 279 cfg.keyform, 0, passin, "Private Key");
280 break; 280 break;
281 281
282 case KEY_PUBKEY: 282 case KEY_PUBKEY:
283 pkey = load_pubkey(bio_err, rsautl_config.keyfile, 283 pkey = load_pubkey(bio_err, cfg.keyfile,
284 rsautl_config.keyform, 0, NULL, "Public Key"); 284 cfg.keyform, 0, NULL, "Public Key");
285 break; 285 break;
286 286
287 case KEY_CERT: 287 case KEY_CERT:
288 x = load_cert(bio_err, rsautl_config.keyfile, 288 x = load_cert(bio_err, cfg.keyfile,
289 rsautl_config.keyform, NULL, "Certificate"); 289 cfg.keyform, NULL, "Certificate");
290 if (x) { 290 if (x) {
291 pkey = X509_get_pubkey(x); 291 pkey = X509_get_pubkey(x);
292 X509_free(x); 292 X509_free(x);
@@ -305,8 +305,8 @@ rsautl_main(int argc, char **argv)
305 ERR_print_errors(bio_err); 305 ERR_print_errors(bio_err);
306 goto end; 306 goto end;
307 } 307 }
308 if (rsautl_config.infile) { 308 if (cfg.infile) {
309 if (!(in = BIO_new_file(rsautl_config.infile, "rb"))) { 309 if (!(in = BIO_new_file(cfg.infile, "rb"))) {
310 BIO_printf(bio_err, "Error Reading Input File\n"); 310 BIO_printf(bio_err, "Error Reading Input File\n");
311 ERR_print_errors(bio_err); 311 ERR_print_errors(bio_err);
312 goto end; 312 goto end;
@@ -314,8 +314,8 @@ rsautl_main(int argc, char **argv)
314 } else 314 } else
315 in = BIO_new_fp(stdin, BIO_NOCLOSE); 315 in = BIO_new_fp(stdin, BIO_NOCLOSE);
316 316
317 if (rsautl_config.outfile) { 317 if (cfg.outfile) {
318 if (!(out = BIO_new_file(rsautl_config.outfile, "wb"))) { 318 if (!(out = BIO_new_file(cfg.outfile, "wb"))) {
319 BIO_printf(bio_err, "Error Reading Output File\n"); 319 BIO_printf(bio_err, "Error Reading Output File\n");
320 ERR_print_errors(bio_err); 320 ERR_print_errors(bio_err);
321 goto end; 321 goto end;
@@ -343,7 +343,7 @@ rsautl_main(int argc, char **argv)
343 BIO_printf(bio_err, "Error reading input Data\n"); 343 BIO_printf(bio_err, "Error reading input Data\n");
344 exit(1); 344 exit(1);
345 } 345 }
346 if (rsautl_config.rev) { 346 if (cfg.rev) {
347 int i; 347 int i;
348 unsigned char ctmp; 348 unsigned char ctmp;
349 for (i = 0; i < rsa_inlen / 2; i++) { 349 for (i = 0; i < rsa_inlen / 2; i++) {
@@ -353,25 +353,25 @@ rsautl_main(int argc, char **argv)
353 } 353 }
354 } 354 }
355 355
356 switch (rsautl_config.rsa_mode) { 356 switch (cfg.rsa_mode) {
357 case RSA_VERIFY: 357 case RSA_VERIFY:
358 rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, 358 rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out,
359 rsa, rsautl_config.pad); 359 rsa, cfg.pad);
360 break; 360 break;
361 361
362 case RSA_SIGN: 362 case RSA_SIGN:
363 rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, 363 rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out,
364 rsa, rsautl_config.pad); 364 rsa, cfg.pad);
365 break; 365 break;
366 366
367 case RSA_ENCRYPT: 367 case RSA_ENCRYPT:
368 rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, 368 rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out,
369 rsa, rsautl_config.pad); 369 rsa, cfg.pad);
370 break; 370 break;
371 371
372 case RSA_DECRYPT: 372 case RSA_DECRYPT:
373 rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, 373 rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out,
374 rsa, rsautl_config.pad); 374 rsa, cfg.pad);
375 break; 375 break;
376 } 376 }
377 377
@@ -381,11 +381,11 @@ rsautl_main(int argc, char **argv)
381 goto end; 381 goto end;
382 } 382 }
383 ret = 0; 383 ret = 0;
384 if (rsautl_config.asn1parse) { 384 if (cfg.asn1parse) {
385 if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { 385 if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
386 ERR_print_errors(bio_err); 386 ERR_print_errors(bio_err);
387 } 387 }
388 } else if (rsautl_config.hexdump) 388 } else if (cfg.hexdump)
389 BIO_dump(out, (char *) rsa_out, rsa_outlen); 389 BIO_dump(out, (char *) rsa_out, rsa_outlen);
390 else 390 else
391 BIO_write(out, rsa_out, rsa_outlen); 391 BIO_write(out, rsa_out, rsa_outlen);
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 41f6502325..82a8128243 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.59 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: s_client.c,v 1.60 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -246,16 +246,16 @@ static struct {
246 int verify; 246 int verify;
247 X509_VERIFY_PARAM *vpm; 247 X509_VERIFY_PARAM *vpm;
248 char *xmpphost; 248 char *xmpphost;
249} s_client_config; 249} cfg;
250 250
251static int 251static int
252s_client_opt_keymatexportlen(char *arg) 252s_client_opt_keymatexportlen(char *arg)
253{ 253{
254 s_client_config.keymatexportlen = strtonum(arg, 1, INT_MAX, 254 cfg.keymatexportlen = strtonum(arg, 1, INT_MAX,
255 &s_client_config.errstr); 255 &cfg.errstr);
256 if (s_client_config.errstr != NULL) { 256 if (cfg.errstr != NULL) {
257 BIO_printf(bio_err, "invalid argument %s: %s\n", 257 BIO_printf(bio_err, "invalid argument %s: %s\n",
258 arg, s_client_config.errstr); 258 arg, cfg.errstr);
259 return (1); 259 return (1);
260 } 260 }
261 return (0); 261 return (0);
@@ -265,11 +265,11 @@ s_client_opt_keymatexportlen(char *arg)
265static int 265static int
266s_client_opt_mtu(char *arg) 266s_client_opt_mtu(char *arg)
267{ 267{
268 s_client_config.socket_mtu = strtonum(arg, 0, LONG_MAX, 268 cfg.socket_mtu = strtonum(arg, 0, LONG_MAX,
269 &s_client_config.errstr); 269 &cfg.errstr);
270 if (s_client_config.errstr != NULL) { 270 if (cfg.errstr != NULL) {
271 BIO_printf(bio_err, "invalid argument %s: %s\n", 271 BIO_printf(bio_err, "invalid argument %s: %s\n",
272 arg, s_client_config.errstr); 272 arg, cfg.errstr);
273 return (1); 273 return (1);
274 } 274 }
275 return (0); 275 return (0);
@@ -282,7 +282,7 @@ s_client_opt_port(char *arg)
282 if (*arg == '\0') 282 if (*arg == '\0')
283 return (1); 283 return (1);
284 284
285 s_client_config.port = arg; 285 cfg.port = arg;
286 return (0); 286 return (0);
287} 287}
288 288
@@ -290,8 +290,8 @@ s_client_opt_port(char *arg)
290static int 290static int
291s_client_opt_protocol_version_dtls(void) 291s_client_opt_protocol_version_dtls(void)
292{ 292{
293 s_client_config.meth = DTLS_client_method(); 293 cfg.meth = DTLS_client_method();
294 s_client_config.socket_type = SOCK_DGRAM; 294 cfg.socket_type = SOCK_DGRAM;
295 return (0); 295 return (0);
296} 296}
297#endif 297#endif
@@ -300,10 +300,10 @@ s_client_opt_protocol_version_dtls(void)
300static int 300static int
301s_client_opt_protocol_version_dtls1(void) 301s_client_opt_protocol_version_dtls1(void)
302{ 302{
303 s_client_config.meth = DTLS_client_method(); 303 cfg.meth = DTLS_client_method();
304 s_client_config.min_version = DTLS1_VERSION; 304 cfg.min_version = DTLS1_VERSION;
305 s_client_config.max_version = DTLS1_VERSION; 305 cfg.max_version = DTLS1_VERSION;
306 s_client_config.socket_type = SOCK_DGRAM; 306 cfg.socket_type = SOCK_DGRAM;
307 return (0); 307 return (0);
308} 308}
309#endif 309#endif
@@ -312,10 +312,10 @@ s_client_opt_protocol_version_dtls1(void)
312static int 312static int
313s_client_opt_protocol_version_dtls1_2(void) 313s_client_opt_protocol_version_dtls1_2(void)
314{ 314{
315 s_client_config.meth = DTLS_client_method(); 315 cfg.meth = DTLS_client_method();
316 s_client_config.min_version = DTLS1_2_VERSION; 316 cfg.min_version = DTLS1_2_VERSION;
317 s_client_config.max_version = DTLS1_2_VERSION; 317 cfg.max_version = DTLS1_2_VERSION;
318 s_client_config.socket_type = SOCK_DGRAM; 318 cfg.socket_type = SOCK_DGRAM;
319 return (0); 319 return (0);
320} 320}
321#endif 321#endif
@@ -323,40 +323,40 @@ s_client_opt_protocol_version_dtls1_2(void)
323static int 323static int
324s_client_opt_protocol_version_tls1(void) 324s_client_opt_protocol_version_tls1(void)
325{ 325{
326 s_client_config.min_version = TLS1_VERSION; 326 cfg.min_version = TLS1_VERSION;
327 s_client_config.max_version = TLS1_VERSION; 327 cfg.max_version = TLS1_VERSION;
328 return (0); 328 return (0);
329} 329}
330 330
331static int 331static int
332s_client_opt_protocol_version_tls1_1(void) 332s_client_opt_protocol_version_tls1_1(void)
333{ 333{
334 s_client_config.min_version = TLS1_1_VERSION; 334 cfg.min_version = TLS1_1_VERSION;
335 s_client_config.max_version = TLS1_1_VERSION; 335 cfg.max_version = TLS1_1_VERSION;
336 return (0); 336 return (0);
337} 337}
338 338
339static int 339static int
340s_client_opt_protocol_version_tls1_2(void) 340s_client_opt_protocol_version_tls1_2(void)
341{ 341{
342 s_client_config.min_version = TLS1_2_VERSION; 342 cfg.min_version = TLS1_2_VERSION;
343 s_client_config.max_version = TLS1_2_VERSION; 343 cfg.max_version = TLS1_2_VERSION;
344 return (0); 344 return (0);
345} 345}
346 346
347static int 347static int
348s_client_opt_protocol_version_tls1_3(void) 348s_client_opt_protocol_version_tls1_3(void)
349{ 349{
350 s_client_config.min_version = TLS1_3_VERSION; 350 cfg.min_version = TLS1_3_VERSION;
351 s_client_config.max_version = TLS1_3_VERSION; 351 cfg.max_version = TLS1_3_VERSION;
352 return (0); 352 return (0);
353} 353}
354 354
355static int 355static int
356s_client_opt_quiet(void) 356s_client_opt_quiet(void)
357{ 357{
358 s_client_config.quiet = 1; 358 cfg.quiet = 1;
359 s_client_config.ign_eof = 1; 359 cfg.ign_eof = 1;
360 return (0); 360 return (0);
361} 361}
362 362
@@ -364,17 +364,17 @@ static int
364s_client_opt_starttls(char *arg) 364s_client_opt_starttls(char *arg)
365{ 365{
366 if (strcmp(arg, "smtp") == 0) 366 if (strcmp(arg, "smtp") == 0)
367 s_client_config.starttls_proto = PROTO_SMTP; 367 cfg.starttls_proto = PROTO_SMTP;
368 else if (strcmp(arg, "lmtp") == 0) 368 else if (strcmp(arg, "lmtp") == 0)
369 s_client_config.starttls_proto = PROTO_LMTP; 369 cfg.starttls_proto = PROTO_LMTP;
370 else if (strcmp(arg, "pop3") == 0) 370 else if (strcmp(arg, "pop3") == 0)
371 s_client_config.starttls_proto = PROTO_POP3; 371 cfg.starttls_proto = PROTO_POP3;
372 else if (strcmp(arg, "imap") == 0) 372 else if (strcmp(arg, "imap") == 0)
373 s_client_config.starttls_proto = PROTO_IMAP; 373 cfg.starttls_proto = PROTO_IMAP;
374 else if (strcmp(arg, "ftp") == 0) 374 else if (strcmp(arg, "ftp") == 0)
375 s_client_config.starttls_proto = PROTO_FTP; 375 cfg.starttls_proto = PROTO_FTP;
376 else if (strcmp(arg, "xmpp") == 0) 376 else if (strcmp(arg, "xmpp") == 0)
377 s_client_config.starttls_proto = PROTO_XMPP; 377 cfg.starttls_proto = PROTO_XMPP;
378 else 378 else
379 return (1); 379 return (1);
380 return (0); 380 return (0);
@@ -383,12 +383,12 @@ s_client_opt_starttls(char *arg)
383static int 383static int
384s_client_opt_verify(char *arg) 384s_client_opt_verify(char *arg)
385{ 385{
386 s_client_config.verify = SSL_VERIFY_PEER; 386 cfg.verify = SSL_VERIFY_PEER;
387 387
388 verify_depth = strtonum(arg, 0, INT_MAX, &s_client_config.errstr); 388 verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
389 if (s_client_config.errstr != NULL) { 389 if (cfg.errstr != NULL) {
390 BIO_printf(bio_err, "invalid argument %s: %s\n", 390 BIO_printf(bio_err, "invalid argument %s: %s\n",
391 arg, s_client_config.errstr); 391 arg, cfg.errstr);
392 return (1); 392 return (1);
393 } 393 }
394 BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 394 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
@@ -403,7 +403,7 @@ s_client_opt_verify_param(int argc, char **argv, int *argsused)
403 int badarg = 0; 403 int badarg = 0;
404 404
405 if (!args_verify(&pargs, &pargc, &badarg, bio_err, 405 if (!args_verify(&pargs, &pargc, &badarg, bio_err,
406 &s_client_config.vpm)) { 406 &cfg.vpm)) {
407 BIO_printf(bio_err, "unknown option %s\n", *argv); 407 BIO_printf(bio_err, "unknown option %s\n", *argv);
408 return (1); 408 return (1);
409 } 409 }
@@ -419,14 +419,14 @@ static const struct option s_client_options[] = {
419 .name = "4", 419 .name = "4",
420 .desc = "Use IPv4 only", 420 .desc = "Use IPv4 only",
421 .type = OPTION_VALUE, 421 .type = OPTION_VALUE,
422 .opt.value = &s_client_config.af, 422 .opt.value = &cfg.af,
423 .value = AF_INET, 423 .value = AF_INET,
424 }, 424 },
425 { 425 {
426 .name = "6", 426 .name = "6",
427 .desc = "Use IPv6 only", 427 .desc = "Use IPv6 only",
428 .type = OPTION_VALUE, 428 .type = OPTION_VALUE,
429 .opt.value = &s_client_config.af, 429 .opt.value = &cfg.af,
430 .value = AF_INET6, 430 .value = AF_INET6,
431 }, 431 },
432 { 432 {
@@ -435,67 +435,67 @@ static const struct option s_client_options[] = {
435 .desc = "Set the advertised protocols for ALPN" 435 .desc = "Set the advertised protocols for ALPN"
436 " (comma-separated list)", 436 " (comma-separated list)",
437 .type = OPTION_ARG, 437 .type = OPTION_ARG,
438 .opt.arg = &s_client_config.alpn_in, 438 .opt.arg = &cfg.alpn_in,
439 }, 439 },
440 { 440 {
441 .name = "bugs", 441 .name = "bugs",
442 .desc = "Enable various workarounds for buggy implementations", 442 .desc = "Enable various workarounds for buggy implementations",
443 .type = OPTION_FLAG, 443 .type = OPTION_FLAG,
444 .opt.flag = &s_client_config.bugs, 444 .opt.flag = &cfg.bugs,
445 }, 445 },
446 { 446 {
447 .name = "CAfile", 447 .name = "CAfile",
448 .argname = "file", 448 .argname = "file",
449 .desc = "PEM format file of CA certificates", 449 .desc = "PEM format file of CA certificates",
450 .type = OPTION_ARG, 450 .type = OPTION_ARG,
451 .opt.arg = &s_client_config.CAfile, 451 .opt.arg = &cfg.CAfile,
452 }, 452 },
453 { 453 {
454 .name = "CApath", 454 .name = "CApath",
455 .argname = "directory", 455 .argname = "directory",
456 .desc = "PEM format directory of CA certificates", 456 .desc = "PEM format directory of CA certificates",
457 .type = OPTION_ARG, 457 .type = OPTION_ARG,
458 .opt.arg = &s_client_config.CApath, 458 .opt.arg = &cfg.CApath,
459 }, 459 },
460 { 460 {
461 .name = "cert", 461 .name = "cert",
462 .argname = "file", 462 .argname = "file",
463 .desc = "Certificate file to use, PEM format assumed", 463 .desc = "Certificate file to use, PEM format assumed",
464 .type = OPTION_ARG, 464 .type = OPTION_ARG,
465 .opt.arg = &s_client_config.cert_file, 465 .opt.arg = &cfg.cert_file,
466 }, 466 },
467 { 467 {
468 .name = "certform", 468 .name = "certform",
469 .argname = "fmt", 469 .argname = "fmt",
470 .desc = "Certificate format (PEM or DER) PEM default", 470 .desc = "Certificate format (PEM or DER) PEM default",
471 .type = OPTION_ARG_FORMAT, 471 .type = OPTION_ARG_FORMAT,
472 .opt.value = &s_client_config.cert_format, 472 .opt.value = &cfg.cert_format,
473 }, 473 },
474 { 474 {
475 .name = "cipher", 475 .name = "cipher",
476 .argname = "cipherlist", 476 .argname = "cipherlist",
477 .desc = "Preferred cipher to use (see 'openssl ciphers')", 477 .desc = "Preferred cipher to use (see 'openssl ciphers')",
478 .type = OPTION_ARG, 478 .type = OPTION_ARG,
479 .opt.arg = &s_client_config.cipher, 479 .opt.arg = &cfg.cipher,
480 }, 480 },
481 { 481 {
482 .name = "connect", 482 .name = "connect",
483 .argname = "host:port", 483 .argname = "host:port",
484 .desc = "Who to connect to (default is localhost:4433)", 484 .desc = "Who to connect to (default is localhost:4433)",
485 .type = OPTION_ARG, 485 .type = OPTION_ARG,
486 .opt.arg = &s_client_config.connect, 486 .opt.arg = &cfg.connect,
487 }, 487 },
488 { 488 {
489 .name = "crlf", 489 .name = "crlf",
490 .desc = "Convert LF from terminal into CRLF", 490 .desc = "Convert LF from terminal into CRLF",
491 .type = OPTION_FLAG, 491 .type = OPTION_FLAG,
492 .opt.flag = &s_client_config.crlf, 492 .opt.flag = &cfg.crlf,
493 }, 493 },
494 { 494 {
495 .name = "debug", 495 .name = "debug",
496 .desc = "Print extensive debugging information", 496 .desc = "Print extensive debugging information",
497 .type = OPTION_FLAG, 497 .type = OPTION_FLAG,
498 .opt.flag = &s_client_config.debug, 498 .opt.flag = &cfg.debug,
499 }, 499 },
500#ifndef OPENSSL_NO_DTLS 500#ifndef OPENSSL_NO_DTLS
501 { 501 {
@@ -526,20 +526,20 @@ static const struct option s_client_options[] = {
526 .argname = "list", 526 .argname = "list",
527 .desc = "Specify EC groups (colon-separated list)", 527 .desc = "Specify EC groups (colon-separated list)",
528 .type = OPTION_ARG, 528 .type = OPTION_ARG,
529 .opt.arg = &s_client_config.groups_in, 529 .opt.arg = &cfg.groups_in,
530 }, 530 },
531 { 531 {
532 .name = "host", 532 .name = "host",
533 .argname = "host", 533 .argname = "host",
534 .desc = "Use -connect instead", 534 .desc = "Use -connect instead",
535 .type = OPTION_ARG, 535 .type = OPTION_ARG,
536 .opt.arg = &s_client_config.host, 536 .opt.arg = &cfg.host,
537 }, 537 },
538 { 538 {
539 .name = "ign_eof", 539 .name = "ign_eof",
540 .desc = "Ignore input EOF (default when -quiet)", 540 .desc = "Ignore input EOF (default when -quiet)",
541 .type = OPTION_VALUE, 541 .type = OPTION_VALUE,
542 .opt.value = &s_client_config.ign_eof, 542 .opt.value = &cfg.ign_eof,
543 .value = 1, 543 .value = 1,
544 }, 544 },
545 { 545 {
@@ -547,21 +547,21 @@ static const struct option s_client_options[] = {
547 .argname = "file", 547 .argname = "file",
548 .desc = "Private key file to use, if not, -cert file is used", 548 .desc = "Private key file to use, if not, -cert file is used",
549 .type = OPTION_ARG, 549 .type = OPTION_ARG,
550 .opt.arg = &s_client_config.key_file, 550 .opt.arg = &cfg.key_file,
551 }, 551 },
552 { 552 {
553 .name = "keyform", 553 .name = "keyform",
554 .argname = "fmt", 554 .argname = "fmt",
555 .desc = "Key format (PEM or DER) PEM default", 555 .desc = "Key format (PEM or DER) PEM default",
556 .type = OPTION_ARG_FORMAT, 556 .type = OPTION_ARG_FORMAT,
557 .opt.value = &s_client_config.key_format, 557 .opt.value = &cfg.key_format,
558 }, 558 },
559 { 559 {
560 .name = "keymatexport", 560 .name = "keymatexport",
561 .argname = "label", 561 .argname = "label",
562 .desc = "Export keying material using label", 562 .desc = "Export keying material using label",
563 .type = OPTION_ARG, 563 .type = OPTION_ARG,
564 .opt.arg = &s_client_config.keymatexportlabel, 564 .opt.arg = &cfg.keymatexportlabel,
565 }, 565 },
566 { 566 {
567 .name = "keymatexportlen", 567 .name = "keymatexportlen",
@@ -578,14 +578,14 @@ static const struct option s_client_options[] = {
578 .name = "legacy_server_connect", 578 .name = "legacy_server_connect",
579 .desc = "Allow initial connection to servers that don't support RI", 579 .desc = "Allow initial connection to servers that don't support RI",
580 .type = OPTION_VALUE_OR, 580 .type = OPTION_VALUE_OR,
581 .opt.value = &s_client_config.off, 581 .opt.value = &cfg.off,
582 .value = SSL_OP_LEGACY_SERVER_CONNECT, 582 .value = SSL_OP_LEGACY_SERVER_CONNECT,
583 }, 583 },
584 { 584 {
585 .name = "msg", 585 .name = "msg",
586 .desc = "Show all protocol messages with hex dump", 586 .desc = "Show all protocol messages with hex dump",
587 .type = OPTION_FLAG, 587 .type = OPTION_FLAG,
588 .opt.flag = &s_client_config.msg, 588 .opt.flag = &cfg.msg,
589 }, 589 },
590#ifndef OPENSSL_NO_DTLS 590#ifndef OPENSSL_NO_DTLS
591 { 591 {
@@ -600,115 +600,115 @@ static const struct option s_client_options[] = {
600 .name = "nbio", 600 .name = "nbio",
601 .desc = "Turn on non-blocking I/O", 601 .desc = "Turn on non-blocking I/O",
602 .type = OPTION_FLAG, 602 .type = OPTION_FLAG,
603 .opt.flag = &s_client_config.nbio, 603 .opt.flag = &cfg.nbio,
604 }, 604 },
605 { 605 {
606 .name = "nbio_test", 606 .name = "nbio_test",
607 .desc = "Test non-blocking I/O", 607 .desc = "Test non-blocking I/O",
608 .type = OPTION_FLAG, 608 .type = OPTION_FLAG,
609 .opt.flag = &s_client_config.nbio_test, 609 .opt.flag = &cfg.nbio_test,
610 }, 610 },
611 { 611 {
612 .name = "nextprotoneg", 612 .name = "nextprotoneg",
613 .argname = "protocols", 613 .argname = "protocols",
614 .type = OPTION_ARG, 614 .type = OPTION_ARG,
615 .opt.arg = &s_client_config.npn_in, /* Ignored. */ 615 .opt.arg = &cfg.npn_in, /* Ignored. */
616 }, 616 },
617 { 617 {
618 .name = "no_comp", 618 .name = "no_comp",
619 .type = OPTION_VALUE_OR, 619 .type = OPTION_VALUE_OR,
620 .opt.value = &s_client_config.off, 620 .opt.value = &cfg.off,
621 .value = SSL_OP_NO_COMPRESSION, 621 .value = SSL_OP_NO_COMPRESSION,
622 }, 622 },
623 { 623 {
624 .name = "no_ign_eof", 624 .name = "no_ign_eof",
625 .desc = "Don't ignore input EOF", 625 .desc = "Don't ignore input EOF",
626 .type = OPTION_VALUE, 626 .type = OPTION_VALUE,
627 .opt.value = &s_client_config.ign_eof, 627 .opt.value = &cfg.ign_eof,
628 .value = 0, 628 .value = 0,
629 }, 629 },
630 { 630 {
631 .name = "no_legacy_server_connect", 631 .name = "no_legacy_server_connect",
632 .desc = "Disallow initial connection to servers that don't support RI", 632 .desc = "Disallow initial connection to servers that don't support RI",
633 .type = OPTION_VALUE_OR, 633 .type = OPTION_VALUE_OR,
634 .opt.value = &s_client_config.clr, 634 .opt.value = &cfg.clr,
635 .value = SSL_OP_LEGACY_SERVER_CONNECT, 635 .value = SSL_OP_LEGACY_SERVER_CONNECT,
636 }, 636 },
637 { 637 {
638 .name = "no_servername", 638 .name = "no_servername",
639 .desc = "Do not send a Server Name Indication (SNI) extension", 639 .desc = "Do not send a Server Name Indication (SNI) extension",
640 .type = OPTION_FLAG, 640 .type = OPTION_FLAG,
641 .opt.value = &s_client_config.no_servername, 641 .opt.value = &cfg.no_servername,
642 }, 642 },
643 { 643 {
644 .name = "no_ssl2", 644 .name = "no_ssl2",
645 .type = OPTION_VALUE_OR, 645 .type = OPTION_VALUE_OR,
646 .opt.value = &s_client_config.off, 646 .opt.value = &cfg.off,
647 .value = SSL_OP_NO_SSLv2, 647 .value = SSL_OP_NO_SSLv2,
648 }, 648 },
649 { 649 {
650 .name = "no_ssl3", 650 .name = "no_ssl3",
651 .type = OPTION_VALUE_OR, 651 .type = OPTION_VALUE_OR,
652 .opt.value = &s_client_config.off, 652 .opt.value = &cfg.off,
653 .value = SSL_OP_NO_SSLv3, 653 .value = SSL_OP_NO_SSLv3,
654 }, 654 },
655 { 655 {
656 .name = "no_ticket", 656 .name = "no_ticket",
657 .desc = "Disable use of RFC4507 session ticket support", 657 .desc = "Disable use of RFC4507 session ticket support",
658 .type = OPTION_VALUE_OR, 658 .type = OPTION_VALUE_OR,
659 .opt.value = &s_client_config.off, 659 .opt.value = &cfg.off,
660 .value = SSL_OP_NO_TICKET, 660 .value = SSL_OP_NO_TICKET,
661 }, 661 },
662 { 662 {
663 .name = "no_tls1", 663 .name = "no_tls1",
664 .desc = "Disable the use of TLSv1", 664 .desc = "Disable the use of TLSv1",
665 .type = OPTION_VALUE_OR, 665 .type = OPTION_VALUE_OR,
666 .opt.value = &s_client_config.off, 666 .opt.value = &cfg.off,
667 .value = SSL_OP_NO_TLSv1, 667 .value = SSL_OP_NO_TLSv1,
668 }, 668 },
669 { 669 {
670 .name = "no_tls1_1", 670 .name = "no_tls1_1",
671 .desc = "Disable the use of TLSv1.1", 671 .desc = "Disable the use of TLSv1.1",
672 .type = OPTION_VALUE_OR, 672 .type = OPTION_VALUE_OR,
673 .opt.value = &s_client_config.off, 673 .opt.value = &cfg.off,
674 .value = SSL_OP_NO_TLSv1_1, 674 .value = SSL_OP_NO_TLSv1_1,
675 }, 675 },
676 { 676 {
677 .name = "no_tls1_2", 677 .name = "no_tls1_2",
678 .desc = "Disable the use of TLSv1.2", 678 .desc = "Disable the use of TLSv1.2",
679 .type = OPTION_VALUE_OR, 679 .type = OPTION_VALUE_OR,
680 .opt.value = &s_client_config.off, 680 .opt.value = &cfg.off,
681 .value = SSL_OP_NO_TLSv1_2, 681 .value = SSL_OP_NO_TLSv1_2,
682 }, 682 },
683 { 683 {
684 .name = "no_tls1_3", 684 .name = "no_tls1_3",
685 .desc = "Disable the use of TLSv1.3", 685 .desc = "Disable the use of TLSv1.3",
686 .type = OPTION_VALUE_OR, 686 .type = OPTION_VALUE_OR,
687 .opt.value = &s_client_config.off, 687 .opt.value = &cfg.off,
688 .value = SSL_OP_NO_TLSv1_3, 688 .value = SSL_OP_NO_TLSv1_3,
689 }, 689 },
690 { 690 {
691 .name = "noservername", 691 .name = "noservername",
692 .type = OPTION_FLAG, 692 .type = OPTION_FLAG,
693 .opt.value = &s_client_config.no_servername, 693 .opt.value = &cfg.no_servername,
694 }, 694 },
695 { 695 {
696 .name = "pass", 696 .name = "pass",
697 .argname = "arg", 697 .argname = "arg",
698 .desc = "Private key file pass phrase source", 698 .desc = "Private key file pass phrase source",
699 .type = OPTION_ARG, 699 .type = OPTION_ARG,
700 .opt.arg = &s_client_config.passarg, 700 .opt.arg = &cfg.passarg,
701 }, 701 },
702 { 702 {
703 .name = "pause", 703 .name = "pause",
704 .desc = "Pause 1 second between each read and write call", 704 .desc = "Pause 1 second between each read and write call",
705 .type = OPTION_FLAG, 705 .type = OPTION_FLAG,
706 .opt.flag = &s_client_config.pause, 706 .opt.flag = &cfg.pause,
707 }, 707 },
708 { 708 {
709 .name = "peekaboo", 709 .name = "peekaboo",
710 .type = OPTION_FLAG, 710 .type = OPTION_FLAG,
711 .opt.flag = &s_client_config.peekaboo, 711 .opt.flag = &cfg.peekaboo,
712 }, 712 },
713 { 713 {
714 .name = "port", 714 .name = "port",
@@ -721,14 +721,14 @@ static const struct option s_client_options[] = {
721 .name = "prexit", 721 .name = "prexit",
722 .desc = "Print session information when the program exits", 722 .desc = "Print session information when the program exits",
723 .type = OPTION_FLAG, 723 .type = OPTION_FLAG,
724 .opt.flag = &s_client_config.prexit, 724 .opt.flag = &cfg.prexit,
725 }, 725 },
726 { 726 {
727 .name = "proxy", 727 .name = "proxy",
728 .argname = "host:port", 728 .argname = "host:port",
729 .desc = "Connect to http proxy", 729 .desc = "Connect to http proxy",
730 .type = OPTION_ARG, 730 .type = OPTION_ARG,
731 .opt.arg = &s_client_config.proxy, 731 .opt.arg = &cfg.proxy,
732 }, 732 },
733 { 733 {
734 .name = "quiet", 734 .name = "quiet",
@@ -740,7 +740,7 @@ static const struct option s_client_options[] = {
740 .name = "reconnect", 740 .name = "reconnect",
741 .desc = "Drop and re-make the connection with the same Session-ID", 741 .desc = "Drop and re-make the connection with the same Session-ID",
742 .type = OPTION_VALUE, 742 .type = OPTION_VALUE,
743 .opt.value = &s_client_config.reconnect, 743 .opt.value = &cfg.reconnect,
744 .value = 5, 744 .value = 5,
745 }, 745 },
746 { 746 {
@@ -748,13 +748,13 @@ static const struct option s_client_options[] = {
748 .argname = "name", 748 .argname = "name",
749 .desc = "Set TLS extension servername in ClientHello (SNI)", 749 .desc = "Set TLS extension servername in ClientHello (SNI)",
750 .type = OPTION_ARG, 750 .type = OPTION_ARG,
751 .opt.arg = &s_client_config.servername, 751 .opt.arg = &cfg.servername,
752 }, 752 },
753 { 753 {
754 .name = "serverpref", 754 .name = "serverpref",
755 .desc = "Use server's cipher preferences", 755 .desc = "Use server's cipher preferences",
756 .type = OPTION_VALUE_OR, 756 .type = OPTION_VALUE_OR,
757 .opt.value = &s_client_config.off, 757 .opt.value = &cfg.off,
758 .value = SSL_OP_CIPHER_SERVER_PREFERENCE, 758 .value = SSL_OP_CIPHER_SERVER_PREFERENCE,
759 }, 759 },
760 { 760 {
@@ -762,20 +762,20 @@ static const struct option s_client_options[] = {
762 .argname = "file", 762 .argname = "file",
763 .desc = "File to read TLS session from", 763 .desc = "File to read TLS session from",
764 .type = OPTION_ARG, 764 .type = OPTION_ARG,
765 .opt.arg = &s_client_config.sess_in, 765 .opt.arg = &cfg.sess_in,
766 }, 766 },
767 { 767 {
768 .name = "sess_out", 768 .name = "sess_out",
769 .argname = "file", 769 .argname = "file",
770 .desc = "File to write TLS session to", 770 .desc = "File to write TLS session to",
771 .type = OPTION_ARG, 771 .type = OPTION_ARG,
772 .opt.arg = &s_client_config.sess_out, 772 .opt.arg = &cfg.sess_out,
773 }, 773 },
774 { 774 {
775 .name = "showcerts", 775 .name = "showcerts",
776 .desc = "Show all server certificates in the chain", 776 .desc = "Show all server certificates in the chain",
777 .type = OPTION_FLAG, 777 .type = OPTION_FLAG,
778 .opt.flag = &s_client_config.showcerts, 778 .opt.flag = &cfg.showcerts,
779 }, 779 },
780 { 780 {
781 .name = "starttls", 781 .name = "starttls",
@@ -789,20 +789,20 @@ static const struct option s_client_options[] = {
789 .name = "state", 789 .name = "state",
790 .desc = "Print the TLS session states", 790 .desc = "Print the TLS session states",
791 .type = OPTION_FLAG, 791 .type = OPTION_FLAG,
792 .opt.flag = &s_client_config.state, 792 .opt.flag = &cfg.state,
793 }, 793 },
794 { 794 {
795 .name = "status", 795 .name = "status",
796 .desc = "Send a certificate status request to the server (OCSP)", 796 .desc = "Send a certificate status request to the server (OCSP)",
797 .type = OPTION_FLAG, 797 .type = OPTION_FLAG,
798 .opt.flag = &s_client_config.status_req, 798 .opt.flag = &cfg.status_req,
799 }, 799 },
800#ifndef OPENSSL_NO_DTLS 800#ifndef OPENSSL_NO_DTLS
801 { 801 {
802 .name = "timeout", 802 .name = "timeout",
803 .desc = "Enable send/receive timeout on DTLS connections", 803 .desc = "Enable send/receive timeout on DTLS connections",
804 .type = OPTION_FLAG, 804 .type = OPTION_FLAG,
805 .opt.flag = &s_client_config.enable_timeouts, 805 .opt.flag = &cfg.enable_timeouts,
806 }, 806 },
807#endif 807#endif
808 { 808 {
@@ -833,7 +833,7 @@ static const struct option s_client_options[] = {
833 .name = "tlsextdebug", 833 .name = "tlsextdebug",
834 .desc = "Hex dump of all TLS extensions received", 834 .desc = "Hex dump of all TLS extensions received",
835 .type = OPTION_FLAG, 835 .type = OPTION_FLAG,
836 .opt.flag = &s_client_config.tlsextdebug, 836 .opt.flag = &cfg.tlsextdebug,
837 }, 837 },
838#ifndef OPENSSL_NO_SRTP 838#ifndef OPENSSL_NO_SRTP
839 { 839 {
@@ -841,7 +841,7 @@ static const struct option s_client_options[] = {
841 .argname = "profiles", 841 .argname = "profiles",
842 .desc = "Offer SRTP key management with a colon-separated profiles", 842 .desc = "Offer SRTP key management with a colon-separated profiles",
843 .type = OPTION_ARG, 843 .type = OPTION_ARG,
844 .opt.arg = &s_client_config.srtp_profiles, 844 .opt.arg = &cfg.srtp_profiles,
845 }, 845 },
846#endif 846#endif
847 { 847 {
@@ -862,7 +862,7 @@ static const struct option s_client_options[] = {
862 .argname = "host", 862 .argname = "host",
863 .desc = "Connect to this virtual host on the xmpp server", 863 .desc = "Connect to this virtual host on the xmpp server",
864 .type = OPTION_ARG, 864 .type = OPTION_ARG,
865 .opt.arg = &s_client_config.xmpphost, 865 .opt.arg = &cfg.xmpphost,
866 }, 866 },
867 { 867 {
868 .name = NULL, 868 .name = NULL,
@@ -928,17 +928,17 @@ s_client_main(int argc, char **argv)
928 exit(1); 928 exit(1);
929 } 929 }
930 930
931 memset(&s_client_config, 0, sizeof(s_client_config)); 931 memset(&cfg, 0, sizeof(cfg));
932 s_client_config.af = AF_UNSPEC; 932 cfg.af = AF_UNSPEC;
