diff options
| author | tb <> | 2023-03-06 14:32:06 +0000 | 
|---|---|---|
| committer | tb <> | 2023-03-06 14:32:06 +0000 | 
| commit | 2ba7dcfcbc2ef5aaeb8eb14f36f83bd57c22bcae (patch) | |
| tree | bbe07d6e06b695cebe22802551f2db0a61354d7c /src | |
| parent | cfc0cbdbaaa36a4b6adee60b5cf3f4a388554426 (diff) | |
| download | openbsd-2ba7dcfcbc2ef5aaeb8eb14f36f83bd57c22bcae.tar.gz openbsd-2ba7dcfcbc2ef5aaeb8eb14f36f83bd57c22bcae.tar.bz2 openbsd-2ba7dcfcbc2ef5aaeb8eb14f36f83bd57c22bcae.zip | |
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.
Discussed with jsing
Diffstat (limited to '')
44 files changed, 3260 insertions, 3260 deletions
| diff --git a/src/usr.bin/openssl/asn1pars.c b/src/usr.bin/openssl/asn1pars.c index 6f7fa18512..5824b0ea14 100644 --- a/src/usr.bin/openssl/asn1pars.c +++ b/src/usr.bin/openssl/asn1pars.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn1pars.c,v 1.12 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: asn1pars.c,v 1.13 2023/03/06 14:32:05 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -86,14 +86,14 @@ static struct { | |||
| 86 | int offset; | 86 | int offset; | 
| 87 | char *oidfile; | 87 | char *oidfile; | 
| 88 | STACK_OF(OPENSSL_STRING) *osk; | 88 | STACK_OF(OPENSSL_STRING) *osk; | 
| 89 | } asn1pars_config; | 89 | } cfg; | 
| 90 | 90 | ||
| 91 | static int | 91 | static int | 
| 92 | asn1pars_opt_dlimit(char *arg) | 92 | asn1pars_opt_dlimit(char *arg) | 
| 93 | { | 93 | { | 
| 94 | const char *errstr; | 94 | const char *errstr; | 
| 95 | 95 | ||
| 96 | asn1pars_config.dump = strtonum(arg, 1, INT_MAX, &errstr); | 96 | cfg.dump = strtonum(arg, 1, INT_MAX, &errstr); | 
| 97 | if (errstr) { | 97 | if (errstr) { | 
| 98 | fprintf(stderr, "-dlimit must be from 1 to INT_MAX: %s\n", | 98 | fprintf(stderr, "-dlimit must be from 1 to INT_MAX: %s\n", | 
| 99 | errstr); | 99 | errstr); | 
| @@ -107,7 +107,7 @@ asn1pars_opt_length(char *arg) | |||
| 107 | { | 107 | { | 
| 108 | const char *errstr; | 108 | const char *errstr; | 
| 109 | 109 | ||
| 110 | asn1pars_config.length = strtonum(arg, 1, UINT_MAX, &errstr); | 110 | cfg.length = strtonum(arg, 1, UINT_MAX, &errstr); | 
| 111 | if (errstr) { | 111 | if (errstr) { | 
| 112 | fprintf(stderr, "-length must be from 1 to UINT_MAX: %s\n", | 112 | fprintf(stderr, "-length must be from 1 to UINT_MAX: %s\n", | 
| 113 | errstr); | 113 | errstr); | 
| @@ -119,7 +119,7 @@ asn1pars_opt_length(char *arg) | |||
| 119 | static int | 119 | static int | 
| 120 | asn1pars_opt_strparse(char *arg) | 120 | asn1pars_opt_strparse(char *arg) | 
| 121 | { | 121 | { | 
| 122 | if (sk_OPENSSL_STRING_push(asn1pars_config.osk, arg) == 0) { | 122 | if (sk_OPENSSL_STRING_push(cfg.osk, arg) == 0) { | 
| 123 | fprintf(stderr, "-strparse cannot add argument\n"); | 123 | fprintf(stderr, "-strparse cannot add argument\n"); | 
| 124 | return (-1); | 124 | return (-1); | 
| 125 | } | 125 | } | 
| @@ -132,7 +132,7 @@ static const struct option asn1pars_options[] = { | |||
| 132 | .desc = "Dump unknown data in hex form", | 132 | .desc = "Dump unknown data in hex form", | 
| 133 | .type = OPTION_VALUE, | 133 | .type = OPTION_VALUE, | 
| 134 | .value = -1, | 134 | .value = -1, | 
| 135 | .opt.value = &asn1pars_config.dump, | 135 | .opt.value = &cfg.dump, | 
| 136 | }, | 136 | }, | 
| 137 | { | 137 | { | 
| 138 | .name = "dlimit", | 138 | .name = "dlimit", | 
| @@ -146,34 +146,34 @@ static const struct option asn1pars_options[] = { | |||
| 146 | .argname = "file", | 146 | .argname = "file", | 
| 147 | .desc = "File to generate ASN.1 structure from", | 147 | .desc = "File to generate ASN.1 structure from", | 
| 148 | .type = OPTION_ARG, | 148 | .type = OPTION_ARG, | 
| 149 | .opt.arg = &asn1pars_config.genconf, | 149 | .opt.arg = &cfg.genconf, | 
| 150 | }, | 150 | }, | 
| 151 | { | 151 | { | 
| 152 | .name = "genstr", | 152 | .name = "genstr", | 
| 153 | .argname = "string", | 153 | .argname = "string", | 
| 154 | .desc = "String to generate ASN.1 structure from", | 154 | .desc = "String to generate ASN.1 structure from", | 
| 155 | .type = OPTION_ARG, | 155 | .type = OPTION_ARG, | 
| 156 | .opt.arg = &asn1pars_config.genstr, | 156 | .opt.arg = &cfg.genstr, | 
| 157 | }, | 157 | }, | 
| 158 | { | 158 | { | 
| 159 | .name = "i", | 159 | .name = "i", | 
| 160 | .desc = "Indent output according to depth of structures", | 160 | .desc = "Indent output according to depth of structures", | 
| 161 | .type = OPTION_FLAG, | 161 | .type = OPTION_FLAG, | 
| 162 | .opt.flag = &asn1pars_config.indent, | 162 | .opt.flag = &cfg.indent, | 
| 163 | }, | 163 | }, | 
| 164 | { | 164 | { | 
| 165 | .name = "in", | 165 | .name = "in", | 
| 166 | .argname = "file", | 166 | .argname = "file", | 
| 167 | .desc = "The input file (default stdin)", | 167 | .desc = "The input file (default stdin)", | 
| 168 | .type = OPTION_ARG, | 168 | .type = OPTION_ARG, | 
| 169 | .opt.arg = &asn1pars_config.infile, | 169 | .opt.arg = &cfg.infile, | 
| 170 | }, | 170 | }, | 
| 171 | { | 171 | { | 
| 172 | .name = "inform", | 172 | .name = "inform", | 
| 173 | .argname = "fmt", | 173 | .argname = "fmt", | 
| 174 | .desc = "Input format (DER, TXT or PEM (default))", | 174 | .desc = "Input format (DER, TXT or PEM (default))", | 
| 175 | .type = OPTION_ARG_FORMAT, | 175 | .type = OPTION_ARG_FORMAT, | 
| 176 | .opt.value = &asn1pars_config.informat, | 176 | .opt.value = &cfg.informat, | 
| 177 | }, | 177 | }, | 
| 178 | { | 178 | { | 
| 179 | .name = "length", | 179 | .name = "length", | 
| @@ -186,28 +186,28 @@ static const struct option asn1pars_options[] = { | |||
| 186 | .name = "noout", | 186 | .name = "noout", | 
| 187 | .desc = "Do not produce any output", | 187 | .desc = "Do not produce any output", | 
| 188 | .type = OPTION_FLAG, | 188 | .type = OPTION_FLAG, | 
| 189 | .opt.flag = &asn1pars_config.noout, | 189 | .opt.flag = &cfg.noout, | 
| 190 | }, | 190 | }, | 
| 191 | { | 191 | { | 
| 192 | .name = "offset", | 192 | .name = "offset", | 
| 193 | .argname = "num", | 193 | .argname = "num", | 
| 194 | .desc = "Offset to begin parsing", | 194 | .desc = "Offset to begin parsing", | 
| 195 | .type = OPTION_ARG_INT, | 195 | .type = OPTION_ARG_INT, | 
| 196 | .opt.value = &asn1pars_config.offset, | 196 | .opt.value = &cfg.offset, | 
| 197 | }, | 197 | }, | 
| 198 | { | 198 | { | 
| 199 | .name = "oid", | 199 | .name = "oid", | 
| 200 | .argname = "file", | 200 | .argname = "file", | 
| 201 | .desc = "File containing additional object identifiers (OIDs)", | 201 | .desc = "File containing additional object identifiers (OIDs)", | 
| 202 | .type = OPTION_ARG, | 202 | .type = OPTION_ARG, | 
| 203 | .opt.arg = &asn1pars_config.oidfile, | 203 | .opt.arg = &cfg.oidfile, | 
| 204 | }, | 204 | }, | 
| 205 | { | 205 | { | 
| 206 | .name = "out", | 206 | .name = "out", | 
| 207 | .argname = "file", | 207 | .argname = "file", | 
| 208 | .desc = "Output file in DER format", | 208 | .desc = "Output file in DER format", | 
| 209 | .type = OPTION_ARG, | 209 | .type = OPTION_ARG, | 
| 210 | .opt.arg = &asn1pars_config.derfile, | 210 | .opt.arg = &cfg.derfile, | 
| 211 | }, | 211 | }, | 
| 212 | { | 212 | { | 
| 213 | .name = "strparse", | 213 | .name = "strparse", | 
| @@ -252,10 +252,10 @@ asn1parse_main(int argc, char **argv) | |||
| 252 | exit(1); | 252 | exit(1); | 
| 253 | } | 253 | } | 
| 254 | 254 | ||
| 255 | memset(&asn1pars_config, 0, sizeof(asn1pars_config)); | 255 | memset(&cfg, 0, sizeof(cfg)); | 
| 256 | 256 | ||
| 257 | asn1pars_config.informat = FORMAT_PEM; | 257 | cfg.informat = FORMAT_PEM; | 
| 258 | if ((asn1pars_config.osk = sk_OPENSSL_STRING_new_null()) == NULL) { | 258 | if ((cfg.osk = sk_OPENSSL_STRING_new_null()) == NULL) { | 
| 259 | BIO_printf(bio_err, "Memory allocation failure\n"); | 259 | BIO_printf(bio_err, "Memory allocation failure\n"); | 
| 260 | goto end; | 260 | goto end; | 
| 261 | } | 261 | } | 
| @@ -273,28 +273,28 @@ asn1parse_main(int argc, char **argv) | |||
| 273 | } | 273 | } | 
| 274 | BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 274 | BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 
| 275 | 275 | ||
| 276 | if (asn1pars_config.oidfile != NULL) { | 276 | if (cfg.oidfile != NULL) { | 
| 277 | if (BIO_read_filename(in, asn1pars_config.oidfile) <= 0) { | 277 | if (BIO_read_filename(in, cfg.oidfile) <= 0) { | 
| 278 | BIO_printf(bio_err, "problems opening %s\n", | 278 | BIO_printf(bio_err, "problems opening %s\n", | 