933 s_client_config.cert_format = FORMAT_PEM; 933 cfg.cert_format = FORMAT_PEM;
934 s_client_config.host = SSL_HOST_NAME; 934 cfg.host = SSL_HOST_NAME;
935 s_client_config.key_format = FORMAT_PEM; 935 cfg.key_format = FORMAT_PEM;
936 s_client_config.keymatexportlen = 20; 936 cfg.keymatexportlen = 20;
937 s_client_config.meth = TLS_client_method(); 937 cfg.meth = TLS_client_method();
938 s_client_config.port = PORT_STR; 938 cfg.port = PORT_STR;
939 s_client_config.socket_type = SOCK_STREAM; 939 cfg.socket_type = SOCK_STREAM;
940 s_client_config.starttls_proto = PROTO_OFF; 940 cfg.starttls_proto = PROTO_OFF;
941 s_client_config.verify = SSL_VERIFY_NONE; 941 cfg.verify = SSL_VERIFY_NONE;
942 942
943 if (((cbuf = malloc(BUFSIZZ)) == NULL) || 943 if (((cbuf = malloc(BUFSIZZ)) == NULL) ||
944 ((sbuf = malloc(BUFSIZZ)) == NULL) || 944 ((sbuf = malloc(BUFSIZZ)) == NULL) ||
@@ -953,45 +953,45 @@ s_client_main(int argc, char **argv)
953 badop = 1; 953 badop = 1;
954 goto bad; 954 goto bad;
955 } 955 }
956 if (s_client_config.proxy != NULL) { 956 if (cfg.proxy != NULL) {
957 if (!extract_host_port(s_client_config.proxy, 957 if (!extract_host_port(cfg.proxy,
958 &s_client_config.host, NULL, &s_client_config.port)) 958 &cfg.host, NULL, &cfg.port))
959 goto bad; 959 goto bad;
960 if (s_client_config.connect == NULL) 960 if (cfg.connect == NULL)
961 s_client_config.connect = SSL_HOST_NAME; 961 cfg.connect = SSL_HOST_NAME;
962 } else if (s_client_config.connect != NULL) { 962 } else if (cfg.connect != NULL) {
963 if (!extract_host_port(s_client_config.connect, 963 if (!extract_host_port(cfg.connect,
964 &s_client_config.host, NULL, &s_client_config.port)) 964 &cfg.host, NULL, &cfg.port))
965 goto bad; 965 goto bad;
966 } 966 }
967 if (badop) { 967 if (badop) {
968 bad: 968 bad:
969 if (s_client_config.errstr == NULL) 969 if (cfg.errstr == NULL)
970 sc_usage(); 970 sc_usage();
971 goto end; 971 goto end;
972 } 972 }
973 973
974 if (!app_passwd(bio_err, s_client_config.passarg, NULL, &pass, NULL)) { 974 if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) {
975 BIO_printf(bio_err, "Error getting password\n"); 975 BIO_printf(bio_err, "Error getting password\n");
976 goto end; 976 goto end;
977 } 977 }
978 if (s_client_config.key_file == NULL) 978 if (cfg.key_file == NULL)
979 s_client_config.key_file = s_client_config.cert_file; 979 cfg.key_file = cfg.cert_file;
980 980
981 981
982 if (s_client_config.key_file) { 982 if (cfg.key_file) {
983 983
984 key = load_key(bio_err, s_client_config.key_file, 984 key = load_key(bio_err, cfg.key_file,
985 s_client_config.key_format, 0, pass, 985 cfg.key_format, 0, pass,
986 "client certificate private key file"); 986 "client certificate private key file");
987 if (!key) { 987 if (!key) {
988 ERR_print_errors(bio_err); 988 ERR_print_errors(bio_err);
989 goto end; 989 goto end;
990 } 990 }
991 } 991 }
992 if (s_client_config.cert_file) { 992 if (cfg.cert_file) {
993 cert = load_cert(bio_err, s_client_config.cert_file, 993 cert = load_cert(bio_err, cfg.cert_file,
994 s_client_config.cert_format, 994 cfg.cert_format,
995 NULL, "client certificate file"); 995 NULL, "client certificate file");
996 996
997 if (!cert) { 997 if (!cert) {
@@ -999,8 +999,8 @@ s_client_main(int argc, char **argv)
999 goto end; 999 goto end;
1000 } 1000 }
1001 } 1001 }
1002 if (s_client_config.quiet && !s_client_config.debug && 1002 if (cfg.quiet && !cfg.debug &&
1003 !s_client_config.msg) { 1003 !cfg.msg) {
1004 if ((bio_c_out = BIO_new(BIO_s_null())) == NULL) 1004 if ((bio_c_out = BIO_new(BIO_s_null())) == NULL)
1005 goto end; 1005 goto end;
1006 } else { 1006 } else {
@@ -1008,7 +1008,7 @@ s_client_main(int argc, char **argv)
1008 goto end; 1008 goto end;
1009 } 1009 }
1010 1010
1011 ctx = SSL_CTX_new(s_client_config.meth); 1011 ctx = SSL_CTX_new(cfg.meth);
1012 if (ctx == NULL) { 1012 if (ctx == NULL) {
1013 ERR_print_errors(bio_err); 1013 ERR_print_errors(bio_err);
1014 goto end; 1014 goto end;
@@ -1016,31 +1016,31 @@ s_client_main(int argc, char **argv)
1016 1016
1017 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); 1017 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
1018 1018
1019 if (s_client_config.vpm) 1019 if (cfg.vpm)
1020 SSL_CTX_set1_param(ctx, s_client_config.vpm); 1020 SSL_CTX_set1_param(ctx, cfg.vpm);
1021 1021
1022 if (!SSL_CTX_set_min_proto_version(ctx, s_client_config.min_version)) 1022 if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version))
1023 goto end; 1023 goto end;
1024 if (!SSL_CTX_set_max_proto_version(ctx, s_client_config.max_version)) 1024 if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version))
1025 goto end; 1025 goto end;
1026 1026
1027#ifndef OPENSSL_NO_SRTP 1027#ifndef OPENSSL_NO_SRTP
1028 if (s_client_config.srtp_profiles != NULL) 1028 if (cfg.srtp_profiles != NULL)
1029 SSL_CTX_set_tlsext_use_srtp(ctx, s_client_config.srtp_profiles); 1029 SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles);
1030#endif 1030#endif
1031 if (s_client_config.bugs) 1031 if (cfg.bugs)
1032 SSL_CTX_set_options(ctx, SSL_OP_ALL | s_client_config.off); 1032 SSL_CTX_set_options(ctx, SSL_OP_ALL | cfg.off);
1033 else 1033 else
1034 SSL_CTX_set_options(ctx, s_client_config.off); 1034 SSL_CTX_set_options(ctx, cfg.off);
1035 1035
1036 if (s_client_config.clr) 1036 if (cfg.clr)
1037 SSL_CTX_clear_options(ctx, s_client_config.clr); 1037 SSL_CTX_clear_options(ctx, cfg.clr);
1038 1038
1039 if (s_client_config.alpn_in) { 1039 if (cfg.alpn_in) {
1040 unsigned short alpn_len; 1040 unsigned short alpn_len;
1041 unsigned char *alpn; 1041 unsigned char *alpn;
1042 1042
1043 alpn = next_protos_parse(&alpn_len, s_client_config.alpn_in); 1043 alpn = next_protos_parse(&alpn_len, cfg.alpn_in);
1044 if (alpn == NULL) { 1044 if (alpn == NULL) {
1045 BIO_printf(bio_err, "Error parsing -alpn argument\n"); 1045 BIO_printf(bio_err, "Error parsing -alpn argument\n");
1046 goto end; 1046 goto end;
@@ -1048,42 +1048,42 @@ s_client_main(int argc, char **argv)
1048 SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); 1048 SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
1049 free(alpn); 1049 free(alpn);
1050 } 1050 }
1051 if (s_client_config.groups_in != NULL) { 1051 if (cfg.groups_in != NULL) {
1052 if (SSL_CTX_set1_groups_list(ctx, s_client_config.groups_in) != 1) { 1052 if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) {
1053 BIO_printf(bio_err, "Failed to set groups '%s'\n", 1053 BIO_printf(bio_err, "Failed to set groups '%s'\n",
1054 s_client_config.groups_in); 1054 cfg.groups_in);
1055 goto end; 1055 goto end;
1056 } 1056 }
1057 } 1057 }
1058 1058
1059 if (s_client_config.state) 1059 if (cfg.state)
1060 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 1060 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1061 if (s_client_config.cipher != NULL) 1061 if (cfg.cipher != NULL)
1062 if (!SSL_CTX_set_cipher_list(ctx, s_client_config.cipher)) { 1062 if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) {
1063 BIO_printf(bio_err, "error setting cipher list\n"); 1063 BIO_printf(bio_err, "error setting cipher list\n");
1064 ERR_print_errors(bio_err); 1064 ERR_print_errors(bio_err);
1065 goto end; 1065 goto end;
1066 } 1066 }
1067 1067
1068 SSL_CTX_set_verify(ctx, s_client_config.verify, verify_callback); 1068 SSL_CTX_set_verify(ctx, cfg.verify, verify_callback);
1069 if (!set_cert_key_stuff(ctx, cert, key)) 1069 if (!set_cert_key_stuff(ctx, cert, key))
1070 goto end; 1070 goto end;
1071 1071
1072 if ((s_client_config.CAfile || s_client_config.CApath) 1072 if ((cfg.CAfile || cfg.CApath)
1073 && !SSL_CTX_load_verify_locations(ctx, s_client_config.CAfile, 1073 && !SSL_CTX_load_verify_locations(ctx, cfg.CAfile,
1074 s_client_config.CApath)) 1074 cfg.CApath))
1075 ERR_print_errors(bio_err); 1075 ERR_print_errors(bio_err);
1076 1076
1077 if (!SSL_CTX_set_default_verify_paths(ctx)) 1077 if (!SSL_CTX_set_default_verify_paths(ctx))
1078 ERR_print_errors(bio_err); 1078 ERR_print_errors(bio_err);
1079 1079
1080 con = SSL_new(ctx); 1080 con = SSL_new(ctx);
1081 if (s_client_config.sess_in) { 1081 if (cfg.sess_in) {
1082 SSL_SESSION *sess; 1082 SSL_SESSION *sess;
1083 BIO *stmp = BIO_new_file(s_client_config.sess_in, "r"); 1083 BIO *stmp = BIO_new_file(cfg.sess_in, "r");
1084 if (!stmp) { 1084 if (!stmp) {
1085 BIO_printf(bio_err, "Can't open session file %s\n", 1085 BIO_printf(bio_err, "Can't open session file %s\n",
1086 s_client_config.sess_in); 1086 cfg.sess_in);
1087 ERR_print_errors(bio_err); 1087 ERR_print_errors(bio_err);
1088 goto end; 1088 goto end;
1089 } 1089 }
@@ -1091,7 +1091,7 @@ s_client_main(int argc, char **argv)
1091 BIO_free(stmp); 1091 BIO_free(stmp);
1092 if (!sess) { 1092 if (!sess) {
1093 BIO_printf(bio_err, "Can't open session file %s\n", 1093 BIO_printf(bio_err, "Can't open session file %s\n",
1094 s_client_config.sess_in); 1094 cfg.sess_in);
1095 ERR_print_errors(bio_err); 1095 ERR_print_errors(bio_err);
1096 goto end; 1096 goto end;
1097 } 1097 }
@@ -1100,15 +1100,15 @@ s_client_main(int argc, char **argv)
1100 } 1100 }
1101 1101
1102 /* Attempt to opportunistically use the host name for SNI. */ 1102 /* Attempt to opportunistically use the host name for SNI. */
1103 servername = s_client_config.servername; 1103 servername = cfg.servername;
1104 if (servername == NULL) 1104 if (servername == NULL)
1105 servername = s_client_config.host; 1105 servername = cfg.host;
1106 1106
1107 if (!s_client_config.no_servername && servername != NULL && 1107 if (!cfg.no_servername && servername != NULL &&
1108 !SSL_set_tlsext_host_name(con, servername)) { 1108 !SSL_set_tlsext_host_name(con, servername)) {
1109 long ssl_err = ERR_peek_error(); 1109 long ssl_err = ERR_peek_error();
1110 1110
1111 if (s_client_config.servername != NULL || 1111 if (cfg.servername != NULL ||
1112 ERR_GET_LIB(ssl_err) != ERR_LIB_SSL || 1112 ERR_GET_LIB(ssl_err) != ERR_LIB_SSL ||
1113 ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) { 1113 ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) {
1114 BIO_printf(bio_err, 1114 BIO_printf(bio_err,
@@ -1119,7 +1119,7 @@ s_client_main(int argc, char **argv)
1119 servername = NULL; 1119 servername = NULL;
1120 ERR_clear_error(); 1120 ERR_clear_error();
1121 } 1121 }
1122 if (!s_client_config.no_servername && servername != NULL) { 1122 if (!cfg.no_servername && servername != NULL) {
1123 tlsextcbp.biodebug = bio_err; 1123 tlsextcbp.biodebug = bio_err;
1124 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1124 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1125 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1125 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
@@ -1127,22 +1127,22 @@ s_client_main(int argc, char **argv)
1127 1127
1128 re_start: 1128 re_start:
1129 1129
1130 if (init_client(&s, s_client_config.host, s_client_config.port, 1130 if (init_client(&s, cfg.host, cfg.port,
1131 s_client_config.socket_type, s_client_config.af) == 0) { 1131 cfg.socket_type, cfg.af) == 0) {
1132 BIO_printf(bio_err, "connect:errno=%d\n", errno); 1132 BIO_printf(bio_err, "connect:errno=%d\n", errno);
1133 goto end; 1133 goto end;
1134 } 1134 }
1135 BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); 1135 BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
1136 1136
1137 if (s_client_config.nbio) { 1137 if (cfg.nbio) {
1138 if (!s_client_config.quiet) 1138 if (!cfg.quiet)
1139 BIO_printf(bio_c_out, "turning on non blocking io\n"); 1139 BIO_printf(bio_c_out, "turning on non blocking io\n");
1140 if (!BIO_socket_nbio(s, 1)) { 1140 if (!BIO_socket_nbio(s, 1)) {
1141 ERR_print_errors(bio_err); 1141 ERR_print_errors(bio_err);
1142 goto end; 1142 goto end;
1143 } 1143 }
1144 } 1144 }
1145 if (s_client_config.pause & 0x01) 1145 if (cfg.pause & 0x01)
1146 SSL_set_debug(con, 1); 1146 SSL_set_debug(con, 1);
1147 1147
1148 if (SSL_is_dtls(con)) { 1148 if (SSL_is_dtls(con)) {
@@ -1157,7 +1157,7 @@ s_client_main(int argc, char **argv)
1157 } 1157 }
1158 (void) BIO_ctrl_set_connected(sbio, 1, &peer); 1158 (void) BIO_ctrl_set_connected(sbio, 1, &peer);
1159 1159
1160 if (s_client_config.enable_timeouts) { 1160 if (cfg.enable_timeouts) {
1161 timeout.tv_sec = 0; 1161 timeout.tv_sec = 0;
1162 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 1162 timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1163 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, 1163 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0,
@@ -1168,35 +1168,35 @@ s_client_main(int argc, char **argv)
1168 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, 1168 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0,
1169 &timeout); 1169 &timeout);
1170 } 1170 }
1171 if (s_client_config.socket_mtu > 28) { 1171 if (cfg.socket_mtu > 28) {
1172 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 1172 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1173 SSL_set_mtu(con, s_client_config.socket_mtu - 28); 1173 SSL_set_mtu(con, cfg.socket_mtu - 28);
1174 } else 1174 } else
1175 /* want to do MTU discovery */ 1175 /* want to do MTU discovery */
1176 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 1176 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1177 } else 1177 } else
1178 sbio = BIO_new_socket(s, BIO_NOCLOSE); 1178 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1179 1179
1180 if (s_client_config.nbio_test) { 1180 if (cfg.nbio_test) {
1181 BIO *test; 1181 BIO *test;
1182 1182
1183 test = BIO_new(BIO_f_nbio_test()); 1183 test = BIO_new(BIO_f_nbio_test());
1184 sbio = BIO_push(test, sbio); 1184 sbio = BIO_push(test, sbio);
1185 } 1185 }
1186 if (s_client_config.debug) { 1186 if (cfg.debug) {
1187 SSL_set_debug(con, 1); 1187 SSL_set_debug(con, 1);
1188 BIO_set_callback(sbio, bio_dump_callback); 1188 BIO_set_callback(sbio, bio_dump_callback);
1189 BIO_set_callback_arg(sbio, (char *) bio_c_out); 1189 BIO_set_callback_arg(sbio, (char *) bio_c_out);
1190 } 1190 }
1191 if (s_client_config.msg) { 1191 if (cfg.msg) {
1192 SSL_set_msg_callback(con, msg_cb); 1192 SSL_set_msg_callback(con, msg_cb);
1193 SSL_set_msg_callback_arg(con, bio_c_out); 1193 SSL_set_msg_callback_arg(con, bio_c_out);
1194 } 1194 }
1195 if (s_client_config.tlsextdebug) { 1195 if (cfg.tlsextdebug) {
1196 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1196 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1197 SSL_set_tlsext_debug_arg(con, bio_c_out); 1197 SSL_set_tlsext_debug_arg(con, bio_c_out);
1198 } 1198 }
1199 if (s_client_config.status_req) { 1199 if (cfg.status_req) {
1200 SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); 1200 SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
1201 SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); 1201 SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
1202 SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); 1202 SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
@@ -1225,8 +1225,8 @@ s_client_main(int argc, char **argv)
1225 * push a buffering BIO into the chain that is removed again later on 1225 * push a buffering BIO into the chain that is removed again later on
1226 * to not disturb the rest of the s_client operation. 1226 * to not disturb the rest of the s_client operation.
1227 */ 1227 */
1228 if (s_client_config.starttls_proto == PROTO_SMTP || 1228 if (cfg.starttls_proto == PROTO_SMTP ||
1229 s_client_config.starttls_proto == PROTO_LMTP) { 1229 cfg.starttls_proto == PROTO_LMTP) {
1230 int foundit = 0; 1230 int foundit = 0;
1231 BIO *fbio = BIO_new(BIO_f_buffer()); 1231 BIO *fbio = BIO_new(BIO_f_buffer());
1232 BIO_push(fbio, sbio); 1232 BIO_push(fbio, sbio);
@@ -1237,7 +1237,7 @@ s_client_main(int argc, char **argv)
1237 while (mbuf_len > 3 && mbuf[3] == '-'); 1237 while (mbuf_len > 3 && mbuf[3] == '-');
1238 /* STARTTLS command requires EHLO... */ 1238 /* STARTTLS command requires EHLO... */
1239 BIO_printf(fbio, "%cHLO openssl.client.net\r\n", 1239 BIO_printf(fbio, "%cHLO openssl.client.net\r\n",
1240 s_client_config.starttls_proto == PROTO_SMTP ? 'E' : 'L'); 1240 cfg.starttls_proto == PROTO_SMTP ? 'E' : 'L');
1241 (void) BIO_flush(fbio); 1241 (void) BIO_flush(fbio);
1242 /* wait for multi-line response to end EHLO SMTP response */ 1242 /* wait for multi-line response to end EHLO SMTP response */
1243 do { 1243 do {
@@ -1255,7 +1255,7 @@ s_client_main(int argc, char **argv)
1255 " try anyway...\n"); 1255 " try anyway...\n");
1256 BIO_printf(sbio, "STARTTLS\r\n"); 1256 BIO_printf(sbio, "STARTTLS\r\n");
1257 BIO_read(sbio, sbuf, BUFSIZZ); 1257 BIO_read(sbio, sbuf, BUFSIZZ);
1258 } else if (s_client_config.starttls_proto == PROTO_POP3) { 1258 } else if (cfg.starttls_proto == PROTO_POP3) {
1259 mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); 1259 mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
1260 if (mbuf_len == -1) { 1260 if (mbuf_len == -1) {
1261 BIO_printf(bio_err, "BIO_read failed\n"); 1261 BIO_printf(bio_err, "BIO_read failed\n");
@@ -1263,7 +1263,7 @@ s_client_main(int argc, char **argv)
1263 } 1263 }
1264 BIO_printf(sbio, "STLS\r\n"); 1264 BIO_printf(sbio, "STLS\r\n");
1265 BIO_read(sbio, sbuf, BUFSIZZ); 1265 BIO_read(sbio, sbuf, BUFSIZZ);
1266 } else if (s_client_config.starttls_proto == PROTO_IMAP) { 1266 } else if (cfg.starttls_proto == PROTO_IMAP) {
1267 int foundit = 0; 1267 int foundit = 0;
1268 BIO *fbio = BIO_new(BIO_f_buffer()); 1268 BIO *fbio = BIO_new(BIO_f_buffer());
1269 BIO_push(fbio, sbio); 1269 BIO_push(fbio, sbio);
@@ -1287,7 +1287,7 @@ s_client_main(int argc, char **argv)
1287 " try anyway...\n"); 1287 " try anyway...\n");
1288 BIO_printf(sbio, ". STARTTLS\r\n"); 1288 BIO_printf(sbio, ". STARTTLS\r\n");
1289 BIO_read(sbio, sbuf, BUFSIZZ); 1289 BIO_read(sbio, sbuf, BUFSIZZ);
1290 } else if (s_client_config.starttls_proto == PROTO_FTP) { 1290 } else if (cfg.starttls_proto == PROTO_FTP) {
1291 BIO *fbio = BIO_new(BIO_f_buffer()); 1291 BIO *fbio = BIO_new(BIO_f_buffer());
1292 BIO_push(fbio, sbio); 1292 BIO_push(fbio, sbio);
1293 /* wait for multi-line response to end from FTP */ 1293 /* wait for multi-line response to end from FTP */
@@ -1300,13 +1300,13 @@ s_client_main(int argc, char **argv)
1300 BIO_free(fbio); 1300 BIO_free(fbio);
1301 BIO_printf(sbio, "AUTH TLS\r\n"); 1301 BIO_printf(sbio, "AUTH TLS\r\n");
1302 BIO_read(sbio, sbuf, BUFSIZZ); 1302 BIO_read(sbio, sbuf, BUFSIZZ);
1303 } else if (s_client_config.starttls_proto == PROTO_XMPP) { 1303 } else if (cfg.starttls_proto == PROTO_XMPP) {
1304 int seen = 0; 1304 int seen = 0;
1305 BIO_printf(sbio, "<stream:stream " 1305 BIO_printf(sbio, "<stream:stream "
1306 "xmlns:stream='http://etherx.jabber.org/streams' " 1306 "xmlns:stream='http://etherx.jabber.org/streams' "
1307 "xmlns='jabber:client' to='%s' version='1.0'>", 1307 "xmlns='jabber:client' to='%s' version='1.0'>",
1308 s_client_config.xmpphost ? 1308 cfg.xmpphost ?
1309 s_client_config.xmpphost : s_client_config.host); 1309 cfg.xmpphost : cfg.host);
1310 seen = BIO_read(sbio, mbuf, BUFSIZZ); 1310 seen = BIO_read(sbio, mbuf, BUFSIZZ);
1311 1311
1312 if (seen <= 0) 1312 if (seen <= 0)
@@ -1329,9 +1329,9 @@ s_client_main(int argc, char **argv)
1329 if (!strstr(sbuf, "<proceed")) 1329 if (!strstr(sbuf, "<proceed"))
1330 goto shut; 1330 goto shut;
1331 mbuf[0] = 0; 1331 mbuf[0] = 0;
1332 } else if (s_client_config.proxy != NULL) { 1332 } else if (cfg.proxy != NULL) {
1333 BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n", 1333 BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n",
1334 s_client_config.connect); 1334 cfg.connect);
1335 mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); 1335 mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
1336 if (mbuf_len == -1) { 1336 if (mbuf_len == -1) {
1337 BIO_printf(bio_err, "BIO_read failed\n"); 1337 BIO_printf(bio_err, "BIO_read failed\n");
@@ -1353,9 +1353,9 @@ s_client_main(int argc, char **argv)
1353 tty_on = 1; 1353 tty_on = 1;
1354 if (in_init) { 1354 if (in_init) {
1355 in_init = 0; 1355 in_init = 0;
1356 if (s_client_config.sess_out) { 1356 if (cfg.sess_out) {
1357 BIO *stmp = BIO_new_file( 1357 BIO *stmp = BIO_new_file(
1358 s_client_config.sess_out, "w"); 1358 cfg.sess_out, "w");
1359 if (stmp) { 1359 if (stmp) {
1360 PEM_write_bio_SSL_SESSION(stmp, 1360 PEM_write_bio_SSL_SESSION(stmp,
1361 SSL_get_session(con)); 1361 SSL_get_session(con));
@@ -1363,19 +1363,19 @@ s_client_main(int argc, char **argv)
1363 } else 1363 } else
1364 BIO_printf(bio_err, 1364 BIO_printf(bio_err,
1365 "Error writing session file %s\n", 1365 "Error writing session file %s\n",
1366 s_client_config.sess_out); 1366 cfg.sess_out);
1367 } 1367 }
1368 print_stuff(bio_c_out, con, full_log); 1368 print_stuff(bio_c_out, con, full_log);
1369 if (full_log > 0) 1369 if (full_log > 0)
1370 full_log--; 1370 full_log--;
1371 1371
1372 if (s_client_config.starttls_proto) { 1372 if (cfg.starttls_proto) {
1373 BIO_write(bio_err, mbuf, mbuf_len); 1373 BIO_write(bio_err, mbuf, mbuf_len);
1374 /* We don't need to know any more */ 1374 /* We don't need to know any more */
1375 s_client_config.starttls_proto = PROTO_OFF; 1375 cfg.starttls_proto = PROTO_OFF;
1376 } 1376 }
1377 if (s_client_config.reconnect) { 1377 if (cfg.reconnect) {
1378 s_client_config.reconnect--; 1378 cfg.reconnect--;
1379 BIO_printf(bio_c_out, 1379 BIO_printf(bio_c_out,
1380 "drop connection and then reconnect\n"); 1380 "drop connection and then reconnect\n");
1381 SSL_shutdown(con); 1381 SSL_shutdown(con);
@@ -1516,7 +1516,7 @@ s_client_main(int argc, char **argv)
1516 } 1516 }
1517 } 1517 }
1518#endif 1518#endif
1519 if (s_client_config.peekaboo) { 1519 if (cfg.peekaboo) {
1520 k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ ); 1520 k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ );
1521 pending = SSL_pending(con); 1521 pending = SSL_pending(con);
1522 if (SSL_get_error(con, p) == SSL_ERROR_NONE) { 1522 if (SSL_get_error(con, p) == SSL_ERROR_NONE) {
@@ -1535,7 +1535,7 @@ s_client_main(int argc, char **argv)
1535 goto end; 1535 goto end;
1536 sbuf_off = 0; 1536 sbuf_off = 0;
1537 sbuf_len = k; 1537 sbuf_len = k;
1538 if (s_client_config.peekaboo) { 1538 if (cfg.peekaboo) {
1539 if (p != pending) { 1539 if (p != pending) {
1540 ret = -1; 1540 ret = -1;
1541 BIO_printf(bio_err, 1541 BIO_printf(bio_err,
@@ -1594,7 +1594,7 @@ s_client_main(int argc, char **argv)
1594 BIO_printf(bio_err, "poll error"); 1594 BIO_printf(bio_err, "poll error");
1595 goto shut; 1595 goto shut;
1596 } 1596 }
1597 if (s_client_config.crlf) { 1597 if (cfg.crlf) {
1598 int j, lf_num; 1598 int j, lf_num;
1599 1599
1600 i = read(fileno(stdin), cbuf, BUFSIZZ / 2); 1600 i = read(fileno(stdin), cbuf, BUFSIZZ / 2);
@@ -1615,13 +1615,13 @@ s_client_main(int argc, char **argv)
1615 } else 1615 } else
1616 i = read(fileno(stdin), cbuf, BUFSIZZ); 1616 i = read(fileno(stdin), cbuf, BUFSIZZ);
1617 1617
1618 if ((!s_client_config.ign_eof) && 1618 if ((!cfg.ign_eof) &&
1619 ((i <= 0) || (cbuf[0] == 'Q'))) { 1619 ((i <= 0) || (cbuf[0] == 'Q'))) {
1620 BIO_printf(bio_err, "DONE\n"); 1620 BIO_printf(bio_err, "DONE\n");
1621 ret = 0; 1621 ret = 0;
1622 goto shut; 1622 goto shut;
1623 } 1623 }
1624 if ((!s_client_config.ign_eof) && (cbuf[0] == 'R')) { 1624 if ((!cfg.ign_eof) && (cbuf[0] == 'R')) {
1625 BIO_printf(bio_err, "RENEGOTIATING\n"); 1625 BIO_printf(bio_err, "RENEGOTIATING\n");
1626 SSL_renegotiate(con); 1626 SSL_renegotiate(con);
1627 cbuf_len = 0; 1627 cbuf_len = 0;
@@ -1644,7 +1644,7 @@ s_client_main(int argc, char **argv)
1644 close(SSL_get_fd(con)); 1644 close(SSL_get_fd(con));
1645 end: 1645 end:
1646 if (con != NULL) { 1646 if (con != NULL) {
1647 if (s_client_config.prexit != 0) 1647 if (cfg.prexit != 0)
1648 print_stuff(bio_c_out, con, 1); 1648 print_stuff(bio_c_out, con, 1);
1649 SSL_free(con); 1649 SSL_free(con);
1650 } 1650 }
@@ -1652,7 +1652,7 @@ s_client_main(int argc, char **argv)
1652 X509_free(cert); 1652 X509_free(cert);
1653 EVP_PKEY_free(key); 1653 EVP_PKEY_free(key);
1654 free(pass); 1654 free(pass);
1655 X509_VERIFY_PARAM_free(s_client_config.vpm); 1655 X509_VERIFY_PARAM_free(cfg.vpm);
1656 freezero(cbuf, BUFSIZZ); 1656 freezero(cbuf, BUFSIZZ);
1657 freezero(sbuf, BUFSIZZ); 1657 freezero(sbuf, BUFSIZZ);
1658 freezero(pbuf, BUFSIZZ); 1658 freezero(pbuf, BUFSIZZ);
@@ -1692,7 +1692,7 @@ print_stuff(BIO *bio, SSL *s, int full)
1692 X509_NAME_oneline(X509_get_issuer_name( 1692 X509_NAME_oneline(X509_get_issuer_name(
1693 sk_X509_value(sk, i)), buf, sizeof buf); 1693 sk_X509_value(sk, i)), buf, sizeof buf);
1694 BIO_printf(bio, " i:%s\n", buf); 1694 BIO_printf(bio, " i:%s\n", buf);
1695 if (s_client_config.showcerts) 1695 if (cfg.showcerts)
1696 PEM_write_bio_X509(bio, 1696 PEM_write_bio_X509(bio,
1697 sk_X509_value(sk, i)); 1697 sk_X509_value(sk, i));
1698 } 1698 }
@@ -1701,7 +1701,7 @@ print_stuff(BIO *bio, SSL *s, int full)
1701 peer = SSL_get_peer_certificate(s); 1701 peer = SSL_get_peer_certificate(s);
1702 if (peer != NULL) { 1702 if (peer != NULL) {
1703 BIO_printf(bio, "Server certificate\n"); 1703 BIO_printf(bio, "Server certificate\n");
1704 if (!(s_client_config.showcerts && got_a_chain)) { 1704 if (!(cfg.showcerts && got_a_chain)) {
1705 /* Redundant if we showed the whole chain */ 1705 /* Redundant if we showed the whole chain */
1706 PEM_write_bio_X509(bio, peer); 1706 PEM_write_bio_X509(bio, peer);
1707 } 1707 }
@@ -1820,23 +1820,23 @@ print_stuff(BIO *bio, SSL *s, int full)
1820#endif 1820#endif
1821 1821
1822 SSL_SESSION_print(bio, SSL_get_session(s)); 1822 SSL_SESSION_print(bio, SSL_get_session(s));
1823 if (s_client_config.keymatexportlabel != NULL) { 1823 if (cfg.keymatexportlabel != NULL) {
1824 BIO_printf(bio, "Keying material exporter:\n"); 1824 BIO_printf(bio, "Keying material exporter:\n");
1825 BIO_printf(bio, " Label: '%s'\n", 1825 BIO_printf(bio, " Label: '%s'\n",
1826 s_client_config.keymatexportlabel); 1826 cfg.keymatexportlabel);
1827 BIO_printf(bio, " Length: %i bytes\n", 1827 BIO_printf(bio, " Length: %i bytes\n",
1828 s_client_config.keymatexportlen); 1828 cfg.keymatexportlen);
1829 exportedkeymat = malloc(s_client_config.keymatexportlen); 1829 exportedkeymat = malloc(cfg.keymatexportlen);
1830 if (exportedkeymat != NULL) { 1830 if (exportedkeymat != NULL) {
1831 if (!SSL_export_keying_material(s, exportedkeymat, 1831 if (!SSL_export_keying_material(s, exportedkeymat,
1832 s_client_config.keymatexportlen, 1832 cfg.keymatexportlen,
1833 s_client_config.keymatexportlabel, 1833 cfg.keymatexportlabel,
1834 strlen(s_client_config.keymatexportlabel), 1834 strlen(cfg.keymatexportlabel),
1835 NULL, 0, 0)) { 1835 NULL, 0, 0)) {
1836 BIO_printf(bio, " Error\n"); 1836 BIO_printf(bio, " Error\n");
1837 } else { 1837 } else {
1838 BIO_printf(bio, " Keying material: "); 1838 BIO_printf(bio, " Keying material: ");
1839 for (i = 0; i < s_client_config.keymatexportlen; i++) 1839 for (i = 0; i < cfg.keymatexportlen; i++)
1840 BIO_printf(bio, "%02X", 1840 BIO_printf(bio, "%02X",
1841 exportedkeymat[i]); 1841 exportedkeymat[i]);
1842 BIO_printf(bio, "\n"); 1842 BIO_printf(bio, "\n");
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index adf98451ec..a7f6146c4c 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.55 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: s_server.c,v 1.56 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -294,23 +294,23 @@ static struct {
294 int tlsextstatus; 294 int tlsextstatus;
295 X509_VERIFY_PARAM *vpm; 295 X509_VERIFY_PARAM *vpm;
296 int www; 296 int www;
297} s_server_config; 297} cfg;
298 298
299static int 299static int
300s_server_opt_context(char *arg) 300s_server_opt_context(char *arg)
301{ 301{
302 s_server_config.context = (unsigned char *) arg; 302 cfg.context = (unsigned char *) arg;
303 return (0); 303 return (0);
304} 304}
305 305
306static int 306static int
307s_server_opt_keymatexportlen(char *arg) 307s_server_opt_keymatexportlen(char *arg)
308{ 308{
309 s_server_config.keymatexportlen = strtonum(arg, 1, INT_MAX, 309 cfg.keymatexportlen = strtonum(arg, 1, INT_MAX,
310 &s_server_config.errstr); 310 &cfg.errstr);
311 if (s_server_config.errstr != NULL) { 311 if (cfg.errstr != NULL) {
312 BIO_printf(bio_err, "invalid argument %s: %s\n", 312 BIO_printf(bio_err, "invalid argument %s: %s\n",
313 arg, s_server_config.errstr); 313 arg, cfg.errstr);
314 return (1); 314 return (1);
315 } 315 }
316 return (0); 316 return (0);
@@ -320,11 +320,11 @@ s_server_opt_keymatexportlen(char *arg)
320static int 320static int
321s_server_opt_mtu(char *arg) 321s_server_opt_mtu(char *arg)
322{ 322{
323 s_server_config.socket_mtu = strtonum(arg, 0, LONG_MAX, 323 cfg.socket_mtu = strtonum(arg, 0, LONG_MAX,
324 &s_server_config.errstr); 324 &cfg.errstr);
325 if (s_server_config.errstr != NULL) { 325 if (cfg.errstr != NULL) {
326 BIO_printf(bio_err, "invalid argument %s: %s\n", 326 BIO_printf(bio_err, "invalid argument %s: %s\n",
327 arg, s_server_config.errstr); 327 arg, cfg.errstr);
328 return (1); 328 return (1);
329 } 329 }
330 return (0); 330 return (0);
@@ -335,8 +335,8 @@ s_server_opt_mtu(char *arg)
335static int 335static int
336s_server_opt_protocol_version_dtls(void) 336s_server_opt_protocol_version_dtls(void)
337{ 337{
338 s_server_config.meth = DTLS_server_method(); 338 cfg.meth = DTLS_server_method();
339 s_server_config.socket_type = SOCK_DGRAM; 339 cfg.socket_type = SOCK_DGRAM;
340 return (0); 340 return (0);
341} 341}
342#endif 342#endif
@@ -345,10 +345,10 @@ s_server_opt_protocol_version_dtls(void)
345static int 345static int
346s_server_opt_protocol_version_dtls1(void) 346s_server_opt_protocol_version_dtls1(void)
347{ 347{
348 s_server_config.meth = DTLS_server_method(); 348 cfg.meth = DTLS_server_method();
349 s_server_config.min_version = DTLS1_VERSION; 349 cfg.min_version = DTLS1_VERSION;
350 s_server_config.max_version = DTLS1_VERSION; 350 cfg.max_version = DTLS1_VERSION;
351 s_server_config.socket_type = SOCK_DGRAM; 351 cfg.socket_type = SOCK_DGRAM;
352 return (0); 352 return (0);
353} 353}
354#endif 354#endif
@@ -357,10 +357,10 @@ s_server_opt_protocol_version_dtls1(void)
357static int 357static int
358s_server_opt_protocol_version_dtls1_2(void) 358s_server_opt_protocol_version_dtls1_2(void)
359{ 359{
360 s_server_config.meth = DTLS_server_method(); 360 cfg.meth = DTLS_server_method();
361 s_server_config.min_version = DTLS1_2_VERSION; 361 cfg.min_version = DTLS1_2_VERSION;
362 s_server_config.max_version = DTLS1_2_VERSION; 362 cfg.max_version = DTLS1_2_VERSION;
363 s_server_config.socket_type = SOCK_DGRAM; 363 cfg.socket_type = SOCK_DGRAM;
364 return (0); 364 return (0);
365} 365}
366#endif 366#endif
@@ -368,47 +368,47 @@ s_server_opt_protocol_version_dtls1_2(void)
368static int 368static int
369s_server_opt_protocol_version_tls1(void) 369s_server_opt_protocol_version_tls1(void)
370{ 370{
371 s_server_config.min_version = TLS1_VERSION; 371 cfg.min_version = TLS1_VERSION;
372 s_server_config.max_version = TLS1_VERSION; 372 cfg.max_version = TLS1_VERSION;
373 return (0); 373 return (0);
374} 374}
375 375
376static int 376static int
377s_server_opt_protocol_version_tls1_1(void) 377s_server_opt_protocol_version_tls1_1(void)
378{ 378{
379 s_server_config.min_version = TLS1_1_VERSION; 379 cfg.min_version = TLS1_1_VERSION;
380 s_server_config.max_version = TLS1_1_VERSION; 380 cfg.max_version = TLS1_1_VERSION;
381 return (0); 381 return (0);
382} 382}
383 383
384static int 384static int
385s_server_opt_protocol_version_tls1_2(void) 385s_server_opt_protocol_version_tls1_2(void)
386{ 386{
387 s_server_config.min_version = TLS1_2_VERSION; 387 cfg.min_version = TLS1_2_VERSION;
388 s_server_config.max_version = TLS1_2_VERSION; 388 cfg.max_version = TLS1_2_VERSION;
389 return (0); 389 return (0);
390} 390}
391 391
392static int 392static int
393s_server_opt_protocol_version_tls1_3(void) 393s_server_opt_protocol_version_tls1_3(void)
394{ 394{
395 s_server_config.min_version = TLS1_3_VERSION; 395 cfg.min_version = TLS1_3_VERSION;
396 s_server_config.max_version = TLS1_3_VERSION; 396 cfg.max_version = TLS1_3_VERSION;
397 return (0); 397 return (0);
398} 398}
399 399
400static int 400static int
401s_server_opt_nbio_test(void) 401s_server_opt_nbio_test(void)
402{ 402{
403 s_server_config.nbio = 1; 403 cfg.nbio = 1;
404 s_server_config.nbio_test = 1; 404 cfg.nbio_test = 1;
405 return (0); 405 return (0);
406} 406}
407 407
408static int 408static int
409s_server_opt_port(char *arg) 409s_server_opt_port(char *arg)
410{ 410{
411 if (!extract_port(arg, &s_server_config.port)) 411 if (!extract_port(arg, &cfg.port))
412 return (1); 412 return (1);
413 return (0); 413 return (0);
414} 414}
@@ -416,12 +416,12 @@ s_server_opt_port(char *arg)
416static int 416static int
417s_server_opt_status_timeout(char *arg) 417s_server_opt_status_timeout(char *arg)
418{ 418{
419 s_server_config.tlsextstatus = 1; 419 cfg.tlsextstatus = 1;
420 s_server_config.tlscstatp.timeout = strtonum(arg, 0, INT_MAX, 420 cfg.tlscstatp.timeout = strtonum(arg, 0, INT_MAX,
421 &s_server_config.errstr); 421 &cfg.errstr);
422 if (s_server_config.errstr != NULL) { 422 if (cfg.errstr != NULL) {
423 BIO_printf(bio_err, "invalid argument %s: %s\n", 423 BIO_printf(bio_err, "invalid argument %s: %s\n",
424 arg, s_server_config.errstr); 424 arg, cfg.errstr);
425 return (1); 425 return (1);
426 } 426 }
427 return (0); 427 return (0);
@@ -430,10 +430,10 @@ s_server_opt_status_timeout(char *arg)
430static int 430static int
431s_server_opt_status_url(char *arg) 431s_server_opt_status_url(char *arg)
432{ 432{
433 s_server_config.tlsextstatus = 1; 433 cfg.tlsextstatus = 1;
434 if (!OCSP_parse_url(arg, &s_server_config.tlscstatp.host, 434 if (!OCSP_parse_url(arg, &cfg.tlscstatp.host,
435 &s_server_config.tlscstatp.port, &s_server_config.tlscstatp.path, 435 &cfg.tlscstatp.port, &cfg.tlscstatp.path,
436 &s_server_config.tlscstatp.use_ssl)) { 436 &cfg.tlscstatp.use_ssl)) {
437 BIO_printf(bio_err, "Error parsing URL\n"); 437 BIO_printf(bio_err, "Error parsing URL\n");
438 return (1); 438 return (1);
439 } 439 }
@@ -443,20 +443,20 @@ s_server_opt_status_url(char *arg)
443static int 443static int
444s_server_opt_status_verbose(void) 444s_server_opt_status_verbose(void)
445{ 445{
446 s_server_config.tlsextstatus = 1; 446 cfg.tlsextstatus = 1;
447 s_server_config.tlscstatp.verbose = 1; 447 cfg.tlscstatp.verbose = 1;
448 return (0); 448 return (0);
449} 449}
450 450
451static int 451static int
452s_server_opt_verify(char *arg) 452s_server_opt_verify(char *arg)
453{ 453{
454 s_server_config.server_verify = SSL_VERIFY_PEER | 454 cfg.server_verify = SSL_VERIFY_PEER |
455 SSL_VERIFY_CLIENT_ONCE; 455 SSL_VERIFY_CLIENT_ONCE;
456 verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); 456 verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
457 if (s_server_config.errstr != NULL) { 457 if (cfg.errstr != NULL) {
458 BIO_printf(bio_err, "invalid argument %s: %s\n", 458 BIO_printf(bio_err, "invalid argument %s: %s\n",
459 arg, s_server_config.errstr); 459 arg, cfg.errstr);
460 return (1); 460 return (1);
461 } 461 }
462 BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 462 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
@@ -466,12 +466,12 @@ s_server_opt_verify(char *arg)
466static int 466static int
467s_server_opt_verify_fail(char *arg) 467s_server_opt_verify_fail(char *arg)
468{ 468{
469 s_server_config.server_verify = SSL_VERIFY_PEER | 469 cfg.server_verify = SSL_VERIFY_PEER |
470 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; 470 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE;
471 verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); 471 verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
472 if (s_server_config.errstr != NULL) { 472 if (cfg.errstr != NULL) {
473 BIO_printf(bio_err, "invalid argument %s: %s\n", 473 BIO_printf(bio_err, "invalid argument %s: %s\n",
474 arg, s_server_config.errstr); 474 arg, cfg.errstr);
475 return (1); 475 return (1);
476 } 476 }
477 BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", 477 BIO_printf(bio_err, "verify depth is %d, must return a certificate\n",
@@ -487,7 +487,7 @@ s_server_opt_verify_param(int argc, char **argv, int *argsused)
487 int badarg = 0; 487 int badarg = 0;
488 488
489 if (!args_verify(&pargs, &pargc, &badarg, bio_err, 489 if (!args_verify(&pargs, &pargc, &badarg, bio_err,
490 &s_server_config.vpm)) { 490 &cfg.vpm)) {
491 BIO_printf(bio_err, "unknown option %s\n", *argv); 491 BIO_printf(bio_err, "unknown option %s\n", *argv);
492 return (1); 492 return (1);
493 } 493 }
@@ -520,27 +520,27 @@ static const struct option s_server_options[] = {
520 .desc = "Set the advertised protocols for the ALPN extension" 520 .desc = "Set the advertised protocols for the ALPN extension"
521 " (comma-separated list)", 521 " (comma-separated list)",
522 .type = OPTION_ARG, 522 .type = OPTION_ARG,
523 .opt.arg = &s_server_config.alpn_in, 523 .opt.arg = &cfg.alpn_in,
524 }, 524 },
525 { 525 {
526 .name = "bugs", 526 .name = "bugs",
527 .desc = "Turn on SSL bug compatibility", 527 .desc = "Turn on SSL bug compatibility",
528 .type = OPTION_FLAG, 528 .type = OPTION_FLAG,
529 .opt.flag = &s_server_config.bugs, 529 .opt.flag = &cfg.bugs,
530 }, 530 },
531 { 531 {
532 .name = "CAfile", 532 .name = "CAfile",
533 .argname = "file", 533 .argname = "file",
534 .desc = "PEM format file of CA certificates", 534 .desc = "PEM format file of CA certificates",
535 .type = OPTION_ARG, 535 .type = OPTION_ARG,
536 .opt.arg = &s_server_config.CAfile, 536 .opt.arg = &cfg.CAfile,
537 }, 537 },
538 { 538 {
539 .name = "CApath", 539 .name = "CApath",
540 .argname = "directory", 540 .argname = "directory",
541 .desc = "PEM format directory of CA certificates", 541 .desc = "PEM format directory of CA certificates",
542 .type = OPTION_ARG, 542 .type = OPTION_ARG,
543 .opt.arg = &s_server_config.CApath, 543 .opt.arg = &cfg.CApath,
544 }, 544 },
545 { 545 {
546 .name = "cert", 546 .name = "cert",
@@ -548,7 +548,7 @@ static const struct option s_server_options[] = {
548 .desc = "Certificate file to use\n" 548 .desc = "Certificate file to use\n"
549 "(default is " TEST_CERT ")", 549 "(default is " TEST_CERT ")",
550 .type = OPTION_ARG, 550 .type = OPTION_ARG,
551 .opt.arg = &s_server_config.cert_file, 551 .opt.arg = &cfg.cert_file,
552 }, 552 },
553 { 553 {
554 .name = "cert2", 554 .name = "cert2",
@@ -556,20 +556,20 @@ static const struct option s_server_options[] = {
556 .desc = "Certificate file to use for servername\n" 556 .desc = "Certificate file to use for servername\n"
557 "(default is " TEST_CERT2 ")", 557 "(default is " TEST_CERT2 ")",
558 .type = OPTION_ARG, 558 .type = OPTION_ARG,
559 .opt.arg = &s_server_config.cert_file2, 559 .opt.arg = &cfg.cert_file2,
560 }, 560 },
561 { 561 {
562 .name = "certform", 562 .name = "certform",
563 .argname = "fmt", 563 .argname = "fmt",
564 .desc = "Certificate format (PEM or DER) PEM default", 564 .desc = "Certificate format (PEM or DER) PEM default",
565 .type = OPTION_ARG_FORMAT, 565 .type = OPTION_ARG_FORMAT,
566 .opt.value = &s_server_config.cert_format, 566 .opt.value = &cfg.cert_format,
567 }, 567 },
568#ifndef OPENSSL_NO_DTLS 568#ifndef OPENSSL_NO_DTLS
569 { 569 {
570 .name = "chain", 570 .name = "chain",
571 .type = OPTION_FLAG, 571 .type = OPTION_FLAG,
572 .opt.flag = &s_server_config.cert_chain, 572 .opt.flag = &cfg.cert_chain,
573 }, 573 },
574#endif 574#endif
575 { 575 {
@@ -577,7 +577,7 @@ static const struct option s_server_options[] = {
577 .argname = "list", 577 .argname = "list",
578 .desc = "List of ciphers to enable (see `openssl ciphers`)", 578 .desc = "List of ciphers to enable (see `openssl ciphers`)",
579 .type = OPTION_ARG, 579 .type = OPTION_ARG,
580 .opt.arg = &s_server_config.cipher, 580 .opt.arg = &cfg.cipher,
581 }, 581 },
582 { 582 {
583 .name = "context", 583 .name = "context",
@@ -590,55 +590,55 @@ static const struct option s_server_options[] = {
590 .name = "crlf", 590 .name = "crlf",
591 .desc = "Convert LF from terminal into CRLF", 591 .desc = "Convert LF from terminal into CRLF",
592 .type = OPTION_FLAG, 592 .type = OPTION_FLAG,
593 .opt.flag = &s_server_config.crlf, 593 .opt.flag = &cfg.crlf,
594 }, 594 },
595 { 595 {
596 .name = "dcert", 596 .name = "dcert",
597 .argname = "file", 597 .argname = "file",
598 .desc = "Second certificate file to use (usually for DSA)", 598 .desc = "Second certificate file to use (usually for DSA)",
599 .type = OPTION_ARG, 599 .type = OPTION_ARG,
600 .opt.arg = &s_server_config.dcert_file, 600 .opt.arg = &cfg.dcert_file,
601 }, 601 },
602 { 602 {
603 .name = "dcertform", 603 .name = "dcertform",
604 .argname = "fmt", 604 .argname = "fmt",
605 .desc = "Second certificate format (PEM or DER) PEM default", 605 .desc = "Second certificate format (PEM or DER) PEM default",
606 .type = OPTION_ARG_FORMAT, 606 .type = OPTION_ARG_FORMAT,
607 .opt.value = &s_server_config.dcert_format, 607 .opt.value = &cfg.dcert_format,
608 }, 608 },
609 { 609 {
610 .name = "debug", 610 .name = "debug",
611 .desc = "Print more output", 611 .desc = "Print more output",
612 .type = OPTION_FLAG, 612 .type = OPTION_FLAG,
613 .opt.flag = &s_server_config.debug, 613 .opt.flag = &cfg.debug,
614 }, 614 },
615 { 615 {
616 .name = "dhparam", 616 .name = "dhparam",
617 .argname = "file", 617 .argname = "file",
618 .desc = "DH parameter file to use, in cert file if not specified", 618 .desc = "DH parameter file to use, in cert file if not specified",
619 .type = OPTION_ARG, 619 .type = OPTION_ARG,
620 .opt.arg = &s_server_config.dhfile, 620 .opt.arg = &cfg.dhfile,
621 }, 621 },
622 { 622 {
623 .name = "dkey", 623 .name = "dkey",
624 .argname = "file", 624 .argname = "file",
625 .desc = "Second private key file to use (usually for DSA)", 625 .desc = "Second private key file to use (usually for DSA)",
626 .type = OPTION_ARG, 626 .type = OPTION_ARG,
627 .opt.arg = &s_server_config.dkey_file, 627 .opt.arg = &cfg.dkey_file,
628 }, 628 },
629 { 629 {
630 .name = "dkeyform", 630 .name = "dkeyform",
631 .argname = "fmt", 631 .argname = "fmt",
632 .desc = "Second key format (PEM or DER) PEM default", 632 .desc = "Second key format (PEM or DER) PEM default",
633 .type = OPTION_ARG_FORMAT, 633 .type = OPTION_ARG_FORMAT,
634 .opt.value = &s_server_config.dkey_format, 634 .opt.value = &cfg.dkey_format,
635 }, 635 },
636 { 636 {
637 .name = "dpass", 637 .name = "dpass",
638 .argname = "arg", 638 .argname = "arg",
639 .desc = "Second private key file pass phrase source", 639 .desc = "Second private key file pass phrase source",
640 .type = OPTION_ARG, 640 .type = OPTION_ARG,
641 .opt.arg = &s_server_config.dpassarg, 641 .opt.arg = &cfg.dpassarg,
642 }, 642 },
643#ifndef OPENSSL_NO_DTLS 643#ifndef OPENSSL_NO_DTLS
644 { 644 {
@@ -669,13 +669,13 @@ static const struct option s_server_options[] = {
669 .argname = "list", 669 .argname = "list",
670 .desc = "Specify EC groups (colon-separated list)", 670 .desc = "Specify EC groups (colon-separated list)",
671 .type = OPTION_ARG, 671 .type = OPTION_ARG,
672 .opt.arg = &s_server_config.groups_in, 672 .opt.arg = &cfg.groups_in,
673 }, 673 },
674 { 674 {
675 .name = "HTTP", 675 .name = "HTTP",
676 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", 676 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>",
677 .type = OPTION_VALUE, 677 .type = OPTION_VALUE,
678 .opt.value = &s_server_config.www, 678 .opt.value = &cfg.www,
679 .value = 3, 679 .value = 3,
680 }, 680 },
681 { 681 {
@@ -683,7 +683,7 @@ static const struct option s_server_options[] = {
683 .argname = "arg", 683 .argname = "arg",
684 .desc = "Generate SSL/TLS session IDs prefixed by 'arg'", 684 .desc = "Generate SSL/TLS session IDs prefixed by 'arg'",
685 .type = OPTION_ARG, 685 .type = OPTION_ARG,
686 .opt.arg = &s_server_config.session_id_prefix, 686 .opt.arg = &cfg.session_id_prefix,
687 }, 687 },
688 { 688 {
689 .name = "key", 689 .name = "key",
@@ -691,7 +691,7 @@ static const struct option s_server_options[] = {
691 .desc = "Private Key file to use, in cert file if\n" 691 .desc = "Private Key file to use, in cert file if\n"
692 "not specified (default is " TEST_CERT ")", 692 "not specified (default is " TEST_CERT ")",
693 .type = OPTION_ARG, 693 .type = OPTION_ARG,
694 .opt.arg = &s_server_config.key_file, 694 .opt.arg = &cfg.key_file,
695 }, 695 },
696 { 696 {
697 .name = "key2", 697 .name = "key2",
@@ -699,21 +699,21 @@ static const struct option s_server_options[] = {
699 .desc = "Private Key file to use for servername, in cert file if\n" 699 .desc = "Private Key file to use for servername, in cert file if\n"
700 "not specified (default is " TEST_CERT2 ")", 700 "not specified (default is " TEST_CERT2 ")",
701 .type = OPTION_ARG, 701 .type = OPTION_ARG,
702 .opt.arg = &s_server_config.key_file2, 702 .opt.arg = &cfg.key_file2,
703 }, 703 },
704 { 704 {
705 .name = "keyform", 705 .name = "keyform",
706 .argname = "fmt", 706 .argname = "fmt",
707 .desc = "Key format (PEM or DER) PEM default", 707 .desc = "Key format (PEM or DER) PEM default",
708 .type = OPTION_ARG_FORMAT, 708 .type = OPTION_ARG_FORMAT,
709 .opt.value = &s_server_config.key_format, 709 .opt.value = &cfg.key_format,
710 }, 710 },
711 { 711 {
712 .name = "keymatexport", 712 .name = "keymatexport",
713 .argname = "label", 713 .argname = "label",
714 .desc = "Export keying material using label", 714 .desc = "Export keying material using label",
715 .type = OPTION_ARG, 715 .type = OPTION_ARG,
716 .opt.arg = &s_server_config.keymatexportlabel, 716 .opt.arg = &cfg.keymatexportlabel,
717 }, 717 },
718 { 718 {
719 .name = "keymatexportlen", 719 .name = "keymatexportlen",
@@ -730,7 +730,7 @@ static const struct option s_server_options[] = {
730 .name = "msg", 730 .name = "msg",
731 .desc = "Show protocol messages", 731 .desc = "Show protocol messages",
732 .type = OPTION_FLAG, 732 .type = OPTION_FLAG,
733 .opt.flag = &s_server_config.msg, 733 .opt.flag = &cfg.msg,
734 }, 734 },
735#ifndef OPENSSL_NO_DTLS 735#ifndef OPENSSL_NO_DTLS
736 { 736 {
@@ -746,19 +746,19 @@ static const struct option s_server_options[] = {
746 .argname = "num", 746 .argname = "num",
747 .desc = "Terminate after num connections", 747 .desc = "Terminate after num connections",
748 .type = OPTION_ARG_INT, 748 .type = OPTION_ARG_INT,
749 .opt.value = &s_server_config.naccept 749 .opt.value = &cfg.naccept
750 }, 750 },
751 { 751 {
752 .name = "named_curve", 752 .name = "named_curve",
753 .argname = "arg", 753 .argname = "arg",
754 .type = OPTION_ARG, 754 .type = OPTION_ARG,
755 .opt.arg = &s_server_config.named_curve, 755 .opt.arg = &cfg.named_curve,
756 }, 756 },
757 { 757 {
758 .name = "nbio", 758 .name = "nbio",
759 .desc = "Run with non-blocking I/O", 759 .desc = "Run with non-blocking I/O",
760 .type = OPTION_FLAG, 760 .type = OPTION_FLAG,
761 .opt.flag = &s_server_config.nbio, 761 .opt.flag = &cfg.nbio,
762 }, 762 },
763 { 763 {
764 .name = "nbio_test", 764 .name = "nbio_test",
@@ -770,78 +770,78 @@ static const struct option s_server_options[] = {
770 .name = "nextprotoneg", 770 .name = "nextprotoneg",
771 .argname = "arg", 771 .argname = "arg",
772 .type = OPTION_ARG, 772 .type = OPTION_ARG,
773 .opt.arg = &s_server_config.npn_in, /* Ignored. */ 773 .opt.arg = &cfg.npn_in, /* Ignored. */
774 }, 774 },
775 { 775 {
776 .name = "no_cache", 776 .name = "no_cache",
777 .desc = "Disable session cache", 777 .desc = "Disable session cache",
778 .type = OPTION_FLAG, 778 .type = OPTION_FLAG,
779 .opt.flag = &s_server_config.no_cache, 779 .opt.flag = &cfg.no_cache,
780 }, 780 },
781 { 781 {
782 .name = "no_comp", 782 .name = "no_comp",
783 .desc = "Disable SSL/TLS compression", 783 .desc = "Disable SSL/TLS compression",
784 .type = OPTION_VALUE_OR, 784 .type = OPTION_VALUE_OR,
785 .opt.value = &s_server_config.off, 785 .opt.value = &cfg.off,
786 .value = SSL_OP_NO_COMPRESSION, 786 .value = SSL_OP_NO_COMPRESSION,
787 }, 787 },
788 { 788 {
789 .name = "no_dhe", 789 .name = "no_dhe",
790 .desc = "Disable ephemeral DH", 790 .desc = "Disable ephemeral DH",
791 .type = OPTION_FLAG, 791 .type = OPTION_FLAG,
792 .opt.flag = &s_server_config.no_dhe, 792 .opt.flag = &cfg.no_dhe,
793 }, 793 },
794 { 794 {
795 .name = "no_ecdhe", 795 .name = "no_ecdhe",
796 .desc = "Disable ephemeral ECDH", 796 .desc = "Disable ephemeral ECDH",
797 .type = OPTION_FLAG, 797 .type = OPTION_FLAG,
798 .opt.flag = &s_server_config.no_ecdhe, 798 .opt.flag = &cfg.no_ecdhe,
799 }, 799 },
800 { 800 {
801 .name = "no_ticket", 801 .name = "no_ticket",
802 .desc = "Disable use of RFC4507bis session tickets", 802 .desc = "Disable use of RFC4507bis session tickets",
803 .type = OPTION_VALUE_OR, 803 .type = OPTION_VALUE_OR,
804 .opt.value = &s_server_config.off, 804 .opt.value = &cfg.off,
805 .value = SSL_OP_NO_TICKET, 805 .value = SSL_OP_NO_TICKET,
806 }, 806 },
807 { 807 {
808 .name = "no_ssl2", 808 .name = "no_ssl2",
809 .type = OPTION_VALUE_OR, 809 .type = OPTION_VALUE_OR,
810 .opt.value = &s_server_config.off, 810 .opt.value = &cfg.off,
811 .value = SSL_OP_NO_SSLv2, 811 .value = SSL_OP_NO_SSLv2,
812 }, 812 },
813 { 813 {
814 .name = "no_ssl3", 814 .name = "no_ssl3",
815 .type = OPTION_VALUE_OR, 815 .type = OPTION_VALUE_OR,
816 .opt.value = &s_server_config.off, 816 .opt.value = &cfg.off,
817 .value = SSL_OP_NO_SSLv3, 817 .value = SSL_OP_NO_SSLv3,
818 }, 818 },
819 { 819 {
820 .name = "no_tls1", 820 .name = "no_tls1",
821 .desc = "Just disable TLSv1", 821 .desc = "Just disable TLSv1",
822 .type = OPTION_VALUE_OR, 822 .type = OPTION_VALUE_OR,
823 .opt.value = &s_server_config.off, 823 .opt.value = &cfg.off,
824 .value = SSL_OP_NO_TLSv1, 824 .value = SSL_OP_NO_TLSv1,
825 }, 825 },
826 { 826 {
827 .name = "no_tls1_1", 827 .name = "no_tls1_1",
828 .desc = "Just disable TLSv1.1", 828 .desc = "Just disable TLSv1.1",
829 .type = OPTION_VALUE_OR, 829 .type = OPTION_VALUE_OR,
830 .opt.value = &s_server_config.off, 830 .opt.value = &cfg.off,
831 .value = SSL_OP_NO_TLSv1_1, 831 .value = SSL_OP_NO_TLSv1_1,
832 }, 832 },
833 { 833 {
834 .name = "no_tls1_2", 834 .name = "no_tls1_2",
835 .desc = "Just disable TLSv1.2", 835 .desc = "Just disable TLSv1.2",
836 .type = OPTION_VALUE_OR, 836 .type = OPTION_VALUE_OR,
837 .opt.value = &s_server_config.off, 837 .opt.value = &cfg.off,
838 .value = SSL_OP_NO_TLSv1_2, 838 .value = SSL_OP_NO_TLSv1_2,
839 }, 839 },
840 { 840 {
841 .name = "no_tls1_3", 841 .name = "no_tls1_3",
842 .desc = "Just disable TLSv1.3", 842 .desc = "Just disable TLSv1.3",
843 .type = OPTION_VALUE_OR, 843 .type = OPTION_VALUE_OR,
844 .opt.value = &s_server_config.off, 844 .opt.value = &cfg.off,
845 .value = SSL_OP_NO_TLSv1_3, 845 .value = SSL_OP_NO_TLSv1_3,
846 }, 846 },
847 { 847 {
@@ -852,14 +852,14 @@ static const struct option s_server_options[] = {
852 .name = "nocert", 852 .name = "nocert",
853 .desc = "Don't use any certificates (Anon-DH)", 853 .desc = "Don't use any certificates (Anon-DH)",
854 .type = OPTION_FLAG, 854 .type = OPTION_FLAG,
855 .opt.flag = &s_server_config.nocert, 855 .opt.flag = &cfg.nocert,
856 }, 856 },
857 { 857 {
858 .name = "pass", 858 .name = "pass",
859 .argname = "arg", 859 .argname = "arg",
860 .desc = "Private key file pass phrase source", 860 .desc = "Private key file pass phrase source",
861 .type = OPTION_ARG, 861 .type = OPTION_ARG,
862 .opt.arg = &s_server_config.passarg, 862 .opt.arg = &cfg.passarg,
863 }, 863 },
864 { 864 {
865 .name = "port", 865 .name = "port",
@@ -871,40 +871,40 @@ static const struct option s_server_options[] = {
871 .name = "quiet", 871 .name = "quiet",
872 .desc = "Inhibit printing of session and certificate information", 872 .desc = "Inhibit printing of session and certificate information",
873 .type = OPTION_FLAG, 873 .type = OPTION_FLAG,
874 .opt.flag = &s_server_config.quiet, 874 .opt.flag = &cfg.quiet,
875 }, 875 },
876 { 876 {
877 .name = "servername", 877 .name = "servername",
878 .argname = "name", 878 .argname = "name",
879 .desc = "Servername for HostName TLS extension", 879 .desc = "Servername for HostName TLS extension",
880 .type = OPTION_ARG, 880 .type = OPTION_ARG,
881 .opt.arg = &s_server_config.tlsextcbp.servername, 881 .opt.arg = &cfg.tlsextcbp.servername,
882 }, 882 },
883 { 883 {
884 .name = "servername_fatal", 884 .name = "servername_fatal",
885 .desc = "On mismatch send fatal alert (default warning alert)", 885 .desc = "On mismatch send fatal alert (default warning alert)",
886 .type = OPTION_VALUE, 886 .type = OPTION_VALUE,
887 .opt.value = &s_server_config.tlsextcbp.extension_error, 887 .opt.value = &cfg.tlsextcbp.extension_error,
888 .value = SSL_TLSEXT_ERR_ALERT_FATAL, 888 .value = SSL_TLSEXT_ERR_ALERT_FATAL,
889 }, 889 },
890 { 890 {
891 .name = "serverpref", 891 .name = "serverpref",
892 .desc = "Use server's cipher preferences", 892 .desc = "Use server's cipher preferences",
893 .type = OPTION_VALUE_OR, 893 .type = OPTION_VALUE_OR,
894 .opt.value = &s_server_config.off, 894 .opt.value = &cfg.off,
895 .value = SSL_OP_CIPHER_SERVER_PREFERENCE, 895 .value = SSL_OP_CIPHER_SERVER_PREFERENCE,
896 }, 896 },
897 { 897 {
898 .name = "state", 898 .name = "state",
899 .desc = "Print the SSL states", 899 .desc = "Print the SSL states",
900 .type = OPTION_FLAG, 900 .type = OPTION_FLAG,
901 .opt.flag = &s_server_config.state, 901 .opt.flag = &cfg.state,
902 }, 902 },
903 { 903 {
904 .name = "status", 904 .name = "status",
905 .desc = "Respond to certificate status requests", 905 .desc = "Respond to certificate status requests",
906 .type = OPTION_FLAG, 906 .type = OPTION_FLAG,
907 .opt.flag = &s_server_config.tlsextstatus, 907 .opt.flag = &cfg.tlsextstatus,
908 }, 908 },
909 { 909 {
910 .name = "status_timeout", 910 .name = "status_timeout",
@@ -931,7 +931,7 @@ static const struct option s_server_options[] = {
931 .name = "timeout", 931 .name = "timeout",
932 .desc = "Enable timeouts", 932 .desc = "Enable timeouts",
933 .type = OPTION_FLAG, 933 .type = OPTION_FLAG,
934 .opt.flag = &s_server_config.enable_timeouts, 934 .opt.flag = &cfg.enable_timeouts,
935 }, 935 },
936#endif 936#endif
937 { 937 {
@@ -962,7 +962,7 @@ static const struct option s_server_options[] = {
962 .name = "tlsextdebug", 962 .name = "tlsextdebug",
963 .desc = "Hex dump of all TLS extensions received", 963 .desc = "Hex dump of all TLS extensions received",
964 .type = OPTION_FLAG, 964 .type = OPTION_FLAG,
965 .opt.flag = &s_server_config.tlsextdebug, 965 .opt.flag = &cfg.tlsextdebug,
966 }, 966 },
967#ifndef OPENSSL_NO_SRTP 967#ifndef OPENSSL_NO_SRTP
968 { 968 {
@@ -970,7 +970,7 @@ static const struct option s_server_options[] = {
970 .argname = "profiles", 970 .argname = "profiles",
971 .desc = "Offer SRTP key management with a colon-separated profile list", 971 .desc = "Offer SRTP key management with a colon-separated profile list",
972 .type = OPTION_ARG, 972 .type = OPTION_ARG,
973 .opt.arg = &s_server_config.srtp_profiles, 973 .opt.arg = &cfg.srtp_profiles,
974 }, 974 },
975#endif 975#endif
976 { 976 {
@@ -997,14 +997,14 @@ static const struct option s_server_options[] = {
997 .name = "WWW", 997 .name = "WWW",
998 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", 998 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>",
999 .type = OPTION_VALUE, 999 .type = OPTION_VALUE,
1000 .opt.value = &s_server_config.www, 1000 .opt.value = &cfg.www,
1001 .value = 2, 1001 .value = 2,
1002 }, 1002 },
1003 { 1003 {
1004 .name = "www", 1004 .name = "www",
1005 .desc = "Respond to a 'GET /' with a status page", 1005 .desc = "Respond to a 'GET /' with a status page",
1006 .type = OPTION_VALUE, 1006 .type = OPTION_VALUE,
1007 .opt.value = &s_server_config.www, 1007 .opt.value = &cfg.www,
1008 .value = 1, 1008 .value = 1,
1009 }, 1009 },
1010 { 1010 {
@@ -1020,24 +1020,24 @@ static void
1020s_server_init(void) 1020s_server_init(void)
1021{ 1021{
1022 accept_socket = -1; 1022 accept_socket = -1;
1023 s_server_config.cipher = NULL; 1023 cfg.cipher = NULL;
1024 s_server_config.server_verify = SSL_VERIFY_NONE; 1024 cfg.server_verify = SSL_VERIFY_NONE;
1025 s_server_config.dcert_file = NULL; 1025 cfg.dcert_file = NULL;
1026 s_server_config.dkey_file = NULL; 1026 cfg.dkey_file = NULL;
1027 s_server_config.cert_file = TEST_CERT; 1027 cfg.cert_file = TEST_CERT;
1028 s_server_config.key_file = NULL; 1028 cfg.key_file = NULL;
1029 s_server_config.cert_file2 = TEST_CERT2; 1029 cfg.cert_file2 = TEST_CERT2;
1030 s_server_config.key_file2 = NULL; 1030 cfg.key_file2 = NULL;
1031 ctx2 = NULL; 1031 ctx2 = NULL;
1032 s_server_config.nbio = 0; 1032 cfg.nbio = 0;
1033 s_server_config.nbio_test = 0; 1033 cfg.nbio_test = 0;
1034 ctx = NULL; 1034 ctx = NULL;
1035 s_server_config.www = 0; 1035 cfg.www = 0;
1036 1036
1037 bio_s_out = NULL; 1037 bio_s_out = NULL;
1038 s_server_config.debug = 0; 1038 cfg.debug = 0;
1039 s_server_config.msg = 0; 1039 cfg.msg = 0;
1040 s_server_config.quiet = 0; 1040 cfg.quiet = 0;
1041} 1041}
1042 1042
1043static void 1043static void
@@ -1086,21 +1086,21 @@ s_server_main(int argc, char *argv[])
1086 exit(1); 1086 exit(1);
1087 } 1087 }
1088 1088
1089 memset(&s_server_config, 0, sizeof(s_server_config)); 1089 memset(&cfg, 0, sizeof(cfg));
1090 s_server_config.keymatexportlen = 20; 1090 cfg.keymatexportlen = 20;
1091 s_server_config.meth = TLS_server_method(); 1091 cfg.meth = TLS_server_method();
1092 s_server_config.naccept = -1; 1092 cfg.naccept = -1;
1093 s_server_config.port = PORT; 1093 cfg.port = PORT;
1094 s_server_config.cert_file = TEST_CERT; 1094 cfg.cert_file = TEST_CERT;
1095 s_server_config.cert_file2 = TEST_CERT2; 1095 cfg.cert_file2 = TEST_CERT2;
1096 s_server_config.cert_format = FORMAT_PEM; 1096 cfg.cert_format = FORMAT_PEM;
1097 s_server_config.dcert_format = FORMAT_PEM; 1097 cfg.dcert_format = FORMAT_PEM;
1098 s_server_config.dkey_format = FORMAT_PEM; 1098 cfg.dkey_format = FORMAT_PEM;
1099 s_server_config.key_format = FORMAT_PEM; 1099 cfg.key_format = FORMAT_PEM;
1100 s_server_config.server_verify = SSL_VERIFY_NONE; 1100 cfg.server_verify = SSL_VERIFY_NONE;
1101 s_server_config.socket_type = SOCK_STREAM; 1101 cfg.socket_type = SOCK_STREAM;
1102 s_server_config.tlscstatp.timeout = -1; 1102 cfg.tlscstatp.timeout = -1;
1103 s_server_config.tlsextcbp.extension_error = 1103 cfg.tlsextcbp.extension_error =
1104 SSL_TLSEXT_ERR_ALERT_WARNING; 1104 SSL_TLSEXT_ERR_ALERT_WARNING;
1105 1105
1106 local_argc = argc; 1106 local_argc = argc;
@@ -1111,47 +1111,47 @@ s_server_main(int argc, char *argv[])
1111 verify_depth = 0; 1111 verify_depth = 0;
1112 1112
1113 if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) { 1113 if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) {
1114 if (s_server_config.errstr == NULL) 1114 if (cfg.errstr == NULL)
1115 sv_usage(); 1115 sv_usage();
1116 goto end; 1116 goto end;
1117 } 1117 }
1118 1118
1119 if (!app_passwd(bio_err, s_server_config.passarg, 1119 if (!app_passwd(bio_err, cfg.passarg,
1120 s_server_config.dpassarg, &pass, &dpass)) { 1120 cfg.dpassarg, &pass, &dpass)) {
1121 BIO_printf(bio_err, "Error getting password\n"); 1121 BIO_printf(bio_err, "Error getting password\n");
1122 goto end; 1122 goto end;
1123 } 1123 }
1124 if (s_server_config.key_file == NULL) 1124 if (cfg.key_file == NULL)
1125 s_server_config.key_file = s_server_config.cert_file; 1125 cfg.key_file = cfg.cert_file;
1126 if (s_server_config.key_file2 == NULL) 1126 if (cfg.key_file2 == NULL)
1127 s_server_config.key_file2 = s_server_config.cert_file2; 1127 cfg.key_file2 = cfg.cert_file2;
1128 1128
1129 if (s_server_config.nocert == 0) { 1129 if (cfg.nocert == 0) {
1130 s_key = load_key(bio_err, s_server_config.key_file, 1130 s_key = load_key(bio_err, cfg.key_file,
1131 s_server_config.key_format, 0, pass, 1131 cfg.key_format, 0, pass,
1132 "server certificate private key file"); 1132 "server certificate private key file");
1133 if (!s_key) { 1133 if (!s_key) {
1134 ERR_print_errors(bio_err); 1134 ERR_print_errors(bio_err);
1135 goto end; 1135 goto end;
1136 } 1136 }
1137 s_cert = load_cert(bio_err, s_server_config.cert_file, 1137 s_cert = load_cert(bio_err, cfg.cert_file,
1138 s_server_config.cert_format, 1138 cfg.cert_format,
1139 NULL, "server certificate file"); 1139 NULL, "server certificate file");
1140 1140
1141 if (!s_cert) { 1141 if (!s_cert) {
1142 ERR_print_errors(bio_err); 1142 ERR_print_errors(bio_err);
1143 goto end; 1143 goto end;
1144 } 1144 }
1145 if (s_server_config.tlsextcbp.servername) { 1145 if (cfg.tlsextcbp.servername) {
1146 s_key2 = load_key(bio_err, s_server_config.key_file2, 1146 s_key2 = load_key(bio_err, cfg.key_file2,