| 279 | asn1pars_config.oidfile); | 279 | cfg.oidfile); | 
| 280 | ERR_print_errors(bio_err); | 280 | ERR_print_errors(bio_err); | 
| 281 | goto end; | 281 | goto end; | 
| 282 | } | 282 | } | 
| 283 | OBJ_create_objects(in); | 283 | OBJ_create_objects(in); | 
| 284 | } | 284 | } | 
| 285 | if (asn1pars_config.infile == NULL) | 285 | if (cfg.infile == NULL) | 
| 286 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 286 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 287 | else { | 287 | else { | 
| 288 | if (BIO_read_filename(in, asn1pars_config.infile) <= 0) { | 288 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 289 | perror(asn1pars_config.infile); | 289 | perror(cfg.infile); | 
| 290 | goto end; | 290 | goto end; | 
| 291 | } | 291 | } | 
| 292 | } | 292 | } | 
| 293 | 293 | ||
| 294 | if (asn1pars_config.derfile) { | 294 | if (cfg.derfile) { | 
| 295 | if (!(derout = BIO_new_file(asn1pars_config.derfile, "wb"))) { | 295 | if (!(derout = BIO_new_file(cfg.derfile, "wb"))) { | 
| 296 | BIO_printf(bio_err, "problems opening %s\n", | 296 | BIO_printf(bio_err, "problems opening %s\n", | 
| 297 | asn1pars_config.derfile); | 297 | cfg.derfile); | 
| 298 | ERR_print_errors(bio_err); | 298 | ERR_print_errors(bio_err); | 
| 299 | goto end; | 299 | goto end; | 
| 300 | } | 300 | } | 
| @@ -304,16 +304,16 @@ asn1parse_main(int argc, char **argv) | |||
| 304 | if (!BUF_MEM_grow(buf, BUFSIZ * 8)) | 304 | if (!BUF_MEM_grow(buf, BUFSIZ * 8)) | 
| 305 | goto end; /* Pre-allocate :-) */ | 305 | goto end; /* Pre-allocate :-) */ | 
| 306 | 306 | ||
| 307 | if (asn1pars_config.genstr || asn1pars_config.genconf) { | 307 | if (cfg.genstr || cfg.genconf) { | 
| 308 | num = do_generate(bio_err, asn1pars_config.genstr, | 308 | num = do_generate(bio_err, cfg.genstr, | 
| 309 | asn1pars_config.genconf, buf); | 309 | cfg.genconf, buf); | 
| 310 | if (num < 0) { | 310 | if (num < 0) { | 
| 311 | ERR_print_errors(bio_err); | 311 | ERR_print_errors(bio_err); | 
| 312 | goto end; | 312 | goto end; | 
| 313 | } | 313 | } | 
| 314 | } else { | 314 | } else { | 
| 315 | 315 | ||
| 316 | if (asn1pars_config.informat == FORMAT_PEM) { | 316 | if (cfg.informat == FORMAT_PEM) { | 
| 317 | BIO *tmp; | 317 | BIO *tmp; | 
| 318 | 318 | ||
| 319 | if ((b64 = BIO_new(BIO_f_base64())) == NULL) | 319 | if ((b64 = BIO_new(BIO_f_base64())) == NULL) | 
| @@ -337,20 +337,20 @@ asn1parse_main(int argc, char **argv) | |||
| 337 | 337 | ||
| 338 | /* If any structs to parse go through in sequence */ | 338 | /* If any structs to parse go through in sequence */ | 
| 339 | 339 | ||
| 340 | if (sk_OPENSSL_STRING_num(asn1pars_config.osk)) { | 340 | if (sk_OPENSSL_STRING_num(cfg.osk)) { | 
| 341 | tmpbuf = (unsigned char *) str; | 341 | tmpbuf = (unsigned char *) str; | 
| 342 | tmplen = num; | 342 | tmplen = num; | 
| 343 | for (i = 0; i < sk_OPENSSL_STRING_num(asn1pars_config.osk); | 343 | for (i = 0; i < sk_OPENSSL_STRING_num(cfg.osk); | 
| 344 | i++) { | 344 | i++) { | 
| 345 | ASN1_TYPE *atmp; | 345 | ASN1_TYPE *atmp; | 
| 346 | int typ; | 346 | int typ; | 
| 347 | j = strtonum( | 347 | j = strtonum( | 
| 348 | sk_OPENSSL_STRING_value(asn1pars_config.osk, i), | 348 | sk_OPENSSL_STRING_value(cfg.osk, i), | 
| 349 | 1, INT_MAX, &errstr); | 349 | 1, INT_MAX, &errstr); | 
| 350 | if (errstr) { | 350 | if (errstr) { | 
| 351 | BIO_printf(bio_err, | 351 | BIO_printf(bio_err, | 
| 352 | "'%s' is an invalid number: %s\n", | 352 | "'%s' is an invalid number: %s\n", | 
| 353 | sk_OPENSSL_STRING_value(asn1pars_config.osk, | 353 | sk_OPENSSL_STRING_value(cfg.osk, | 
| 354 | i), errstr); | 354 | i), errstr); | 
| 355 | continue; | 355 | continue; | 
| 356 | } | 356 | } | 
| @@ -380,28 +380,28 @@ asn1parse_main(int argc, char **argv) | |||
| 380 | str = (char *) tmpbuf; | 380 | str = (char *) tmpbuf; | 
| 381 | num = tmplen; | 381 | num = tmplen; | 
| 382 | } | 382 | } | 
| 383 | if (asn1pars_config.offset >= num) { | 383 | if (cfg.offset >= num) { | 
| 384 | BIO_printf(bio_err, "Error: offset too large\n"); | 384 | BIO_printf(bio_err, "Error: offset too large\n"); | 
| 385 | goto end; | 385 | goto end; | 
| 386 | } | 386 | } | 
| 387 | num -= asn1pars_config.offset; | 387 | num -= cfg.offset; | 
| 388 | 388 | ||
| 389 | if ((asn1pars_config.length == 0) || | 389 | if ((cfg.length == 0) || | 
| 390 | ((long)asn1pars_config.length > num)) | 390 | ((long)cfg.length > num)) | 
| 391 | asn1pars_config.length = (unsigned int) num; | 391 | cfg.length = (unsigned int) num; | 
| 392 | if (derout) { | 392 | if (derout) { | 
| 393 | if (BIO_write(derout, str + asn1pars_config.offset, | 393 | if (BIO_write(derout, str + cfg.offset, | 
| 394 | asn1pars_config.length) != (int)asn1pars_config.length) { | 394 | cfg.length) != (int)cfg.length) { | 
| 395 | BIO_printf(bio_err, "Error writing output\n"); | 395 | BIO_printf(bio_err, "Error writing output\n"); | 
| 396 | ERR_print_errors(bio_err); | 396 | ERR_print_errors(bio_err); | 
| 397 | goto end; | 397 | goto end; | 
| 398 | } | 398 | } | 
| 399 | } | 399 | } | 
| 400 | if (!asn1pars_config.noout && | 400 | if (!cfg.noout && | 
| 401 | !ASN1_parse_dump(out, | 401 | !ASN1_parse_dump(out, | 
| 402 | (unsigned char *)&(str[asn1pars_config.offset]), | 402 | (unsigned char *)&(str[cfg.offset]), | 
| 403 | asn1pars_config.length, asn1pars_config.indent, | 403 | cfg.length, cfg.indent, | 
| 404 | asn1pars_config.dump)) { | 404 | cfg.dump)) { | 
| 405 | ERR_print_errors(bio_err); | 405 | ERR_print_errors(bio_err); | 
| 406 | goto end; | 406 | goto end; | 
| 407 | } | 407 | } | 
| @@ -415,7 +415,7 @@ asn1parse_main(int argc, char **argv) | |||
| 415 | ERR_print_errors(bio_err); | 415 | ERR_print_errors(bio_err); | 
| 416 | BUF_MEM_free(buf); | 416 | BUF_MEM_free(buf); | 
| 417 | ASN1_TYPE_free(at); | 417 | ASN1_TYPE_free(at); | 
| 418 | sk_OPENSSL_STRING_free(asn1pars_config.osk); | 418 | sk_OPENSSL_STRING_free(cfg.osk); | 
| 419 | OBJ_cleanup(); | 419 | OBJ_cleanup(); | 
| 420 | 420 | ||
| 421 | return (ret); | 421 | return (ret); | 
| diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c index e13354f4af..369d11ead6 100644 --- a/src/usr.bin/openssl/ca.c +++ b/src/usr.bin/openssl/ca.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ca.c,v 1.54 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: ca.c,v 1.55 2023/03/06 14:32:05 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -207,63 +207,63 @@ static struct { | |||
| 207 | char *startdate; | 207 | char *startdate; | 
| 208 | char *subj; | 208 | char *subj; | 
| 209 | int verbose; | 209 | int verbose; | 
| 210 | } ca_config; | 210 | } cfg; | 
| 211 | 211 | ||
| 212 | static int | 212 | static int | 
| 213 | ca_opt_chtype_utf8(void) | 213 | ca_opt_chtype_utf8(void) | 
| 214 | { | 214 | { | 
| 215 | ca_config.chtype = MBSTRING_UTF8; | 215 | cfg.chtype = MBSTRING_UTF8; | 
| 216 | return (0); | 216 | return (0); | 
| 217 | } | 217 | } | 
| 218 | 218 | ||
| 219 | static int | 219 | static int | 
| 220 | ca_opt_crl_ca_compromise(char *arg) | 220 | ca_opt_crl_ca_compromise(char *arg) | 
| 221 | { | 221 | { | 
| 222 | ca_config.rev_arg = arg; | 222 | cfg.rev_arg = arg; | 
| 223 | ca_config.rev_type = REV_CA_COMPROMISE; | 223 | cfg.rev_type = REV_CA_COMPROMISE; | 
| 224 | return (0); | 224 | return (0); | 
| 225 | } | 225 | } | 
| 226 | 226 | ||
| 227 | static int | 227 | static int | 
| 228 | ca_opt_crl_compromise(char *arg) | 228 | ca_opt_crl_compromise(char *arg) | 
| 229 | { | 229 | { | 
| 230 | ca_config.rev_arg = arg; | 230 | cfg.rev_arg = arg; | 
| 231 | ca_config.rev_type = REV_KEY_COMPROMISE; | 231 | cfg.rev_type = REV_KEY_COMPROMISE; | 
| 232 | return (0); | 232 | return (0); | 
| 233 | } | 233 | } | 
| 234 | 234 | ||
| 235 | static int | 235 | static int | 
| 236 | ca_opt_crl_hold(char *arg) | 236 | ca_opt_crl_hold(char *arg) | 
| 237 | { | 237 | { | 
| 238 | ca_config.rev_arg = arg; | 238 | cfg.rev_arg = arg; | 
| 239 | ca_config.rev_type = REV_HOLD; | 239 | cfg.rev_type = REV_HOLD; | 
| 240 | return (0); | 240 | return (0); | 
| 241 | } | 241 | } | 
| 242 | 242 | ||
| 243 | static int | 243 | static int | 
| 244 | ca_opt_crl_reason(char *arg) | 244 | ca_opt_crl_reason(char *arg) | 
| 245 | { | 245 | { | 
| 246 | ca_config.rev_arg = arg; | 246 | cfg.rev_arg = arg; | 
| 247 | ca_config.rev_type = REV_CRL_REASON; | 247 | cfg.rev_type = REV_CRL_REASON; | 
| 248 | return (0); | 248 | return (0); | 
| 249 | } | 249 | } | 