1147 s_server_config.key_format, 0, pass, 1147 cfg.key_format, 0, pass,
1148 "second server certificate private key file"); 1148 "second server certificate private key file");
1149 if (!s_key2) { 1149 if (!s_key2) {
1150 ERR_print_errors(bio_err); 1150 ERR_print_errors(bio_err);
1151 goto end; 1151 goto end;
1152 } 1152 }
1153 s_cert2 = load_cert(bio_err, s_server_config.cert_file2, 1153 s_cert2 = load_cert(bio_err, cfg.cert_file2,
1154 s_server_config.cert_format, 1154 cfg.cert_format,
1155 NULL, "second server certificate file"); 1155 NULL, "second server certificate file");
1156 1156
1157 if (!s_cert2) { 1157 if (!s_cert2) {
@@ -1161,29 +1161,29 @@ s_server_main(int argc, char *argv[])
1161 } 1161 }
1162 } 1162 }
1163 alpn_ctx.data = NULL; 1163 alpn_ctx.data = NULL;
1164 if (s_server_config.alpn_in) { 1164 if (cfg.alpn_in) {
1165 unsigned short len; 1165 unsigned short len;
1166 alpn_ctx.data = next_protos_parse(&len, 1166 alpn_ctx.data = next_protos_parse(&len,
1167 s_server_config.alpn_in); 1167 cfg.alpn_in);
1168 if (alpn_ctx.data == NULL) 1168 if (alpn_ctx.data == NULL)
1169 goto end; 1169 goto end;
1170 alpn_ctx.len = len; 1170 alpn_ctx.len = len;
1171 } 1171 }
1172 1172
1173 if (s_server_config.dcert_file) { 1173 if (cfg.dcert_file) {
1174 1174
1175 if (s_server_config.dkey_file == NULL) 1175 if (cfg.dkey_file == NULL)
1176 s_server_config.dkey_file = s_server_config.dcert_file; 1176 cfg.dkey_file = cfg.dcert_file;
1177 1177
1178 s_dkey = load_key(bio_err, s_server_config.dkey_file, 1178 s_dkey = load_key(bio_err, cfg.dkey_file,
1179 s_server_config.dkey_format, 1179 cfg.dkey_format,
1180 0, dpass, "second certificate private key file"); 1180 0, dpass, "second certificate private key file");
1181 if (!s_dkey) { 1181 if (!s_dkey) {
1182 ERR_print_errors(bio_err); 1182 ERR_print_errors(bio_err);
1183 goto end; 1183 goto end;
1184 } 1184 }
1185 s_dcert = load_cert(bio_err, s_server_config.dcert_file, 1185 s_dcert = load_cert(bio_err, cfg.dcert_file,
1186 s_server_config.dcert_format, 1186 cfg.dcert_format,
1187 NULL, "second server certificate file"); 1187 NULL, "second server certificate file");
1188 1188
1189 if (!s_dcert) { 1189 if (!s_dcert) {
@@ -1192,23 +1192,23 @@ s_server_main(int argc, char *argv[])
1192 } 1192 }
1193 } 1193 }
1194 if (bio_s_out == NULL) { 1194 if (bio_s_out == NULL) {
1195 if (s_server_config.quiet && !s_server_config.debug && 1195 if (cfg.quiet && !cfg.debug &&
1196 !s_server_config.msg) { 1196 !cfg.msg) {
1197 bio_s_out = BIO_new(BIO_s_null()); 1197 bio_s_out = BIO_new(BIO_s_null());
1198 } else { 1198 } else {
1199 if (bio_s_out == NULL) 1199 if (bio_s_out == NULL)
1200 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE); 1200 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
1201 } 1201 }
1202 } 1202 }
1203 if (s_server_config.nocert) { 1203 if (cfg.nocert) {
1204 s_server_config.cert_file = NULL; 1204 cfg.cert_file = NULL;
1205 s_server_config.key_file = NULL; 1205 cfg.key_file = NULL;
1206 s_server_config.dcert_file = NULL; 1206 cfg.dcert_file = NULL;
1207 s_server_config.dkey_file = NULL; 1207 cfg.dkey_file = NULL;
1208 s_server_config.cert_file2 = NULL; 1208 cfg.cert_file2 = NULL;
1209 s_server_config.key_file2 = NULL; 1209 cfg.key_file2 = NULL;
1210 } 1210 }
1211 ctx = SSL_CTX_new(s_server_config.meth); 1211 ctx = SSL_CTX_new(cfg.meth);
1212 if (ctx == NULL) { 1212 if (ctx == NULL) {
1213 ERR_print_errors(bio_err); 1213 ERR_print_errors(bio_err);
1214 goto end; 1214 goto end;
@@ -1216,16 +1216,16 @@ s_server_main(int argc, char *argv[])
1216 1216
1217 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); 1217 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
1218 1218
1219 if (!SSL_CTX_set_min_proto_version(ctx, s_server_config.min_version)) 1219 if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version))
1220 goto end; 1220 goto end;
1221 if (!SSL_CTX_set_max_proto_version(ctx, s_server_config.max_version)) 1221 if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version))
1222 goto end; 1222 goto end;
1223 1223
1224 if (s_server_config.session_id_prefix) { 1224 if (cfg.session_id_prefix) {
1225 if (strlen(s_server_config.session_id_prefix) >= 32) 1225 if (strlen(cfg.session_id_prefix) >= 32)
1226 BIO_printf(bio_err, 1226 BIO_printf(bio_err,
1227 "warning: id_prefix is too long, only one new session will be possible\n"); 1227 "warning: id_prefix is too long, only one new session will be possible\n");
1228 else if (strlen(s_server_config.session_id_prefix) >= 16) 1228 else if (strlen(cfg.session_id_prefix) >= 16)
1229 BIO_printf(bio_err, 1229 BIO_printf(bio_err,
1230 "warning: id_prefix is too long if you use SSLv2\n"); 1230 "warning: id_prefix is too long if you use SSLv2\n");
1231 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { 1231 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
@@ -1234,58 +1234,58 @@ s_server_main(int argc, char *argv[])
1234 goto end; 1234 goto end;
1235 } 1235 }
1236 BIO_printf(bio_err, "id_prefix '%s' set.\n", 1236 BIO_printf(bio_err, "id_prefix '%s' set.\n",
1237 s_server_config.session_id_prefix); 1237 cfg.session_id_prefix);
1238 } 1238 }
1239 SSL_CTX_set_quiet_shutdown(ctx, 1); 1239 SSL_CTX_set_quiet_shutdown(ctx, 1);
1240 if (s_server_config.bugs) 1240 if (cfg.bugs)
1241 SSL_CTX_set_options(ctx, SSL_OP_ALL); 1241 SSL_CTX_set_options(ctx, SSL_OP_ALL);
1242 SSL_CTX_set_options(ctx, s_server_config.off); 1242 SSL_CTX_set_options(ctx, cfg.off);
1243 1243
1244 if (s_server_config.state) 1244 if (cfg.state)
1245 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 1245 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1246 if (s_server_config.no_cache) 1246 if (cfg.no_cache)
1247 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 1247 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
1248 else 1248 else
1249 SSL_CTX_sess_set_cache_size(ctx, 128); 1249 SSL_CTX_sess_set_cache_size(ctx, 128);
1250 1250
1251#ifndef OPENSSL_NO_SRTP 1251#ifndef OPENSSL_NO_SRTP
1252 if (s_server_config.srtp_profiles != NULL) 1252 if (cfg.srtp_profiles != NULL)
1253 SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); 1253 SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles);
1254#endif 1254#endif
1255 1255
1256 if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, 1256 if ((!SSL_CTX_load_verify_locations(ctx, cfg.CAfile,
1257 s_server_config.CApath)) || 1257 cfg.CApath)) ||
1258 (!SSL_CTX_set_default_verify_paths(ctx))) { 1258 (!SSL_CTX_set_default_verify_paths(ctx))) {
1259 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ 1259 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
1260 ERR_print_errors(bio_err); 1260 ERR_print_errors(bio_err);
1261 /* goto end; */ 1261 /* goto end; */
1262 } 1262 }
1263 if (s_server_config.vpm) 1263 if (cfg.vpm)
1264 SSL_CTX_set1_param(ctx, s_server_config.vpm); 1264 SSL_CTX_set1_param(ctx, cfg.vpm);
1265 1265
1266 if (s_cert2) { 1266 if (s_cert2) {
1267 ctx2 = SSL_CTX_new(s_server_config.meth); 1267 ctx2 = SSL_CTX_new(cfg.meth);
1268 if (ctx2 == NULL) { 1268 if (ctx2 == NULL) {
1269 ERR_print_errors(bio_err); 1269 ERR_print_errors(bio_err);
1270 goto end; 1270 goto end;
1271 } 1271 }
1272 1272
1273 if (!SSL_CTX_set_min_proto_version(ctx2, 1273 if (!SSL_CTX_set_min_proto_version(ctx2,
1274 s_server_config.min_version)) 1274 cfg.min_version))
1275 goto end; 1275 goto end;
1276 if (!SSL_CTX_set_max_proto_version(ctx2, 1276 if (!SSL_CTX_set_max_proto_version(ctx2,
1277 s_server_config.max_version)) 1277 cfg.max_version))
1278 goto end; 1278 goto end;
1279 SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); 1279 SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY);
1280 } 1280 }
1281 if (ctx2) { 1281 if (ctx2) {
1282 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); 1282 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
1283 1283
1284 if (s_server_config.session_id_prefix) { 1284 if (cfg.session_id_prefix) {
1285 if (strlen(s_server_config.session_id_prefix) >= 32) 1285 if (strlen(cfg.session_id_prefix) >= 32)
1286 BIO_printf(bio_err, 1286 BIO_printf(bio_err,
1287 "warning: id_prefix is too long, only one new session will be possible\n"); 1287 "warning: id_prefix is too long, only one new session will be possible\n");
1288 else if (strlen(s_server_config.session_id_prefix) >= 16) 1288 else if (strlen(cfg.session_id_prefix) >= 16)
1289 BIO_printf(bio_err, 1289 BIO_printf(bio_err,
1290 "warning: id_prefix is too long if you use SSLv2\n"); 1290 "warning: id_prefix is too long if you use SSLv2\n");
1291 if (!SSL_CTX_set_generate_session_id(ctx2, 1291 if (!SSL_CTX_set_generate_session_id(ctx2,
@@ -1296,48 +1296,48 @@ s_server_main(int argc, char *argv[])
1296 goto end; 1296 goto end;
1297 } 1297 }
1298 BIO_printf(bio_err, "id_prefix '%s' set.\n", 1298 BIO_printf(bio_err, "id_prefix '%s' set.\n",
1299 s_server_config.session_id_prefix); 1299 cfg.session_id_prefix);
1300 } 1300 }
1301 SSL_CTX_set_quiet_shutdown(ctx2, 1); 1301 SSL_CTX_set_quiet_shutdown(ctx2, 1);
1302 if (s_server_config.bugs) 1302 if (cfg.bugs)
1303 SSL_CTX_set_options(ctx2, SSL_OP_ALL); 1303 SSL_CTX_set_options(ctx2, SSL_OP_ALL);
1304 SSL_CTX_set_options(ctx2, s_server_config.off); 1304 SSL_CTX_set_options(ctx2, cfg.off);
1305 1305
1306 if (s_server_config.state) 1306 if (cfg.state)
1307 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); 1307 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
1308 1308
1309 if (s_server_config.no_cache) 1309 if (cfg.no_cache)
1310 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); 1310 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
1311 else 1311 else
1312 SSL_CTX_sess_set_cache_size(ctx2, 128); 1312 SSL_CTX_sess_set_cache_size(ctx2, 128);
1313 1313
1314 if ((!SSL_CTX_load_verify_locations(ctx2, 1314 if ((!SSL_CTX_load_verify_locations(ctx2,
1315 s_server_config.CAfile, s_server_config.CApath)) || 1315 cfg.CAfile, cfg.CApath)) ||
1316 (!SSL_CTX_set_default_verify_paths(ctx2))) { 1316 (!SSL_CTX_set_default_verify_paths(ctx2))) {
1317 ERR_print_errors(bio_err); 1317 ERR_print_errors(bio_err);
1318 } 1318 }
1319 if (s_server_config.vpm) 1319 if (cfg.vpm)
1320 SSL_CTX_set1_param(ctx2, s_server_config.vpm); 1320 SSL_CTX_set1_param(ctx2, cfg.vpm);
1321 } 1321 }
1322 if (alpn_ctx.data) 1322 if (alpn_ctx.data)
1323 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); 1323 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
1324 1324
1325 if (s_server_config.groups_in != NULL) { 1325 if (cfg.groups_in != NULL) {
1326 if (SSL_CTX_set1_groups_list(ctx, s_server_config.groups_in) != 1) { 1326 if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) {
1327 BIO_printf(bio_err, "Failed to set groups '%s'\n", 1327 BIO_printf(bio_err, "Failed to set groups '%s'\n",
1328 s_server_config.groups_in); 1328 cfg.groups_in);
1329 goto end; 1329 goto end;
1330 } 1330 }
1331 } 1331 }
1332 1332
1333#ifndef OPENSSL_NO_DH 1333#ifndef OPENSSL_NO_DH
1334 if (!s_server_config.no_dhe) { 1334 if (!cfg.no_dhe) {
1335 DH *dh = NULL; 1335 DH *dh = NULL;
1336 1336
1337 if (s_server_config.dhfile) 1337 if (cfg.dhfile)
1338 dh = load_dh_param(s_server_config.dhfile); 1338 dh = load_dh_param(cfg.dhfile);
1339 else if (s_server_config.cert_file) 1339 else if (cfg.cert_file)
1340 dh = load_dh_param(s_server_config.cert_file); 1340 dh = load_dh_param(cfg.cert_file);
1341 1341
1342 if (dh != NULL) 1342 if (dh != NULL)
1343 BIO_printf(bio_s_out, "Setting temp DH parameters\n"); 1343 BIO_printf(bio_s_out, "Setting temp DH parameters\n");
@@ -1356,12 +1356,12 @@ s_server_main(int argc, char *argv[])
1356 } 1356 }
1357 1357
1358 if (ctx2) { 1358 if (ctx2) {
1359 if (!s_server_config.dhfile) { 1359 if (!cfg.dhfile) {
1360 DH *dh2 = NULL; 1360 DH *dh2 = NULL;
1361 1361
1362 if (s_server_config.cert_file2 != NULL) 1362 if (cfg.cert_file2 != NULL)
1363 dh2 = load_dh_param( 1363 dh2 = load_dh_param(
1364 s_server_config.cert_file2); 1364 cfg.cert_file2);
1365 if (dh2 != NULL) { 1365 if (dh2 != NULL) {
1366 BIO_printf(bio_s_out, 1366 BIO_printf(bio_s_out,
1367 "Setting temp DH parameters\n"); 1367 "Setting temp DH parameters\n");
@@ -1385,18 +1385,18 @@ s_server_main(int argc, char *argv[])
1385 } 1385 }
1386#endif 1386#endif
1387 1387
1388 if (!s_server_config.no_ecdhe && s_server_config.named_curve != NULL) { 1388 if (!cfg.no_ecdhe && cfg.named_curve != NULL) {
1389 EC_KEY *ecdh = NULL; 1389 EC_KEY *ecdh = NULL;
1390 int nid; 1390 int nid;
1391 1391
1392 if ((nid = OBJ_sn2nid(s_server_config.named_curve)) == 0) { 1392 if ((nid = OBJ_sn2nid(cfg.named_curve)) == 0) {
1393 BIO_printf(bio_err, "unknown curve name (%s)\n", 1393 BIO_printf(bio_err, "unknown curve name (%s)\n",
1394 s_server_config.named_curve); 1394 cfg.named_curve);
1395 goto end; 1395 goto end;
1396 } 1396 }
1397 if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) { 1397 if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
1398 BIO_printf(bio_err, "unable to create curve (%s)\n", 1398 BIO_printf(bio_err, "unable to create curve (%s)\n",
1399 s_server_config.named_curve); 1399 cfg.named_curve);
1400 goto end; 1400 goto end;
1401 } 1401 }
1402 BIO_printf(bio_s_out, "Setting temp ECDH parameters\n"); 1402 BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
@@ -1417,20 +1417,20 @@ s_server_main(int argc, char *argv[])
1417 goto end; 1417 goto end;
1418 } 1418 }
1419 1419
1420 if (s_server_config.cipher != NULL) { 1420 if (cfg.cipher != NULL) {
1421 if (!SSL_CTX_set_cipher_list(ctx, s_server_config.cipher)) { 1421 if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) {
1422 BIO_printf(bio_err, "error setting cipher list\n"); 1422 BIO_printf(bio_err, "error setting cipher list\n");
1423 ERR_print_errors(bio_err); 1423 ERR_print_errors(bio_err);
1424 goto end; 1424 goto end;
1425 } 1425 }
1426 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, 1426 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,
1427 s_server_config.cipher)) { 1427 cfg.cipher)) {
1428 BIO_printf(bio_err, "error setting cipher list\n"); 1428 BIO_printf(bio_err, "error setting cipher list\n");
1429 ERR_print_errors(bio_err); 1429 ERR_print_errors(bio_err);
1430 goto end; 1430 goto end;
1431 } 1431 }
1432 } 1432 }
1433 SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); 1433 SSL_CTX_set_verify(ctx, cfg.server_verify, verify_callback);
1434 SSL_CTX_set_session_id_context(ctx, 1434 SSL_CTX_set_session_id_context(ctx,
1435 (void *) &s_server_session_id_context, 1435 (void *) &s_server_session_id_context,
1436 sizeof s_server_session_id_context); 1436 sizeof s_server_session_id_context);
@@ -1440,38 +1440,38 @@ s_server_main(int argc, char *argv[])
1440 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); 1440 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
1441 1441
1442 if (ctx2) { 1442 if (ctx2) {
1443 SSL_CTX_set_verify(ctx2, s_server_config.server_verify, 1443 SSL_CTX_set_verify(ctx2, cfg.server_verify,
1444 verify_callback); 1444 verify_callback);
1445 SSL_CTX_set_session_id_context(ctx2, 1445 SSL_CTX_set_session_id_context(ctx2,
1446 (void *) &s_server_session_id_context, 1446 (void *) &s_server_session_id_context,
1447 sizeof s_server_session_id_context); 1447 sizeof s_server_session_id_context);
1448 1448
1449 s_server_config.tlsextcbp.biodebug = bio_s_out; 1449 cfg.tlsextcbp.biodebug = bio_s_out;
1450 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); 1450 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
1451 SSL_CTX_set_tlsext_servername_arg(ctx2, 1451 SSL_CTX_set_tlsext_servername_arg(ctx2,
1452 &s_server_config.tlsextcbp); 1452 &cfg.tlsextcbp);
1453 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1453 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1454 SSL_CTX_set_tlsext_servername_arg(ctx, 1454 SSL_CTX_set_tlsext_servername_arg(ctx,
1455 &s_server_config.tlsextcbp); 1455 &cfg.tlsextcbp);
1456 } 1456 }
1457 1457
1458 if (s_server_config.CAfile != NULL) { 1458 if (cfg.CAfile != NULL) {
1459 SSL_CTX_set_client_CA_list(ctx, 1459 SSL_CTX_set_client_CA_list(ctx,
1460 SSL_load_client_CA_file(s_server_config.CAfile)); 1460 SSL_load_client_CA_file(cfg.CAfile));
1461 if (ctx2) 1461 if (ctx2)
1462 SSL_CTX_set_client_CA_list(ctx2, 1462 SSL_CTX_set_client_CA_list(ctx2,
1463 SSL_load_client_CA_file(s_server_config.CAfile)); 1463 SSL_load_client_CA_file(cfg.CAfile));
1464 } 1464 }
1465 BIO_printf(bio_s_out, "ACCEPT\n"); 1465 BIO_printf(bio_s_out, "ACCEPT\n");
1466 (void) BIO_flush(bio_s_out); 1466 (void) BIO_flush(bio_s_out);
1467 if (s_server_config.www) 1467 if (cfg.www)
1468 do_server(s_server_config.port, s_server_config.socket_type, 1468 do_server(cfg.port, cfg.socket_type,
1469 &accept_socket, www_body, s_server_config.context, 1469 &accept_socket, www_body, cfg.context,
1470 s_server_config.naccept); 1470 cfg.naccept);
1471 else 1471 else
1472 do_server(s_server_config.port, s_server_config.socket_type, 1472 do_server(cfg.port, cfg.socket_type,
1473 &accept_socket, sv_body, s_server_config.context, 1473 &accept_socket, sv_body, cfg.context,
1474 s_server_config.naccept); 1474 cfg.naccept);
1475 print_stats(bio_s_out, ctx); 1475 print_stats(bio_s_out, ctx);
1476 ret = 0; 1476 ret = 0;
1477 end: 1477 end:
@@ -1482,10 +1482,10 @@ s_server_main(int argc, char *argv[])
1482 EVP_PKEY_free(s_dkey); 1482 EVP_PKEY_free(s_dkey);
1483 free(pass); 1483 free(pass);
1484 free(dpass); 1484 free(dpass);
1485 X509_VERIFY_PARAM_free(s_server_config.vpm); 1485 X509_VERIFY_PARAM_free(cfg.vpm);
1486 free(s_server_config.tlscstatp.host); 1486 free(cfg.tlscstatp.host);
1487 free(s_server_config.tlscstatp.port); 1487 free(cfg.tlscstatp.port);
1488 free(s_server_config.tlscstatp.path); 1488 free(cfg.tlscstatp.path);
1489 SSL_CTX_free(ctx2); 1489 SSL_CTX_free(ctx2);
1490 X509_free(s_cert2); 1490 X509_free(s_cert2);
1491 EVP_PKEY_free(s_key2); 1491 EVP_PKEY_free(s_key2);
@@ -1543,8 +1543,8 @@ sv_body(int s, unsigned char *context)
1543 BIO_printf(bio_err, "out of memory\n"); 1543 BIO_printf(bio_err, "out of memory\n");
1544 goto err; 1544 goto err;
1545 } 1545 }
1546 if (s_server_config.nbio) { 1546 if (cfg.nbio) {
1547 if (!s_server_config.quiet) 1547 if (!cfg.quiet)
1548 BIO_printf(bio_err, "turning on non blocking io\n"); 1548 BIO_printf(bio_err, "turning on non blocking io\n");
1549 if (!BIO_socket_nbio(s, 1)) 1549 if (!BIO_socket_nbio(s, 1))
1550 ERR_print_errors(bio_err); 1550 ERR_print_errors(bio_err);
@@ -1552,15 +1552,15 @@ sv_body(int s, unsigned char *context)
1552 1552
1553 if (con == NULL) { 1553 if (con == NULL) {
1554 con = SSL_new(ctx); 1554 con = SSL_new(ctx);
1555 if (s_server_config.tlsextdebug) { 1555 if (cfg.tlsextdebug) {
1556 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1556 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1557 SSL_set_tlsext_debug_arg(con, bio_s_out); 1557 SSL_set_tlsext_debug_arg(con, bio_s_out);
1558 } 1558 }
1559 if (s_server_config.tlsextstatus) { 1559 if (cfg.tlsextstatus) {
1560 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); 1560 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
1561 s_server_config.tlscstatp.err = bio_err; 1561 cfg.tlscstatp.err = bio_err;
1562 SSL_CTX_set_tlsext_status_arg(ctx, 1562 SSL_CTX_set_tlsext_status_arg(ctx,
1563 &s_server_config.tlscstatp); 1563 &cfg.tlscstatp);
1564 } 1564 }
1565 if (context) 1565 if (context)
1566 SSL_set_session_id_context(con, context, 1566 SSL_set_session_id_context(con, context,
@@ -1571,7 +1571,7 @@ sv_body(int s, unsigned char *context)
1571 if (SSL_is_dtls(con)) { 1571 if (SSL_is_dtls(con)) {
1572 sbio = BIO_new_dgram(s, BIO_NOCLOSE); 1572 sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1573 1573
1574 if (s_server_config.enable_timeouts) { 1574 if (cfg.enable_timeouts) {
1575 timeout.tv_sec = 0; 1575 timeout.tv_sec = 0;
1576 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 1576 timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1577 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, 1577 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0,
@@ -1582,9 +1582,9 @@ sv_body(int s, unsigned char *context)
1582 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, 1582 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0,
1583 &timeout); 1583 &timeout);
1584 } 1584 }
1585 if (s_server_config.socket_mtu > 28) { 1585 if (cfg.socket_mtu > 28) {
1586 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 1586 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1587 SSL_set_mtu(con, s_server_config.socket_mtu - 28); 1587 SSL_set_mtu(con, cfg.socket_mtu - 28);
1588 } else 1588 } else
1589 /* want to do MTU discovery */ 1589 /* want to do MTU discovery */
1590 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 1590 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
@@ -1594,7 +1594,7 @@ sv_body(int s, unsigned char *context)
1594 } else 1594 } else
1595 sbio = BIO_new_socket(s, BIO_NOCLOSE); 1595 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1596 1596
1597 if (s_server_config.nbio_test) { 1597 if (cfg.nbio_test) {
1598 BIO *test; 1598 BIO *test;
1599 1599
1600 test = BIO_new(BIO_f_nbio_test()); 1600 test = BIO_new(BIO_f_nbio_test());
@@ -1605,16 +1605,16 @@ sv_body(int s, unsigned char *context)
1605 SSL_set_accept_state(con); 1605 SSL_set_accept_state(con);
1606 /* SSL_set_fd(con,s); */ 1606 /* SSL_set_fd(con,s); */
1607 1607
1608 if (s_server_config.debug) { 1608 if (cfg.debug) {
1609 SSL_set_debug(con, 1); 1609 SSL_set_debug(con, 1);
1610 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 1610 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
1611 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); 1611 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
1612 } 1612 }
1613 if (s_server_config.msg) { 1613 if (cfg.msg) {
1614 SSL_set_msg_callback(con, msg_cb); 1614 SSL_set_msg_callback(con, msg_cb);
1615 SSL_set_msg_callback_arg(con, bio_s_out); 1615 SSL_set_msg_callback_arg(con, bio_s_out);
1616 } 1616 }
1617 if (s_server_config.tlsextdebug) { 1617 if (cfg.tlsextdebug) {
1618 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1618 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1619 SSL_set_tlsext_debug_arg(con, bio_s_out); 1619 SSL_set_tlsext_debug_arg(con, bio_s_out);
1620 } 1620 }
@@ -1660,7 +1660,7 @@ sv_body(int s, unsigned char *context)
1660 } 1660 }
1661 } 1661 }
1662 if (read_from_terminal) { 1662 if (read_from_terminal) {
1663 if (s_server_config.crlf) { 1663 if (cfg.crlf) {
1664 int j, lf_num; 1664 int j, lf_num;
1665 1665
1666 i = read(fileno(stdin), buf, bufsize / 2); 1666 i = read(fileno(stdin), buf, bufsize / 2);
@@ -1680,7 +1680,7 @@ sv_body(int s, unsigned char *context)
1680 assert(lf_num == 0); 1680 assert(lf_num == 0);
1681 } else 1681 } else
1682 i = read(fileno(stdin), buf, bufsize); 1682 i = read(fileno(stdin), buf, bufsize);
1683 if (!s_server_config.quiet) { 1683 if (!cfg.quiet) {
1684 if ((i <= 0) || (buf[0] == 'Q')) { 1684 if ((i <= 0) || (buf[0] == 'Q')) {
1685 BIO_printf(bio_s_out, "DONE\n"); 1685 BIO_printf(bio_s_out, "DONE\n");
1686 shutdown(s, SHUT_RD); 1686 shutdown(s, SHUT_RD);
@@ -1910,23 +1910,23 @@ init_ssl_connection(SSL *con)
1910 BIO_printf(bio_s_out, "Reused session-id\n"); 1910 BIO_printf(bio_s_out, "Reused session-id\n");
1911 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", 1911 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
1912 SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); 1912 SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
1913 if (s_server_config.keymatexportlabel != NULL) { 1913 if (cfg.keymatexportlabel != NULL) {
1914 BIO_printf(bio_s_out, "Keying material exporter:\n"); 1914 BIO_printf(bio_s_out, "Keying material exporter:\n");
1915 BIO_printf(bio_s_out, " Label: '%s'\n", 1915 BIO_printf(bio_s_out, " Label: '%s'\n",
1916 s_server_config.keymatexportlabel); 1916 cfg.keymatexportlabel);
1917 BIO_printf(bio_s_out, " Length: %i bytes\n", 1917 BIO_printf(bio_s_out, " Length: %i bytes\n",
1918 s_server_config.keymatexportlen); 1918 cfg.keymatexportlen);
1919 exportedkeymat = malloc(s_server_config.keymatexportlen); 1919 exportedkeymat = malloc(cfg.keymatexportlen);
1920 if (exportedkeymat != NULL) { 1920 if (exportedkeymat != NULL) {
1921 if (!SSL_export_keying_material(con, exportedkeymat, 1921 if (!SSL_export_keying_material(con, exportedkeymat,
1922 s_server_config.keymatexportlen, 1922 cfg.keymatexportlen,
1923 s_server_config.keymatexportlabel, 1923 cfg.keymatexportlabel,
1924 strlen(s_server_config.keymatexportlabel), 1924 strlen(cfg.keymatexportlabel),
1925 NULL, 0, 0)) { 1925 NULL, 0, 0)) {
1926 BIO_printf(bio_s_out, " Error\n"); 1926 BIO_printf(bio_s_out, " Error\n");
1927 } else { 1927 } else {
1928 BIO_printf(bio_s_out, " Keying material: "); 1928 BIO_printf(bio_s_out, " Keying material: ");
1929 for (i = 0; i < s_server_config.keymatexportlen; i++) 1929 for (i = 0; i < cfg.keymatexportlen; i++)
1930 BIO_printf(bio_s_out, "%02X", 1930 BIO_printf(bio_s_out, "%02X",
1931 exportedkeymat[i]); 1931 exportedkeymat[i]);
1932 BIO_printf(bio_s_out, "\n"); 1932 BIO_printf(bio_s_out, "\n");
@@ -1971,8 +1971,8 @@ www_body(int s, unsigned char *context)
1971 if ((io == NULL) || (ssl_bio == NULL)) 1971 if ((io == NULL) || (ssl_bio == NULL))
1972 goto err; 1972 goto err;
1973 1973
1974 if (s_server_config.nbio) { 1974 if (cfg.nbio) {
1975 if (!s_server_config.quiet) 1975 if (!cfg.quiet)
1976 BIO_printf(bio_err, "turning on non blocking io\n"); 1976 BIO_printf(bio_err, "turning on non blocking io\n");
1977 if (!BIO_socket_nbio(s, 1)) 1977 if (!BIO_socket_nbio(s, 1))
1978 ERR_print_errors(bio_err); 1978 ERR_print_errors(bio_err);
@@ -1984,7 +1984,7 @@ www_body(int s, unsigned char *context)
1984 1984
1985 if ((con = SSL_new(ctx)) == NULL) 1985 if ((con = SSL_new(ctx)) == NULL)
1986 goto err; 1986 goto err;
1987 if (s_server_config.tlsextdebug) { 1987 if (cfg.tlsextdebug) {
1988 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1988 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1989 SSL_set_tlsext_debug_arg(con, bio_s_out); 1989 SSL_set_tlsext_debug_arg(con, bio_s_out);
1990 } 1990 }
@@ -1993,7 +1993,7 @@ www_body(int s, unsigned char *context)
1993 strlen((char *) context)); 1993 strlen((char *) context));
1994 1994
1995 sbio = BIO_new_socket(s, BIO_NOCLOSE); 1995 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1996 if (s_server_config.nbio_test) { 1996 if (cfg.nbio_test) {
1997 BIO *test; 1997 BIO *test;
1998 1998
1999 test = BIO_new(BIO_f_nbio_test()); 1999 test = BIO_new(BIO_f_nbio_test());
@@ -2006,12 +2006,12 @@ www_body(int s, unsigned char *context)
2006 BIO_set_ssl(ssl_bio, con, BIO_CLOSE); 2006 BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
2007 BIO_push(io, ssl_bio); 2007 BIO_push(io, ssl_bio);
2008 2008
2009 if (s_server_config.debug) { 2009 if (cfg.debug) {
2010 SSL_set_debug(con, 1); 2010 SSL_set_debug(con, 1);
2011 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 2011 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
2012 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); 2012 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
2013 } 2013 }
2014 if (s_server_config.msg) { 2014 if (cfg.msg) {
2015 SSL_set_msg_callback(con, msg_cb); 2015 SSL_set_msg_callback(con, msg_cb);
2016 SSL_set_msg_callback_arg(con, bio_s_out); 2016 SSL_set_msg_callback_arg(con, bio_s_out);
2017 } 2017 }
@@ -2019,11 +2019,11 @@ www_body(int s, unsigned char *context)
2019 i = BIO_gets(io, buf, bufsize - 1); 2019 i = BIO_gets(io, buf, bufsize - 1);
2020 if (i < 0) { /* error */ 2020 if (i < 0) { /* error */
2021 if (!BIO_should_retry(io)) { 2021 if (!BIO_should_retry(io)) {
2022 if (!s_server_config.quiet) 2022 if (!cfg.quiet)
2023 ERR_print_errors(bio_err); 2023 ERR_print_errors(bio_err);
2024 goto err; 2024 goto err;
2025 } else { 2025 } else {
2026 if (s_server_config.debug) { 2026 if (cfg.debug) {
2027 BIO_printf(bio_s_out, "read R BLOCK\n"); 2027 BIO_printf(bio_s_out, "read R BLOCK\n");
2028 sleep(1); 2028 sleep(1);
2029 } 2029 }
@@ -2034,9 +2034,9 @@ www_body(int s, unsigned char *context)
2034 goto end; 2034 goto end;
2035 } 2035 }
2036 /* else we have data */ 2036 /* else we have data */
2037 if (((s_server_config.www == 1) && 2037 if (((cfg.www == 1) &&
2038 (strncmp("GET ", buf, 4) == 0)) || 2038 (strncmp("GET ", buf, 4) == 0)) ||
2039 ((s_server_config.www == 2) && 2039 ((cfg.www == 2) &&
2040 (strncmp("GET /stats ", buf, 11) == 0))) { 2040 (strncmp("GET /stats ", buf, 11) == 0))) {
2041 char *p; 2041 char *p;
2042 X509 *peer; 2042 X509 *peer;
@@ -2117,8 +2117,8 @@ www_body(int s, unsigned char *context)
2117 "no client certificate available\n"); 2117 "no client certificate available\n");
2118 BIO_puts(io, "</BODY></HTML>\r\n\r\n"); 2118 BIO_puts(io, "</BODY></HTML>\r\n\r\n");
2119 break; 2119 break;
2120 } else if ((s_server_config.www == 2 || 2120 } else if ((cfg.www == 2 ||
2121 s_server_config.www == 3) && 2121 cfg.www == 3) &&
2122 (strncmp("GET /", buf, 5) == 0)) { 2122 (strncmp("GET /", buf, 5) == 0)) {
2123 BIO *file; 2123 BIO *file;
2124 char *p, *e; 2124 char *p, *e;
@@ -2183,10 +2183,10 @@ www_body(int s, unsigned char *context)
2183 ERR_print_errors(io); 2183 ERR_print_errors(io);
2184 break; 2184 break;
2185 } 2185 }
2186 if (!s_server_config.quiet) 2186 if (!cfg.quiet)
2187 BIO_printf(bio_err, "FILE:%s\n", p); 2187 BIO_printf(bio_err, "FILE:%s\n", p);
2188 2188
2189 if (s_server_config.www == 2) { 2189 if (cfg.www == 2) {
2190 i = strlen(p); 2190 i = strlen(p);
2191 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || 2191 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
2192 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || 2192 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
@@ -2276,9 +2276,9 @@ generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len)
2276 * 1 session ID (ie. the prefix!) so all future session 2276 * 1 session ID (ie. the prefix!) so all future session
2277 * negotiations will fail due to conflicts. 2277 * negotiations will fail due to conflicts.
2278 */ 2278 */
2279 memcpy(id, s_server_config.session_id_prefix, 2279 memcpy(id, cfg.session_id_prefix,
2280 (strlen(s_server_config.session_id_prefix) < *id_len) ? 2280 (strlen(cfg.session_id_prefix) < *id_len) ?