| 250 | 250 | ||
| 251 | static int | 251 | static int | 
| 252 | ca_opt_in(char *arg) | 252 | ca_opt_in(char *arg) | 
| 253 | { | 253 | { | 
| 254 | ca_config.infile = arg; | 254 | cfg.infile = arg; | 
| 255 | ca_config.req = 1; | 255 | cfg.req = 1; | 
| 256 | return (0); | 256 | return (0); | 
| 257 | } | 257 | } | 
| 258 | 258 | ||
| 259 | static int | 259 | static int | 
| 260 | ca_opt_infiles(int argc, char **argv, int *argsused) | 260 | ca_opt_infiles(int argc, char **argv, int *argsused) | 
| 261 | { | 261 | { | 
| 262 | ca_config.infiles_num = argc - 1; | 262 | cfg.infiles_num = argc - 1; | 
| 263 | if (ca_config.infiles_num < 1) | 263 | if (cfg.infiles_num < 1) | 
| 264 | return (1); | 264 | return (1); | 
| 265 | ca_config.infiles = argv + 1; | 265 | cfg.infiles = argv + 1; | 
| 266 | ca_config.req = 1; | 266 | cfg.req = 1; | 
| 267 | *argsused = argc; | 267 | *argsused = argc; | 
| 268 | return (0); | 268 | return (0); | 
| 269 | } | 269 | } | 
| @@ -271,19 +271,19 @@ ca_opt_infiles(int argc, char **argv, int *argsused) | |||
| 271 | static int | 271 | static int | 
| 272 | ca_opt_revoke(char *arg) | 272 | ca_opt_revoke(char *arg) | 
| 273 | { | 273 | { | 
| 274 | ca_config.infile = arg; | 274 | cfg.infile = arg; | 
| 275 | ca_config.dorevoke = 1; | 275 | cfg.dorevoke = 1; | 
| 276 | return (0); | 276 | return (0); | 
| 277 | } | 277 | } | 
| 278 | 278 | ||
| 279 | static int | 279 | static int | 
| 280 | ca_opt_sigopt(char *arg) | 280 | ca_opt_sigopt(char *arg) | 
| 281 | { | 281 | { | 
| 282 | if (ca_config.sigopts == NULL) | 282 | if (cfg.sigopts == NULL) | 
| 283 | ca_config.sigopts = sk_OPENSSL_STRING_new_null(); | 283 | cfg.sigopts = sk_OPENSSL_STRING_new_null(); | 
| 284 | if (ca_config.sigopts == NULL) | 284 | if (cfg.sigopts == NULL) | 
| 285 | return (1); | 285 | return (1); | 
| 286 | if (!sk_OPENSSL_STRING_push(ca_config.sigopts, arg)) | 286 | if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) | 
| 287 | return (1); | 287 | return (1); | 
| 288 | return (0); | 288 | return (0); | 
| 289 | } | 289 | } | 
| @@ -291,16 +291,16 @@ ca_opt_sigopt(char *arg) | |||
| 291 | static int | 291 | static int | 
| 292 | ca_opt_spkac(char *arg) | 292 | ca_opt_spkac(char *arg) | 
| 293 | { | 293 | { | 
| 294 | ca_config.spkac_file = arg; | 294 | cfg.spkac_file = arg; | 
| 295 | ca_config.req = 1; | 295 | cfg.req = 1; | 
| 296 | return (0); | 296 | return (0); | 
| 297 | } | 297 | } | 
| 298 | 298 | ||
| 299 | static int | 299 | static int | 
| 300 | ca_opt_ss_cert(char *arg) | 300 | ca_opt_ss_cert(char *arg) | 
| 301 | { | 301 | { | 
| 302 | ca_config.ss_cert_file = arg; | 302 | cfg.ss_cert_file = arg; | 
| 303 | ca_config.req = 1; | 303 | cfg.req = 1; | 
| 304 | return (0); | 304 | return (0); | 
| 305 | } | 305 | } | 
| 306 | 306 | ||
| @@ -309,27 +309,27 @@ static const struct option ca_options[] = { | |||
| 309 | .name = "batch", | 309 | .name = "batch", | 
| 310 | .desc = "Operate in batch mode", | 310 | .desc = "Operate in batch mode", | 
| 311 | .type = OPTION_FLAG, | 311 | .type = OPTION_FLAG, | 
| 312 | .opt.flag = &ca_config.batch, | 312 | .opt.flag = &cfg.batch, | 
| 313 | }, | 313 | }, | 
| 314 | { | 314 | { | 
| 315 | .name = "cert", | 315 | .name = "cert", | 
| 316 | .argname = "file", | 316 | .argname = "file", | 
| 317 | .desc = "File containing the CA certificate", | 317 | .desc = "File containing the CA certificate", | 
| 318 | .type = OPTION_ARG, | 318 | .type = OPTION_ARG, | 
| 319 | .opt.arg = &ca_config.certfile, | 319 | .opt.arg = &cfg.certfile, | 
| 320 | }, | 320 | }, | 
| 321 | { | 321 | { | 
| 322 | .name = "config", | 322 | .name = "config", | 
| 323 | .argname = "file", | 323 | .argname = "file", | 
| 324 | .desc = "Specify an alternative configuration file", | 324 | .desc = "Specify an alternative configuration file", | 
| 325 | .type = OPTION_ARG, | 325 | .type = OPTION_ARG, | 
| 326 | .opt.arg = &ca_config.configfile, | 326 | .opt.arg = &cfg.configfile, | 
| 327 | }, | 327 | }, | 
| 328 | { | 328 | { | 
| 329 | .name = "create_serial", | 329 | .name = "create_serial", | 
| 330 | .desc = "If reading serial fails, create a new random serial", | 330 | .desc = "If reading serial fails, create a new random serial", | 
| 331 | .type = OPTION_FLAG, | 331 | .type = OPTION_FLAG, | 
| 332 | .opt.flag = &ca_config.create_serial, | 332 | .opt.flag = &cfg.create_serial, | 
| 333 | }, | 333 | }, | 
| 334 | { | 334 | { | 
| 335 | .name = "crl_CA_compromise", | 335 | .name = "crl_CA_compromise", | 
| @@ -367,62 +367,62 @@ static const struct option ca_options[] = { | |||
| 367 | .argname = "days", | 367 | .argname = "days", | 
| 368 | .desc = "Number of days before the next CRL is due", | 368 | .desc = "Number of days before the next CRL is due", | 
| 369 | .type = OPTION_ARG_LONG, | 369 | .type = OPTION_ARG_LONG, | 
| 370 | .opt.lvalue = &ca_config.crldays, | 370 | .opt.lvalue = &cfg.crldays, | 
| 371 | }, | 371 | }, | 
| 372 | { | 372 | { | 
| 373 | .name = "crlexts", | 373 | .name = "crlexts", | 
| 374 | .argname = "section", | 374 | .argname = "section", | 
| 375 | .desc = "CRL extension section (override value in config file)", | 375 | .desc = "CRL extension section (override value in config file)", | 
| 376 | .type = OPTION_ARG, | 376 | .type = OPTION_ARG, | 
| 377 | .opt.arg = &ca_config.crl_ext, | 377 | .opt.arg = &cfg.crl_ext, | 
| 378 | }, | 378 | }, | 
| 379 | { | 379 | { | 
| 380 | .name = "crlhours", | 380 | .name = "crlhours", | 
| 381 | .argname = "hours", | 381 | .argname = "hours", | 
| 382 | .desc = "Number of hours before the next CRL is due", | 382 | .desc = "Number of hours before the next CRL is due", | 
| 383 | .type = OPTION_ARG_LONG, | 383 | .type = OPTION_ARG_LONG, | 
| 384 | .opt.lvalue = &ca_config.crlhours, | 384 | .opt.lvalue = &cfg.crlhours, | 
| 385 | }, | 385 | }, | 
| 386 | { | 386 | { | 
| 387 | .name = "crlsec", | 387 | .name = "crlsec", | 
| 388 | .argname = "seconds", | 388 | .argname = "seconds", | 
| 389 | .desc = "Number of seconds before the next CRL is due", | 389 | .desc = "Number of seconds before the next CRL is due", | 
| 390 | .type = OPTION_ARG_LONG, | 390 | .type = OPTION_ARG_LONG, | 
| 391 | .opt.lvalue = &ca_config.crlsec, | 391 | .opt.lvalue = &cfg.crlsec, | 
| 392 | }, | 392 | }, | 
| 393 | { | 393 | { | 
| 394 | .name = "days", | 394 | .name = "days", | 
| 395 | .argname = "arg", | 395 | .argname = "arg", | 
| 396 | .desc = "Number of days to certify the certificate for", | 396 | .desc = "Number of days to certify the certificate for", | 
| 397 | .type = OPTION_ARG_LONG, | 397 | .type = OPTION_ARG_LONG, | 
| 398 | .opt.lvalue = &ca_config.days, | 398 | .opt.lvalue = &cfg.days, | 
| 399 | }, | 399 | }, | 
| 400 | { | 400 | { | 
| 401 | .name = "enddate", | 401 | .name = "enddate", | 
| 402 | .argname = "YYMMDDHHMMSSZ", | 402 | .argname = "YYMMDDHHMMSSZ", | 
| 403 | .desc = "Certificate validity notAfter (overrides -days)", | 403 | .desc = "Certificate validity notAfter (overrides -days)", | 
| 404 | .type = OPTION_ARG, | 404 | .type = OPTION_ARG, | 
| 405 | .opt.arg = &ca_config.enddate, | 405 | .opt.arg = &cfg.enddate, | 
| 406 | }, | 406 | }, | 
| 407 | { | 407 | { | 
| 408 | .name = "extensions", | 408 | .name = "extensions", | 
| 409 | .argname = "section", | 409 | .argname = "section", | 
| 410 | .desc = "Extension section (override value in config file)", | 410 | .desc = "Extension section (override value in config file)", | 
| 411 | .type = OPTION_ARG, | 411 | .type = OPTION_ARG, | 
| 412 | .opt.arg = &ca_config.extensions, | 412 | .opt.arg = &cfg.extensions, | 
| 413 | }, | 413 | }, | 
| 414 | { | 414 | { | 
| 415 | .name = "extfile", | 415 | .name = "extfile", | 
| 416 | .argname = "file", | 416 | .argname = "file", | 
| 417 | .desc = "Configuration file with X509v3 extentions to add", | 417 | .desc = "Configuration file with X509v3 extentions to add", | 
| 418 | .type = OPTION_ARG, | 418 | .type = OPTION_ARG, | 
| 419 | .opt.arg = &ca_config.extfile, | 419 | .opt.arg = &cfg.extfile, | 
| 420 | }, | 420 | }, | 
| 421 | { | 421 | { | 
| 422 | .name = "gencrl", | 422 | .name = "gencrl", | 
| 423 | .desc = "Generate a new CRL", | 423 | .desc = "Generate a new CRL", | 
| 424 | .type = OPTION_FLAG, | 424 | .type = OPTION_FLAG, | 
| 425 | .opt.flag = &ca_config.gencrl, | 425 | .opt.flag = &cfg.gencrl, | 
| 426 | }, | 426 | }, | 
| 427 | { | 427 | { | 