2281 strlen(s_server_config.session_id_prefix) : *id_len); 2281 strlen(cfg.session_id_prefix) : *id_len);
2282 } 2282 }
2283 while (SSL_has_matching_session_id(ssl, id, *id_len) && 2283 while (SSL_has_matching_session_id(ssl, id, *id_len) &&
2284 (++count < MAX_SESSION_ID_ATTEMPTS)); 2284 (++count < MAX_SESSION_ID_ATTEMPTS));
@@ -2449,7 +2449,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
2449{ 2449{
2450 tlsextalpnctx *alpn_ctx = arg; 2450 tlsextalpnctx *alpn_ctx = arg;
2451 2451
2452 if (!s_server_config.quiet) { 2452 if (!cfg.quiet) {
2453 /* We can assume that in is syntactically valid. */ 2453 /* We can assume that in is syntactically valid. */
2454 unsigned i; 2454 unsigned i;
2455 2455
@@ -2468,7 +2468,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
2468 alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED) 2468 alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED)
2469 return (SSL_TLSEXT_ERR_NOACK); 2469 return (SSL_TLSEXT_ERR_NOACK);
2470 2470
2471 if (!s_server_config.quiet) { 2471 if (!cfg.quiet) {
2472 BIO_printf(bio_s_out, "ALPN protocols selected: "); 2472 BIO_printf(bio_s_out, "ALPN protocols selected: ");
2473 BIO_write(bio_s_out, *out, *outlen); 2473 BIO_write(bio_s_out, *out, *outlen);
2474 BIO_write(bio_s_out, "\n", 1); 2474 BIO_write(bio_s_out, "\n", 1);
diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c
index d6f012fd41..7eed6d486e 100644
--- a/src/usr.bin/openssl/s_time.c
+++ b/src/usr.bin/openssl/s_time.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_time.c,v 1.37 2023/03/05 13:12:53 tb Exp $ */ 1/* $OpenBSD: s_time.c,v 1.38 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -113,42 +113,42 @@ static struct {
113 int verify; 113 int verify;
114 int verify_depth; 114 int verify_depth;
115 char *www_path; 115 char *www_path;
116} s_time_config; 116} cfg;
117 117
118static const struct option s_time_options[] = { 118static const struct option s_time_options[] = {
119 { 119 {
120 .name = "bugs", 120 .name = "bugs",
121 .desc = "Enable workarounds for known SSL/TLS bugs", 121 .desc = "Enable workarounds for known SSL/TLS bugs",
122 .type = OPTION_FLAG, 122 .type = OPTION_FLAG,
123 .opt.flag = &s_time_config.bugs, 123 .opt.flag = &cfg.bugs,
124 }, 124 },
125 { 125 {
126 .name = "CAfile", 126 .name = "CAfile",
127 .argname = "file", 127 .argname = "file",
128 .desc = "File containing trusted certificates in PEM format", 128 .desc = "File containing trusted certificates in PEM format",
129 .type = OPTION_ARG, 129 .type = OPTION_ARG,
130 .opt.arg = &s_time_config.CAfile, 130 .opt.arg = &cfg.CAfile,
131 }, 131 },
132 { 132 {
133 .name = "CApath", 133 .name = "CApath",
134 .argname = "path", 134 .argname = "path",
135 .desc = "Directory containing trusted certificates", 135 .desc = "Directory containing trusted certificates",
136 .type = OPTION_ARG, 136 .type = OPTION_ARG,
137 .opt.arg = &s_time_config.CApath, 137 .opt.arg = &cfg.CApath,
138 }, 138 },
139 { 139 {
140 .name = "cert", 140 .name = "cert",
141 .argname = "file", 141 .argname = "file",
142 .desc = "Client certificate to use, if one is requested", 142 .desc = "Client certificate to use, if one is requested",
143 .type = OPTION_ARG, 143 .type = OPTION_ARG,
144 .opt.arg = &s_time_config.certfile, 144 .opt.arg = &cfg.certfile,
145 }, 145 },
146 { 146 {
147 .name = "cipher", 147 .name = "cipher",
148 .argname = "list", 148 .argname = "list",
149 .desc = "List of cipher suites to send to the server", 149 .desc = "List of cipher suites to send to the server",
150 .type = OPTION_ARG, 150 .type = OPTION_ARG,
151 .opt.arg = &s_time_config.cipher, 151 .opt.arg = &cfg.cipher,
152 }, 152 },
153 { 153 {
154 .name = "connect", 154 .name = "connect",
@@ -156,39 +156,39 @@ static const struct option s_time_options[] = {
156 .desc = "Host and port to connect to (default " 156 .desc = "Host and port to connect to (default "
157 SSL_CONNECT_NAME ")", 157 SSL_CONNECT_NAME ")",
158 .type = OPTION_ARG, 158 .type = OPTION_ARG,
159 .opt.arg = &s_time_config.host, 159 .opt.arg = &cfg.host,
160 }, 160 },
161 { 161 {
162 .name = "key", 162 .name = "key",
163 .argname = "file", 163 .argname = "file",
164 .desc = "Client private key to use, if one is required", 164 .desc = "Client private key to use, if one is required",
165 .type = OPTION_ARG, 165 .type = OPTION_ARG,
166 .opt.arg = &s_time_config.keyfile, 166 .opt.arg = &cfg.keyfile,
167 }, 167 },
168 { 168 {
169 .name = "nbio", 169 .name = "nbio",
170 .desc = "Use non-blocking I/O", 170 .desc = "Use non-blocking I/O",
171 .type = OPTION_FLAG, 171 .type = OPTION_FLAG,
172 .opt.flag = &s_time_config.nbio, 172 .opt.flag = &cfg.nbio,
173 }, 173 },
174 { 174 {
175 .name = "new", 175 .name = "new",
176 .desc = "Use a new session ID for each connection", 176 .desc = "Use a new session ID for each connection",
177 .type = OPTION_VALUE, 177 .type = OPTION_VALUE,
178 .opt.value = &s_time_config.perform, 178 .opt.value = &cfg.perform,
179 .value = 1, 179 .value = 1,
180 }, 180 },
181 { 181 {
182 .name = "no_shutdown", 182 .name = "no_shutdown",
183 .desc = "Shut down the connection without notifying the server", 183 .desc = "Shut down the connection without notifying the server",
184 .type = OPTION_FLAG, 184 .type = OPTION_FLAG,
185 .opt.flag = &s_time_config.no_shutdown, 185 .opt.flag = &cfg.no_shutdown,
186 }, 186 },
187 { 187 {
188 .name = "reuse", 188 .name = "reuse",
189 .desc = "Reuse the same session ID for each connection", 189 .desc = "Reuse the same session ID for each connection",
190 .type = OPTION_VALUE, 190 .type = OPTION_VALUE,
191 .opt.value = &s_time_config.perform, 191 .opt.value = &cfg.perform,
192 .value = 2, 192 .value = 2,
193 }, 193 },
194 { 194 {
@@ -196,21 +196,21 @@ static const struct option s_time_options[] = {
196 .argname = "seconds", 196 .argname = "seconds",
197 .desc = "Duration to perform timing tests for (default 30)", 197 .desc = "Duration to perform timing tests for (default 30)",
198 .type = OPTION_ARG_TIME, 198 .type = OPTION_ARG_TIME,
199 .opt.tvalue = &s_time_config.maxtime, 199 .opt.tvalue = &cfg.maxtime,
200 }, 200 },
201 { 201 {
202 .name = "verify", 202 .name = "verify",
203 .argname = "depth", 203 .argname = "depth",
204 .desc = "Enable peer certificate verification with given depth", 204 .desc = "Enable peer certificate verification with given depth",
205 .type = OPTION_ARG_INT, 205 .type = OPTION_ARG_INT,
206 .opt.value = &s_time_config.verify_depth, 206 .opt.value = &cfg.verify_depth,
207 }, 207 },
208 { 208 {
209 .name = "www", 209 .name = "www",
210 .argname = "page", 210 .argname = "page",
211 .desc = "Page to GET from the server (default none)", 211 .desc = "Page to GET from the server (default none)",
212 .type = OPTION_ARG, 212 .type = OPTION_ARG,
213 .opt.arg = &s_time_config.www_path, 213 .opt.arg = &cfg.www_path,
214 }, 214 },
215 { NULL }, 215 { NULL },
216}; 216};
@@ -245,27 +245,27 @@ s_time_main(int argc, char **argv)
245 245
246 verify_depth = 0; 246 verify_depth = 0;
247 247
248 memset(&s_time_config, 0, sizeof(s_time_config)); 248 memset(&cfg, 0, sizeof(cfg));
249 249
250 s_time_config.host = SSL_CONNECT_NAME; 250 cfg.host = SSL_CONNECT_NAME;
251 s_time_config.maxtime = SECONDS; 251 cfg.maxtime = SECONDS;
252 s_time_config.perform = 3; 252 cfg.perform = 3;
253 s_time_config.verify = SSL_VERIFY_NONE; 253 cfg.verify = SSL_VERIFY_NONE;
254 s_time_config.verify_depth = -1; 254 cfg.verify_depth = -1;
255 255
256 if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) { 256 if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
257 s_time_usage(); 257 s_time_usage();
258 goto end; 258 goto end;
259 } 259 }
260 260
261 if (s_time_config.verify_depth >= 0) { 261 if (cfg.verify_depth >= 0) {
262 s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; 262 cfg.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
263 verify_depth = s_time_config.verify_depth; 263 verify_depth = cfg.verify_depth;
264 BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 264 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
265 } 265 }
266 266
267 if (s_time_config.www_path != NULL && 267 if (cfg.www_path != NULL &&
268 strlen(s_time_config.www_path) > MYBUFSIZ - 100) { 268 strlen(cfg.www_path) > MYBUFSIZ - 100) {
269 BIO_printf(bio_err, "-www option too long\n"); 269 BIO_printf(bio_err, "-www option too long\n");
270 goto end; 270 goto end;
271 } 271 }
@@ -275,25 +275,25 @@ s_time_main(int argc, char **argv)
275 275
276 SSL_CTX_set_quiet_shutdown(tm_ctx, 1); 276 SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
277 277
278 if (s_time_config.bugs) 278 if (cfg.bugs)
279 SSL_CTX_set_options(tm_ctx, SSL_OP_ALL); 279 SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
280 280
281 if (s_time_config.cipher != NULL) { 281 if (cfg.cipher != NULL) {
282 if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) { 282 if (!SSL_CTX_set_cipher_list(tm_ctx, cfg.cipher)) {
283 BIO_printf(bio_err, "error setting cipher list\n"); 283 BIO_printf(bio_err, "error setting cipher list\n");
284 ERR_print_errors(bio_err); 284 ERR_print_errors(bio_err);
285 goto end; 285 goto end;
286 } 286 }
287 } 287 }
288 288
289 SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL); 289 SSL_CTX_set_verify(tm_ctx, cfg.verify, NULL);
290 290
291 if (!set_cert_stuff(tm_ctx, s_time_config.certfile, 291 if (!set_cert_stuff(tm_ctx, cfg.certfile,
292 s_time_config.keyfile)) 292 cfg.keyfile))
293 goto end; 293 goto end;
294 294
295 if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile, 295 if ((!SSL_CTX_load_verify_locations(tm_ctx, cfg.CAfile,
296 s_time_config.CApath)) || 296 cfg.CApath)) ||
297 (!SSL_CTX_set_default_verify_paths(tm_ctx))) { 297 (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
298 /* 298 /*
299 * BIO_printf(bio_err,"error setting default verify 299 * BIO_printf(bio_err,"error setting default verify
@@ -304,9 +304,9 @@ s_time_main(int argc, char **argv)
304 } 304 }
305 305
306 /* Loop and time how long it takes to make connections */ 306 /* Loop and time how long it takes to make connections */
307 if (s_time_config.perform & 1) { 307 if (cfg.perform & 1) {
308 printf("Collecting connection statistics for %lld seconds\n", 308 printf("Collecting connection statistics for %lld seconds\n",
309 (long long)s_time_config.maxtime); 309 (long long)cfg.maxtime);
310 if (benchmark(0)) 310 if (benchmark(0))
311 goto end; 311 goto end;
312 } 312 }
@@ -314,7 +314,7 @@ s_time_main(int argc, char **argv)
314 * Now loop and time connections using the same session id over and 314 * Now loop and time connections using the same session id over and
315 * over 315 * over
316 */ 316 */
317 if (s_time_config.perform & 2) { 317 if (cfg.perform & 2) {
318 printf("\n\nNow timing with session id reuse.\n"); 318 printf("\n\nNow timing with session id reuse.\n");
319 if (benchmark(1)) 319 if (benchmark(1))
320 goto end; 320 goto end;
@@ -348,7 +348,7 @@ run_test(SSL *scon)
348 348
349 if ((conn = BIO_new(BIO_s_connect())) == NULL) 349 if ((conn = BIO_new(BIO_s_connect())) == NULL)
350 return 0; 350 return 0;
351 BIO_set_conn_hostname(conn, s_time_config.host); 351 BIO_set_conn_hostname(conn, cfg.host);
352 SSL_set_connect_state(scon); 352 SSL_set_connect_state(scon);
353 SSL_set_bio(scon, conn, conn); 353 SSL_set_bio(scon, conn, conn);
354 for (;;) { 354 for (;;) {
@@ -372,9 +372,9 @@ run_test(SSL *scon)
372 ERR_print_errors(bio_err); 372 ERR_print_errors(bio_err);
373 return 0; 373 return 0;
374 } 374 }
375 if (s_time_config.www_path != NULL) { 375 if (cfg.www_path != NULL) {
376 retval = snprintf(buf, sizeof buf, 376 retval = snprintf(buf, sizeof buf,
377 "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path); 377 "GET %s HTTP/1.0\r\n\r\n", cfg.www_path);
378 if (retval < 0 || retval >= sizeof buf) { 378 if (retval < 0 || retval >= sizeof buf) {
379 fprintf(stderr, "URL too long\n"); 379 fprintf(stderr, "URL too long\n");
380 return 0; 380 return 0;
@@ -384,7 +384,7 @@ run_test(SSL *scon)
384 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) 384 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
385 bytes_read += i; 385 bytes_read += i;
386 } 386 }
387 if (s_time_config.no_shutdown) 387 if (cfg.no_shutdown)
388 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | 388 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
389 SSL_RECEIVED_SHUTDOWN); 389 SSL_RECEIVED_SHUTDOWN);
390 else 390 else
@@ -436,7 +436,7 @@ benchmark(int reuse_session)
436 app_timer_user(TM_RESET); 436 app_timer_user(TM_RESET);
437 for (;;) { 437 for (;;) {
438 elapsed = app_timer_real(TM_GET); 438 elapsed = app_timer_real(TM_GET);
439 if (elapsed > s_time_config.maxtime) 439 if (elapsed > cfg.maxtime)
440 break; 440 break;
441 if (scon == NULL) { 441 if (scon == NULL) {
442 if ((scon = SSL_new(tm_ctx)) == NULL) 442 if ((scon = SSL_new(tm_ctx)) == NULL)
diff --git a/src/usr.bin/openssl/sess_id.c b/src/usr.bin/openssl/sess_id.c
index 4533cf15ca..c46da54244 100644
--- a/src/usr.bin/openssl/sess_id.c
+++ b/src/usr.bin/openssl/sess_id.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sess_id.c,v 1.11 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: sess_id.c,v 1.12 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -78,62 +78,62 @@ static struct {
78 char *outfile; 78 char *outfile;
79 int outformat; 79 int outformat;
80 int text; 80 int text;
81} sess_id_config; 81} cfg;
82 82
83static const struct option sess_id_options[] = { 83static const struct option sess_id_options[] = {
84 { 84 {
85 .name = "cert", 85 .name = "cert",
86 .desc = "Output certificate if present in session", 86 .desc = "Output certificate if present in session",
87 .type = OPTION_FLAG, 87 .type = OPTION_FLAG,
88 .opt.flag = &sess_id_config.cert, 88 .opt.flag = &cfg.cert,
89 }, 89 },
90 { 90 {
91 .name = "context", 91 .name = "context",
92 .argname = "id", 92 .argname = "id",
93 .desc = "Set the session ID context for output", 93 .desc = "Set the session ID context for output",
94 .type = OPTION_ARG, 94 .type = OPTION_ARG,
95 .opt.arg = &sess_id_config.context, 95 .opt.arg = &cfg.context,
96 }, 96 },
97 { 97 {
98 .name = "in", 98 .name = "in",
99 .argname = "file", 99 .argname = "file",
100 .desc = "Input file (default stdin)", 100 .desc = "Input file (default stdin)",
101 .type = OPTION_ARG, 101 .type = OPTION_ARG,
102 .opt.arg = &sess_id_config.infile, 102 .opt.arg = &cfg.infile,
103 }, 103 },
104 { 104 {
105 .name = "inform", 105 .name = "inform",
106 .argname = "format", 106 .argname = "format",
107 .desc = "Input format (DER or PEM (default))", 107 .desc = "Input format (DER or PEM (default))",
108 .type = OPTION_ARG_FORMAT, 108 .type = OPTION_ARG_FORMAT,
109 .opt.value = &sess_id_config.informat, 109 .opt.value = &cfg.informat,
110 }, 110 },
111 { 111 {
112 .name = "noout", 112 .name = "noout",
113 .desc = "Do not output the encoded session info", 113 .desc = "Do not output the encoded session info",
114 .type = OPTION_FLAG, 114 .type = OPTION_FLAG,
115 .opt.flag = &sess_id_config.noout, 115 .opt.flag = &cfg.noout,
116 }, 116 },
117 { 117 {
118 .name = "out", 118 .name = "out",
119 .argname = "file", 119 .argname = "file",
120 .desc = "Output file (default stdout)", 120 .desc = "Output file (default stdout)",
121 .type = OPTION_ARG, 121 .type = OPTION_ARG,
122 .opt.arg = &sess_id_config.outfile, 122 .opt.arg = &cfg.outfile,
123 }, 123 },
124 { 124 {
125 .name = "outform", 125 .name = "outform",
126 .argname = "format", 126 .argname = "format",
127 .desc = "Output format (DER or PEM (default))", 127 .desc = "Output format (DER or PEM (default))",
128 .type = OPTION_ARG_FORMAT, 128 .type = OPTION_ARG_FORMAT,
129 .opt.value = &sess_id_config.outformat, 129 .opt.value = &cfg.outformat,
130 }, 130 },
131 { 131 {
132 .name = "text", 132 .name = "text",
133 .desc = "Print various public or private key components in" 133 .desc = "Print various public or private key components in"
134 " plain text", 134 " plain text",
135 .type = OPTION_FLAG, 135 .type = OPTION_FLAG,
136 .opt.flag = &sess_id_config.text, 136 .opt.flag = &cfg.text,
137 }, 137 },
138 { NULL } 138 { NULL }
139}; 139};
@@ -163,62 +163,62 @@ sess_id_main(int argc, char **argv)
163 exit(1); 163 exit(1);
164 } 164 }
165 165
166 memset(&sess_id_config, 0, sizeof(sess_id_config)); 166 memset(&cfg, 0, sizeof(cfg));
167 167
168 sess_id_config.informat = FORMAT_PEM; 168 cfg.informat = FORMAT_PEM;
169 sess_id_config.outformat = FORMAT_PEM; 169 cfg.outformat = FORMAT_PEM;
170 170
171 if (options_parse(argc, argv, sess_id_options, NULL, NULL) != 0) { 171 if (options_parse(argc, argv, sess_id_options, NULL, NULL) != 0) {
172 sess_id_usage(); 172 sess_id_usage();
173 return (1); 173 return (1);
174 } 174 }
175 175
176 x = load_sess_id(sess_id_config.infile, sess_id_config.informat); 176 x = load_sess_id(cfg.infile, cfg.informat);
177 if (x == NULL) { 177 if (x == NULL) {
178 goto end; 178 goto end;
179 } 179 }
180 peer = SSL_SESSION_get0_peer(x); 180 peer = SSL_SESSION_get0_peer(x);
181 181
182 if (sess_id_config.context) { 182 if (cfg.context) {
183 size_t ctx_len = strlen(sess_id_config.context); 183 size_t ctx_len = strlen(cfg.context);
184 if (ctx_len > SSL_MAX_SID_CTX_LENGTH) { 184 if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
185 BIO_printf(bio_err, "Context too long\n"); 185 BIO_printf(bio_err, "Context too long\n");
186 goto end; 186 goto end;
187 } 187 }
188 SSL_SESSION_set1_id_context(x, 188 SSL_SESSION_set1_id_context(x,
189 (unsigned char *)sess_id_config.context, ctx_len); 189 (unsigned char *)cfg.context, ctx_len);
190 } 190 }
191 191
192 if (!sess_id_config.noout || sess_id_config.text) { 192 if (!cfg.noout || cfg.text) {
193 out = BIO_new(BIO_s_file()); 193 out = BIO_new(BIO_s_file());
194 if (out == NULL) { 194 if (out == NULL) {
195 ERR_print_errors(bio_err); 195 ERR_print_errors(bio_err);
196 goto end; 196 goto end;
197 } 197 }
198 if (sess_id_config.outfile == NULL) { 198 if (cfg.outfile == NULL) {
199 BIO_set_fp(out, stdout, BIO_NOCLOSE); 199 BIO_set_fp(out, stdout, BIO_NOCLOSE);
200 } else { 200 } else {
201 if (BIO_write_filename(out, sess_id_config.outfile) 201 if (BIO_write_filename(out, cfg.outfile)
202 <= 0) { 202 <= 0) {
203 perror(sess_id_config.outfile); 203 perror(cfg.outfile);
204 goto end; 204 goto end;
205 } 205 }
206 } 206 }
207 } 207 }
208 if (sess_id_config.text) { 208 if (cfg.text) {
209 SSL_SESSION_print(out, x); 209 SSL_SESSION_print(out, x);
210 210
211 if (sess_id_config.cert) { 211 if (cfg.cert) {
212 if (peer == NULL) 212 if (peer == NULL)
213 BIO_puts(out, "No certificate present\n"); 213 BIO_puts(out, "No certificate present\n");
214 else 214 else
215 X509_print(out, peer); 215 X509_print(out, peer);
216 } 216 }
217 } 217 }
218 if (!sess_id_config.noout && !sess_id_config.cert) { 218 if (!cfg.noout && !cfg.cert) {
219 if (sess_id_config.outformat == FORMAT_ASN1) 219 if (cfg.outformat == FORMAT_ASN1)
220 i = i2d_SSL_SESSION_bio(out, x); 220 i = i2d_SSL_SESSION_bio(out, x);
221 else if (sess_id_config.outformat == FORMAT_PEM) 221 else if (cfg.outformat == FORMAT_PEM)
222 i = PEM_write_bio_SSL_SESSION(out, x); 222 i = PEM_write_bio_SSL_SESSION(out, x);
223 else { 223 else {
224 BIO_printf(bio_err, 224 BIO_printf(bio_err,
@@ -229,11 +229,11 @@ sess_id_main(int argc, char **argv)
229 BIO_printf(bio_err, "unable to write SSL_SESSION\n"); 229 BIO_printf(bio_err, "unable to write SSL_SESSION\n");
230 goto end; 230 goto end;
231 } 231 }
232 } else if (!sess_id_config.noout && (peer != NULL)) { 232 } else if (!cfg.noout && (peer != NULL)) {
233 /* just print the certificate */ 233 /* just print the certificate */
234 if (sess_id_config.outformat == FORMAT_ASN1) 234 if (cfg.outformat == FORMAT_ASN1)
235 i = (int) i2d_X509_bio(out, peer); 235 i = (int) i2d_X509_bio(out, peer);
236 else if (sess_id_config.outformat == FORMAT_PEM) 236 else if (cfg.outformat == FORMAT_PEM)
237 i = PEM_write_bio_X509(out, peer); 237 i = PEM_write_bio_X509(out, peer);
238 else { 238 else {
239 BIO_printf(bio_err, 239 BIO_printf(bio_err,
diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c
index 37375c1600..e54c8d0b84 100644
--- a/src/usr.bin/openssl/smime.c
+++ b/src/usr.bin/openssl/smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: smime.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: smime.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -107,7 +107,7 @@ static struct {
107 char *subject; 107 char *subject;
108 char *to; 108 char *to;
109 X509_VERIFY_PARAM *vpm; 109 X509_VERIFY_PARAM *vpm;
110} smime_config; 110} cfg;
111 111
112static const EVP_CIPHER * 112static const EVP_CIPHER *
113get_cipher_by_name(char *name) 113get_cipher_by_name(char *name)
@@ -156,8 +156,8 @@ smime_opt_cipher(int argc, char **argv, int *argsused)
156 if (*name++ != '-') 156 if (*name++ != '-')
157 return (1); 157 return (1);
158 158
159 if ((smime_config.cipher = get_cipher_by_name(name)) == NULL) 159 if ((cfg.cipher = get_cipher_by_name(name)) == NULL)
160 if ((smime_config.cipher = EVP_get_cipherbyname(name)) == NULL) 160 if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL)
161 return (1); 161 return (1);
162 162
163 *argsused = 1; 163 *argsused = 1;
@@ -167,41 +167,41 @@ smime_opt_cipher(int argc, char **argv, int *argsused)
167static int 167static int
168smime_opt_inkey(char *arg) 168smime_opt_inkey(char *arg)
169{ 169{
170 if (smime_config.keyfile == NULL) { 170 if (cfg.keyfile == NULL) {
171 smime_config.keyfile = arg; 171 cfg.keyfile = arg;
172 return (0); 172 return (0);
173 } 173 }
174 174
175 if (smime_config.signerfile == NULL) { 175 if (cfg.signerfile == NULL) {
176 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 176 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
177 return (1); 177 return (1);
178 } 178 }
179 179
180 if (smime_config.sksigners == NULL) { 180 if (cfg.sksigners == NULL) {
181 if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) 181 if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
182 return (1); 182 return (1);
183 } 183 }
184 if (!sk_OPENSSL_STRING_push(smime_config.sksigners, 184 if (!sk_OPENSSL_STRING_push(cfg.sksigners,
185 smime_config.signerfile)) 185 cfg.signerfile))
186 return (1); 186 return (1);
187 187
188 smime_config.signerfile = NULL; 188 cfg.signerfile = NULL;
189 189
190 if (smime_config.skkeys == NULL) { 190 if (cfg.skkeys == NULL) {
191 if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) 191 if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
192 return (1); 192 return (1);
193 } 193 }
194 if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) 194 if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
195 return (1); 195 return (1);
196 196
197 smime_config.keyfile = arg; 197 cfg.keyfile = arg;
198 return (0); 198 return (0);
199} 199}
200 200
201static int 201static int
202smime_opt_md(char *arg) 202smime_opt_md(char *arg)
203{ 203{
204 if ((smime_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { 204 if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) {
205 BIO_printf(bio_err, "Unknown digest %s\n", arg); 205 BIO_printf(bio_err, "Unknown digest %s\n", arg);
206 return (1); 206 return (1);
207 } 207 }
@@ -211,32 +211,32 @@ smime_opt_md(char *arg)
211static int 211static int
212smime_opt_signer(char *arg) 212smime_opt_signer(char *arg)
213{ 213{
214 if (smime_config.signerfile == NULL) { 214 if (cfg.signerfile == NULL) {
215 smime_config.signerfile = arg; 215 cfg.signerfile = arg;
216 return (0); 216 return (0);
217 } 217 }
218 218
219 if (smime_config.sksigners == NULL) { 219 if (cfg.sksigners == NULL) {
220 if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) 220 if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
221 return (1); 221 return (1);
222 } 222 }
223 if (!sk_OPENSSL_STRING_push(smime_config.sksigners, 223 if (!sk_OPENSSL_STRING_push(cfg.sksigners,
224 smime_config.signerfile)) 224 cfg.signerfile))
225 return (1); 225 return (1);
226 226
227 if (smime_config.keyfile == NULL) 227 if (cfg.keyfile == NULL)
228 smime_config.keyfile = smime_config.signerfile; 228 cfg.keyfile = cfg.signerfile;
229 229
230 if (smime_config.skkeys == NULL) { 230 if (cfg.skkeys == NULL) {
231 if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) 231 if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
232 return (1); 232 return (1);
233 } 233 }
234 if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) 234 if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
235 return (1); 235 return (1);
236 236
237 smime_config.keyfile = NULL; 237 cfg.keyfile = NULL;
238 238
239 smime_config.signerfile = arg; 239 cfg.signerfile = arg;
240 return (0); 240 return (0);
241} 241}
242 242
@@ -246,7 +246,7 @@ smime_opt_verify_param(int argc, char **argv, int *argsused)
246 int oargc = argc; 246 int oargc = argc;
247 int badarg = 0; 247 int badarg = 0;
248 248
249 if (!args_verify(&argv, &argc, &badarg, bio_err, &smime_config.vpm)) 249 if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm))
250 return (1); 250 return (1);
251 if (badarg) 251 if (badarg)
252 return (1); 252 return (1);
@@ -336,20 +336,20 @@ static const struct option smime_options[] = {
336 .argname = "file", 336 .argname = "file",
337 .desc = "Certificate Authority file", 337 .desc = "Certificate Authority file",
338 .type = OPTION_ARG, 338 .type = OPTION_ARG,
339 .opt.arg = &smime_config.CAfile, 339 .opt.arg = &cfg.CAfile,
340 }, 340 },
341 { 341 {
342 .name = "CApath", 342 .name = "CApath",
343 .argname = "path", 343 .argname = "path",
344 .desc = "Certificate Authority path", 344 .desc = "Certificate Authority path",
345 .type = OPTION_ARG, 345 .type = OPTION_ARG,
346 .opt.arg = &smime_config.CApath, 346 .opt.arg = &cfg.CApath,
347 }, 347 },
348 { 348 {
349 .name = "binary", 349 .name = "binary",
350 .desc = "Do not translate message to text", 350 .desc = "Do not translate message to text",
351 .type = OPTION_VALUE_OR, 351 .type = OPTION_VALUE_OR,
352 .opt.value = &smime_config.flags, 352 .opt.value = &cfg.flags,
353 .value = PKCS7_BINARY, 353 .value = PKCS7_BINARY,
354 }, 354 },
355 { 355 {
@@ -357,34 +357,34 @@ static const struct option smime_options[] = {
357 .argname = "file", 357 .argname = "file",
358 .desc = "Other certificates file", 358 .desc = "Other certificates file",
359 .type = OPTION_ARG, 359 .type = OPTION_ARG,
360 .opt.arg = &smime_config.certfile, 360 .opt.arg = &cfg.certfile,
361 }, 361 },
362 { 362 {
363 .name = "content", 363 .name = "content",
364 .argname = "file", 364 .argname = "file",
365 .desc = "Supply or override content for detached signature", 365 .desc = "Supply or override content for detached signature",
366 .type = OPTION_ARG, 366 .type = OPTION_ARG,
367 .opt.arg = &smime_config.contfile, 367 .opt.arg = &cfg.contfile,
368 }, 368 },
369 { 369 {
370 .name = "crlfeol", 370 .name = "crlfeol",
371 .desc = "Use CRLF as EOL termination instead of CR only", 371 .desc = "Use CRLF as EOL termination instead of CR only",
372 .type = OPTION_VALUE_OR, 372 .type = OPTION_VALUE_OR,
373 .opt.value = &smime_config.flags, 373 .opt.value = &cfg.flags,
374 .value = PKCS7_CRLFEOL, 374 .value = PKCS7_CRLFEOL,
375 }, 375 },
376 { 376 {
377 .name = "decrypt", 377 .name = "decrypt",
378 .desc = "Decrypt encrypted message", 378 .desc = "Decrypt encrypted message",
379 .type = OPTION_VALUE, 379 .type = OPTION_VALUE,
380 .opt.value = &smime_config.operation, 380 .opt.value = &cfg.operation,
381 .value = SMIME_DECRYPT, 381 .value = SMIME_DECRYPT,
382 }, 382 },
383 { 383 {
384 .name = "encrypt", 384 .name = "encrypt",
385 .desc = "Encrypt message", 385 .desc = "Encrypt message",
386 .type = OPTION_VALUE, 386 .type = OPTION_VALUE,
387 .opt.value = &smime_config.operation, 387 .opt.value = &cfg.operation,
388 .value = SMIME_ENCRYPT, 388 .value = SMIME_ENCRYPT,
389 }, 389 },
390 { 390 {
@@ -392,20 +392,20 @@ static const struct option smime_options[] = {
392 .argname = "addr", 392 .argname = "addr",
393 .desc = "From address", 393 .desc = "From address",
394 .type = OPTION_ARG, 394 .type = OPTION_ARG,
395 .opt.arg = &smime_config.from, 395 .opt.arg = &cfg.from,
396 }, 396 },
397 { 397 {
398 .name = "in", 398 .name = "in",
399 .argname = "file", 399 .argname = "file",
400 .desc = "Input file", 400 .desc = "Input file",
401 .type = OPTION_ARG, 401 .type = OPTION_ARG,
402 .opt.arg = &smime_config.infile, 402 .opt.arg = &cfg.infile,
403 }, 403 },
404 { 404 {
405 .name = "indef", 405 .name = "indef",
406 .desc = "Same as -stream", 406 .desc = "Same as -stream",
407 .type = OPTION_VALUE, 407 .type = OPTION_VALUE,
408 .opt.value = &smime_config.indef, 408 .opt.value = &cfg.indef,
409 .value = 1, 409 .value = 1,
410 }, 410 },
411 { 411 {
@@ -413,7 +413,7 @@ static const struct option smime_options[] = {
413 .argname = "fmt", 413 .argname = "fmt",
414 .desc = "Input format (DER, PEM or SMIME (default))", 414 .desc = "Input format (DER, PEM or SMIME (default))",
415 .type = OPTION_ARG_FORMAT, 415 .type = OPTION_ARG_FORMAT,
416 .opt.value = &smime_config.informat, 416 .opt.value = &cfg.informat,
417 }, 417 },
418 { 418 {
419 .name = "inkey", 419 .name = "inkey",
@@ -427,7 +427,7 @@ static const struct option smime_options[] = {
427 .argname = "fmt", 427 .argname = "fmt",
428 .desc = "Input key format (DER or PEM (default))", 428 .desc = "Input key format (DER or PEM (default))",
429 .type = OPTION_ARG_FORMAT, 429 .type = OPTION_ARG_FORMAT,
430 .opt.value = &smime_config.keyform, 430 .opt.value = &cfg.keyform,
431 }, 431 },
432 { 432 {
433 .name = "md", 433 .name = "md",
@@ -440,70 +440,70 @@ static const struct option smime_options[] = {
440 .name = "noattr", 440 .name = "noattr",
441 .desc = "Do not include any signed attributes", 441 .desc = "Do not include any signed attributes",
442 .type = OPTION_VALUE_OR, 442 .type = OPTION_VALUE_OR,
443 .opt.value = &smime_config.flags, 443 .opt.value = &cfg.flags,
444 .value = PKCS7_NOATTR, 444 .value = PKCS7_NOATTR,
445 }, 445 },
446 { 446 {
447 .name = "nocerts", 447 .name = "nocerts",
448 .desc = "Do not include signer's certificate when signing", 448 .desc = "Do not include signer's certificate when signing",
449 .type = OPTION_VALUE_OR, 449 .type = OPTION_VALUE_OR,
450 .opt.value = &smime_config.flags, 450 .opt.value = &cfg.flags,
451 .value = PKCS7_NOCERTS, 451 .value = PKCS7_NOCERTS,
452 }, 452 },
453 { 453 {
454 .name = "nochain", 454 .name = "nochain",
455 .desc = "Do not chain verification of signer's certificates", 455 .desc = "Do not chain verification of signer's certificates",
456 .type = OPTION_VALUE_OR, 456 .type = OPTION_VALUE_OR,
457 .opt.value = &smime_config.flags, 457 .opt.value = &cfg.flags,
458 .value = PKCS7_NOCHAIN, 458 .value = PKCS7_NOCHAIN,
459 }, 459 },
460 { 460 {
461 .name = "nodetach", 461 .name = "nodetach",
462 .desc = "Use opaque signing", 462 .desc = "Use opaque signing",
463 .type = OPTION_VALUE_AND, 463 .type = OPTION_VALUE_AND,
464 .opt.value = &smime_config.flags, 464 .opt.value = &cfg.flags,
465 .value = ~PKCS7_DETACHED, 465 .value = ~PKCS7_DETACHED,
466 }, 466 },
467 { 467 {
468 .name = "noindef", 468 .name = "noindef",
469 .desc = "Disable streaming I/O", 469 .desc = "Disable streaming I/O",
470 .type = OPTION_VALUE, 470 .type = OPTION_VALUE,
471 .opt.value = &smime_config.indef, 471 .opt.value = &cfg.indef,
472 .value = 0, 472 .value = 0,
473 }, 473 },
474 { 474 {
475 .name = "nointern", 475 .name = "nointern",
476 .desc = "Do not search certificates in message for signer", 476 .desc = "Do not search certificates in message for signer",
477 .type = OPTION_VALUE_OR, 477 .type = OPTION_VALUE_OR,
478 .opt.value = &smime_config.flags, 478 .opt.value = &cfg.flags,
479 .value = PKCS7_NOINTERN, 479 .value = PKCS7_NOINTERN,
480 }, 480 },
481 { 481 {
482 .name = "nooldmime", 482 .name = "nooldmime",
483 .desc = "Output old S/MIME content type", 483 .desc = "Output old S/MIME content type",
484 .type = OPTION_VALUE_OR, 484 .type = OPTION_VALUE_OR,
485 .opt.value = &smime_config.flags, 485 .opt.value = &cfg.flags,
486 .value = PKCS7_NOOLDMIMETYPE, 486 .value = PKCS7_NOOLDMIMETYPE,
487 }, 487 },
488 { 488 {
489 .name = "nosigs", 489 .name = "nosigs",
490 .desc = "Do not verify message signature", 490 .desc = "Do not verify message signature",
491 .type = OPTION_VALUE_OR, 491 .type = OPTION_VALUE_OR,
492 .opt.value = &smime_config.flags, 492 .opt.value = &cfg.flags,
493 .value = PKCS7_NOSIGS, 493 .value = PKCS7_NOSIGS,
494 }, 494 },
495 { 495 {
496 .name = "nosmimecap", 496 .name = "nosmimecap",
497 .desc = "Omit the SMIMECapabilities attribute", 497 .desc = "Omit the SMIMECapabilities attribute",
498 .type = OPTION_VALUE_OR, 498 .type = OPTION_VALUE_OR,
499 .opt.value = &smime_config.flags, 499 .opt.value = &cfg.flags,
500 .value = PKCS7_NOSMIMECAP, 500 .value = PKCS7_NOSMIMECAP,
501 }, 501 },
502 { 502 {
503 .name = "noverify", 503 .name = "noverify",
504 .desc = "Do not verify signer's certificate", 504 .desc = "Do not verify signer's certificate",
505 .type = OPTION_VALUE_OR, 505 .type = OPTION_VALUE_OR,
506 .opt.value = &smime_config.flags, 506 .opt.value = &cfg.flags,
507 .value = PKCS7_NOVERIFY, 507 .value = PKCS7_NOVERIFY,
508 }, 508 },
509 { 509 {
@@ -511,27 +511,27 @@ static const struct option smime_options[] = {
511 .argname = "file", 511 .argname = "file",
512 .desc = "Output file", 512 .desc = "Output file",
513 .type = OPTION_ARG, 513 .type = OPTION_ARG,
514 .opt.arg = &smime_config.outfile, 514 .opt.arg = &cfg.outfile,
515 }, 515 },
516 { 516 {
517 .name = "outform", 517 .name = "outform",
518 .argname = "fmt", 518 .argname = "fmt",
519 .desc = "Output format (DER, PEM or SMIME (default))", 519 .desc = "Output format (DER, PEM or SMIME (default))",
520 .type = OPTION_ARG_FORMAT, 520 .type = OPTION_ARG_FORMAT,
521 .opt.value = &smime_config.outformat, 521 .opt.value = &cfg.outformat,
522 }, 522 },
523 { 523 {
524 .name = "passin", 524 .name = "passin",
525 .argname = "src", 525 .argname = "src",
526 .desc = "Private key password source", 526 .desc = "Private key password source",
527 .type = OPTION_ARG, 527 .type = OPTION_ARG,
528 .opt.arg = &smime_config.passargin, 528 .opt.arg = &cfg.passargin,
529 }, 529 },
530 { 530 {
531 .name = "pk7out", 531 .name = "pk7out",
532 .desc = "Output PKCS#7 structure", 532 .desc = "Output PKCS#7 structure",
533 .type = OPTION_VALUE, 533 .type = OPTION_VALUE,
534 .opt.value = &smime_config.operation, 534 .opt.value = &cfg.operation,
535 .value = SMIME_PK7OUT, 535 .value = SMIME_PK7OUT,
536 }, 536 },
537 { 537 {
@@ -539,20 +539,20 @@ static const struct option smime_options[] = {
539 .argname = "file", 539 .argname = "file",
540 .desc = "Recipient certificate file for decryption", 540 .desc = "Recipient certificate file for decryption",
541 .type = OPTION_ARG, 541 .type = OPTION_ARG,
542 .opt.arg = &smime_config.recipfile, 542 .opt.arg = &cfg.recipfile,
543 }, 543 },
544 { 544 {
545 .name = "resign", 545 .name = "resign",
546 .desc = "Resign a signed message", 546 .desc = "Resign a signed message",
547 .type = OPTION_VALUE, 547 .type = OPTION_VALUE,
548 .opt.value = &smime_config.operation, 548 .opt.value = &cfg.operation,
549 .value = SMIME_RESIGN, 549 .value = SMIME_RESIGN,
550 }, 550 },
551 { 551 {
552 .name = "sign", 552 .name = "sign",
553 .desc = "Sign message", 553 .desc = "Sign message",
554 .type = OPTION_VALUE, 554 .type = OPTION_VALUE,
555 .opt.value = &smime_config.operation, 555 .opt.value = &cfg.operation,
556 .value = SMIME_SIGN, 556 .value = SMIME_SIGN,
557 }, 557 },
558 { 558 {
@@ -566,7 +566,7 @@ static const struct option smime_options[] = {
566 .name = "stream", 566 .name = "stream",
567 .desc = "Enable streaming I/O", 567 .desc = "Enable streaming I/O",
568 .type = OPTION_VALUE, 568 .type = OPTION_VALUE,
569 .opt.value = &smime_config.indef, 569 .opt.value = &cfg.indef,
570 .value = 1, 570 .value = 1,
571 }, 571 },
572 { 572 {
@@ -574,13 +574,13 @@ static const struct option smime_options[] = {
574 .argname = "s", 574 .argname = "s",
575 .desc = "Subject", 575 .desc = "Subject",
576 .type = OPTION_ARG, 576 .type = OPTION_ARG,
577 .opt.arg = &smime_config.subject, 577 .opt.arg = &cfg.subject,
578 }, 578 },
579 { 579 {
580 .name = "text", 580 .name = "text",
581 .desc = "Include or delete text MIME headers", 581 .desc = "Include or delete text MIME headers",
582 .type = OPTION_VALUE_OR, 582 .type = OPTION_VALUE_OR,
583 .opt.value = &smime_config.flags, 583 .opt.value = &cfg.flags,
584 .value = PKCS7_TEXT, 584 .value = PKCS7_TEXT,
585 }, 585 },
586 { 586 {
@@ -588,13 +588,13 @@ static const struct option smime_options[] = {
588 .argname = "addr", 588 .argname = "addr",
589 .desc = "To address", 589 .desc = "To address",
590 .type = OPTION_ARG, 590 .type = OPTION_ARG,
591 .opt.arg = &smime_config.to, 591 .opt.arg = &cfg.to,
592 }, 592 },
593 { 593 {
594 .name = "verify", 594 .name = "verify",
595 .desc = "Verify signed message", 595 .desc = "Verify signed message",
596 .type = OPTION_VALUE, 596 .type = OPTION_VALUE,
597 .opt.value = &smime_config.operation, 597 .opt.value = &cfg.operation,
598 .value = SMIME_VERIFY, 598 .value = SMIME_VERIFY,
599 }, 599 },
600 { 600 {
@@ -727,70 +727,70 @@ smime_main(int argc, char **argv)
727 exit(1); 727 exit(1);
728 } 728 }
729 729
730 memset(&smime_config, 0, sizeof(smime_config)); 730 memset(&cfg, 0, sizeof(cfg));
731 smime_config.flags = PKCS7_DETACHED; 731 cfg.flags = PKCS7_DETACHED;
732 smime_config.informat = FORMAT_SMIME; 732 cfg.informat = FORMAT_SMIME;
733 smime_config.outformat = FORMAT_SMIME; 733 cfg.outformat = FORMAT_SMIME;
734 smime_config.keyform = FORMAT_PEM; 734 cfg.keyform = FORMAT_PEM;
735 if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) { 735 if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) {
736 goto argerr; 736 goto argerr;
737 } 737 }
738 args = argv + argsused; 738 args = argv + argsused;
739 ret = 1; 739 ret = 1;
740 740
741 if (!(smime_config.operation & SMIME_SIGNERS) && 741 if (!(cfg.operation & SMIME_SIGNERS) &&
742 (smime_config.skkeys != NULL || smime_config.sksigners != NULL)) { 742 (cfg.skkeys != NULL || cfg.sksigners != NULL)) {
743 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 743 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
744 goto argerr; 744 goto argerr;
745 } 745 }
746 if (smime_config.operation & SMIME_SIGNERS) { 746 if (cfg.operation & SMIME_SIGNERS) {
747 /* Check to see if any final signer needs to be appended */ 747 /* Check to see if any final signer needs to be appended */
748 if (smime_config.keyfile != NULL && 748 if (cfg.keyfile != NULL &&
749 smime_config.signerfile == NULL) { 749 cfg.signerfile == NULL) {
750 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 750 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
751 goto argerr; 751 goto argerr;
752 } 752 }
753 if (smime_config.signerfile != NULL) { 753 if (cfg.signerfile != NULL) {
754 if (smime_config.sksigners == NULL) { 754 if (cfg.sksigners == NULL) {
755 if ((smime_config.sksigners = 755 if ((cfg.sksigners =
756 sk_OPENSSL_STRING_new_null()) == NULL) 756 sk_OPENSSL_STRING_new_null()) == NULL)
757 goto end; 757 goto end;
758 } 758 }
759 if (!sk_OPENSSL_STRING_push(smime_config.sksigners, 759 if (!sk_OPENSSL_STRING_push(cfg.sksigners,
760 smime_config.signerfile)) 760 cfg.signerfile))
761 goto end; 761 goto end;
762 if (smime_config.skkeys == NULL) { 762 if (cfg.skkeys == NULL) {
763 if ((smime_config.skkeys = 763 if ((cfg.skkeys =
764 sk_OPENSSL_STRING_new_null()) == NULL) 764 sk_OPENSSL_STRING_new_null()) == NULL)
765 goto end; 765 goto end;
766 } 766 }
767 if (smime_config.keyfile == NULL) 767 if (cfg.keyfile == NULL)
768 smime_config.keyfile = smime_config.signerfile; 768 cfg.keyfile = cfg.signerfile;
769 if (!sk_OPENSSL_STRING_push(smime_config.skkeys, 769 if (!sk_OPENSSL_STRING_push(cfg.skkeys,
770 smime_config.keyfile)) 770 cfg.keyfile))
771 goto end; 771 goto end;
772 } 772 }
773 if (smime_config.sksigners == NULL) { 773 if (cfg.sksigners == NULL) {
774 BIO_printf(bio_err, 774 BIO_printf(bio_err,
775 "No signer certificate specified\n"); 775 "No signer certificate specified\n");
776 badarg = 1; 776 badarg = 1;
777 } 777 }
778 smime_config.signerfile = NULL; 778 cfg.signerfile = NULL;
779 smime_config.keyfile = NULL; 779 cfg.keyfile = NULL;
780 } else if (smime_config.operation == SMIME_DECRYPT) { 780 } else if (cfg.operation == SMIME_DECRYPT) {
781 if (smime_config.recipfile == NULL && 781 if (cfg.recipfile == NULL &&
782 smime_config.keyfile == NULL) { 782 cfg.keyfile == NULL) {
783 BIO_printf(bio_err, 783 BIO_printf(bio_err,
784 "No recipient certificate or key specified\n"); 784 "No recipient certificate or key specified\n");
785 badarg = 1; 785 badarg = 1;
786 } 786 }
787 } else if (smime_config.operation == SMIME_ENCRYPT) { 787 } else if (cfg.operation == SMIME_ENCRYPT) {
788 if (*args == NULL) { 788 if (*args == NULL) {
789 BIO_printf(bio_err, 789 BIO_printf(bio_err,
790 "No recipient(s) certificate(s) specified\n"); 790 "No recipient(s) certificate(s) specified\n");
791 badarg = 1; 791 badarg = 1;
792 } 792 }
793 } else if (!smime_config.operation) { 793 } else if (!cfg.operation) {
794 badarg = 1; 794 badarg = 1;
795 } 795 }
796 796
@@ -800,35 +800,35 @@ smime_main(int argc, char **argv)
800 goto end; 800 goto end;
801 } 801 }
802 802
803 if (!app_passwd(bio_err, smime_config.passargin, NULL, &passin, NULL)) { 803 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
804 BIO_printf(bio_err, "Error getting password\n"); 804 BIO_printf(bio_err, "Error getting password\n");
805 goto end; 805 goto end;
806 } 806 }
807 ret = 2; 807 ret = 2;
808 808
809 if (!(smime_config.operation & SMIME_SIGNERS)) 809 if (!(cfg.operation & SMIME_SIGNERS))
810 smime_config.flags &= ~PKCS7_DETACHED; 810 cfg.flags &= ~PKCS7_DETACHED;
811 811
812 if (smime_config.operation & SMIME_OP) { 812 if (cfg.operation & SMIME_OP) {
813 if (smime_config.outformat == FORMAT_ASN1) 813 if (cfg.outformat == FORMAT_ASN1)
814 outmode = "wb"; 814 outmode = "wb";
815 } else { 815 } else {
816 if (smime_config.flags & PKCS7_BINARY) 816 if (cfg.flags & PKCS7_BINARY)
817 outmode = "wb"; 817 outmode = "wb";
818 } 818 }
819 819
820 if (smime_config.operation & SMIME_IP) { 820 if (cfg.operation & SMIME_IP) {
821 if (smime_config.informat == FORMAT_ASN1) 821 if (cfg.informat == FORMAT_ASN1)
822 inmode = "rb"; 822 inmode = "rb";
823 } else { 823 } else {
824 if (smime_config.flags & PKCS7_BINARY) 824 if (cfg.flags & PKCS7_BINARY)
825 inmode = "rb"; 825 inmode = "rb";
826 } 826 }
827 827
828 if (smime_config.operation == SMIME_ENCRYPT) { 828 if (cfg.operation == SMIME_ENCRYPT) {
829 if (smime_config.cipher == NULL) { 829 if (cfg.cipher == NULL) {
830#ifndef OPENSSL_NO_RC2 830#ifndef OPENSSL_NO_RC2
831 smime_config.cipher = EVP_rc2_40_cbc(); 831 cfg.cipher = EVP_rc2_40_cbc();
832#else 832#else
833 BIO_printf(bio_err, "No cipher selected\n"); 833 BIO_printf(bio_err, "No cipher selected\n");
834 goto end; 834 goto end;
@@ -847,41 +847,41 @@ smime_main(int argc, char **argv)
847 args++; 847 args++;
848 } 848 }
849 } 849 }
850 if (smime_config.certfile != NULL) { 850 if (cfg.certfile != NULL) {
851 if ((other = load_certs(bio_err, smime_config.certfile, 851 if ((other = load_certs(bio_err, cfg.certfile,
852 FORMAT_PEM, NULL, "certificate file")) == NULL) { 852 FORMAT_PEM, NULL, "certificate file")) == NULL) {
853 ERR_print_errors(bio_err); 853 ERR_print_errors(bio_err);
854 goto end; 854 goto end;
855 } 855 }
856 } 856 }
857 if (smime_config.recipfile != NULL && 857 if (cfg.recipfile != NULL &&
858 (smime_config.operation == SMIME_DECRYPT)) { 858 (cfg.operation == SMIME_DECRYPT)) {
859 if ((recip = load_cert(bio_err, smime_config.recipfile, 859 if ((recip = load_cert(bio_err, cfg.recipfile,
860 FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { 860 FORMAT_PEM, NULL, "recipient certificate file")) == NULL) {
861 ERR_print_errors(bio_err); 861 ERR_print_errors(bio_err);
862 goto end; 862 goto end;
863 } 863 }
864 } 864 }
865 if (smime_config.operation == SMIME_DECRYPT) { 865 if (cfg.operation == SMIME_DECRYPT) {
866 if (smime_config.keyfile == NULL) 866 if (cfg.keyfile == NULL)
867 smime_config.keyfile = smime_config.recipfile; 867 cfg.keyfile = cfg.recipfile;
868 } else if (smime_config.operation == SMIME_SIGN) { 868 } else if (cfg.operation == SMIME_SIGN) {
869 if (smime_config.keyfile == NULL) 869 if (cfg.keyfile == NULL)
870 smime_config.keyfile = smime_config.signerfile; 870 cfg.keyfile = cfg.signerfile;
871 } else { 871 } else {
872 smime_config.keyfile = NULL; 872 cfg.keyfile = NULL;
873 } 873 }
874 874
875 if (smime_config.keyfile != NULL) { 875 if (cfg.keyfile != NULL) {
876 key = load_key(bio_err, smime_config.keyfile, 876 key = load_key(bio_err, cfg.keyfile,
877 smime_config.keyform, 0, passin, "signing key file"); 877 cfg.keyform, 0, passin, "signing key file");
878 if (key == NULL) 878 if (key == NULL)
879 goto end; 879 goto end;
880 } 880 }
881 if (smime_config.infile != NULL) { 881 if (cfg.infile != NULL) {
882 if ((in = BIO_new_file(smime_config.infile, inmode)) == NULL) { 882 if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) {
883 BIO_printf(bio_err, 883 BIO_printf(bio_err,
884 "Can't open input file %s\n", smime_config.infile); 884 "Can't open input file %s\n", cfg.infile);
885 goto end; 885 goto end;
886 } 886 }
887 } else { 887 } else {
@@ -889,12 +889,12 @@ smime_main(int argc, char **argv)
889 goto end; 889 goto end;
890 } 890 }
891 891
892 if (smime_config.operation & SMIME_IP) { 892 if (cfg.operation & SMIME_IP) {
893 if (smime_config.informat == FORMAT_SMIME) 893 if (cfg.informat == FORMAT_SMIME)
894 p7 = SMIME_read_PKCS7(in, &indata); 894 p7 = SMIME_read_PKCS7(in, &indata);
895 else if (smime_config.informat == FORMAT_PEM) 895 else if (cfg.informat == FORMAT_PEM)
896 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); 896 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
897 else if (smime_config.informat == FORMAT_ASN1) 897 else if (cfg.informat == FORMAT_ASN1)
898 p7 = d2i_PKCS7_bio(in, NULL); 898 p7 = d2i_PKCS7_bio(in, NULL);
899 else { 899 else {
900 BIO_printf(bio_err, 900 BIO_printf(bio_err,
@@ -906,22 +906,22 @@ smime_main(int argc, char **argv)
906 BIO_printf(bio_err, "Error reading S/MIME message\n"); 906 BIO_printf(bio_err, "Error reading S/MIME message\n");
907 goto end; 907 goto end;
908 } 908 }
909 if (smime_config.contfile != NULL) { 909 if (cfg.contfile != NULL) {
910 BIO_free(indata); 910 BIO_free(indata);
911 if ((indata = BIO_new_file(smime_config.contfile, 911 if ((indata = BIO_new_file(cfg.contfile,
912 "rb")) == NULL) { 912 "rb")) == NULL) {
913 BIO_printf(bio_err, 913 BIO_printf(bio_err,
914 "Can't read content file %s\n", 914 "Can't read content file %s\n",
915 smime_config.contfile); 915 cfg.contfile);
916 goto end; 916 goto end;
917 } 917 }
918 } 918 }
919 } 919 }
920 if (smime_config.outfile != NULL) { 920 if (cfg.outfile != NULL) {
921 if ((out = BIO_new_file(smime_config.outfile, outmode)) == NULL) { 921 if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) {
922 BIO_printf(bio_err, 922 BIO_printf(bio_err,
923 "Can't open output file %s\n", 923 "Can't open output file %s\n",
924 smime_config.outfile); 924 cfg.outfile);
925 goto end; 925 goto end;
926 } 926 }
927 } else { 927 } else {
@@ -929,60 +929,60 @@ smime_main(int argc, char **argv)
929 goto end; 929 goto end;
930 } 930 }
931 931
932 if (smime_config.operation == SMIME_VERIFY) { 932 if (cfg.operation == SMIME_VERIFY) {
933 if ((store = setup_verify(bio_err, smime_config.CAfile, 933 if ((store = setup_verify(bio_err, cfg.CAfile,
934 smime_config.CApath)) == NULL) 934 cfg.CApath)) == NULL)
935 goto end; 935 goto end;
936 X509_STORE_set_verify_cb(store, smime_cb); 936 X509_STORE_set_verify_cb(store, smime_cb);
937 if (smime_config.vpm != NULL) { 937 if (cfg.vpm != NULL) {
938 if (!X509_STORE_set1_param(store, smime_config.vpm)) 938 if (!X509_STORE_set1_param(store, cfg.vpm))
939 goto end; 939 goto end;
940 } 940 }
941 } 941 }
942 ret = 3; 942 ret = 3;
943 943
944 if (smime_config.operation == SMIME_ENCRYPT) { 944 if (cfg.operation == SMIME_ENCRYPT) {
945 if (smime_config.indef) 945 if (cfg.indef)
946 smime_config.flags |= PKCS7_STREAM; 946 cfg.flags |= PKCS7_STREAM;
947 p7 = PKCS7_encrypt(encerts, in, smime_config.cipher, 947 p7 = PKCS7_encrypt(encerts, in, cfg.cipher,
948 smime_config.flags); 948 cfg.flags);
949 } else if (smime_config.operation & SMIME_SIGNERS) { 949 } else if (cfg.operation & SMIME_SIGNERS) {
950 int i; 950 int i;
951 /* 951 /*
952 * If detached data content we only enable streaming if 952 * If detached data content we only enable streaming if
953 * S/MIME output format. 953 * S/MIME output format.