| 428 | .name = "in", | 428 | .name = "in", | 
| @@ -443,93 +443,93 @@ static const struct option ca_options[] = { | |||
| 443 | .argname = "password", | 443 | .argname = "password", | 
| 444 | .desc = "Key to decode the private key if it is encrypted", | 444 | .desc = "Key to decode the private key if it is encrypted", | 
| 445 | .type = OPTION_ARG, | 445 | .type = OPTION_ARG, | 
| 446 | .opt.arg = &ca_config.key, | 446 | .opt.arg = &cfg.key, | 
| 447 | }, | 447 | }, | 
| 448 | { | 448 | { | 
| 449 | .name = "keyfile", | 449 | .name = "keyfile", | 
| 450 | .argname = "file", | 450 | .argname = "file", | 
| 451 | .desc = "Private key file", | 451 | .desc = "Private key file", | 
| 452 | .type = OPTION_ARG, | 452 | .type = OPTION_ARG, | 
| 453 | .opt.arg = &ca_config.keyfile, | 453 | .opt.arg = &cfg.keyfile, | 
| 454 | }, | 454 | }, | 
| 455 | { | 455 | { | 
| 456 | .name = "keyform", | 456 | .name = "keyform", | 
| 457 | .argname = "fmt", | 457 | .argname = "fmt", | 
| 458 | .desc = "Private key file format (DER or PEM (default))", | 458 | .desc = "Private key file format (DER or PEM (default))", | 
| 459 | .type = OPTION_ARG_FORMAT, | 459 | .type = OPTION_ARG_FORMAT, | 
| 460 | .opt.value = &ca_config.keyform, | 460 | .opt.value = &cfg.keyform, | 
| 461 | }, | 461 | }, | 
| 462 | { | 462 | { | 
| 463 | .name = "md", | 463 | .name = "md", | 
| 464 | .argname = "alg", | 464 | .argname = "alg", | 
| 465 | .desc = "Message digest to use", | 465 | .desc = "Message digest to use", | 
| 466 | .type = OPTION_ARG, | 466 | .type = OPTION_ARG, | 
| 467 | .opt.arg = &ca_config.md, | 467 | .opt.arg = &cfg.md, | 
| 468 | }, | 468 | }, | 
| 469 | { | 469 | { | 
| 470 | .name = "msie_hack", | 470 | .name = "msie_hack", | 
| 471 | .type = OPTION_FLAG, | 471 | .type = OPTION_FLAG, | 
| 472 | .opt.flag = &ca_config.msie_hack, | 472 | .opt.flag = &cfg.msie_hack, | 
| 473 | }, | 473 | }, | 
| 474 | { | 474 | { | 
| 475 | .name = "multivalue-rdn", | 475 | .name = "multivalue-rdn", | 
| 476 | .desc = "Enable support for multivalued RDNs", | 476 | .desc = "Enable support for multivalued RDNs", | 
| 477 | .type = OPTION_FLAG, | 477 | .type = OPTION_FLAG, | 
| 478 | .opt.flag = &ca_config.multirdn, | 478 | .opt.flag = &cfg.multirdn, | 
| 479 | }, | 479 | }, | 
| 480 | { | 480 | { | 
| 481 | .name = "name", | 481 | .name = "name", | 
| 482 | .argname = "section", | 482 | .argname = "section", | 
| 483 | .desc = "Specifies the configuration file section to use", | 483 | .desc = "Specifies the configuration file section to use", | 
| 484 | .type = OPTION_ARG, | 484 | .type = OPTION_ARG, | 
| 485 | .opt.arg = &ca_config.section, | 485 | .opt.arg = &cfg.section, | 
| 486 | }, | 486 | }, | 
| 487 | { | 487 | { | 
| 488 | .name = "noemailDN", | 488 | .name = "noemailDN", | 
| 489 | .desc = "Do not add the EMAIL field to the DN", | 489 | .desc = "Do not add the EMAIL field to the DN", | 
| 490 | .type = OPTION_VALUE, | 490 | .type = OPTION_VALUE, | 
| 491 | .opt.value = &ca_config.email_dn, | 491 | .opt.value = &cfg.email_dn, | 
| 492 | .value = 0, | 492 | .value = 0, | 
| 493 | }, | 493 | }, | 
| 494 | { | 494 | { | 
| 495 | .name = "notext", | 495 | .name = "notext", | 
| 496 | .desc = "Do not print the generated certificate", | 496 | .desc = "Do not print the generated certificate", | 
| 497 | .type = OPTION_FLAG, | 497 | .type = OPTION_FLAG, | 
| 498 | .opt.flag = &ca_config.notext, | 498 | .opt.flag = &cfg.notext, | 
| 499 | }, | 499 | }, | 
| 500 | { | 500 | { | 
| 501 | .name = "out", | 501 | .name = "out", | 
| 502 | .argname = "file", | 502 | .argname = "file", | 
| 503 | .desc = "Output file (default stdout)", | 503 | .desc = "Output file (default stdout)", | 
| 504 | .type = OPTION_ARG, | 504 | .type = OPTION_ARG, | 
| 505 | .opt.arg = &ca_config.outfile, | 505 | .opt.arg = &cfg.outfile, | 
| 506 | }, | 506 | }, | 
| 507 | { | 507 | { | 
| 508 | .name = "outdir", | 508 | .name = "outdir", | 
| 509 | .argname = "directory", | 509 | .argname = "directory", | 
| 510 | .desc = " Directory to output certificates to", | 510 | .desc = " Directory to output certificates to", | 
| 511 | .type = OPTION_ARG, | 511 | .type = OPTION_ARG, | 
| 512 | .opt.arg = &ca_config.outdir, | 512 | .opt.arg = &cfg.outdir, | 
| 513 | }, | 513 | }, | 
| 514 | { | 514 | { | 
| 515 | .name = "passin", | 515 | .name = "passin", | 
| 516 | .argname = "src", | 516 | .argname = "src", | 
| 517 | .desc = "Private key input password source", | 517 | .desc = "Private key input password source", | 
| 518 | .type = OPTION_ARG, | 518 | .type = OPTION_ARG, | 
| 519 | .opt.arg = &ca_config.passargin, | 519 | .opt.arg = &cfg.passargin, | 
| 520 | }, | 520 | }, | 
| 521 | { | 521 | { | 
| 522 | .name = "policy", | 522 | .name = "policy", | 
| 523 | .argname = "name", | 523 | .argname = "name", | 
| 524 | .desc = "The CA 'policy' to support", | 524 | .desc = "The CA 'policy' to support", | 
| 525 | .type = OPTION_ARG, | 525 | .type = OPTION_ARG, | 
| 526 | .opt.arg = &ca_config.policy, | 526 | .opt.arg = &cfg.policy, | 
| 527 | }, | 527 | }, | 
| 528 | { | 528 | { | 
| 529 | .name = "preserveDN", | 529 | .name = "preserveDN", | 
| 530 | .desc = "Do not re-order the DN", | 530 | .desc = "Do not re-order the DN", | 
| 531 | .type = OPTION_FLAG, | 531 | .type = OPTION_FLAG, | 
| 532 | .opt.flag = &ca_config.preserve, | 532 | .opt.flag = &cfg.preserve, | 
| 533 | }, | 533 | }, | 
| 534 | { | 534 | { | 
| 535 | .name = "revoke", | 535 | .name = "revoke", | 
| @@ -542,7 +542,7 @@ static const struct option ca_options[] = { | |||
| 542 | .name = "selfsign", | 542 | .name = "selfsign", | 
| 543 | .desc = "Sign a certificate using the key associated with it", | 543 | .desc = "Sign a certificate using the key associated with it", | 
| 544 | .type = OPTION_FLAG, | 544 | .type = OPTION_FLAG, | 
| 545 | .opt.flag = &ca_config.selfsign, | 545 | .opt.flag = &cfg.selfsign, | 
| 546 | }, | 546 | }, | 
| 547 | { | 547 | { | 
| 548 | .name = "sigopt", | 548 | .name = "sigopt", | 
| @@ -570,27 +570,27 @@ static const struct option ca_options[] = { | |||
| 570 | .argname = "YYMMDDHHMMSSZ", | 570 | .argname = "YYMMDDHHMMSSZ", | 
| 571 | .desc = "Certificate validity notBefore", | 571 | .desc = "Certificate validity notBefore", | 
| 572 | .type = OPTION_ARG, | 572 | .type = OPTION_ARG, | 
| 573 | .opt.arg = &ca_config.startdate, | 573 | .opt.arg = &cfg.startdate, | 
| 574 | }, | 574 | }, | 
| 575 | { | 575 | { | 
| 576 | .name = "status", | 576 | .name = "status", | 
| 577 | .argname = "serial", | 577 | .argname = "serial", | 
| 578 | .desc = "Shows certificate status given the serial number", | 578 | .desc = "Shows certificate status given the serial number", | 
| 579 | .type = OPTION_ARG, | 579 | .type = OPTION_ARG, | 
| 580 | .opt.arg = &ca_config.serial_status, | 580 | .opt.arg = &cfg.serial_status, | 
| 581 | }, | 581 | }, | 
| 582 | { | 582 | { | 
| 583 | .name = "subj", | 583 | .name = "subj", | 
| 584 | .argname = "arg", | 584 | .argname = "arg", | 
| 585 | .desc = "Use arg instead of request's subject", | 585 | .desc = "Use arg instead of request's subject", | 
| 586 | .type = OPTION_ARG, | 586 | .type = OPTION_ARG, | 
| 587 | .opt.arg = &ca_config.subj, | 587 | .opt.arg = &cfg.subj, | 
| 588 | }, | 588 | }, | 
| 589 | { | 589 | { | 
| 590 | .name = "updatedb", | 590 | .name = "updatedb", | 
| 591 | .desc = "Updates db for expired certificates", | 591 | .desc = "Updates db for expired certificates", | 
| 592 | .type = OPTION_FLAG, | 592 | .type = OPTION_FLAG, | 
| 593 | .opt.flag = &ca_config.doupdatedb, | 593 | .opt.flag = &cfg.doupdatedb, | 
| 594 | }, | 594 | }, | 
| 595 | { | 595 | { | 
| 596 | .name = "utf8", | 596 | .name = "utf8", | 
| @@ -602,7 +602,7 @@ static const struct option ca_options[] = { | |||
| 602 | .name = "verbose", | 602 | .name = "verbose", | 
| 603 | .desc = "Verbose output during processing", | 603 | .desc = "Verbose output during processing", | 
| 604 | .type = OPTION_FLAG, | 604 | .type = OPTION_FLAG, | 
| 605 | .opt.flag = &ca_config.verbose, | 605 | .opt.flag = &cfg.verbose, | 
| 606 | }, | 606 | }, | 
| 607 | { NULL }, | 607 | { NULL }, | 
| 608 | }; | 608 | }; | 
| @@ -690,11 +690,11 @@ ca_main(int argc, char **argv) | |||
| 690 | exit(1); | 690 | exit(1); | 
| 691 | } | 691 | } | 
| 692 | 692 | ||
| 693 | memset(&ca_config, 0, sizeof(ca_config)); | 693 | memset(&cfg, 0, sizeof(cfg)); | 
| 694 | ca_config.email_dn = 1; | 694 | cfg.email_dn = 1; | 