954 */ 954 */
955 if (smime_config.operation == SMIME_SIGN) { 955 if (cfg.operation == SMIME_SIGN) {
956 if (smime_config.flags & PKCS7_DETACHED) { 956 if (cfg.flags & PKCS7_DETACHED) {
957 if (smime_config.outformat == FORMAT_SMIME) 957 if (cfg.outformat == FORMAT_SMIME)
958 smime_config.flags |= PKCS7_STREAM; 958 cfg.flags |= PKCS7_STREAM;
959 } else if (smime_config.indef) { 959 } else if (cfg.indef) {
960 smime_config.flags |= PKCS7_STREAM; 960 cfg.flags |= PKCS7_STREAM;
961 } 961 }
962 smime_config.flags |= PKCS7_PARTIAL; 962 cfg.flags |= PKCS7_PARTIAL;
963 p7 = PKCS7_sign(NULL, NULL, other, in, 963 p7 = PKCS7_sign(NULL, NULL, other, in,
964 smime_config.flags); 964 cfg.flags);
965 if (p7 == NULL) 965 if (p7 == NULL)
966 goto end; 966 goto end;
967 } else { 967 } else {
968 smime_config.flags |= PKCS7_REUSE_DIGEST; 968 cfg.flags |= PKCS7_REUSE_DIGEST;
969 } 969 }
970 for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) { 970 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) {
971 smime_config.signerfile = 971 cfg.signerfile =
972 sk_OPENSSL_STRING_value(smime_config.sksigners, i); 972 sk_OPENSSL_STRING_value(cfg.sksigners, i);
973 smime_config.keyfile = 973 cfg.keyfile =
974 sk_OPENSSL_STRING_value(smime_config.skkeys, i); 974 sk_OPENSSL_STRING_value(cfg.skkeys, i);
975 signer = load_cert(bio_err, smime_config.signerfile, 975 signer = load_cert(bio_err, cfg.signerfile,
976 FORMAT_PEM, NULL, "signer certificate"); 976 FORMAT_PEM, NULL, "signer certificate");
977 if (signer == NULL) 977 if (signer == NULL)
978 goto end; 978 goto end;
979 key = load_key(bio_err, smime_config.keyfile, 979 key = load_key(bio_err, cfg.keyfile,
980 smime_config.keyform, 0, passin, 980 cfg.keyform, 0, passin,
981 "signing key file"); 981 "signing key file");
982 if (key == NULL) 982 if (key == NULL)
983 goto end; 983 goto end;
984 if (PKCS7_sign_add_signer(p7, signer, key, 984 if (PKCS7_sign_add_signer(p7, signer, key,
985 smime_config.sign_md, smime_config.flags) == NULL) 985 cfg.sign_md, cfg.flags) == NULL)
986 goto end; 986 goto end;
987 X509_free(signer); 987 X509_free(signer);
988 signer = NULL; 988 signer = NULL;
@@ -990,9 +990,9 @@ smime_main(int argc, char **argv)
990 key = NULL; 990 key = NULL;
991 } 991 }
992 /* If not streaming or resigning finalize structure */ 992 /* If not streaming or resigning finalize structure */
993 if ((smime_config.operation == SMIME_SIGN) && 993 if ((cfg.operation == SMIME_SIGN) &&
994 !(smime_config.flags & PKCS7_STREAM)) { 994 !(cfg.flags & PKCS7_STREAM)) {
995 if (!PKCS7_final(p7, in, smime_config.flags)) 995 if (!PKCS7_final(p7, in, cfg.flags))
996 goto end; 996 goto end;
997 } 997 }
998 } 998 }
@@ -1002,58 +1002,58 @@ smime_main(int argc, char **argv)
1002 } 1002 }
1003 ret = 4; 1003 ret = 4;
1004 1004
1005 if (smime_config.operation == SMIME_DECRYPT) { 1005 if (cfg.operation == SMIME_DECRYPT) {
1006 if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) { 1006 if (!PKCS7_decrypt(p7, key, recip, out, cfg.flags)) {
1007 BIO_printf(bio_err, 1007 BIO_printf(bio_err,
1008 "Error decrypting PKCS#7 structure\n"); 1008 "Error decrypting PKCS#7 structure\n");
1009 goto end; 1009 goto end;
1010 } 1010 }
1011 } else if (smime_config.operation == SMIME_VERIFY) { 1011 } else if (cfg.operation == SMIME_VERIFY) {
1012 STACK_OF(X509) *signers; 1012 STACK_OF(X509) *signers;
1013 if (PKCS7_verify(p7, other, store, indata, out, 1013 if (PKCS7_verify(p7, other, store, indata, out,
1014 smime_config.flags)) { 1014 cfg.flags)) {
1015 BIO_printf(bio_err, "Verification successful\n"); 1015 BIO_printf(bio_err, "Verification successful\n");
1016 } else { 1016 } else {
1017 BIO_printf(bio_err, "Verification failure\n"); 1017 BIO_printf(bio_err, "Verification failure\n");
1018 goto end; 1018 goto end;
1019 } 1019 }
1020 if ((signers = PKCS7_get0_signers(p7, other, 1020 if ((signers = PKCS7_get0_signers(p7, other,
1021 smime_config.flags)) == NULL) 1021 cfg.flags)) == NULL)
1022 goto end; 1022 goto end;
1023 if (!save_certs(smime_config.signerfile, signers)) { 1023 if (!save_certs(cfg.signerfile, signers)) {
1024 BIO_printf(bio_err, "Error writing signers to %s\n", 1024 BIO_printf(bio_err, "Error writing signers to %s\n",
1025 smime_config.signerfile); 1025 cfg.signerfile);
1026 sk_X509_free(signers); 1026 sk_X509_free(signers);
1027 ret = 5; 1027 ret = 5;
1028 goto end; 1028 goto end;
1029 } 1029 }
1030 sk_X509_free(signers); 1030 sk_X509_free(signers);
1031 } else if (smime_config.operation == SMIME_PK7OUT) { 1031 } else if (cfg.operation == SMIME_PK7OUT) {
1032 PEM_write_bio_PKCS7(out, p7); 1032 PEM_write_bio_PKCS7(out, p7);
1033 } else { 1033 } else {
1034 if (smime_config.to != NULL) 1034 if (cfg.to != NULL)
1035 BIO_printf(out, "To: %s\n", smime_config.to); 1035 BIO_printf(out, "To: %s\n", cfg.to);
1036 if (smime_config.from != NULL) 1036 if (cfg.from != NULL)
1037 BIO_printf(out, "From: %s\n", smime_config.from); 1037 BIO_printf(out, "From: %s\n", cfg.from);
1038 if (smime_config.subject != NULL) 1038 if (cfg.subject != NULL)
1039 BIO_printf(out, "Subject: %s\n", smime_config.subject); 1039 BIO_printf(out, "Subject: %s\n", cfg.subject);
1040 if (smime_config.outformat == FORMAT_SMIME) { 1040 if (cfg.outformat == FORMAT_SMIME) {
1041 if (smime_config.operation == SMIME_RESIGN) { 1041 if (cfg.operation == SMIME_RESIGN) {
1042 if (!SMIME_write_PKCS7(out, p7, indata, 1042 if (!SMIME_write_PKCS7(out, p7, indata,
1043 smime_config.flags)) 1043 cfg.flags))
1044 goto end; 1044 goto end;
1045 } else { 1045 } else {
1046 if (!SMIME_write_PKCS7(out, p7, in, 1046 if (!SMIME_write_PKCS7(out, p7, in,
1047 smime_config.flags)) 1047 cfg.flags))
1048 goto end; 1048 goto end;
1049 } 1049 }
1050 } else if (smime_config.outformat == FORMAT_PEM) { 1050 } else if (cfg.outformat == FORMAT_PEM) {
1051 if (!PEM_write_bio_PKCS7_stream(out, p7, in, 1051 if (!PEM_write_bio_PKCS7_stream(out, p7, in,
1052 smime_config.flags)) 1052 cfg.flags))
1053 goto end; 1053 goto end;
1054 } else if (smime_config.outformat == FORMAT_ASN1) { 1054 } else if (cfg.outformat == FORMAT_ASN1) {
1055 if (!i2d_PKCS7_bio_stream(out, p7, in, 1055 if (!i2d_PKCS7_bio_stream(out, p7, in,
1056 smime_config.flags)) 1056 cfg.flags))
1057 goto end; 1057 goto end;
1058 } else { 1058 } else {
1059 BIO_printf(bio_err, 1059 BIO_printf(bio_err,
@@ -1069,9 +1069,9 @@ smime_main(int argc, char **argv)
1069 ERR_print_errors(bio_err); 1069 ERR_print_errors(bio_err);
1070 sk_X509_pop_free(encerts, X509_free); 1070 sk_X509_pop_free(encerts, X509_free);
1071 sk_X509_pop_free(other, X509_free); 1071 sk_X509_pop_free(other, X509_free);
1072 X509_VERIFY_PARAM_free(smime_config.vpm); 1072 X509_VERIFY_PARAM_free(cfg.vpm);
1073 sk_OPENSSL_STRING_free(smime_config.sksigners); 1073 sk_OPENSSL_STRING_free(cfg.sksigners);
1074 sk_OPENSSL_STRING_free(smime_config.skkeys); 1074 sk_OPENSSL_STRING_free(cfg.skkeys);
1075 X509_STORE_free(store); 1075 X509_STORE_free(store);
1076 X509_free(cert); 1076 X509_free(cert);
1077 X509_free(recip); 1077 X509_free(recip);
diff --git a/src/usr.bin/openssl/spkac.c b/src/usr.bin/openssl/spkac.c
index 3a45d5d4bc..12d530e3cf 100644
--- a/src/usr.bin/openssl/spkac.c
+++ b/src/usr.bin/openssl/spkac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: spkac.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: spkac.c,v 1.13 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. Based on an original idea by Massimiliano Pala 3 * project 1999. Based on an original idea by Massimiliano Pala
4 * (madwolf@openca.org). 4 * (madwolf@openca.org).
@@ -84,7 +84,7 @@ static struct {
84 char *spkac; 84 char *spkac;
85 char *spksect; 85 char *spksect;
86 int verify; 86 int verify;
87} spkac_config; 87} cfg;
88 88
89static const struct option spkac_options[] = { 89static const struct option spkac_options[] = {
90 { 90 {
@@ -92,54 +92,54 @@ static const struct option spkac_options[] = {
92 .argname = "string", 92 .argname = "string",
93 .desc = "Specify challenge string if SPKAC is generated", 93 .desc = "Specify challenge string if SPKAC is generated",
94 .type = OPTION_ARG, 94 .type = OPTION_ARG,
95 .opt.arg = &spkac_config.challenge, 95 .opt.arg = &cfg.challenge,
96 }, 96 },
97 { 97 {
98 .name = "in", 98 .name = "in",
99 .argname = "file", 99 .argname = "file",
100 .desc = "Input file (default stdin)", 100 .desc = "Input file (default stdin)",
101 .type = OPTION_ARG, 101 .type = OPTION_ARG,
102 .opt.arg = &spkac_config.infile, 102 .opt.arg = &cfg.infile,
103 }, 103 },
104 { 104 {
105 .name = "key", 105 .name = "key",
106 .argname = "file", 106 .argname = "file",
107 .desc = "Create SPKAC using private key file", 107 .desc = "Create SPKAC using private key file",
108 .type = OPTION_ARG, 108 .type = OPTION_ARG,
109 .opt.arg = &spkac_config.keyfile, 109 .opt.arg = &cfg.keyfile,
110 }, 110 },
111 { 111 {
112 .name = "noout", 112 .name = "noout",
113 .desc = "Do not print text version of SPKAC", 113 .desc = "Do not print text version of SPKAC",
114 .type = OPTION_FLAG, 114 .type = OPTION_FLAG,
115 .opt.flag = &spkac_config.noout, 115 .opt.flag = &cfg.noout,
116 }, 116 },
117 { 117 {
118 .name = "out", 118 .name = "out",
119 .argname = "file", 119 .argname = "file",
120 .desc = "Output file (default stdout)", 120 .desc = "Output file (default stdout)",
121 .type = OPTION_ARG, 121 .type = OPTION_ARG,
122 .opt.arg = &spkac_config.outfile, 122 .opt.arg = &cfg.outfile,
123 }, 123 },
124 { 124 {
125 .name = "passin", 125 .name = "passin",
126 .argname = "src", 126 .argname = "src",
127 .desc = "Input file passphrase source", 127 .desc = "Input file passphrase source",
128 .type = OPTION_ARG, 128 .type = OPTION_ARG,
129 .opt.arg = &spkac_config.passargin, 129 .opt.arg = &cfg.passargin,
130 }, 130 },
131 { 131 {
132 .name = "pubkey", 132 .name = "pubkey",
133 .desc = "Output public key of an SPKAC (not used if creating)", 133 .desc = "Output public key of an SPKAC (not used if creating)",
134 .type = OPTION_FLAG, 134 .type = OPTION_FLAG,
135 .opt.flag = &spkac_config.pubkey, 135 .opt.flag = &cfg.pubkey,
136 }, 136 },
137 { 137 {
138 .name = "spkac", 138 .name = "spkac",
139 .argname = "name", 139 .argname = "name",
140 .desc = "SPKAC name (default \"SPKAC\")", 140 .desc = "SPKAC name (default \"SPKAC\")",
141 .type = OPTION_ARG, 141 .type = OPTION_ARG,
142 .opt.arg = &spkac_config.spkac, 142 .opt.arg = &cfg.spkac,
143 }, 143 },
144 { 144 {
145 .name = "spksect", 145 .name = "spksect",
@@ -147,13 +147,13 @@ static const struct option spkac_options[] = {
147 .desc = "Name of the section containing SPKAC (default" 147 .desc = "Name of the section containing SPKAC (default"
148 " \"default\")", 148 " \"default\")",
149 .type = OPTION_ARG, 149 .type = OPTION_ARG,
150 .opt.arg = &spkac_config.spksect, 150 .opt.arg = &cfg.spksect,
151 }, 151 },
152 { 152 {
153 .name = "verify", 153 .name = "verify",
154 .desc = "Verify digital signature on supplied SPKAC", 154 .desc = "Verify digital signature on supplied SPKAC",
155 .type = OPTION_FLAG, 155 .type = OPTION_FLAG,
156 .opt.flag = &spkac_config.verify, 156 .opt.flag = &cfg.verify,
157 }, 157 },
158 { NULL } 158 { NULL }
159}; 159};
@@ -186,32 +186,32 @@ spkac_main(int argc, char **argv)
186 exit(1); 186 exit(1);
187 } 187 }
188 188
189 memset(&spkac_config, 0, sizeof(spkac_config)); 189 memset(&cfg, 0, sizeof(cfg));
190 spkac_config.spkac = "SPKAC"; 190 cfg.spkac = "SPKAC";
191 spkac_config.spksect = "default"; 191 cfg.spksect = "default";
192 192
193 if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) { 193 if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) {
194 spkac_usage(); 194 spkac_usage();
195 return (1); 195 return (1);
196 } 196 }
197 197
198 if (!app_passwd(bio_err, spkac_config.passargin, NULL, &passin, NULL)) { 198 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
199 BIO_printf(bio_err, "Error getting password\n"); 199 BIO_printf(bio_err, "Error getting password\n");
200 goto end; 200 goto end;
201 } 201 }
202 202
203 if (spkac_config.keyfile) { 203 if (cfg.keyfile) {
204 pkey = load_key(bio_err, 204 pkey = load_key(bio_err,
205 strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile 205 strcmp(cfg.keyfile, "-") ? cfg.keyfile
206 : NULL, FORMAT_PEM, 1, passin, "private key"); 206 : NULL, FORMAT_PEM, 1, passin, "private key");
207 if (!pkey) { 207 if (!pkey) {
208 goto end; 208 goto end;
209 } 209 }
210 spki = NETSCAPE_SPKI_new(); 210 spki = NETSCAPE_SPKI_new();
211 if (spkac_config.challenge) 211 if (cfg.challenge)
212 ASN1_STRING_set(spki->spkac->challenge, 212 ASN1_STRING_set(spki->spkac->challenge,
213 spkac_config.challenge, 213 cfg.challenge,
214 (int) strlen(spkac_config.challenge)); 214 (int) strlen(cfg.challenge));
215 NETSCAPE_SPKI_set_pubkey(spki, pkey); 215 NETSCAPE_SPKI_set_pubkey(spki, pkey);
216 NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); 216 NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
217 spkstr = NETSCAPE_SPKI_b64_encode(spki); 217 spkstr = NETSCAPE_SPKI_b64_encode(spki);
@@ -221,8 +221,8 @@ spkac_main(int argc, char **argv)
221 goto end; 221 goto end;
222 } 222 }
223 223
224 if (spkac_config.outfile) 224 if (cfg.outfile)
225 out = BIO_new_file(spkac_config.outfile, "w"); 225 out = BIO_new_file(cfg.outfile, "w");
226 else 226 else
227 out = BIO_new_fp(stdout, BIO_NOCLOSE); 227 out = BIO_new_fp(stdout, BIO_NOCLOSE);
228 228
@@ -236,8 +236,8 @@ spkac_main(int argc, char **argv)
236 free(spkstr); 236 free(spkstr);
237 goto end; 237 goto end;
238 } 238 }
239 if (spkac_config.infile) 239 if (cfg.infile)
240 in = BIO_new_file(spkac_config.infile, "r"); 240 in = BIO_new_file(cfg.infile, "r");
241 else 241 else
242 in = BIO_new_fp(stdin, BIO_NOCLOSE); 242 in = BIO_new_fp(stdin, BIO_NOCLOSE);
243 243
@@ -254,12 +254,12 @@ spkac_main(int argc, char **argv)
254 ERR_print_errors(bio_err); 254 ERR_print_errors(bio_err);
255 goto end; 255 goto end;
256 } 256 }
257 spkstr = NCONF_get_string(conf, spkac_config.spksect, 257 spkstr = NCONF_get_string(conf, cfg.spksect,
258 spkac_config.spkac); 258 cfg.spkac);
259 259
260 if (!spkstr) { 260 if (!spkstr) {
261 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", 261 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n",
262 spkac_config.spkac); 262 cfg.spkac);
263 ERR_print_errors(bio_err); 263 ERR_print_errors(bio_err);
264 goto end; 264 goto end;
265 } 265 }
@@ -270,8 +270,8 @@ spkac_main(int argc, char **argv)
270 ERR_print_errors(bio_err); 270 ERR_print_errors(bio_err);
271 goto end; 271 goto end;
272 } 272 }
273 if (spkac_config.outfile) 273 if (cfg.outfile)
274 out = BIO_new_file(spkac_config.outfile, "w"); 274 out = BIO_new_file(cfg.outfile, "w");
275 else { 275 else {
276 out = BIO_new_fp(stdout, BIO_NOCLOSE); 276 out = BIO_new_fp(stdout, BIO_NOCLOSE);
277 } 277 }
@@ -281,10 +281,10 @@ spkac_main(int argc, char **argv)
281 ERR_print_errors(bio_err); 281 ERR_print_errors(bio_err);
282 goto end; 282 goto end;
283 } 283 }
284 if (!spkac_config.noout) 284 if (!cfg.noout)
285 NETSCAPE_SPKI_print(out, spki); 285 NETSCAPE_SPKI_print(out, spki);
286 pkey = NETSCAPE_SPKI_get_pubkey(spki); 286 pkey = NETSCAPE_SPKI_get_pubkey(spki);
287 if (spkac_config.verify) { 287 if (cfg.verify) {
288 i = NETSCAPE_SPKI_verify(spki, pkey); 288 i = NETSCAPE_SPKI_verify(spki, pkey);
289 if (i > 0) 289 if (i > 0)
290 BIO_printf(bio_err, "Signature OK\n"); 290 BIO_printf(bio_err, "Signature OK\n");
@@ -294,7 +294,7 @@ spkac_main(int argc, char **argv)
294 goto end; 294 goto end;
295 } 295 }
296 } 296 }
297 if (spkac_config.pubkey) 297 if (cfg.pubkey)
298 PEM_write_bio_PUBKEY(out, pkey); 298 PEM_write_bio_PUBKEY(out, pkey);
299 299
300 ret = 0; 300 ret = 0;
diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c
index 05387de130..84008183e7 100644
--- a/src/usr.bin/openssl/ts.c
+++ b/src/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: ts.c,v 1.26 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -138,7 +138,7 @@ static struct {
138 int token_in; 138 int token_in;
139 int token_out; 139 int token_out;
140 char *untrusted; 140 char *untrusted;
141} ts_config; 141} cfg;
142 142
143static int 143static int
144ts_opt_md(int argc, char **argv, int *argsused) 144ts_opt_md(int argc, char **argv, int *argsused)
@@ -148,7 +148,7 @@ ts_opt_md(int argc, char **argv, int *argsused)
148 if (*name++ != '-') 148 if (*name++ != '-')
149 return (1); 149 return (1);
150 150
151 if ((ts_config.md = EVP_get_digestbyname(name)) == NULL) 151 if ((cfg.md = EVP_get_digestbyname(name)) == NULL)
152 return (1); 152 return (1);
153 153
154 *argsused = 1; 154 *argsused = 1;
@@ -158,27 +158,27 @@ ts_opt_md(int argc, char **argv, int *argsused)
158static int 158static int
159ts_opt_query(void) 159ts_opt_query(void)
160{ 160{
161 if (ts_config.mode != CMD_NONE) 161 if (cfg.mode != CMD_NONE)
162 return (1); 162 return (1);
163 ts_config.mode = CMD_QUERY; 163 cfg.mode = CMD_QUERY;
164 return (0); 164 return (0);
165} 165}
166 166
167static int 167static int
168ts_opt_reply(void) 168ts_opt_reply(void)
169{ 169{
170 if (ts_config.mode != CMD_NONE) 170 if (cfg.mode != CMD_NONE)
171 return (1); 171 return (1);
172 ts_config.mode = CMD_REPLY; 172 cfg.mode = CMD_REPLY;
173 return (0); 173 return (0);
174} 174}
175 175
176static int 176static int
177ts_opt_verify(void) 177ts_opt_verify(void)
178{ 178{
179 if (ts_config.mode != CMD_NONE) 179 if (cfg.mode != CMD_NONE)
180 return (1); 180 return (1);
181 ts_config.mode = CMD_VERIFY; 181 cfg.mode = CMD_VERIFY;
182 return (0); 182 return (0);
183} 183}
184 184
@@ -188,89 +188,89 @@ static const struct option ts_options[] = {
188 .argname = "file", 188 .argname = "file",
189 .desc = "Certificate Authority file", 189 .desc = "Certificate Authority file",
190 .type = OPTION_ARG, 190 .type = OPTION_ARG,
191 .opt.arg = &ts_config.ca_file, 191 .opt.arg = &cfg.ca_file,
192 }, 192 },
193 { 193 {
194 .name = "CApath", 194 .name = "CApath",
195 .argname = "path", 195 .argname = "path",
196 .desc = "Certificate Authority path", 196 .desc = "Certificate Authority path",
197 .type = OPTION_ARG, 197 .type = OPTION_ARG,
198 .opt.arg = &ts_config.ca_path, 198 .opt.arg = &cfg.ca_path,
199 }, 199 },
200 { 200 {
201 .name = "cert", 201 .name = "cert",
202 .desc = "Include signing certificate in the response", 202 .desc = "Include signing certificate in the response",
203 .type = OPTION_FLAG, 203 .type = OPTION_FLAG,
204 .opt.flag = &ts_config.cert, 204 .opt.flag = &cfg.cert,
205 }, 205 },
206 { 206 {
207 .name = "chain", 207 .name = "chain",
208 .argname = "file", 208 .argname = "file",
209 .desc = "PEM certificates that will be included in the response", 209 .desc = "PEM certificates that will be included in the response",
210 .type = OPTION_ARG, 210 .type = OPTION_ARG,
211 .opt.arg = &ts_config.chain, 211 .opt.arg = &cfg.chain,
212 }, 212 },
213 { 213 {
214 .name = "config", 214 .name = "config",
215 .argname = "file", 215 .argname = "file",
216 .desc = "Specify an alternative configuration file", 216 .desc = "Specify an alternative configuration file",
217 .type = OPTION_ARG, 217 .type = OPTION_ARG,
218 .opt.arg = &ts_config.configfile, 218 .opt.arg = &cfg.configfile,
219 }, 219 },
220 { 220 {
221 .name = "data", 221 .name = "data",
222 .argname = "file", 222 .argname = "file",
223 .desc = "Data file for which the time stamp request needs to be created", 223 .desc = "Data file for which the time stamp request needs to be created",
224 .type = OPTION_ARG, 224 .type = OPTION_ARG,
225 .opt.arg = &ts_config.data, 225 .opt.arg = &cfg.data,
226 }, 226 },
227 { 227 {
228 .name = "digest", 228 .name = "digest",
229 .argname = "arg", 229 .argname = "arg",
230 .desc = "Specify the message imprint explicitly without the data file", 230 .desc = "Specify the message imprint explicitly without the data file",
231 .type = OPTION_ARG, 231 .type = OPTION_ARG,
232 .opt.arg = &ts_config.digest, 232 .opt.arg = &cfg.digest,
233 }, 233 },
234 { 234 {
235 .name = "in", 235 .name = "in",
236 .argname = "file", 236 .argname = "file",
237 .desc = "Input file", 237 .desc = "Input file",
238 .type = OPTION_ARG, 238 .type = OPTION_ARG,
239 .opt.arg = &ts_config.in, 239 .opt.arg = &cfg.in,
240 }, 240 },
241 { 241 {
242 .name = "inkey", 242 .name = "inkey",
243 .argname = "file", 243 .argname = "file",
244 .desc = "Input key file", 244 .desc = "Input key file",
245 .type = OPTION_ARG, 245 .type = OPTION_ARG,
246 .opt.arg = &ts_config.inkey, 246 .opt.arg = &cfg.inkey,
247 }, 247 },
248 { 248 {
249 .name = "no_nonce", 249 .name = "no_nonce",
250 .desc = "Specify no nonce in the request", 250 .desc = "Specify no nonce in the request",
251 .type = OPTION_FLAG, 251 .type = OPTION_FLAG,
252 .opt.flag = &ts_config.no_nonce, 252 .opt.flag = &cfg.no_nonce,
253 }, 253 },
254 { 254 {
255 .name = "out", 255 .name = "out",
256 .argname = "file", 256 .argname = "file",
257 .desc = "Output file", 257 .desc = "Output file",
258 .type = OPTION_ARG, 258 .type = OPTION_ARG,
259 .opt.arg = &ts_config.out, 259 .opt.arg = &cfg.out,
260 }, 260 },
261 { 261 {
262 .name = "passin", 262 .name = "passin",
263 .argname = "src", 263 .argname = "src",
264 .desc = "Private key password source", 264 .desc = "Private key password source",
265 .type = OPTION_ARG, 265 .type = OPTION_ARG,
266 .opt.arg = &ts_config.passin, 266 .opt.arg = &cfg.passin,
267 }, 267 },
268 { 268 {
269 .name = "policy", 269 .name = "policy",
270 .argname = "object_id", 270 .argname = "object_id",
271 .desc = "Policy for the TSA to use when creating the time stamp token", 271 .desc = "Policy for the TSA to use when creating the time stamp token",
272 .type = OPTION_ARG, 272 .type = OPTION_ARG,
273 .opt.arg = &ts_config.policy, 273 .opt.arg = &cfg.policy,
274 }, 274 },
275 { 275 {
276 .name = "query", 276 .name = "query",
@@ -283,7 +283,7 @@ static const struct option ts_options[] = {
283 .argname = "file", 283 .argname = "file",
284 .desc = "File containing a DER-encoded time stamp request", 284 .desc = "File containing a DER-encoded time stamp request",
285 .type = OPTION_ARG, 285 .type = OPTION_ARG,
286 .opt.arg = &ts_config.queryfile, 286 .opt.arg = &cfg.queryfile,
287 }, 287 },
288 { 288 {
289 .name = "reply", 289 .name = "reply",
@@ -296,39 +296,39 @@ static const struct option ts_options[] = {
296 .argname = "arg", 296 .argname = "arg",
297 .desc = "TSA section containing the settings for response generation", 297 .desc = "TSA section containing the settings for response generation",
298 .type = OPTION_ARG, 298 .type = OPTION_ARG,
299 .opt.arg = &ts_config.section, 299 .opt.arg = &cfg.section,
300 }, 300 },
301 { 301 {
302 .name = "signer", 302 .name = "signer",
303 .argname = "file", 303 .argname = "file",
304 .desc = "Signer certificate file", 304 .desc = "Signer certificate file",
305 .type = OPTION_ARG, 305 .type = OPTION_ARG,
306 .opt.arg = &ts_config.signer, 306 .opt.arg = &cfg.signer,
307 }, 307 },
308 { 308 {
309 .name = "text", 309 .name = "text",
310 .desc = "Output in human-readable text format", 310 .desc = "Output in human-readable text format",
311 .type = OPTION_FLAG, 311 .type = OPTION_FLAG,
312 .opt.flag = &ts_config.text, 312 .opt.flag = &cfg.text,
313 }, 313 },
314 { 314 {
315 .name = "token_in", 315 .name = "token_in",
316 .desc = "Input is a DER-encoded time stamp token", 316 .desc = "Input is a DER-encoded time stamp token",
317 .type = OPTION_FLAG, 317 .type = OPTION_FLAG,
318 .opt.flag = &ts_config.token_in, 318 .opt.flag = &cfg.token_in,
319 }, 319 },
320 { 320 {
321 .name = "token_out", 321 .name = "token_out",
322 .desc = "Output is a DER-encoded time stamp token", 322 .desc = "Output is a DER-encoded time stamp token",
323 .type = OPTION_FLAG, 323 .type = OPTION_FLAG,
324 .opt.flag = &ts_config.token_out, 324 .opt.flag = &cfg.token_out,
325 }, 325 },
326 { 326 {
327 .name = "untrusted", 327 .name = "untrusted",
328 .argname = "file", 328 .argname = "file",
329 .desc = "File containing untrusted certificates", 329 .desc = "File containing untrusted certificates",
330 .type = OPTION_ARG, 330 .type = OPTION_ARG,
331 .opt.arg = &ts_config.untrusted, 331 .opt.arg = &cfg.untrusted,
332 }, 332 },
333 { 333 {
334 .name = "verify", 334 .name = "verify",
@@ -382,15 +382,15 @@ ts_main(int argc, char **argv)
382 exit(1); 382 exit(1);
383 } 383 }
384 384
385 memset(&ts_config, 0, sizeof(ts_config)); 385 memset(&cfg, 0, sizeof(cfg));
386 ts_config.mode = CMD_NONE; 386 cfg.mode = CMD_NONE;
387 387
388 if (options_parse(argc, argv, ts_options, NULL, NULL) != 0) 388 if (options_parse(argc, argv, ts_options, NULL, NULL) != 0)
389 goto usage; 389 goto usage;
390 390
391 /* Get the password if required. */ 391 /* Get the password if required. */
392 if (ts_config.mode == CMD_REPLY && ts_config.passin != NULL && 392 if (cfg.mode == CMD_REPLY && cfg.passin != NULL &&
393 !app_passwd(bio_err, ts_config.passin, NULL, &password, NULL)) { 393 !app_passwd(bio_err, cfg.passin, NULL, &password, NULL)) {
394 BIO_printf(bio_err, "Error getting password.\n"); 394 BIO_printf(bio_err, "Error getting password.\n");
395 goto cleanup; 395 goto cleanup;
396 } 396 }
@@ -398,7 +398,7 @@ ts_main(int argc, char **argv)
398 * Check consistency of parameters and execute the appropriate 398 * Check consistency of parameters and execute the appropriate
399 * function. 399 * function.
400 */ 400 */
401 switch (ts_config.mode) { 401 switch (cfg.mode) {
402 case CMD_NONE: 402 case CMD_NONE:
403 goto usage; 403 goto usage;
404 case CMD_QUERY: 404 case CMD_QUERY:
@@ -406,50 +406,50 @@ ts_main(int argc, char **argv)
406 * Data file and message imprint cannot be specified at the 406 * Data file and message imprint cannot be specified at the
407 * same time. 407 * same time.
408 */ 408 */
409 ret = ts_config.data != NULL && ts_config.digest != NULL; 409 ret = cfg.data != NULL && cfg.digest != NULL;
410 if (ret) 410 if (ret)
411 goto usage; 411 goto usage;
412 /* Load the config file for possible policy OIDs. */ 412 /* Load the config file for possible policy OIDs. */
413 conf = load_config_file(ts_config.configfile); 413 conf = load_config_file(cfg.configfile);
414 ret = !query_command(ts_config.data, ts_config.digest, 414 ret = !query_command(cfg.data, cfg.digest,
415 ts_config.md, ts_config.policy, ts_config.no_nonce, 415 cfg.md, cfg.policy, cfg.no_nonce,
416 ts_config.cert, ts_config.in, ts_config.out, 416 cfg.cert, cfg.in, cfg.out,
417 ts_config.text); 417 cfg.text);
418 break; 418 break;
419 case CMD_REPLY: 419 case CMD_REPLY:
420 conf = load_config_file(ts_config.configfile); 420 conf = load_config_file(cfg.configfile);
421 if (ts_config.in == NULL) { 421 if (cfg.in == NULL) {
422 ret = !(ts_config.queryfile != NULL && conf != NULL && 422 ret = !(cfg.queryfile != NULL && conf != NULL &&
423 !ts_config.token_in); 423 !cfg.token_in);
424 if (ret) 424 if (ret)
425 goto usage; 425 goto usage;
426 } else { 426 } else {
427 /* 'in' and 'queryfile' are exclusive. */ 427 /* 'in' and 'queryfile' are exclusive. */
428 ret = !(ts_config.queryfile == NULL); 428 ret = !(cfg.queryfile == NULL);
429 if (ret) 429 if (ret)
430 goto usage; 430 goto usage;
431 } 431 }
432 432
433 ret = !reply_command(conf, ts_config.section, 433 ret = !reply_command(conf, cfg.section,
434 ts_config.queryfile, password, ts_config.inkey, 434 cfg.queryfile, password, cfg.inkey,
435 ts_config.signer, ts_config.chain, ts_config.policy, 435 cfg.signer, cfg.chain, cfg.policy,
436 ts_config.in, ts_config.token_in, ts_config.out, 436 cfg.in, cfg.token_in, cfg.out,
437 ts_config.token_out, ts_config.text); 437 cfg.token_out, cfg.text);
438 break; 438 break;
439 case CMD_VERIFY: 439 case CMD_VERIFY:
440 ret = !(((ts_config.queryfile != NULL && ts_config.data == NULL && 440 ret = !(((cfg.queryfile != NULL && cfg.data == NULL &&
441 ts_config.digest == NULL) || 441 cfg.digest == NULL) ||
442 (ts_config.queryfile == NULL && ts_config.data != NULL && 442 (cfg.queryfile == NULL && cfg.data != NULL &&
443 ts_config.digest == NULL) || 443 cfg.digest == NULL) ||
444 (ts_config.queryfile == NULL && ts_config.data == NULL && 444 (cfg.queryfile == NULL && cfg.data == NULL &&
445 ts_config.digest != NULL)) && 445 cfg.digest != NULL)) &&
446 ts_config.in != NULL); 446 cfg.in != NULL);
447 if (ret) 447 if (ret)
448 goto usage; 448 goto usage;
449 449
450 ret = !verify_command(ts_config.data, ts_config.digest, 450 ret = !verify_command(cfg.data, cfg.digest,
451 ts_config.queryfile, ts_config.in, ts_config.token_in, 451 cfg.queryfile, cfg.in, cfg.token_in,
452 ts_config.ca_path, ts_config.ca_file, ts_config.untrusted); 452 cfg.ca_path, cfg.ca_file, cfg.untrusted);
453 } 453 }
454 454
455 goto cleanup; 455 goto cleanup;
diff --git a/src/usr.bin/openssl/verify.c b/src/usr.bin/openssl/verify.c
index b42dd2f243..b412623991 100644
--- a/src/usr.bin/openssl/verify.c
+++ b/src/usr.bin/openssl/verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: verify.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: verify.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -81,7 +81,7 @@ static struct {
81 char *untfile; 81 char *untfile;
82 int verbose; 82 int verbose;
83 X509_VERIFY_PARAM *vpm; 83 X509_VERIFY_PARAM *vpm;
84} verify_config; 84} cfg;
85 85
86static int 86static int
87verify_opt_args(int argc, char **argv, int *argsused) 87verify_opt_args(int argc, char **argv, int *argsused)
@@ -89,7 +89,7 @@ verify_opt_args(int argc, char **argv, int *argsused)
89 int oargc = argc; 89 int oargc = argc;
90 int badarg = 0; 90 int badarg = 0;
91 91
92 if (!args_verify(&argv, &argc, &badarg, bio_err, &verify_config.vpm)) 92 if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm))
93 return (1); 93 return (1);
94 if (badarg) 94 if (badarg)
95 return (1); 95 return (1);
@@ -105,41 +105,41 @@ static const struct option verify_options[] = {
105 .argname = "file", 105 .argname = "file",
106 .desc = "Certificate Authority file", 106 .desc = "Certificate Authority file",
107 .type = OPTION_ARG, 107 .type = OPTION_ARG,
108 .opt.arg = &verify_config.CAfile, 108 .opt.arg = &cfg.CAfile,
109 }, 109 },
110 { 110 {
111 .name = "CApath", 111 .name = "CApath",
112 .argname = "path", 112 .argname = "path",
113 .desc = "Certificate Authority path", 113 .desc = "Certificate Authority path",
114 .type = OPTION_ARG, 114 .type = OPTION_ARG,
115 .opt.arg = &verify_config.CApath, 115 .opt.arg = &cfg.CApath,
116 }, 116 },
117 { 117 {
118 .name = "CRLfile", 118 .name = "CRLfile",
119 .argname = "file", 119 .argname = "file",
120 .desc = "Certificate Revocation List file", 120 .desc = "Certificate Revocation List file",
121 .type = OPTION_ARG, 121 .type = OPTION_ARG,
122 .opt.arg = &verify_config.crlfile, 122 .opt.arg = &cfg.crlfile,
123 }, 123 },
124 { 124 {
125 .name = "trusted", 125 .name = "trusted",
126 .argname = "file", 126 .argname = "file",
127 .desc = "Trusted certificates file", 127 .desc = "Trusted certificates file",
128 .type = OPTION_ARG, 128 .type = OPTION_ARG,
129 .opt.arg = &verify_config.trustfile, 129 .opt.arg = &cfg.trustfile,
130 }, 130 },
131 { 131 {
132 .name = "untrusted", 132 .name = "untrusted",
133 .argname = "file", 133 .argname = "file",
134 .desc = "Untrusted certificates file", 134 .desc = "Untrusted certificates file",
135 .type = OPTION_ARG, 135 .type = OPTION_ARG,
136 .opt.arg = &verify_config.untfile, 136 .opt.arg = &cfg.untfile,
137 }, 137 },
138 { 138 {
139 .name = "verbose", 139 .name = "verbose",
140 .desc = "Verbose", 140 .desc = "Verbose",
141 .type = OPTION_FLAG, 141 .type = OPTION_FLAG,
142 .opt.flag = &verify_config.verbose, 142 .opt.flag = &cfg.verbose,
143 }, 143 },
144 { 144 {
145 .name = NULL, 145 .name = NULL,
@@ -273,7 +273,7 @@ verify_main(int argc, char **argv)
273 exit(1); 273 exit(1);
274 } 274 }
275 275
276 memset(&verify_config, 0, sizeof(verify_config)); 276 memset(&cfg, 0, sizeof(cfg));
277 277
278 if (options_parse(argc, argv, verify_options, NULL, &argsused) != 0) { 278 if (options_parse(argc, argv, verify_options, NULL, &argsused) != 0) {
279 verify_usage(); 279 verify_usage();
@@ -288,17 +288,17 @@ verify_main(int argc, char **argv)
288 goto end; 288 goto end;
289 X509_STORE_set_verify_cb(cert_ctx, cb); 289 X509_STORE_set_verify_cb(cert_ctx, cb);
290 290
291 if (verify_config.vpm) 291 if (cfg.vpm)
292 X509_STORE_set1_param(cert_ctx, verify_config.vpm); 292 X509_STORE_set1_param(cert_ctx, cfg.vpm);
293 293
294 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); 294 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
295 if (lookup == NULL) 295 if (lookup == NULL)
296 abort(); /* XXX */ 296 abort(); /* XXX */
297 if (verify_config.CAfile) { 297 if (cfg.CAfile) {
298 if (!X509_LOOKUP_load_file(lookup, verify_config.CAfile, 298 if (!X509_LOOKUP_load_file(lookup, cfg.CAfile,
299 X509_FILETYPE_PEM)) { 299 X509_FILETYPE_PEM)) {
300 BIO_printf(bio_err, "Error loading file %s\n", 300 BIO_printf(bio_err, "Error loading file %s\n",
301 verify_config.CAfile); 301 cfg.CAfile);
302 ERR_print_errors(bio_err); 302 ERR_print_errors(bio_err);
303 goto end; 303 goto end;
304 } 304 }
@@ -308,11 +308,11 @@ verify_main(int argc, char **argv)
308 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); 308 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
309 if (lookup == NULL) 309 if (lookup == NULL)
310 abort(); /* XXX */ 310 abort(); /* XXX */
311 if (verify_config.CApath) { 311 if (cfg.CApath) {
312 if (!X509_LOOKUP_add_dir(lookup, verify_config.CApath, 312 if (!X509_LOOKUP_add_dir(lookup, cfg.CApath,
313 X509_FILETYPE_PEM)) { 313 X509_FILETYPE_PEM)) {
314 BIO_printf(bio_err, "Error loading directory %s\n", 314 BIO_printf(bio_err, "Error loading directory %s\n",
315 verify_config.CApath); 315 cfg.CApath);
316 ERR_print_errors(bio_err); 316 ERR_print_errors(bio_err);
317 goto end; 317 goto end;
318 } 318 }
@@ -321,20 +321,20 @@ verify_main(int argc, char **argv)
321 321
322 ERR_clear_error(); 322 ERR_clear_error();
323 323
324 if (verify_config.untfile) { 324 if (cfg.untfile) {
325 untrusted = load_certs(bio_err, verify_config.untfile, 325 untrusted = load_certs(bio_err, cfg.untfile,
326 FORMAT_PEM, NULL, "untrusted certificates"); 326 FORMAT_PEM, NULL, "untrusted certificates");
327 if (!untrusted) 327 if (!untrusted)
328 goto end; 328 goto end;
329 } 329 }
330 if (verify_config.trustfile) { 330 if (cfg.trustfile) {
331 trusted = load_certs(bio_err, verify_config.trustfile, 331 trusted = load_certs(bio_err, cfg.trustfile,
332 FORMAT_PEM, NULL, "trusted certificates"); 332 FORMAT_PEM, NULL, "trusted certificates");
333 if (!trusted) 333 if (!trusted)
334 goto end; 334 goto end;
335 } 335 }
336 if (verify_config.crlfile) { 336 if (cfg.crlfile) {
337 crls = load_crls(bio_err, verify_config.crlfile, FORMAT_PEM, 337 crls = load_crls(bio_err, cfg.crlfile, FORMAT_PEM,
338 NULL, "other CRLs"); 338 NULL, "other CRLs");
339 if (!crls) 339 if (!crls)
340 goto end; 340 goto end;
@@ -352,8 +352,8 @@ verify_main(int argc, char **argv)
352 } 352 }
353 353
354 end: 354 end:
355 if (verify_config.vpm) 355 if (cfg.vpm)
356 X509_VERIFY_PARAM_free(verify_config.vpm); 356 X509_VERIFY_PARAM_free(cfg.vpm);
357 if (cert_ctx != NULL) 357 if (cert_ctx != NULL)
358 X509_STORE_free(cert_ctx); 358 X509_STORE_free(cert_ctx);
359 sk_X509_pop_free(untrusted, X509_free); 359 sk_X509_pop_free(untrusted, X509_free);
@@ -454,7 +454,7 @@ cb(int ok, X509_STORE_CTX *ctx)
454 } 454 }
455 if (cert_error == X509_V_OK && ok == 2) 455 if (cert_error == X509_V_OK && ok == 2)
456 policies_print(NULL, ctx); 456 policies_print(NULL, ctx);
457 if (!verify_config.verbose) 457 if (!cfg.verbose)
458 ERR_clear_error(); 458 ERR_clear_error();
459 return (ok); 459 return (ok);
460} 460}
diff --git a/src/usr.bin/openssl/version.c b/src/usr.bin/openssl/version.c
index 038774ad0c..6ff1860ead 100644
--- a/src/usr.bin/openssl/version.c
+++ b/src/usr.bin/openssl/version.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: version.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: version.c,v 1.11 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -142,17 +142,17 @@ static struct {
142 int options; 142 int options;
143 int platform; 143 int platform;
144 int version; 144 int version;
145} version_config; 145} cfg;
146 146
147static int 147static int
148version_all_opts(void) 148version_all_opts(void)
149{ 149{
150 version_config.cflags = 1; 150 cfg.cflags = 1;
151 version_config.date = 1; 151 cfg.date = 1;
152 version_config.dir= 1; 152 cfg.dir= 1;
153 version_config.options = 1; 153 cfg.options = 1;
154 version_config.platform = 1; 154 cfg.platform = 1;
155 version_config.version = 1; 155 cfg.version = 1;
156 156
157 return (0); 157 return (0);
158} 158}
@@ -168,37 +168,37 @@ static const struct option version_options[] = {
168 .name = "b", 168 .name = "b",
169 .desc = "Date the current version of OpenSSL was built", 169 .desc = "Date the current version of OpenSSL was built",
170 .type = OPTION_FLAG, 170 .type = OPTION_FLAG,
171 .opt.flag = &version_config.date, 171 .opt.flag = &cfg.date,
172 }, 172 },
173 { 173 {
174 .name = "d", 174 .name = "d",
175 .desc = "OPENSSLDIR value", 175 .desc = "OPENSSLDIR value",
176 .type = OPTION_FLAG, 176 .type = OPTION_FLAG,
177 .opt.flag = &version_config.dir, 177 .opt.flag = &cfg.dir,
178 }, 178 },
179 { 179 {
180 .name = "f", 180 .name = "f",
181 .desc = "Compilation flags", 181 .desc = "Compilation flags",
182 .type = OPTION_FLAG, 182 .type = OPTION_FLAG,
183 .opt.flag = &version_config.cflags, 183 .opt.flag = &cfg.cflags,
184 }, 184 },
185 { 185 {
186 .name = "o", 186 .name = "o",
187 .desc = "Option information", 187 .desc = "Option information",
188 .type = OPTION_FLAG, 188 .type = OPTION_FLAG,
189 .opt.flag = &version_config.options, 189 .opt.flag = &cfg.options,
190 }, 190 },
191 { 191 {
192 .name = "p", 192 .name = "p",
193 .desc = "Platform settings", 193 .desc = "Platform settings",
194 .type = OPTION_FLAG, 194 .type = OPTION_FLAG,
195 .opt.flag = &version_config.platform, 195 .opt.flag = &cfg.platform,
196 }, 196 },
197 { 197 {
198 .name = "v", 198 .name = "v",
199 .desc = "Current OpenSSL version", 199 .desc = "Current OpenSSL version",
200 .type = OPTION_FLAG, 200 .type = OPTION_FLAG,
201 .opt.flag = &version_config.version, 201 .opt.flag = &cfg.version,
202 }, 202 },
203 {NULL}, 203 {NULL},
204}; 204};
@@ -218,7 +218,7 @@ version_main(int argc, char **argv)
218 exit(1); 218 exit(1);
219 } 219 }
220 220
221 memset(&version_config, 0, sizeof(version_config)); 221 memset(&cfg, 0, sizeof(cfg));
222 222
223 if (options_parse(argc, argv, version_options, NULL, NULL) != 0) { 223 if (options_parse(argc, argv, version_options, NULL, NULL) != 0) {
224 version_usage(); 224 version_usage();
@@ -226,9 +226,9 @@ version_main(int argc, char **argv)
226 } 226 }
227 227
228 if (argc == 1) 228 if (argc == 1)
229 version_config.version = 1; 229 cfg.version = 1;
230 230
231 if (version_config.version) { 231 if (cfg.version) {
232 if (SSLeay() == SSLEAY_VERSION_NUMBER) { 232 if (SSLeay() == SSLEAY_VERSION_NUMBER) {
233 printf("%s\n", SSLeay_version(SSLEAY_VERSION)); 233 printf("%s\n", SSLeay_version(SSLEAY_VERSION));
234 } else { 234 } else {
@@ -237,11 +237,11 @@ version_main(int argc, char **argv)
237 SSLeay_version(SSLEAY_VERSION)); 237 SSLeay_version(SSLEAY_VERSION));
238 } 238 }
239 } 239 }
240 if (version_config.date) 240 if (cfg.date)
241 printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON)); 241 printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON));
242 if (version_config.platform) 242 if (cfg.platform)
243 printf("%s\n", SSLeay_version(SSLEAY_PLATFORM)); 243 printf("%s\n", SSLeay_version(SSLEAY_PLATFORM));
244 if (version_config.options) { 244 if (cfg.options) {
245 printf("options: "); 245 printf("options: ");
246 printf("%s ", BN_options()); 246 printf("%s ", BN_options());
247#ifndef OPENSSL_NO_RC4 247#ifndef OPENSSL_NO_RC4
@@ -258,9 +258,9 @@ version_main(int argc, char **argv)
258#endif 258#endif
259 printf("\n"); 259 printf("\n");
260 } 260 }
261 if (version_config.cflags) 261 if (cfg.cflags)
262 printf("%s\n", SSLeay_version(SSLEAY_CFLAGS)); 262 printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
263 if (version_config.dir) 263 if (cfg.dir)
264 printf("%s\n", SSLeay_version(SSLEAY_DIR)); 264 printf("%s\n", SSLeay_version(SSLEAY_DIR));
265 265
266 return (0); 266 return (0);
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c
index e1c69c6798..66cad3ab2c 100644
--- a/src/usr.bin/openssl/x509.c
+++ b/src/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.c,v 1.30 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: x509.c,v 1.31 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -152,58 +152,58 @@ static struct {
152 STACK_OF(ASN1_OBJECT) *trust; 152 STACK_OF(ASN1_OBJECT) *trust;
153 int trustout; 153 int trustout;
154 int x509req; 154 int x509req;
155} x509_config; 155} cfg;
156 156
157static int 157static int
158x509_opt_addreject(char *arg) 158x509_opt_addreject(char *arg)
159{ 159{
160 if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { 160 if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) {
161 BIO_printf(bio_err, "Invalid reject object value %s\n", arg); 161 BIO_printf(bio_err, "Invalid reject object value %s\n", arg);
162 return (1); 162 return (1);
163 } 163 }
164 164
165 if (x509_config.reject == NULL && 165 if (cfg.reject == NULL &&
166 (x509_config.reject = sk_ASN1_OBJECT_new_null()) == NULL) 166 (cfg.reject = sk_ASN1_OBJECT_new_null()) == NULL)
167 return (1); 167 return (1);
168 168
169 if (!sk_ASN1_OBJECT_push(x509_config.reject, x509_config.objtmp)) 169 if (!sk_ASN1_OBJECT_push(cfg.reject, cfg.objtmp))
170 return (1); 170 return (1);
171 171
172 x509_config.trustout = 1; 172 cfg.trustout = 1;
173 return (0); 173 return (0);
174} 174}
175 175
176static int 176static int
177x509_opt_addtrust(char *arg) 177x509_opt_addtrust(char *arg)
178{ 178{
179 if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { 179 if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) {
180 BIO_printf(bio_err, "Invalid trust object value %s\n", arg); 180 BIO_printf(bio_err, "Invalid trust object value %s\n", arg);
181 return (1); 181 return (1);
182 } 182 }
183 183
184 if (x509_config.trust == NULL && 184 if (cfg.trust == NULL &&
185 (x509_config.trust = sk_ASN1_OBJECT_new_null()) == NULL) 185 (cfg.trust = sk_ASN1_OBJECT_new_null()) == NULL)
186 return (1); 186 return (1);
187 187
188 if (!sk_ASN1_OBJECT_push(x509_config.trust, x509_config.objtmp)) 188 if (!sk_ASN1_OBJECT_push(cfg.trust, cfg.objtmp))
189 return (1); 189 return (1);
190 190
191 x509_config.trustout = 1; 191 cfg.trustout = 1;
192 return (0); 192 return (0);
193} 193}
194 194
195static int 195static int
196x509_opt_ca(char *arg) 196x509_opt_ca(char *arg)
197{ 197{
198 x509_config.CAfile = arg; 198 cfg.CAfile = arg;
199 x509_config.CA_flag = ++x509_config.num; 199 cfg.CA_flag = ++cfg.num;
200 return (0); 200 return (0);
201} 201}
202 202
203static int 203static int
204x509_opt_certopt(char *arg) 204x509_opt_certopt(char *arg)
205{ 205{
206 if (!set_cert_ex(&x509_config.certflag, arg)) 206 if (!set_cert_ex(&cfg.certflag, arg))
207 return (1); 207 return (1);
208 208
209 return (0); 209 return (0);
@@ -214,20 +214,20 @@ x509_opt_checkend(char *arg)
214{ 214{
215 const char *errstr; 215 const char *errstr;
216 216
217 x509_config.checkoffset = strtonum(arg, 0, INT_MAX, &errstr); 217 cfg.checkoffset = strtonum(arg, 0, INT_MAX, &errstr);
218 if (errstr != NULL) { 218 if (errstr != NULL) {
219 BIO_printf(bio_err, "checkend unusable: %s\n", errstr); 219 BIO_printf(bio_err, "checkend unusable: %s\n", errstr);
220 return (1); 220 return (1);
221 } 221 }
222 x509_config.checkend = 1; 222 cfg.checkend = 1;
223 return (0); 223 return (0);
224} 224}
225 225
226static int 226static int
227x509_opt_dates(void) 227x509_opt_dates(void)
228{ 228{
229 x509_config.startdate = ++x509_config.num; 229 cfg.startdate = ++cfg.num;
230 x509_config.enddate = ++x509_config.num; 230 cfg.enddate = ++cfg.num;
231 return (0); 231 return (0);
232} 232}
233 233
@@ -236,7 +236,7 @@ x509_opt_days(char *arg)
236{ 236{
237 const char *errstr; 237 const char *errstr;
238 238
239 x509_config.days = strtonum(arg, 1, INT_MAX, &errstr); 239 cfg.days = strtonum(arg, 1, INT_MAX, &errstr);
240 if (errstr != NULL) { 240 if (errstr != NULL) {
241 BIO_printf(bio_err, "bad number of days: %s\n", errstr); 241 BIO_printf(bio_err, "bad number of days: %s\n", errstr);
242 return (1); 242 return (1);
@@ -252,11 +252,11 @@ x509_opt_digest(int argc, char **argv, int *argsused)
252 if (*name++ != '-') 252 if (*name++ != '-')
253 return (1); 253 return (1);
254 254
255 if ((x509_config.md_alg = EVP_get_digestbyname(name)) != NULL) { 255 if ((cfg.md_alg = EVP_get_digestbyname(name)) != NULL) {
256 x509_config.digest = x509_config.md_alg; 256 cfg.digest = cfg.md_alg;
257 } else { 257 } else {
258 BIO_printf(bio_err, "unknown option %s\n", *argv); 258 BIO_printf(bio_err, "unknown option %s\n", *argv);
259 x509_config.badops = 1; 259 cfg.badops = 1;
260 return (1); 260 return (1);
261 } 261 }
262 262
@@ -267,7 +267,7 @@ x509_opt_digest(int argc, char **argv, int *argsused)
267static int 267static int
268x509_opt_nameopt(char *arg) 268x509_opt_nameopt(char *arg)
269{ 269{
270 if (!set_name_ex(&x509_config.nmflag, arg)) 270 if (!set_name_ex(&cfg.nmflag, arg))
271 return (1); 271 return (1);
272 272
273 return (0); 273 return (0);
@@ -276,8 +276,8 @@ x509_opt_nameopt(char *arg)
276static int 276static int
277x509_opt_set_serial(char *arg) 277x509_opt_set_serial(char *arg)
278{ 278{
279 ASN1_INTEGER_free(x509_config.sno); 279 ASN1_INTEGER_free(cfg.sno);
280 if ((x509_config.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL) 280 if ((cfg.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL)
281 return (1); 281 return (1);
282 282
283 return (0); 283 return (0);
@@ -286,27 +286,27 @@ x509_opt_set_serial(char *arg)
286static int 286static int
287x509_opt_setalias(char *arg) 287x509_opt_setalias(char *arg)
288{ 288{
289 x509_config.alias = arg; 289 cfg.alias = arg;
290 x509_config.trustout = 1; 290 cfg.trustout = 1;
291 return (0); 291 return (0);
292} 292}
293 293
294static int 294static int
295x509_opt_signkey(char *arg) 295x509_opt_signkey(char *arg)
296{ 296{
297 x509_config.keyfile = arg; 297 cfg.keyfile = arg;
298 x509_config.sign_flag = ++x509_config.num; 298 cfg.sign_flag = ++cfg.num;
299 return (0); 299 return (0);
300} 300}
301 301
302static int 302static int
303x509_opt_sigopt(char *arg) 303x509_opt_sigopt(char *arg)
304{ 304{
305 if (x509_config.sigopts == NULL && 305 if (cfg.sigopts == NULL &&
306 (x509_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) 306 (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL)
307 return (1); 307 return (1);
308 308
309 if (!sk_OPENSSL_STRING_push(x509_config.sigopts, arg)) 309 if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
310 return (1); 310 return (1);
311 311
312 return (0); 312 return (0);
@@ -317,8 +317,8 @@ static const struct option x509_options[] = {
317 .name = "C", 317 .name = "C",
318 .desc = "Convert the certificate into C code", 318 .desc = "Convert the certificate into C code",
319 .type = OPTION_ORDER, 319 .type = OPTION_ORDER,
320 .opt.order = &x509_config.C, 320 .opt.order = &cfg.C,
321 .order = &x509_config.num, 321 .order = &cfg.num,
322 }, 322 },
323 { 323 {
324 .name = "addreject", 324 .name = "addreject",
@@ -338,8 +338,8 @@ static const struct option x509_options[] = {
338 .name = "alias", 338 .name = "alias",
339 .desc = "Output certificate alias", 339 .desc = "Output certificate alias",
340 .type = OPTION_ORDER, 340 .type = OPTION_ORDER,
341 .opt.order = &x509_config.aliasout, 341 .opt.order = &cfg.aliasout,
342 .order = &x509_config.num, 342 .order = &cfg.num,
343 }, 343 },
344 { 344 {
345 .name = "CA", 345 .name = "CA",
@@ -352,15 +352,15 @@ static const struct option x509_options[] = {
352 .name = "CAcreateserial", 352 .name = "CAcreateserial",
353 .desc = "Create serial number file if it does not exist", 353 .desc = "Create serial number file if it does not exist",
354 .type = OPTION_ORDER, 354 .type = OPTION_ORDER,
355 .opt.order = &x509_config.CA_createserial, 355 .opt.order = &cfg.CA_createserial,
356 .order = &x509_config.num, 356 .order = &cfg.num,
357 }, 357 },
358 { 358 {
359 .name = "CAform", 359 .name = "CAform",
360 .argname = "fmt", 360 .argname = "fmt",
361 .desc = "CA format - default PEM", 361 .desc = "CA format - default PEM",
362 .type = OPTION_ARG_FORMAT, 362 .type = OPTION_ARG_FORMAT,
363 .opt.value = &x509_config.CAformat, 363 .opt.value = &cfg.CAformat,
364 }, 364 },
365 { 365 {
366 .name = "CAkey", 366 .name = "CAkey",
@@ -368,21 +368,21 @@ static const struct option x509_options[] = {
368 .desc = "CA key in PEM format unless -CAkeyform is specified\n" 368 .desc = "CA key in PEM format unless -CAkeyform is specified\n"
369 "if omitted, the key is assumed to be in the CA file", 369 "if omitted, the key is assumed to be in the CA file",
370 .type = OPTION_ARG, 370 .type = OPTION_ARG,
371 .opt.arg = &x509_config.CAkeyfile, 371 .opt.arg = &cfg.CAkeyfile,
372 }, 372 },
373 { 373 {
374 .name = "CAkeyform", 374 .name = "CAkeyform",
375 .argname = "fmt", 375 .argname = "fmt",
376 .desc = "CA key format - default PEM", 376 .desc = "CA key format - default PEM",
377 .type = OPTION_ARG_FORMAT, 377 .type = OPTION_ARG_FORMAT,
378 .opt.value = &x509_config.CAkeyformat, 378 .opt.value = &cfg.CAkeyformat,
379 }, 379 },
380 { 380 {
381 .name = "CAserial", 381 .name = "CAserial",
382 .argname = "file", 382 .argname = "file",
383 .desc = "Serial file", 383 .desc = "Serial file",
384 .type = OPTION_ARG, 384 .type = OPTION_ARG,
385 .opt.arg = &x509_config.CAserial, 385 .opt.arg = &cfg.CAserial,
386 }, 386 },
387 { 387 {
388 .name = "certopt", 388 .name = "certopt",
@@ -403,21 +403,21 @@ static const struct option x509_options[] = {
403 .name = "clrext", 403 .name = "clrext",
404 .desc = "Clear all extensions", 404 .desc = "Clear all extensions",
405 .type = OPTION_FLAG, 405 .type = OPTION_FLAG,
406 .opt.flag = &x509_config.clrext, 406 .opt.flag = &cfg.clrext,
407 }, 407 },
408 { 408 {
409 .name = "clrreject", 409 .name = "clrreject",
410 .desc = "Clear all rejected purposes", 410 .desc = "Clear all rejected purposes",
411 .type = OPTION_ORDER, 411 .type = OPTION_ORDER,
412 .opt.order = &x509_config.clrreject, 412 .opt.order = &cfg.clrreject,
413 .order = &x509_config.num, 413 .order = &cfg.num,
414 }, 414 },
415 { 415 {
416 .name = "clrtrust", 416 .name = "clrtrust",
417 .desc = "Clear all trusted purposes", 417 .desc = "Clear all trusted purposes",
418 .type = OPTION_ORDER, 418 .type = OPTION_ORDER,
419 .opt.order = &x509_config.clrtrust, 419 .opt.order = &cfg.clrtrust,
420 .order = &x509_config.num, 420 .order = &cfg.num,
421 }, 421 },
422 { 422 {
423 .name = "dates", 423 .name = "dates",
@@ -436,79 +436,79 @@ static const struct option x509_options[] = {
436 .name = "email", 436 .name = "email",
437 .desc = "Print email address(es)", 437 .desc = "Print email address(es)",
438 .type = OPTION_ORDER, 438 .type = OPTION_ORDER,
439 .opt.order = &x509_config.email, 439 .opt.order = &cfg.email,
440 .order = &x509_config.num, 440 .order = &cfg.num,
441 }, 441 },
442 { 442 {
443 .name = "enddate", 443 .name = "enddate",
444 .desc = "Print notAfter field", 444 .desc = "Print notAfter field",
445 .type = OPTION_ORDER, 445 .type = OPTION_ORDER,
446 .opt.order = &x509_config.enddate, 446 .opt.order = &cfg.enddate,
447 .order = &x509_config.num, 447 .order = &cfg.num,
448 }, 448 },
449 { 449 {
450 .name = "extensions", 450 .name = "extensions",
451 .argname = "section", 451 .argname = "section",
452 .desc = "Section from config file with X509V3 extensions to add", 452 .desc = "Section from config file with X509V3 extensions to add",
453 .type = OPTION_ARG, 453 .type = OPTION_ARG,
454 .opt.arg = &x509_config.extsect, 454 .opt.arg = &cfg.extsect,
455 }, 455 },
456 { 456 {
457 .name = "extfile", 457 .name = "extfile",
458 .argname = "file", 458 .argname = "file",
459 .desc = "Configuration file with X509V3 extensions to add", 459 .desc = "Configuration file with X509V3 extensions to add",
460 .type = OPTION_ARG, 460 .type = OPTION_ARG,
461 .opt.arg = &x509_config.extfile, 461 .opt.arg = &cfg.extfile,
462 }, 462 },
463 { 463 {
464 .name = "fingerprint", 464 .name = "fingerprint",
465 .desc = "Print the certificate fingerprint", 465 .desc = "Print the certificate fingerprint",
466 .type = OPTION_ORDER, 466 .type = OPTION_ORDER,
467 .opt.order = &x509_config.fingerprint, 467 .opt.order = &cfg.fingerprint,
468 .order = &x509_config.num, 468 .order = &cfg.num,
469 }, 469 },
470 { 470 {
471 .name = "hash", 471 .name = "hash",
472 .desc = "Synonym for -subject_hash", 472 .desc = "Synonym for -subject_hash",
473 .type = OPTION_ORDER, 473 .type = OPTION_ORDER,
474 .opt.order = &x509_config.subject_hash, 474 .opt.order = &cfg.subject_hash,
475 .order = &x509_config.num, 475 .order = &cfg.num,
476 }, 476 },
477 { 477 {
478 .name = "in", 478 .name = "in",
479 .argname = "file", 479 .argname = "file",
480 .desc = "Input file - default stdin", 480 .desc = "Input file - default stdin",
481 .type = OPTION_ARG, 481 .type = OPTION_ARG,
482 .opt.arg = &x509_config.infile, 482 .opt.arg = &cfg.infile,
483 }, 483 },
484 { 484 {
485 .name = "inform", 485 .name = "inform",
486 .argname = "fmt", 486 .argname = "fmt",
487 .desc = "Input format - default PEM (one of DER, NET or PEM)", 487 .desc = "Input format - default PEM (one of DER, NET or PEM)",
488 .type = OPTION_ARG_FORMAT, 488 .type = OPTION_ARG_FORMAT,
489 .opt.value = &x509_config.informat, 489 .opt.value = &cfg.informat,
490 }, 490 },
491 { 491 {
492 .name = "issuer", 492 .name = "issuer",
493 .desc = "Print issuer name", 493 .desc = "Print issuer name",
494 .type = OPTION_ORDER, 494 .type = OPTION_ORDER,
495 .opt.order = &x509_config.issuer, 495 .opt.order = &cfg.issuer,
496 .order = &x509_config.num, 496 .order = &cfg.num,
497 }, 497 },
498 { 498 {
499 .name = "issuer_hash", 499 .name = "issuer_hash",
500 .desc = "Print issuer hash value", 500 .desc = "Print issuer hash value",
501 .type = OPTION_ORDER, 501 .type = OPTION_ORDER,
502 .opt.order = &x509_config.issuer_hash, 502 .opt.order = &cfg.issuer_hash,
503 .order = &x509_config.num, 503 .order = &cfg.num,
504 }, 504 },
505#ifndef OPENSSL_NO_MD5 505#ifndef OPENSSL_NO_MD5
506 { 506 {
507 .name = "issuer_hash_old", 507 .name = "issuer_hash_old",
508 .desc = "Print old-style (MD5) issuer hash value", 508 .desc = "Print old-style (MD5) issuer hash value",
509 .type = OPTION_ORDER, 509 .type = OPTION_ORDER,
510 .opt.order = &x509_config.issuer_hash_old, 510 .opt.order = &cfg.issuer_hash_old,
511 .order = &x509_config.num, 511 .order = &cfg.num,
512 }, 512 },
513#endif 513#endif
514 { 514 {
@@ -516,14 +516,14 @@ static const struct option x509_options[] = {
516 .argname = "fmt", 516 .argname = "fmt",
517 .desc = "Private key format - default PEM", 517 .desc = "Private key format - default PEM",
518 .type = OPTION_ARG_FORMAT, 518 .type = OPTION_ARG_FORMAT,
519 .opt.value = &x509_config.keyformat, 519 .opt.value = &cfg.keyformat,
520 }, 520 },
521 { 521 {
522 .name = "modulus", 522 .name = "modulus",