| 695 | ca_config.keyform = FORMAT_PEM; | 695 | cfg.keyform = FORMAT_PEM; | 
| 696 | ca_config.chtype = MBSTRING_ASC; | 696 | cfg.chtype = MBSTRING_ASC; | 
| 697 | ca_config.rev_type = REV_NONE; | 697 | cfg.rev_type = REV_NONE; | 
| 698 | 698 | ||
| 699 | conf = NULL; | 699 | conf = NULL; | 
| 700 | 700 | ||
| @@ -705,37 +705,37 @@ ca_main(int argc, char **argv) | |||
| 705 | 705 | ||
| 706 | /*****************************************************************/ | 706 | /*****************************************************************/ | 
| 707 | tofree = NULL; | 707 | tofree = NULL; | 
| 708 | if (ca_config.configfile == NULL) | 708 | if (cfg.configfile == NULL) | 
| 709 | ca_config.configfile = getenv("OPENSSL_CONF"); | 709 | cfg.configfile = getenv("OPENSSL_CONF"); | 
| 710 | if (ca_config.configfile == NULL) { | 710 | if (cfg.configfile == NULL) { | 
| 711 | if ((tofree = make_config_name()) == NULL) { | 711 | if ((tofree = make_config_name()) == NULL) { | 
| 712 | BIO_printf(bio_err, "error making config file name\n"); | 712 | BIO_printf(bio_err, "error making config file name\n"); | 
| 713 | goto err; | 713 | goto err; | 
| 714 | } | 714 | } | 
| 715 | ca_config.configfile = tofree; | 715 | cfg.configfile = tofree; | 
| 716 | } | 716 | } | 
| 717 | BIO_printf(bio_err, "Using configuration from %s\n", | 717 | BIO_printf(bio_err, "Using configuration from %s\n", | 
| 718 | ca_config.configfile); | 718 | cfg.configfile); | 
| 719 | conf = NCONF_new(NULL); | 719 | conf = NCONF_new(NULL); | 
| 720 | if (NCONF_load(conf, ca_config.configfile, &errorline) <= 0) { | 720 | if (NCONF_load(conf, cfg.configfile, &errorline) <= 0) { | 
| 721 | if (errorline <= 0) | 721 | if (errorline <= 0) | 
| 722 | BIO_printf(bio_err, | 722 | BIO_printf(bio_err, | 
| 723 | "error loading the config file '%s'\n", | 723 | "error loading the config file '%s'\n", | 
| 724 | ca_config.configfile); | 724 | cfg.configfile); | 
| 725 | else | 725 | else | 
| 726 | BIO_printf(bio_err, | 726 | BIO_printf(bio_err, | 
| 727 | "error on line %ld of config file '%s'\n", | 727 | "error on line %ld of config file '%s'\n", | 
| 728 | errorline, ca_config.configfile); | 728 | errorline, cfg.configfile); | 
| 729 | goto err; | 729 | goto err; | 
| 730 | } | 730 | } | 
| 731 | free(tofree); | 731 | free(tofree); | 
| 732 | tofree = NULL; | 732 | tofree = NULL; | 
| 733 | 733 | ||
| 734 | /* Lets get the config section we are using */ | 734 | /* Lets get the config section we are using */ | 
| 735 | if (ca_config.section == NULL) { | 735 | if (cfg.section == NULL) { | 
| 736 | ca_config.section = NCONF_get_string(conf, BASE_SECTION, | 736 | cfg.section = NCONF_get_string(conf, BASE_SECTION, | 
| 737 | ENV_DEFAULT_CA); | 737 | ENV_DEFAULT_CA); | 
| 738 | if (ca_config.section == NULL) { | 738 | if (cfg.section == NULL) { | 
| 739 | lookup_fail(BASE_SECTION, ENV_DEFAULT_CA); | 739 | lookup_fail(BASE_SECTION, ENV_DEFAULT_CA); | 
| 740 | goto err; | 740 | goto err; | 
| 741 | } | 741 | } | 
| @@ -765,7 +765,7 @@ ca_main(int argc, char **argv) | |||
| 765 | goto err; | 765 | goto err; | 
| 766 | } | 766 | } | 
| 767 | } | 767 | } | 
| 768 | f = NCONF_get_string(conf, ca_config.section, STRING_MASK); | 768 | f = NCONF_get_string(conf, cfg.section, STRING_MASK); | 
| 769 | if (f == NULL) | 769 | if (f == NULL) | 
| 770 | ERR_clear_error(); | 770 | ERR_clear_error(); | 
| 771 | 771 | ||
| @@ -774,15 +774,15 @@ ca_main(int argc, char **argv) | |||
| 774 | "Invalid global string mask setting %s\n", f); | 774 | "Invalid global string mask setting %s\n", f); | 
| 775 | goto err; | 775 | goto err; | 
| 776 | } | 776 | } | 
| 777 | if (ca_config.chtype != MBSTRING_UTF8) { | 777 | if (cfg.chtype != MBSTRING_UTF8) { | 
| 778 | f = NCONF_get_string(conf, ca_config.section, UTF8_IN); | 778 | f = NCONF_get_string(conf, cfg.section, UTF8_IN); | 
| 779 | if (f == NULL) | 779 | if (f == NULL) | 
| 780 | ERR_clear_error(); | 780 | ERR_clear_error(); | 
| 781 | else if (strcmp(f, "yes") == 0) | 781 | else if (strcmp(f, "yes") == 0) | 
| 782 | ca_config.chtype = MBSTRING_UTF8; | 782 | cfg.chtype = MBSTRING_UTF8; | 
| 783 | } | 783 | } | 
| 784 | db_attr.unique_subject = 1; | 784 | db_attr.unique_subject = 1; | 
| 785 | p = NCONF_get_string(conf, ca_config.section, ENV_UNIQUE_SUBJECT); | 785 | p = NCONF_get_string(conf, cfg.section, ENV_UNIQUE_SUBJECT); | 
| 786 | if (p != NULL) { | 786 | if (p != NULL) { | 
| 787 | db_attr.unique_subject = parse_yesno(p, 1); | 787 | db_attr.unique_subject = parse_yesno(p, 1); | 
| 788 | } else | 788 | } else | 
| @@ -798,10 +798,10 @@ ca_main(int argc, char **argv) | |||
| 798 | } | 798 | } | 
| 799 | /*****************************************************************/ | 799 | /*****************************************************************/ | 
| 800 | /* report status of cert with serial number given on command line */ | 800 | /* report status of cert with serial number given on command line */ | 
| 801 | if (ca_config.serial_status) { | 801 | if (cfg.serial_status) { | 
| 802 | if ((dbfile = NCONF_get_string(conf, ca_config.section, | 802 | if ((dbfile = NCONF_get_string(conf, cfg.section, | 
| 803 | ENV_DATABASE)) == NULL) { | 803 | ENV_DATABASE)) == NULL) { | 
| 804 | lookup_fail(ca_config.section, ENV_DATABASE); | 804 | lookup_fail(cfg.section, ENV_DATABASE); | 
| 805 | goto err; | 805 | goto err; | 
| 806 | } | 806 | } | 
| 807 | db = load_index(dbfile, &db_attr); | 807 | db = load_index(dbfile, &db_attr); | 
| @@ -811,47 +811,47 @@ ca_main(int argc, char **argv) | |||
| 811 | if (!index_index(db)) | 811 | if (!index_index(db)) | 
| 812 | goto err; | 812 | goto err; | 
| 813 | 813 | ||
| 814 | if (get_certificate_status(ca_config.serial_status, db) != 1) | 814 | if (get_certificate_status(cfg.serial_status, db) != 1) | 
| 815 | BIO_printf(bio_err, "Error verifying serial %s!\n", | 815 | BIO_printf(bio_err, "Error verifying serial %s!\n", | 
| 816 | ca_config.serial_status); | 816 | cfg.serial_status); | 
| 817 | goto err; | 817 | goto err; | 
| 818 | } | 818 | } | 
| 819 | /*****************************************************************/ | 819 | /*****************************************************************/ | 
| 820 | /* we definitely need a private key, so let's get it */ | 820 | /* we definitely need a private key, so let's get it */ | 
| 821 | 821 | ||
| 822 | if ((ca_config.keyfile == NULL) && | 822 | if ((cfg.keyfile == NULL) && | 
| 823 | ((ca_config.keyfile = NCONF_get_string(conf, ca_config.section, | 823 | ((cfg.keyfile = NCONF_get_string(conf, cfg.section, | 
| 824 | ENV_PRIVATE_KEY)) == NULL)) { | 824 | ENV_PRIVATE_KEY)) == NULL)) { | 
| 825 | lookup_fail(ca_config.section, ENV_PRIVATE_KEY); | 825 | lookup_fail(cfg.section, ENV_PRIVATE_KEY); | 
| 826 | goto err; | 826 | goto err; | 
| 827 | } | 827 | } | 
| 828 | if (ca_config.key == NULL) { | 828 | if (cfg.key == NULL) { | 
| 829 | free_key = 1; | 829 | free_key = 1; | 
| 830 | if (!app_passwd(bio_err, ca_config.passargin, NULL, | 830 | if (!app_passwd(bio_err, cfg.passargin, NULL, | 
| 831 | &ca_config.key, NULL)) { | 831 | &cfg.key, NULL)) { | 
| 832 | BIO_printf(bio_err, "Error getting password\n"); | 832 | BIO_printf(bio_err, "Error getting password\n"); | 
| 833 | goto err; | 833 | goto err; | 
| 834 | } | 834 | } | 
| 835 | } | 835 | } | 
| 836 | pkey = load_key(bio_err, ca_config.keyfile, ca_config.keyform, 0, | 836 | pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0, | 
| 837 | ca_config.key, "CA private key"); | 837 | cfg.key, "CA private key"); | 
| 838 | if (ca_config.key != NULL) | 838 | if (cfg.key != NULL) | 
| 839 | explicit_bzero(ca_config.key, strlen(ca_config.key)); | 839 | explicit_bzero(cfg.key, strlen(cfg.key)); | 
| 840 | if (pkey == NULL) { | 840 | if (pkey == NULL) { | 
| 841 | /* load_key() has already printed an appropriate message */ | 841 | /* load_key() has already printed an appropriate message */ | 
| 842 | goto err; | 842 | goto err; | 
| 843 | } | 843 | } | 
| 844 | /*****************************************************************/ | 844 | /*****************************************************************/ | 
| 845 | /* we need a certificate */ | 845 | /* we need a certificate */ | 
| 846 | if (!ca_config.selfsign || ca_config.spkac_file != NULL || | 846 | if (!cfg.selfsign || cfg.spkac_file != NULL || | 
| 847 | ca_config.ss_cert_file != NULL || ca_config.gencrl) { | 847 | cfg.ss_cert_file != NULL || cfg.gencrl) { | 
| 848 | if ((ca_config.certfile == NULL) && | 848 | if ((cfg.certfile == NULL) && | 
| 849 | ((ca_config.certfile = NCONF_get_string(conf, | 849 | ((cfg.certfile = NCONF_get_string(conf, | 
| 850 | ca_config.section, ENV_CERTIFICATE)) == NULL)) { | 850 | cfg.section, ENV_CERTIFICATE)) == NULL)) { | 
| 851 | lookup_fail(ca_config.section, ENV_CERTIFICATE); | 851 | lookup_fail(cfg.section, ENV_CERTIFICATE); | 
| 852 | goto err; | 852 | goto err; | 
| 853 | } | 853 | } | 
| 854 | x509 = load_cert(bio_err, ca_config.certfile, FORMAT_PEM, NULL, | 854 | x509 = load_cert(bio_err, cfg.certfile, FORMAT_PEM, NULL, | 
| 855 | "CA certificate"); | 855 | "CA certificate"); | 
| 856 | if (x509 == NULL) | 856 | if (x509 == NULL) | 
| 857 | goto err; | 857 | goto err; | 
| @@ -862,21 +862,21 @@ ca_main(int argc, char **argv) | |||
| 862 | goto err; | 862 | goto err; | 
| 863 | } | 863 | } | 
| 864 | } | 864 | } | 
| 865 | if (!ca_config.selfsign) | 865 | if (!cfg.selfsign) | 
| 866 | x509p = x509; | 866 | x509p = x509; | 
| 867 | 867 | ||
| 868 | f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE); | 868 | f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE); | 
| 869 | if (f == NULL) | 869 | if (f == NULL) | 
| 870 | ERR_clear_error(); | 870 | ERR_clear_error(); | 
| 871 | if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) | 871 | if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) | 
| 872 | ca_config.preserve = 1; | 872 | cfg.preserve = 1; | 
| 873 | f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK); | 873 | f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK); | 
| 874 | if (f == NULL) | 874 | if (f == NULL) | 
| 875 | ERR_clear_error(); | 875 | ERR_clear_error(); | 
| 876 | if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) | 876 | if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) | 
| 877 | ca_config.msie_hack = 1; | 877 | cfg.msie_hack = 1; | 
| 878 | 878 | ||
| 879 | f = NCONF_get_string(conf, ca_config.section, ENV_NAMEOPT); | 879 | f = NCONF_get_string(conf, cfg.section, ENV_NAMEOPT); | 
| 880 | 880 | ||
| 881 | if (f != NULL) { | 881 | if (f != NULL) { | 
| 882 | if (!set_name_ex(&nameopt, f)) { | 882 | if (!set_name_ex(&nameopt, f)) { | 
| @@ -888,7 +888,7 @@ ca_main(int argc, char **argv) | |||
| 888 | } else | 888 | } else | 
| 889 | ERR_clear_error(); | 889 | ERR_clear_error(); | 
| 890 | 890 | ||
| 891 | f = NCONF_get_string(conf, ca_config.section, ENV_CERTOPT); | 891 | f = NCONF_get_string(conf, cfg.section, ENV_CERTOPT); | 
| 892 | 892 | ||
| 893 | if (f != NULL) { | 893 | if (f != NULL) { | 
| 894 | if (!set_cert_ex(&certopt, f)) { | 894 | if (!set_cert_ex(&certopt, f)) { | 
| @@ -900,7 +900,7 @@ ca_main(int argc, char **argv) | |||
| 900 | } else | 900 | } else | 
| 901 | ERR_clear_error(); | 901 | ERR_clear_error(); | 
| 902 | 902 | ||
| 903 | f = NCONF_get_string(conf, ca_config.section, ENV_EXTCOPY); | 903 | f = NCONF_get_string(conf, cfg.section, ENV_EXTCOPY); | 
| 904 | 904 | ||
| 905 | if (f != NULL) { | 905 | if (f != NULL) { | 
| 906 | if (!set_ext_copy(&ext_copy, f)) { | 906 | if (!set_ext_copy(&ext_copy, f)) { | 
| @@ -913,9 +913,9 @@ ca_main(int argc, char **argv) | |||
| 913 | 913 | ||
| 914 | /*****************************************************************/ | 914 | /*****************************************************************/ | 
| 915 | /* lookup where to write new certificates */ | 915 | /* lookup where to write new certificates */ | 
| 916 | if (ca_config.outdir == NULL && ca_config.req) { | 916 | if (cfg.outdir == NULL && cfg.req) { | 
| 917 | if ((ca_config.outdir = NCONF_get_string(conf, | 917 | if ((cfg.outdir = NCONF_get_string(conf, | 
| 918 | ca_config.section, ENV_NEW_CERTS_DIR)) == NULL) { | 918 | cfg.section, ENV_NEW_CERTS_DIR)) == NULL) { | 
| 919 | BIO_printf(bio_err, "output directory %s not defined\n", | 919 | BIO_printf(bio_err, "output directory %s not defined\n", | 
| 920 | ENV_NEW_CERTS_DIR); | 920 | ENV_NEW_CERTS_DIR); | 
| 921 | goto err; | 921 | goto err; | 
| @@ -923,9 +923,9 @@ ca_main(int argc, char **argv) | |||
| 923 | } | 923 | } | 
| 924 | /*****************************************************************/ | 924 | /*****************************************************************/ | 
| 925 | /* we need to load the database file */ | 925 | /* we need to load the database file */ | 
| 926 | if ((dbfile = NCONF_get_string(conf, ca_config.section, | 926 | if ((dbfile = NCONF_get_string(conf, cfg.section, | 
| 927 | ENV_DATABASE)) == NULL) { | 927 | ENV_DATABASE)) == NULL) { | 
| 928 | lookup_fail(ca_config.section, ENV_DATABASE); | 928 | lookup_fail(cfg.section, ENV_DATABASE); | 
| 929 | goto err; | 929 | goto err; | 
| 930 | } | 930 | } | 
| 931 | db = load_index(dbfile, &db_attr); | 931 | db = load_index(dbfile, &db_attr); | 
| @@ -976,7 +976,7 @@ ca_main(int argc, char **argv) | |||
| 976 | p++; | 976 | p++; | 
| 977 | } | 977 | } | 
| 978 | } | 978 | } | 
| 979 | if (ca_config.verbose) { | 979 | if (cfg.verbose) { | 
| 980 | BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 980 | BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 
| 981 | TXT_DB_write(out, db->db); | 981 | TXT_DB_write(out, db->db); | 
| 982 | BIO_printf(bio_err, "%d entries loaded from the database\n", | 982 | BIO_printf(bio_err, "%d entries loaded from the database\n", | 
| @@ -988,8 +988,8 @@ ca_main(int argc, char **argv) | |||
| 988 | 988 | ||
| 989 | /*****************************************************************/ | 989 | /*****************************************************************/ | 
| 990 | /* Update the db file for expired certificates */ | 990 | /* Update the db file for expired certificates */ | 
| 991 | if (ca_config.doupdatedb) { | 991 | if (cfg.doupdatedb) { | 
| 992 | if (ca_config.verbose) | 992 | if (cfg.verbose) | 
| 993 | BIO_printf(bio_err, "Updating %s ...\n", dbfile); | 993 | BIO_printf(bio_err, "Updating %s ...\n", dbfile); | 
| 994 | 994 | ||
| 995 | i = do_updatedb(db); | 995 | i = do_updatedb(db); | 
| @@ -997,7 +997,7 @@ ca_main(int argc, char **argv) | |||
| 997 | BIO_printf(bio_err, "Malloc failure\n"); | 997 | BIO_printf(bio_err, "Malloc failure\n"); | 
| 998 | goto err; | 998 | goto err; | 
| 999 | } else if (i == 0) { | 999 | } else if (i == 0) { | 
| 1000 | if (ca_config.verbose) | 1000 | if (cfg.verbose) | 
| 1001 | BIO_printf(bio_err, | 1001 | BIO_printf(bio_err, | 
| 1002 | "No entries found to mark expired\n"); | 1002 | "No entries found to mark expired\n"); | 
| 1003 | } else { | 1003 | } else { | 
| @@ -1007,92 +1007,92 @@ ca_main(int argc, char **argv) | |||
| 1007 | if (!rotate_index(dbfile, "new", "old")) | 1007 | if (!rotate_index(dbfile, "new", "old")) | 
| 1008 | goto err; | 1008 | goto err; | 
| 1009 | 1009 | ||
| 1010 | if (ca_config.verbose) | 1010 | if (cfg.verbose) | 
| 1011 | BIO_printf(bio_err, | 1011 | BIO_printf(bio_err, | 
| 1012 | "Done. %d entries marked as expired\n", i); | 1012 | "Done. %d entries marked as expired\n", i); | 
| 1013 | } | 1013 | } | 
| 1014 | } | 1014 | } | 
| 1015 | /*****************************************************************/ | 1015 | /*****************************************************************/ | 
| 1016 | /* Read extentions config file */ | 1016 | /* Read extentions config file */ | 
| 1017 | if (ca_config.extfile != NULL) { | 1017 | if (cfg.extfile != NULL) { | 
| 1018 | extconf = NCONF_new(NULL); | 1018 | extconf = NCONF_new(NULL); | 
| 1019 | if (NCONF_load(extconf, ca_config.extfile, &errorline) <= 0) { | 1019 | if (NCONF_load(extconf, cfg.extfile, &errorline) <= 0) { | 
| 1020 | if (errorline <= 0) | 1020 | if (errorline <= 0) | 
| 1021 | BIO_printf(bio_err, | 1021 | BIO_printf(bio_err, | 
| 1022 | "ERROR: loading the config file '%s'\n", | 1022 | "ERROR: loading the config file '%s'\n", | 
| 1023 | ca_config.extfile); | 1023 | cfg.extfile); | 
| 1024 | else | 1024 | else | 
| 1025 | BIO_printf(bio_err, | 1025 | BIO_printf(bio_err, | 
| 1026 | "ERROR: on line %ld of config file '%s'\n", | 1026 | "ERROR: on line %ld of config file '%s'\n", | 
| 1027 | errorline, ca_config.extfile); | 1027 | errorline, cfg.extfile); | 
| 1028 | ret = 1; | 1028 | ret = 1; | 
| 1029 | goto err; | 1029 | goto err; | 
| 1030 | } | 1030 | } | 
| 1031 | if (ca_config.verbose) | 1031 | if (cfg.verbose) | 
| 1032 | BIO_printf(bio_err, | 1032 | BIO_printf(bio_err, | 