523 .desc = "Print the RSA key modulus", 523 .desc = "Print the RSA key modulus",
524 .type = OPTION_ORDER, 524 .type = OPTION_ORDER,
525 .opt.order = &x509_config.modulus, 525 .opt.order = &cfg.modulus,
526 .order = &x509_config.num, 526 .order = &cfg.num,
527 }, 527 },
528 { 528 {
529 .name = "nameopt", 529 .name = "nameopt",
@@ -536,77 +536,77 @@ static const struct option x509_options[] = {
536 .name = "next_serial", 536 .name = "next_serial",
537 .desc = "Print the next serial number", 537 .desc = "Print the next serial number",
538 .type = OPTION_ORDER, 538 .type = OPTION_ORDER,
539 .opt.order = &x509_config.next_serial, 539 .opt.order = &cfg.next_serial,
540 .order = &x509_config.num, 540 .order = &cfg.num,
541 }, 541 },
542 { 542 {
543 .name = "noout", 543 .name = "noout",
544 .desc = "No certificate output", 544 .desc = "No certificate output",
545 .type = OPTION_ORDER, 545 .type = OPTION_ORDER,
546 .opt.order = &x509_config.noout, 546 .opt.order = &cfg.noout,
547 .order = &x509_config.num, 547 .order = &cfg.num,
548 }, 548 },
549 { 549 {
550 .name = "ocsp_uri", 550 .name = "ocsp_uri",
551 .desc = "Print OCSP Responder URL(s)", 551 .desc = "Print OCSP Responder URL(s)",
552 .type = OPTION_ORDER, 552 .type = OPTION_ORDER,
553 .opt.order = &x509_config.ocsp_uri, 553 .opt.order = &cfg.ocsp_uri,
554 .order = &x509_config.num, 554 .order = &cfg.num,
555 }, 555 },
556 { 556 {
557 .name = "ocspid", 557 .name = "ocspid",
558 .desc = "Print OCSP hash values for the subject name and public key", 558 .desc = "Print OCSP hash values for the subject name and public key",
559 .type = OPTION_ORDER, 559 .type = OPTION_ORDER,
560 .opt.order = &x509_config.ocspid, 560 .opt.order = &cfg.ocspid,
561 .order = &x509_config.num, 561 .order = &cfg.num,
562 }, 562 },
563 { 563 {
564 .name = "out", 564 .name = "out",
565 .argname = "file", 565 .argname = "file",
566 .desc = "Output file - default stdout", 566 .desc = "Output file - default stdout",
567 .type = OPTION_ARG, 567 .type = OPTION_ARG,
568 .opt.arg = &x509_config.outfile, 568 .opt.arg = &cfg.outfile,
569 }, 569 },
570 { 570 {
571 .name = "outform", 571 .name = "outform",
572 .argname = "fmt", 572 .argname = "fmt",
573 .desc = "Output format - default PEM (one of DER, NET or PEM)", 573 .desc = "Output format - default PEM (one of DER, NET or PEM)",
574 .type = OPTION_ARG_FORMAT, 574 .type = OPTION_ARG_FORMAT,
575 .opt.value = &x509_config.outformat, 575 .opt.value = &cfg.outformat,
576 }, 576 },
577 { 577 {
578 .name = "passin", 578 .name = "passin",
579 .argname = "src", 579 .argname = "src",
580 .desc = "Private key password source", 580 .desc = "Private key password source",
581 .type = OPTION_ARG, 581 .type = OPTION_ARG,
582 .opt.arg = &x509_config.passargin, 582 .opt.arg = &cfg.passargin,
583 }, 583 },
584 { 584 {
585 .name = "pubkey", 585 .name = "pubkey",
586 .desc = "Output the public key", 586 .desc = "Output the public key",
587 .type = OPTION_ORDER, 587 .type = OPTION_ORDER,
588 .opt.order = &x509_config.pubkey, 588 .opt.order = &cfg.pubkey,
589 .order = &x509_config.num, 589 .order = &cfg.num,
590 }, 590 },
591 { 591 {
592 .name = "purpose", 592 .name = "purpose",
593 .desc = "Print out certificate purposes", 593 .desc = "Print out certificate purposes",
594 .type = OPTION_ORDER, 594 .type = OPTION_ORDER,
595 .opt.order = &x509_config.pprint, 595 .opt.order = &cfg.pprint,
596 .order = &x509_config.num, 596 .order = &cfg.num,
597 }, 597 },
598 { 598 {
599 .name = "req", 599 .name = "req",
600 .desc = "Input is a certificate request, sign and output", 600 .desc = "Input is a certificate request, sign and output",
601 .type = OPTION_FLAG, 601 .type = OPTION_FLAG,
602 .opt.flag = &x509_config.reqfile, 602 .opt.flag = &cfg.reqfile,
603 }, 603 },
604 { 604 {
605 .name = "serial", 605 .name = "serial",
606 .desc = "Print serial number value", 606 .desc = "Print serial number value",
607 .type = OPTION_ORDER, 607 .type = OPTION_ORDER,
608 .opt.order = &x509_config.serial, 608 .opt.order = &cfg.serial,
609 .order = &x509_config.num, 609 .order = &cfg.num,
610 }, 610 },
611 { 611 {
612 .name = "set_serial", 612 .name = "set_serial",
@@ -640,51 +640,51 @@ static const struct option x509_options[] = {
640 .name = "startdate", 640 .name = "startdate",
641 .desc = "Print notBefore field", 641 .desc = "Print notBefore field",
642 .type = OPTION_ORDER, 642 .type = OPTION_ORDER,
643 .opt.order = &x509_config.startdate, 643 .opt.order = &cfg.startdate,
644 .order = &x509_config.num, 644 .order = &cfg.num,
645 }, 645 },
646 { 646 {
647 .name = "subject", 647 .name = "subject",
648 .desc = "Print subject name", 648 .desc = "Print subject name",
649 .type = OPTION_ORDER, 649 .type = OPTION_ORDER,
650 .opt.order = &x509_config.subject, 650 .opt.order = &cfg.subject,
651 .order = &x509_config.num, 651 .order = &cfg.num,
652 }, 652 },
653 { 653 {
654 .name = "subject_hash", 654 .name = "subject_hash",
655 .desc = "Print subject hash value", 655 .desc = "Print subject hash value",
656 .type = OPTION_ORDER, 656 .type = OPTION_ORDER,
657 .opt.order = &x509_config.subject_hash, 657 .opt.order = &cfg.subject_hash,
658 .order = &x509_config.num, 658 .order = &cfg.num,
659 }, 659 },
660#ifndef OPENSSL_NO_MD5 660#ifndef OPENSSL_NO_MD5
661 { 661 {
662 .name = "subject_hash_old", 662 .name = "subject_hash_old",
663 .desc = "Print old-style (MD5) subject hash value", 663 .desc = "Print old-style (MD5) subject hash value",
664 .type = OPTION_ORDER, 664 .type = OPTION_ORDER,
665 .opt.order = &x509_config.subject_hash_old, 665 .opt.order = &cfg.subject_hash_old,
666 .order = &x509_config.num, 666 .order = &cfg.num,
667 }, 667 },
668#endif 668#endif
669 { 669 {
670 .name = "text", 670 .name = "text",
671 .desc = "Print the certificate in text form", 671 .desc = "Print the certificate in text form",
672 .type = OPTION_ORDER, 672 .type = OPTION_ORDER,
673 .opt.order = &x509_config.text, 673 .opt.order = &cfg.text,
674 .order = &x509_config.num, 674 .order = &cfg.num,
675 }, 675 },
676 { 676 {
677 .name = "trustout", 677 .name = "trustout",
678 .desc = "Output a trusted certificate", 678 .desc = "Output a trusted certificate",
679 .type = OPTION_FLAG, 679 .type = OPTION_FLAG,
680 .opt.flag = &x509_config.trustout, 680 .opt.flag = &cfg.trustout,
681 }, 681 },
682 { 682 {
683 .name = "x509toreq", 683 .name = "x509toreq",
684 .desc = "Output a certification request object", 684 .desc = "Output a certification request object",
685 .type = OPTION_ORDER, 685 .type = OPTION_ORDER,
686 .opt.order = &x509_config.x509req, 686 .opt.order = &cfg.x509req,
687 .order = &x509_config.num, 687 .order = &cfg.num,
688 }, 688 },
689 { 689 {
690 .name = NULL, 690 .name = NULL,
@@ -740,13 +740,13 @@ x509_main(int argc, char **argv)
740 exit(1); 740 exit(1);
741 } 741 }
742 742
743 memset(&x509_config, 0, sizeof(x509_config)); 743 memset(&cfg, 0, sizeof(cfg));
744 x509_config.days = DEF_DAYS; 744 cfg.days = DEF_DAYS;
745 x509_config.informat = FORMAT_PEM; 745 cfg.informat = FORMAT_PEM;
746 x509_config.outformat = FORMAT_PEM; 746 cfg.outformat = FORMAT_PEM;
747 x509_config.keyformat = FORMAT_PEM; 747 cfg.keyformat = FORMAT_PEM;
748 x509_config.CAformat = FORMAT_PEM; 748 cfg.CAformat = FORMAT_PEM;
749 x509_config.CAkeyformat = FORMAT_PEM; 749 cfg.CAkeyformat = FORMAT_PEM;
750 750
751 STDout = BIO_new_fp(stdout, BIO_NOCLOSE); 751 STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
752 752
@@ -758,13 +758,13 @@ x509_main(int argc, char **argv)
758 if (options_parse(argc, argv, x509_options, NULL, NULL) != 0) 758 if (options_parse(argc, argv, x509_options, NULL, NULL) != 0)
759 goto bad; 759 goto bad;
760 760
761 if (x509_config.badops) { 761 if (cfg.badops) {
762 bad: 762 bad:
763 x509_usage(); 763 x509_usage();
764 goto end; 764 goto end;
765 } 765 }
766 766
767 if (!app_passwd(bio_err, x509_config.passargin, NULL, &passin, NULL)) { 767 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
768 BIO_printf(bio_err, "Error getting password\n"); 768 BIO_printf(bio_err, "Error getting password\n");
769 goto end; 769 goto end;
770 } 770 }
@@ -772,53 +772,53 @@ x509_main(int argc, char **argv)
772 ERR_print_errors(bio_err); 772 ERR_print_errors(bio_err);
773 goto end; 773 goto end;
774 } 774 }
775 if ((x509_config.CAkeyfile == NULL) && (x509_config.CA_flag) && 775 if ((cfg.CAkeyfile == NULL) && (cfg.CA_flag) &&
776 (x509_config.CAformat == FORMAT_PEM)) { 776 (cfg.CAformat == FORMAT_PEM)) {
777 x509_config.CAkeyfile = x509_config.CAfile; 777 cfg.CAkeyfile = cfg.CAfile;
778 } else if ((x509_config.CA_flag) && (x509_config.CAkeyfile == NULL)) { 778 } else if ((cfg.CA_flag) && (cfg.CAkeyfile == NULL)) {
779 BIO_printf(bio_err, 779 BIO_printf(bio_err,
780 "need to specify a CAkey if using the CA command\n"); 780 "need to specify a CAkey if using the CA command\n");
781 goto end; 781 goto end;
782 } 782 }
783 if (x509_config.extfile != NULL) { 783 if (cfg.extfile != NULL) {
784 long errorline = -1; 784 long errorline = -1;
785 X509V3_CTX ctx2; 785 X509V3_CTX ctx2;
786 extconf = NCONF_new(NULL); 786 extconf = NCONF_new(NULL);
787 if (!NCONF_load(extconf, x509_config.extfile, &errorline)) { 787 if (!NCONF_load(extconf, cfg.extfile, &errorline)) {
788 if (errorline <= 0) 788 if (errorline <= 0)
789 BIO_printf(bio_err, 789 BIO_printf(bio_err,
790 "error loading the config file '%s'\n", 790 "error loading the config file '%s'\n",
791 x509_config.extfile); 791 cfg.extfile);
792 else 792 else
793 BIO_printf(bio_err, 793 BIO_printf(bio_err,
794 "error on line %ld of config file '%s'\n", 794 "error on line %ld of config file '%s'\n",
795 errorline, x509_config.extfile); 795 errorline, cfg.extfile);
796 goto end; 796 goto end;
797 } 797 }
798 if (x509_config.extsect == NULL) { 798 if (cfg.extsect == NULL) {
799 x509_config.extsect = NCONF_get_string(extconf, 799 cfg.extsect = NCONF_get_string(extconf,
800 "default", "extensions"); 800 "default", "extensions");
801 if (x509_config.extsect == NULL) { 801 if (cfg.extsect == NULL) {
802 ERR_clear_error(); 802 ERR_clear_error();
803 x509_config.extsect = "default"; 803 cfg.extsect = "default";
804 } 804 }
805 } 805 }
806 X509V3_set_ctx_test(&ctx2); 806 X509V3_set_ctx_test(&ctx2);
807 X509V3_set_nconf(&ctx2, extconf); 807 X509V3_set_nconf(&ctx2, extconf);
808 if (!X509V3_EXT_add_nconf(extconf, &ctx2, x509_config.extsect, 808 if (!X509V3_EXT_add_nconf(extconf, &ctx2, cfg.extsect,
809 NULL)) { 809 NULL)) {
810 BIO_printf(bio_err, 810 BIO_printf(bio_err,
811 "Error Loading extension section %s\n", 811 "Error Loading extension section %s\n",
812 x509_config.extsect); 812 cfg.extsect);
813 ERR_print_errors(bio_err); 813 ERR_print_errors(bio_err);
814 goto end; 814 goto end;
815 } 815 }
816 } 816 }
817 if (x509_config.reqfile) { 817 if (cfg.reqfile) {
818 EVP_PKEY *pkey; 818 EVP_PKEY *pkey;
819 BIO *in; 819 BIO *in;
820 820
821 if (!x509_config.sign_flag && !x509_config.CA_flag) { 821 if (!cfg.sign_flag && !cfg.CA_flag) {
822 BIO_printf(bio_err, 822 BIO_printf(bio_err,
823 "We need a private key to sign with\n"); 823 "We need a private key to sign with\n");
824 goto end; 824 goto end;
@@ -828,11 +828,11 @@ x509_main(int argc, char **argv)
828 ERR_print_errors(bio_err); 828 ERR_print_errors(bio_err);
829 goto end; 829 goto end;
830 } 830 }
831 if (x509_config.infile == NULL) 831 if (cfg.infile == NULL)
832 BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT); 832 BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
833 else { 833 else {
834 if (BIO_read_filename(in, x509_config.infile) <= 0) { 834 if (BIO_read_filename(in, cfg.infile) <= 0) {
835 perror(x509_config.infile); 835 perror(cfg.infile);
836 BIO_free(in); 836 BIO_free(in);
837 goto end; 837 goto end;
838 } 838 }
@@ -862,21 +862,21 @@ x509_main(int argc, char **argv)
862 BIO_printf(bio_err, "Signature ok\n"); 862 BIO_printf(bio_err, "Signature ok\n");
863 863
864 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), 864 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
865 x509_config.nmflag); 865 cfg.nmflag);
866 866
867 if ((x = X509_new()) == NULL) 867 if ((x = X509_new()) == NULL)
868 goto end; 868 goto end;
869 869
870 if (x509_config.sno == NULL) { 870 if (cfg.sno == NULL) {
871 x509_config.sno = ASN1_INTEGER_new(); 871 cfg.sno = ASN1_INTEGER_new();
872 if (x509_config.sno == NULL || 872 if (cfg.sno == NULL ||
873 !rand_serial(NULL, x509_config.sno)) 873 !rand_serial(NULL, cfg.sno))
874 goto end; 874 goto end;
875 if (!X509_set_serialNumber(x, x509_config.sno)) 875 if (!X509_set_serialNumber(x, cfg.sno))
876 goto end; 876 goto end;
877 ASN1_INTEGER_free(x509_config.sno); 877 ASN1_INTEGER_free(cfg.sno);
878 x509_config.sno = NULL; 878 cfg.sno = NULL;
879 } else if (!X509_set_serialNumber(x, x509_config.sno)) 879 } else if (!X509_set_serialNumber(x, cfg.sno))
880 goto end; 880 goto end;
881 881
882 if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) 882 if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
@@ -886,7 +886,7 @@ x509_main(int argc, char **argv)
886 886
887 if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) 887 if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
888 goto end; 888 goto end;
889 if (X509_time_adj_ex(X509_get_notAfter(x), x509_config.days, 0, 889 if (X509_time_adj_ex(X509_get_notAfter(x), cfg.days, 0,
890 NULL) == NULL) 890 NULL) == NULL)
891 goto end; 891 goto end;
892 892
@@ -897,19 +897,19 @@ x509_main(int argc, char **argv)
897 goto end; 897 goto end;
898 } 898 }
899 } else { 899 } else {
900 x = load_cert(bio_err, x509_config.infile, x509_config.informat, 900 x = load_cert(bio_err, cfg.infile, cfg.informat,
901 NULL, "Certificate"); 901 NULL, "Certificate");
902 } 902 }
903 if (x == NULL) 903 if (x == NULL)
904 goto end; 904 goto end;
905 905
906 if (x509_config.CA_flag) { 906 if (cfg.CA_flag) {
907 xca = load_cert(bio_err, x509_config.CAfile, 907 xca = load_cert(bio_err, cfg.CAfile,
908 x509_config.CAformat, NULL, "CA Certificate"); 908 cfg.CAformat, NULL, "CA Certificate");
909 if (xca == NULL) 909 if (xca == NULL)
910 goto end; 910 goto end;
911 } 911 }
912 if (!x509_config.noout || x509_config.text || x509_config.next_serial) { 912 if (!cfg.noout || cfg.text || cfg.next_serial) {
913 OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); 913 OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
914 914
915 out = BIO_new(BIO_s_file()); 915 out = BIO_new(BIO_s_file());
@@ -917,57 +917,57 @@ x509_main(int argc, char **argv)
917 ERR_print_errors(bio_err); 917 ERR_print_errors(bio_err);
918 goto end; 918 goto end;
919 } 919 }
920 if (x509_config.outfile == NULL) { 920 if (cfg.outfile == NULL) {
921 BIO_set_fp(out, stdout, BIO_NOCLOSE); 921 BIO_set_fp(out, stdout, BIO_NOCLOSE);
922 } else { 922 } else {
923 if (BIO_write_filename(out, x509_config.outfile) <= 0) { 923 if (BIO_write_filename(out, cfg.outfile) <= 0) {
924 perror(x509_config.outfile); 924 perror(cfg.outfile);
925 goto end; 925 goto end;
926 } 926 }
927 } 927 }
928 } 928 }
929 if (x509_config.alias != NULL) { 929 if (cfg.alias != NULL) {
930 if (!X509_alias_set1(x, (unsigned char *)x509_config.alias, -1)) 930 if (!X509_alias_set1(x, (unsigned char *)cfg.alias, -1))
931 goto end; 931 goto end;
932 } 932 }
933 933
934 if (x509_config.clrtrust) 934 if (cfg.clrtrust)
935 X509_trust_clear(x); 935 X509_trust_clear(x);
936 if (x509_config.clrreject) 936 if (cfg.clrreject)
937 X509_reject_clear(x); 937 X509_reject_clear(x);
938 938
939 if (x509_config.trust != NULL) { 939 if (cfg.trust != NULL) {
940 for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) { 940 for (i = 0; i < sk_ASN1_OBJECT_num(cfg.trust); i++) {
941 x509_config.objtmp = sk_ASN1_OBJECT_value( 941 cfg.objtmp = sk_ASN1_OBJECT_value(
942 x509_config.trust, i); 942 cfg.trust, i);
943 if (!X509_add1_trust_object(x, x509_config.objtmp)) 943 if (!X509_add1_trust_object(x, cfg.objtmp))
944 goto end; 944 goto end;
945 } 945 }
946 } 946 }
947 if (x509_config.reject != NULL) { 947 if (cfg.reject != NULL) {
948 for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) { 948 for (i = 0; i < sk_ASN1_OBJECT_num(cfg.reject); i++) {
949 x509_config.objtmp = sk_ASN1_OBJECT_value( 949 cfg.objtmp = sk_ASN1_OBJECT_value(
950 x509_config.reject, i); 950 cfg.reject, i);
951 if (!X509_add1_reject_object(x, x509_config.objtmp)) 951 if (!X509_add1_reject_object(x, cfg.objtmp))
952 goto end; 952 goto end;
953 } 953 }
954 } 954 }
955 if (x509_config.num) { 955 if (cfg.num) {
956 for (i = 1; i <= x509_config.num; i++) { 956 for (i = 1; i <= cfg.num; i++) {
957 if (x509_config.issuer == i) { 957 if (cfg.issuer == i) {
958 print_name(STDout, "issuer= ", 958 print_name(STDout, "issuer= ",
959 X509_get_issuer_name(x), 959 X509_get_issuer_name(x),
960 x509_config.nmflag); 960 cfg.nmflag);
961 } else if (x509_config.subject == i) { 961 } else if (cfg.subject == i) {
962 print_name(STDout, "subject= ", 962 print_name(STDout, "subject= ",
963 X509_get_subject_name(x), 963 X509_get_subject_name(x),
964 x509_config.nmflag); 964 cfg.nmflag);
965 } else if (x509_config.serial == i) { 965 } else if (cfg.serial == i) {
966 BIO_printf(STDout, "serial="); 966 BIO_printf(STDout, "serial=");
967 i2a_ASN1_INTEGER(STDout, 967 i2a_ASN1_INTEGER(STDout,
968 X509_get_serialNumber(x)); 968 X509_get_serialNumber(x));
969 BIO_printf(STDout, "\n"); 969 BIO_printf(STDout, "\n");
970 } else if (x509_config.next_serial == i) { 970 } else if (cfg.next_serial == i) {
971 BIGNUM *bnser; 971 BIGNUM *bnser;
972 ASN1_INTEGER *ser; 972 ASN1_INTEGER *ser;
973 ser = X509_get_serialNumber(x); 973 ser = X509_get_serialNumber(x);
@@ -989,11 +989,11 @@ x509_main(int argc, char **argv)
989 i2a_ASN1_INTEGER(out, ser); 989 i2a_ASN1_INTEGER(out, ser);
990 ASN1_INTEGER_free(ser); 990 ASN1_INTEGER_free(ser);
991 BIO_puts(out, "\n"); 991 BIO_puts(out, "\n");
992 } else if ((x509_config.email == i) || 992 } else if ((cfg.email == i) ||
993 (x509_config.ocsp_uri == i)) { 993 (cfg.ocsp_uri == i)) {
994 int j; 994 int j;
995 STACK_OF(OPENSSL_STRING) *emlst; 995 STACK_OF(OPENSSL_STRING) *emlst;
996 if (x509_config.email == i) 996 if (cfg.email == i)
997 emlst = X509_get1_email(x); 997 emlst = X509_get1_email(x);
998 else 998 else
999 emlst = X509_get1_ocsp(x); 999 emlst = X509_get1_ocsp(x);
@@ -1001,7 +1001,7 @@ x509_main(int argc, char **argv)
1001 BIO_printf(STDout, "%s\n", 1001 BIO_printf(STDout, "%s\n",
1002 sk_OPENSSL_STRING_value(emlst, j)); 1002 sk_OPENSSL_STRING_value(emlst, j));
1003 X509_email_free(emlst); 1003 X509_email_free(emlst);
1004 } else if (x509_config.aliasout == i) { 1004 } else if (cfg.aliasout == i) {
1005 unsigned char *albuf; 1005 unsigned char *albuf;
1006 int buflen; 1006 int buflen;
1007 albuf = X509_alias_get0(x, &buflen); 1007 albuf = X509_alias_get0(x, &buflen);
@@ -1010,27 +1010,27 @@ x509_main(int argc, char **argv)
1010 buflen, albuf); 1010 buflen, albuf);
1011 else 1011 else
1012 BIO_puts(STDout, "<No Alias>\n"); 1012 BIO_puts(STDout, "<No Alias>\n");
1013 } else if (x509_config.subject_hash == i) { 1013 } else if (cfg.subject_hash == i) {
1014 BIO_printf(STDout, "%08lx\n", 1014 BIO_printf(STDout, "%08lx\n",
1015 X509_subject_name_hash(x)); 1015 X509_subject_name_hash(x));
1016 } 1016 }
1017#ifndef OPENSSL_NO_MD5 1017#ifndef OPENSSL_NO_MD5
1018 else if (x509_config.subject_hash_old == i) { 1018 else if (cfg.subject_hash_old == i) {
1019 BIO_printf(STDout, "%08lx\n", 1019 BIO_printf(STDout, "%08lx\n",
1020 X509_subject_name_hash_old(x)); 1020 X509_subject_name_hash_old(x));
1021 } 1021 }
1022#endif 1022#endif
1023 else if (x509_config.issuer_hash == i) { 1023 else if (cfg.issuer_hash == i) {
1024 BIO_printf(STDout, "%08lx\n", 1024 BIO_printf(STDout, "%08lx\n",
1025 X509_issuer_name_hash(x)); 1025 X509_issuer_name_hash(x));
1026 } 1026 }
1027#ifndef OPENSSL_NO_MD5 1027#ifndef OPENSSL_NO_MD5
1028 else if (x509_config.issuer_hash_old == i) { 1028 else if (cfg.issuer_hash_old == i) {
1029 BIO_printf(STDout, "%08lx\n", 1029 BIO_printf(STDout, "%08lx\n",
1030 X509_issuer_name_hash_old(x)); 1030 X509_issuer_name_hash_old(x));
1031 } 1031 }
1032#endif 1032#endif
1033 else if (x509_config.pprint == i) { 1033 else if (cfg.pprint == i) {
1034 X509_PURPOSE *ptmp; 1034 X509_PURPOSE *ptmp;
1035 int j; 1035 int j;
1036 BIO_printf(STDout, "Certificate purposes:\n"); 1036 BIO_printf(STDout, "Certificate purposes:\n");
@@ -1038,7 +1038,7 @@ x509_main(int argc, char **argv)
1038 ptmp = X509_PURPOSE_get0(j); 1038 ptmp = X509_PURPOSE_get0(j);
1039 purpose_print(STDout, x, ptmp); 1039 purpose_print(STDout, x, ptmp);
1040 } 1040 }
1041 } else if (x509_config.modulus == i) { 1041 } else if (cfg.modulus == i) {
1042 EVP_PKEY *pkey; 1042 EVP_PKEY *pkey;
1043 1043
1044 pkey = X509_get0_pubkey(x); 1044 pkey = X509_get0_pubkey(x);
@@ -1066,7 +1066,7 @@ x509_main(int argc, char **argv)
1066 BIO_printf(STDout, 1066 BIO_printf(STDout,
1067 "Wrong Algorithm type"); 1067 "Wrong Algorithm type");
1068 BIO_printf(STDout, "\n"); 1068 BIO_printf(STDout, "\n");
1069 } else if (x509_config.pubkey == i) { 1069 } else if (cfg.pubkey == i) {
1070 EVP_PKEY *pkey; 1070 EVP_PKEY *pkey;
1071 1071
1072 pkey = X509_get0_pubkey(x); 1072 pkey = X509_get0_pubkey(x);
@@ -1077,7 +1077,7 @@ x509_main(int argc, char **argv)
1077 goto end; 1077 goto end;
1078 } 1078 }
1079 PEM_write_bio_PUBKEY(STDout, pkey); 1079 PEM_write_bio_PUBKEY(STDout, pkey);
1080 } else if (x509_config.C == i) { 1080 } else if (cfg.C == i) {
1081 unsigned char *d; 1081 unsigned char *d;
1082 char *m; 1082 char *m;
1083 int y, z; 1083 int y, z;
@@ -1156,11 +1156,11 @@ x509_main(int argc, char **argv)
1156 BIO_printf(STDout, "};\n"); 1156 BIO_printf(STDout, "};\n");
1157 1157
1158 free(m); 1158 free(m);
1159 } else if (x509_config.text == i) { 1159 } else if (cfg.text == i) {
1160 if(!X509_print_ex(STDout, x, x509_config.nmflag, 1160 if(!X509_print_ex(STDout, x, cfg.nmflag,
1161 x509_config.certflag)) 1161 cfg.certflag))
1162 goto end; 1162 goto end;
1163 } else if (x509_config.startdate == i) { 1163 } else if (cfg.startdate == i) {
1164 ASN1_TIME *nB = X509_get_notBefore(x); 1164 ASN1_TIME *nB = X509_get_notBefore(x);
1165 BIO_puts(STDout, "notBefore="); 1165 BIO_puts(STDout, "notBefore=");
1166 if (ASN1_time_parse(nB->data, nB->length, NULL, 1166 if (ASN1_time_parse(nB->data, nB->length, NULL,
@@ -1170,7 +1170,7 @@ x509_main(int argc, char **argv)
1170 else 1170 else
1171 ASN1_TIME_print(STDout, nB); 1171 ASN1_TIME_print(STDout, nB);
1172 BIO_puts(STDout, "\n"); 1172 BIO_puts(STDout, "\n");
1173 } else if (x509_config.enddate == i) { 1173 } else if (cfg.enddate == i) {
1174 ASN1_TIME *nA = X509_get_notAfter(x); 1174 ASN1_TIME *nA = X509_get_notAfter(x);
1175 BIO_puts(STDout, "notAfter="); 1175 BIO_puts(STDout, "notAfter=");
1176 if (ASN1_time_parse(nA->data, nA->length, NULL, 1176 if (ASN1_time_parse(nA->data, nA->length, NULL,
@@ -1180,11 +1180,11 @@ x509_main(int argc, char **argv)
1180 else 1180 else
1181 ASN1_TIME_print(STDout, nA); 1181 ASN1_TIME_print(STDout, nA);
1182 BIO_puts(STDout, "\n"); 1182 BIO_puts(STDout, "\n");
1183 } else if (x509_config.fingerprint == i) { 1183 } else if (cfg.fingerprint == i) {
1184 int j; 1184 int j;
1185 unsigned int n; 1185 unsigned int n;
1186 unsigned char md[EVP_MAX_MD_SIZE]; 1186 unsigned char md[EVP_MAX_MD_SIZE];
1187 const EVP_MD *fdig = x509_config.digest; 1187 const EVP_MD *fdig = cfg.digest;
1188 1188
1189 if (fdig == NULL) 1189 if (fdig == NULL)
1190 fdig = EVP_sha256(); 1190 fdig = EVP_sha256();
@@ -1201,52 +1201,52 @@ x509_main(int argc, char **argv)
1201 } 1201 }
1202 1202
1203 /* should be in the library */ 1203 /* should be in the library */
1204 } else if ((x509_config.sign_flag == i) && 1204 } else if ((cfg.sign_flag == i) &&
1205 (x509_config.x509req == 0)) { 1205 (cfg.x509req == 0)) {
1206 BIO_printf(bio_err, "Getting Private key\n"); 1206 BIO_printf(bio_err, "Getting Private key\n");
1207 if (Upkey == NULL) { 1207 if (Upkey == NULL) {
1208 Upkey = load_key(bio_err, 1208 Upkey = load_key(bio_err,
1209 x509_config.keyfile, 1209 cfg.keyfile,
1210 x509_config.keyformat, 0, passin, 1210 cfg.keyformat, 0, passin,
1211 "Private key"); 1211 "Private key");
1212 if (Upkey == NULL) 1212 if (Upkey == NULL)
1213 goto end; 1213 goto end;
1214 } 1214 }
1215 if (!sign(x, Upkey, x509_config.days, 1215 if (!sign(x, Upkey, cfg.days,
1216 x509_config.clrext, x509_config.digest, 1216 cfg.clrext, cfg.digest,
1217 extconf, x509_config.extsect)) 1217 extconf, cfg.extsect))
1218 goto end; 1218 goto end;
1219 } else if (x509_config.CA_flag == i) { 1219 } else if (cfg.CA_flag == i) {
1220 BIO_printf(bio_err, "Getting CA Private Key\n"); 1220 BIO_printf(bio_err, "Getting CA Private Key\n");
1221 if (x509_config.CAkeyfile != NULL) { 1221 if (cfg.CAkeyfile != NULL) {
1222 CApkey = load_key(bio_err, 1222 CApkey = load_key(bio_err,
1223 x509_config.CAkeyfile, 1223 cfg.CAkeyfile,
1224 x509_config.CAkeyformat, 0, passin, 1224 cfg.CAkeyformat, 0, passin,
1225 "CA Private Key"); 1225 "CA Private Key");
1226 if (CApkey == NULL) 1226 if (CApkey == NULL)
1227 goto end; 1227 goto end;
1228 } 1228 }
1229 if (!x509_certify(ctx, x509_config.CAfile, 1229 if (!x509_certify(ctx, cfg.CAfile,
1230 x509_config.digest, x, xca, CApkey, 1230 cfg.digest, x, xca, CApkey,
1231 x509_config.sigopts, x509_config.CAserial, 1231 cfg.sigopts, cfg.CAserial,
1232 x509_config.CA_createserial, 1232 cfg.CA_createserial,
1233 x509_config.days, x509_config.clrext, 1233 cfg.days, cfg.clrext,
1234 extconf, x509_config.extsect, 1234 extconf, cfg.extsect,
1235 x509_config.sno)) 1235 cfg.sno))
1236 goto end; 1236 goto end;
1237 } else if (x509_config.x509req == i) { 1237 } else if (cfg.x509req == i) {
1238 EVP_PKEY *pk; 1238 EVP_PKEY *pk;
1239 1239
1240 BIO_printf(bio_err, 1240 BIO_printf(bio_err,
1241 "Getting request Private Key\n"); 1241 "Getting request Private Key\n");
1242 if (x509_config.keyfile == NULL) { 1242 if (cfg.keyfile == NULL) {
1243 BIO_printf(bio_err, 1243 BIO_printf(bio_err,
1244 "no request key file specified\n"); 1244 "no request key file specified\n");
1245 goto end; 1245 goto end;
1246 } else { 1246 } else {
1247 pk = load_key(bio_err, 1247 pk = load_key(bio_err,
1248 x509_config.keyfile, 1248 cfg.keyfile,
1249 x509_config.keyformat, 0, passin, 1249 cfg.keyformat, 0, passin,
1250 "request key"); 1250 "request key");
1251 if (pk == NULL) 1251 if (pk == NULL)
1252 goto end; 1252 goto end;
@@ -1255,27 +1255,27 @@ x509_main(int argc, char **argv)
1255 BIO_printf(bio_err, 1255 BIO_printf(bio_err,
1256 "Generating certificate request\n"); 1256 "Generating certificate request\n");
1257 1257
1258 rq = X509_to_X509_REQ(x, pk, x509_config.digest); 1258 rq = X509_to_X509_REQ(x, pk, cfg.digest);
1259 EVP_PKEY_free(pk); 1259 EVP_PKEY_free(pk);
1260 if (rq == NULL) { 1260 if (rq == NULL) {
1261 ERR_print_errors(bio_err); 1261 ERR_print_errors(bio_err);
1262 goto end; 1262 goto end;
1263 } 1263 }
1264 if (!x509_config.noout) { 1264 if (!cfg.noout) {
1265 if (!X509_REQ_print(out, rq)) 1265 if (!X509_REQ_print(out, rq))
1266 goto end; 1266 goto end;
1267 if (!PEM_write_bio_X509_REQ(out, rq)) 1267 if (!PEM_write_bio_X509_REQ(out, rq))
1268 goto end; 1268 goto end;
1269 } 1269 }
1270 x509_config.noout = 1; 1270 cfg.noout = 1;
1271 } else if (x509_config.ocspid == i) { 1271 } else if (cfg.ocspid == i) {
1272 if (!X509_ocspid_print(out, x)) 1272 if (!X509_ocspid_print(out, x))
1273 goto end; 1273 goto end;
1274 } 1274 }
1275 } 1275 }
1276 } 1276 }
1277 if (x509_config.checkend) { 1277 if (cfg.checkend) {
1278 time_t tcheck = time(NULL) + x509_config.checkoffset; 1278 time_t tcheck = time(NULL) + cfg.checkoffset;
1279 int timecheck = X509_cmp_time(X509_get_notAfter(x), &tcheck); 1279 int timecheck = X509_cmp_time(X509_get_notAfter(x), &tcheck);
1280 if (timecheck == 0) { 1280 if (timecheck == 0) {
1281 BIO_printf(out, "Certificate expiry time is invalid\n"); 1281 BIO_printf(out, "Certificate expiry time is invalid\n");
@@ -1289,14 +1289,14 @@ x509_main(int argc, char **argv)
1289 } 1289 }
1290 goto end; 1290 goto end;
1291 } 1291 }
1292 if (x509_config.noout) { 1292 if (cfg.noout) {
1293 ret = 0; 1293 ret = 0;
1294 goto end; 1294 goto end;
1295 } 1295 }
1296 if (x509_config.outformat == FORMAT_ASN1) 1296 if (cfg.outformat == FORMAT_ASN1)
1297 i = i2d_X509_bio(out, x); 1297 i = i2d_X509_bio(out, x);
1298 else if (x509_config.outformat == FORMAT_PEM) { 1298 else if (cfg.outformat == FORMAT_PEM) {
1299 if (x509_config.trustout) 1299 if (cfg.trustout)
1300 i = PEM_write_bio_X509_AUX(out, x); 1300 i = PEM_write_bio_X509_AUX(out, x);
1301 else 1301 else
1302 i = PEM_write_bio_X509(out, x); 1302 i = PEM_write_bio_X509(out, x);
@@ -1323,11 +1323,11 @@ x509_main(int argc, char **argv)
1323 X509_free(xca); 1323 X509_free(xca);
1324 EVP_PKEY_free(Upkey); 1324 EVP_PKEY_free(Upkey);
1325 EVP_PKEY_free(CApkey); 1325 EVP_PKEY_free(CApkey);
1326 sk_OPENSSL_STRING_free(x509_config.sigopts); 1326 sk_OPENSSL_STRING_free(cfg.sigopts);
1327 X509_REQ_free(rq); 1327 X509_REQ_free(rq);
1328 ASN1_INTEGER_free(x509_config.sno); 1328 ASN1_INTEGER_free(cfg.sno);
1329 sk_ASN1_OBJECT_pop_free(x509_config.trust, ASN1_OBJECT_free); 1329 sk_ASN1_OBJECT_pop_free(cfg.trust, ASN1_OBJECT_free);
1330 sk_ASN1_OBJECT_pop_free(x509_config.reject, ASN1_OBJECT_free); 1330 sk_ASN1_OBJECT_pop_free(cfg.reject, ASN1_OBJECT_free);
1331 free(passin); 1331 free(passin);
1332 1332
1333 return (ret); 1333 return (ret);
@@ -1412,7 +1412,7 @@ x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x,
1412 */ 1412 */
1413 X509_STORE_CTX_set_cert(xsc, x); 1413 X509_STORE_CTX_set_cert(xsc, x);
1414 X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); 1414 X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
1415 if (!x509_config.reqfile && X509_verify_cert(xsc) <= 0) 1415 if (!cfg.reqfile && X509_verify_cert(xsc) <= 0)
1416 goto end; 1416 goto end;
1417 1417
1418 if (!X509_check_private_key(xca, pkey)) { 1418 if (!X509_check_private_key(xca, pkey)) {