| 1033 | "Successfully loaded extensions file %s\n", | 1033 | "Successfully loaded extensions file %s\n", | 
| 1034 | ca_config.extfile); | 1034 | cfg.extfile); | 
| 1035 | 1035 | ||
| 1036 | /* We can have sections in the ext file */ | 1036 | /* We can have sections in the ext file */ | 
| 1037 | if (ca_config.extensions == NULL && | 1037 | if (cfg.extensions == NULL && | 
| 1038 | (ca_config.extensions = NCONF_get_string(extconf, "default", | 1038 | (cfg.extensions = NCONF_get_string(extconf, "default", | 
| 1039 | "extensions")) == NULL) | 1039 | "extensions")) == NULL) | 
| 1040 | ca_config.extensions = "default"; | 1040 | cfg.extensions = "default"; | 
| 1041 | } | 1041 | } | 
| 1042 | /*****************************************************************/ | 1042 | /*****************************************************************/ | 
| 1043 | if (ca_config.req || ca_config.gencrl) { | 1043 | if (cfg.req || cfg.gencrl) { | 
| 1044 | if (ca_config.outfile != NULL) { | 1044 | if (cfg.outfile != NULL) { | 
| 1045 | if (BIO_write_filename(Sout, ca_config.outfile) <= 0) { | 1045 | if (BIO_write_filename(Sout, cfg.outfile) <= 0) { | 
| 1046 | perror(ca_config.outfile); | 1046 | perror(cfg.outfile); | 
| 1047 | goto err; | 1047 | goto err; | 
| 1048 | } | 1048 | } | 
| 1049 | } else { | 1049 | } else { | 
| 1050 | BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 1050 | BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 
| 1051 | } | 1051 | } | 
| 1052 | } | 1052 | } | 
| 1053 | if ((ca_config.md == NULL) && | 1053 | if ((cfg.md == NULL) && | 
| 1054 | ((ca_config.md = NCONF_get_string(conf, ca_config.section, | 1054 | ((cfg.md = NCONF_get_string(conf, cfg.section, | 
| 1055 | ENV_DEFAULT_MD)) == NULL)) { | 1055 | ENV_DEFAULT_MD)) == NULL)) { | 
| 1056 | lookup_fail(ca_config.section, ENV_DEFAULT_MD); | 1056 | lookup_fail(cfg.section, ENV_DEFAULT_MD); | 
| 1057 | goto err; | 1057 | goto err; | 
| 1058 | } | 1058 | } | 
| 1059 | if (strcmp(ca_config.md, "default") == 0) { | 1059 | if (strcmp(cfg.md, "default") == 0) { | 
| 1060 | int def_nid; | 1060 | int def_nid; | 
| 1061 | if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { | 1061 | if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { | 
| 1062 | BIO_puts(bio_err, "no default digest\n"); | 1062 | BIO_puts(bio_err, "no default digest\n"); | 
| 1063 | goto err; | 1063 | goto err; | 
| 1064 | } | 1064 | } | 
| 1065 | ca_config.md = (char *) OBJ_nid2sn(def_nid); | 1065 | cfg.md = (char *) OBJ_nid2sn(def_nid); | 
| 1066 | if (ca_config.md == NULL) | 1066 | if (cfg.md == NULL) | 
| 1067 | goto err; | 1067 | goto err; | 
| 1068 | } | 1068 | } | 
| 1069 | if ((dgst = EVP_get_digestbyname(ca_config.md)) == NULL) { | 1069 | if ((dgst = EVP_get_digestbyname(cfg.md)) == NULL) { | 
| 1070 | BIO_printf(bio_err, | 1070 | BIO_printf(bio_err, | 
| 1071 | "%s is an unsupported message digest type\n", ca_config.md); | 1071 | "%s is an unsupported message digest type\n", cfg.md); | 
| 1072 | goto err; | 1072 | goto err; | 
| 1073 | } | 1073 | } | 
| 1074 | if (ca_config.req) { | 1074 | if (cfg.req) { | 
| 1075 | if ((ca_config.email_dn == 1) && | 1075 | if ((cfg.email_dn == 1) && | 
| 1076 | ((tmp_email_dn = NCONF_get_string(conf, ca_config.section, | 1076 | ((tmp_email_dn = NCONF_get_string(conf, cfg.section, | 
| 1077 | ENV_DEFAULT_EMAIL_DN)) != NULL)) { | 1077 | ENV_DEFAULT_EMAIL_DN)) != NULL)) { | 
| 1078 | if (strcmp(tmp_email_dn, "no") == 0) | 1078 | if (strcmp(tmp_email_dn, "no") == 0) | 
| 1079 | ca_config.email_dn = 0; | 1079 | cfg.email_dn = 0; | 
| 1080 | } | 1080 | } | 
| 1081 | if (ca_config.verbose) | 1081 | if (cfg.verbose) | 
| 1082 | BIO_printf(bio_err, "message digest is %s\n", | 1082 | BIO_printf(bio_err, "message digest is %s\n", | 
| 1083 | OBJ_nid2ln(EVP_MD_type(dgst))); | 1083 | OBJ_nid2ln(EVP_MD_type(dgst))); | 
| 1084 | if ((ca_config.policy == NULL) && | 1084 | if ((cfg.policy == NULL) && | 
| 1085 | ((ca_config.policy = NCONF_get_string(conf, | 1085 | ((cfg.policy = NCONF_get_string(conf, | 
| 1086 | ca_config.section, ENV_POLICY)) == NULL)) { | 1086 | cfg.section, ENV_POLICY)) == NULL)) { | 
| 1087 | lookup_fail(ca_config.section, ENV_POLICY); | 1087 | lookup_fail(cfg.section, ENV_POLICY); | 
| 1088 | goto err; | 1088 | goto err; | 
| 1089 | } | 1089 | } | 
| 1090 | if (ca_config.verbose) | 1090 | if (cfg.verbose) | 
| 1091 | BIO_printf(bio_err, "policy is %s\n", ca_config.policy); | 1091 | BIO_printf(bio_err, "policy is %s\n", cfg.policy); | 
| 1092 | 1092 | ||
| 1093 | if ((serialfile = NCONF_get_string(conf, ca_config.section, | 1093 | if ((serialfile = NCONF_get_string(conf, cfg.section, | 
| 1094 | ENV_SERIAL)) == NULL) { | 1094 | ENV_SERIAL)) == NULL) { | 
| 1095 | lookup_fail(ca_config.section, ENV_SERIAL); | 1095 | lookup_fail(cfg.section, ENV_SERIAL); | 
| 1096 | goto err; | 1096 | goto err; | 
| 1097 | } | 1097 | } | 
| 1098 | if (extconf == NULL) { | 1098 | if (extconf == NULL) { | 
| @@ -1100,59 +1100,59 @@ ca_main(int argc, char **argv) | |||
| 1100 | * no '-extfile' option, so we look for extensions in | 1100 | * no '-extfile' option, so we look for extensions in | 
| 1101 | * the main configuration file | 1101 | * the main configuration file | 
| 1102 | */ | 1102 | */ | 
| 1103 | if (ca_config.extensions == NULL) { | 1103 | if (cfg.extensions == NULL) { | 
| 1104 | ca_config.extensions = NCONF_get_string(conf, | 1104 | cfg.extensions = NCONF_get_string(conf, | 
| 1105 | ca_config.section, ENV_EXTENSIONS); | 1105 | cfg.section, ENV_EXTENSIONS); | 
| 1106 | if (ca_config.extensions == NULL) | 1106 | if (cfg.extensions == NULL) | 
| 1107 | ERR_clear_error(); | 1107 | ERR_clear_error(); | 
| 1108 | } | 1108 | } | 
| 1109 | if (ca_config.extensions != NULL) { | 1109 | if (cfg.extensions != NULL) { | 
| 1110 | /* Check syntax of file */ | 1110 | /* Check syntax of file */ | 
| 1111 | X509V3_CTX ctx; | 1111 | X509V3_CTX ctx; | 
| 1112 | X509V3_set_ctx_test(&ctx); | 1112 | X509V3_set_ctx_test(&ctx); | 
| 1113 | X509V3_set_nconf(&ctx, conf); | 1113 | X509V3_set_nconf(&ctx, conf); | 
| 1114 | if (!X509V3_EXT_add_nconf(conf, &ctx, | 1114 | if (!X509V3_EXT_add_nconf(conf, &ctx, | 
| 1115 | ca_config.extensions, NULL)) { | 1115 | cfg.extensions, NULL)) { | 
| 1116 | BIO_printf(bio_err, | 1116 | BIO_printf(bio_err, | 
| 1117 | "Error Loading extension section %s\n", | 1117 | "Error Loading extension section %s\n", | 
| 1118 | ca_config.extensions); | 1118 | cfg.extensions); | 
| 1119 | ret = 1; | 1119 | ret = 1; | 
| 1120 | goto err; | 1120 | goto err; | 
| 1121 | } | 1121 | } | 
| 1122 | } | 1122 | } | 
| 1123 | } | 1123 | } | 
| 1124 | if (ca_config.startdate == NULL) { | 1124 | if (cfg.startdate == NULL) { | 
| 1125 | ca_config.startdate = NCONF_get_string(conf, | 1125 | cfg.startdate = NCONF_get_string(conf, | 
| 1126 | ca_config.section, ENV_DEFAULT_STARTDATE); | 1126 | cfg.section, ENV_DEFAULT_STARTDATE); | 
| 1127 | if (ca_config.startdate == NULL) | 1127 | if (cfg.startdate == NULL) | 
| 1128 | ERR_clear_error(); | 1128 | ERR_clear_error(); | 
| 1129 | } | 1129 | } | 
| 1130 | if (ca_config.startdate == NULL) | 1130 | if (cfg.startdate == NULL) | 
| 1131 | ca_config.startdate = "today"; | 1131 | cfg.startdate = "today"; | 
| 1132 | 1132 | ||
| 1133 | if (ca_config.enddate == NULL) { | 1133 | if (cfg.enddate == NULL) { | 
| 1134 | ca_config.enddate = NCONF_get_string(conf, | 1134 | cfg.enddate = NCONF_get_string(conf, | 
| 1135 | ca_config.section, ENV_DEFAULT_ENDDATE); | 1135 | cfg.section, ENV_DEFAULT_ENDDATE); | 
| 1136 | if (ca_config.enddate == NULL) | 1136 | if (cfg.enddate == NULL) | 
| 1137 | ERR_clear_error(); | 1137 | ERR_clear_error(); | 
| 1138 | } | 1138 | } | 
| 1139 | if (ca_config.days == 0 && ca_config.enddate == NULL) { | 1139 | if (cfg.days == 0 && cfg.enddate == NULL) { | 
| 1140 | if (!NCONF_get_number(conf, ca_config.section, | 1140 | if (!NCONF_get_number(conf, cfg.section, | 
| 1141 | ENV_DEFAULT_DAYS, &ca_config.days)) | 1141 | ENV_DEFAULT_DAYS, &cfg.days)) | 
| 1142 | ca_config.days = 0; | 1142 | cfg.days = 0; | 
| 1143 | } | 1143 | } | 
| 1144 | if (ca_config.enddate == NULL && ca_config.days == 0) { | 1144 | if (cfg.enddate == NULL && cfg.days == 0) { | 
| 1145 | BIO_printf(bio_err, | 1145 | BIO_printf(bio_err, | 
| 1146 | "cannot lookup how many days to certify for\n"); | 1146 | "cannot lookup how many days to certify for\n"); | 
| 1147 | goto err; | 1147 | goto err; | 
| 1148 | } | 1148 | } | 
| 1149 | if ((serial = load_serial(serialfile, ca_config.create_serial, | 1149 | if ((serial = load_serial(serialfile, cfg.create_serial, | 
| 1150 | NULL)) == NULL) { | 1150 | NULL)) == NULL) { | 
| 1151 | BIO_printf(bio_err, | 1151 | BIO_printf(bio_err, | 
| 1152 | "error while loading serial number\n"); | 1152 | "error while loading serial number\n"); | 
| 1153 | goto err; | 1153 | goto err; | 
| 1154 | } | 1154 | } | 
| 1155 | if (ca_config.verbose) { | 1155 | if (cfg.verbose) { | 
| 1156 | if (BN_is_zero(serial)) | 1156 | if (BN_is_zero(serial)) | 
| 1157 | BIO_printf(bio_err, | 1157 | BIO_printf(bio_err, | 
| 1158 | "next serial number is 00\n"); | 1158 | "next serial number is 00\n"); | 
| @@ -1164,25 +1164,25 @@ ca_main(int argc, char **argv) | |||
| 1164 | free(f); | 1164 | free(f); | 
| 1165 | } | 1165 | } | 
| 1166 | } | 1166 | } | 
| 1167 | if ((attribs = NCONF_get_section(conf, ca_config.policy)) == | 1167 | if ((attribs = NCONF_get_section(conf, cfg.policy)) == | 
| 1168 | NULL) { | 1168 | NULL) { | 
| 1169 | BIO_printf(bio_err, "unable to find 'section' for %s\n", | 1169 | BIO_printf(bio_err, "unable to find 'section' for %s\n", | 
| 1170 | ca_config.policy); | 1170 | cfg.policy); | 
| 1171 | goto err; | 1171 | goto err; | 
| 1172 | } | 1172 | } | 
| 1173 | if ((cert_sk = sk_X509_new_null()) == NULL) { | 1173 | if ((cert_sk = sk_X509_new_null()) == NULL) { | 
| 1174 | BIO_printf(bio_err, "Memory allocation failure\n"); | 1174 | BIO_printf(bio_err, "Memory allocation failure\n"); | 
| 1175 | goto err; | 1175 | goto err; | 
| 1176 | } | 1176 | } | 
| 1177 | if (ca_config.spkac_file != NULL) { | 1177 | if (cfg.spkac_file != NULL) { | 
| 1178 | total++; | 1178 | total++; | 
| 1179 | j = certify_spkac(&x, ca_config.spkac_file, pkey, x509, | 1179 | j = certify_spkac(&x, cfg.spkac_file, pkey, x509, | 
| 1180 | dgst, ca_config.sigopts, attribs, db, serial, | 1180 | dgst, cfg.sigopts, attribs, db, serial, | 
| 1181 | ca_config.subj, ca_config.chtype, | 1181 | cfg.subj, cfg.chtype, | 
| 1182 | ca_config.multirdn, ca_config.email_dn, | 1182 | cfg.multirdn, cfg.email_dn, | 
| 1183 | ca_config.startdate, ca_config.enddate, | 1183 | cfg.startdate, cfg.enddate, | 
| 1184 | ca_config.days, ca_config.extensions, conf, | 1184 | cfg.days, cfg.extensions, conf, | 
| 1185 | ca_config.verbose, certopt, nameopt, default_op, | 1185 | cfg.verbose, certopt, nameopt, default_op, | 
| 1186 | ext_copy); | 1186 | ext_copy); | 
| 1187 | if (j < 0) | 1187 | if (j < 0) | 
| 1188 | goto err; | 1188 | goto err; | 
| @@ -1196,21 +1196,21 @@ ca_main(int argc, char **argv) | |||
| 1196 | "Memory allocation failure\n"); | 1196 | "Memory allocation failure\n"); | 
| 1197 | goto err; | 1197 | goto err; | 
| 1198 | } | 1198 | } | 
| 1199 | if (ca_config.outfile != NULL) { | 1199 | if (cfg.outfile != NULL) { | 
| 1200 | output_der = 1; | 1200 | output_der = 1; | 
| 1201 | ca_config.batch = 1; | 1201 | cfg.batch = 1; | 
| 1202 | } | 1202 | } | 
| 1203 | } | 1203 | } | 
| 1204 | } | 1204 | } | 
| 1205 | if (ca_config.ss_cert_file != NULL) { | 1205 | if (cfg.ss_cert_file != NULL) { | 
| 1206 | total++; | 1206 | total++; | 
| 1207 | j = certify_cert(&x, ca_config.ss_cert_file, pkey, x509, | 1207 | j = certify_cert(&x, cfg.ss_cert_file, pkey, x509, | 
| 1208 | dgst, ca_config.sigopts, attribs, db, serial, | 1208 | dgst, cfg.sigopts, attribs, db, serial, | 
| 1209 | ca_config.subj, ca_config.chtype, | 1209 | cfg.subj, cfg.chtype, | 
| 1210 | ca_config.multirdn, ca_config.email_dn, | 1210 | cfg.multirdn, cfg.email_dn, | 
| 1211 | ca_config.startdate, ca_config.enddate, | 1211 | cfg.startdate, cfg.enddate, | 
| 1212 | ca_config.days, ca_config.batch, | 1212 | cfg.days, cfg.batch, | 
| 1213 | ca_config.extensions, conf, ca_config.verbose, | 1213 | cfg.extensions, conf, cfg.verbose, | 
| 1214 | certopt, nameopt, default_op, ext_copy); | 1214 | certopt, nameopt, default_op, ext_copy); | 
| 1215 | if (j < 0) | 1215 | if (j < 0) | 
| 1216 | goto err; | 1216 | goto err; | 
| @@ -1226,17 +1226,17 @@ ca_main(int argc, char **argv) | |||
| 1226 | } | 1226 | } | 
| 1227 | } | 1227 | } | 
| 1228 | } | 1228 | } | 
| 1229 | if (ca_config.infile != NULL) { | 1229 | if (cfg.infile != NULL) { | 
| 1230 | total++; | 1230 | total++; | 
| 1231 | j = certify(&x, ca_config.infile, pkey, x509p, dgst, | 1231 | j = certify(&x, cfg.infile, pkey, x509p, dgst, | 
| 1232 | ca_config.sigopts, attribs, db, serial, | 1232 | cfg.sigopts, attribs, db, serial, | 
| 1233 | ca_config.subj, ca_config.chtype, | 1233 | cfg.subj, cfg.chtype, | 
| 1234 | ca_config.multirdn, ca_config.email_dn, | 1234 | cfg.multirdn, cfg.email_dn, | 
| 1235 | ca_config.startdate, ca_config.enddate, | 1235 | cfg.startdate, cfg.enddate, | 
| 1236 | ca_config.days, ca_config.batch, | 1236 | cfg.days, cfg.batch, | 
| 1237 | ca_config.extensions, conf, ca_config.verbose, | 1237 | cfg.extensions, conf, cfg.verbose, | 
| 1238 | certopt, nameopt, default_op, ext_copy, | 1238 | certopt, nameopt, default_op, ext_copy, | 
| 1239 | ca_config.selfsign); | 1239 | cfg.selfsign); | 
| 1240 | if (j < 0) | 1240 | if (j < 0) | 
| 1241 | goto err; | 1241 | goto err; | 
| 1242 | if (j > 0) { | 1242 | if (j > 0) { | 
| @@ -1251,17 +1251,17 @@ ca_main(int argc, char **argv) | |||
| 1251 | } | 1251 | } | 
| 1252 | } | 1252 | } | 
| 1253 | } | 1253 | } | 
| 1254 | for (i = 0; i < ca_config.infiles_num; i++) { | 1254 | for (i = 0; i < cfg.infiles_num; i++) { | 
| 1255 | total++; | 1255 | total++; | 
| 1256 | j = certify(&x, ca_config.infiles[i], pkey, x509p, dgst, | 1256 | j = certify(&x, cfg.infiles[i], pkey, x509p, dgst, | 
| 1257 | ca_config.sigopts, attribs, db, serial, | 1257 | cfg.sigopts, attribs, db, serial, | 
| 1258 | ca_config.subj, ca_config.chtype, | 1258 | cfg.subj, cfg.chtype, | 
| 1259 | ca_config.multirdn, ca_config.email_dn, | 1259 | cfg.multirdn, cfg.email_dn, | 
| 1260 | ca_config.startdate, ca_config.enddate, | 1260 | cfg.startdate, cfg.enddate, | 
| 1261 | ca_config.days, ca_config.batch, | 1261 | cfg.days, cfg.batch, | 
| 1262 | ca_config.extensions, conf, ca_config.verbose, | 1262 | cfg.extensions, conf, cfg.verbose, | 
| 1263 | certopt, nameopt, default_op, ext_copy, | 1263 | certopt, nameopt, default_op, ext_copy, | 
| 1264 | ca_config.selfsign); | 1264 | cfg.selfsign); | 
| 1265 | if (j < 0) | 1265 | if (j < 0) | 
| 1266 | goto err; | 1266 | goto err; | 
| 1267 | if (j > 0) { | 1267 | if (j > 0) { | 
| @@ -1282,7 +1282,7 @@ ca_main(int argc, char **argv) | |||
| 1282 | */ | 1282 | */ | 
| 1283 | 1283 | ||
| 1284 | if (sk_X509_num(cert_sk) > 0) { | 1284 | if (sk_X509_num(cert_sk) > 0) { | 
| 1285 | if (!ca_config.batch) { | 1285 | if (!cfg.batch) { | 
| 1286 | char answer[10]; | 1286 | char answer[10]; | 
| 1287 | 1287 | ||
| 1288 | BIO_printf(bio_err, | 1288 | BIO_printf(bio_err, | 
| @@ -1313,7 +1313,7 @@ ca_main(int argc, char **argv) | |||
| 1313 | if (!save_index(dbfile, "new", db)) | 1313 | if (!save_index(dbfile, "new", db)) | 
| 1314 | goto err; | 1314 | goto err; | 
| 1315 | } | 1315 | } | 
| 1316 | if (ca_config.verbose) | 1316 | if (cfg.verbose) | 
| 1317 | BIO_printf(bio_err, "writing new certificates\n"); | 1317 | BIO_printf(bio_err, "writing new certificates\n"); | 
| 1318 | for (i = 0; i < sk_X509_num(cert_sk); i++) { | 1318 | for (i = 0; i < sk_X509_num(cert_sk); i++) { | 
| 1319 | ASN1_INTEGER *serialNumber; | 1319 | ASN1_INTEGER *serialNumber; | 
| @@ -1334,7 +1334,7 @@ ca_main(int argc, char **argv) | |||
| 1334 | serialstr = strdup("00"); | 1334 | serialstr = strdup("00"); | 
| 1335 | if (serialstr != NULL) { | 1335 | if (serialstr != NULL) { | 
| 1336 | k = snprintf(pempath, sizeof(pempath), | 1336 | k = snprintf(pempath, sizeof(pempath), | 
| 1337 | "%s/%s.pem", ca_config.outdir, serialstr); | 1337 | "%s/%s.pem", cfg.outdir, serialstr); | 
| 1338 | free(serialstr); | 1338 | free(serialstr); | 
| 1339 | if (k < 0 || k >= sizeof(pempath)) { | 1339 | if (k < 0 || k >= sizeof(pempath)) { | 
| 1340 | BIO_printf(bio_err, | 1340 | BIO_printf(bio_err, | 
| @@ -1346,7 +1346,7 @@ ca_main(int argc, char **argv) | |||
| 1346 | "memory allocation failed\n"); | 1346 | "memory allocation failed\n"); | 
| 1347 | goto err; | 1347 | goto err; | 
| 1348 | } | 1348 | } | 
| 1349 | if (ca_config.verbose) | 1349 | if (cfg.verbose) | 
| 1350 | BIO_printf(bio_err, "writing %s\n", pempath); | 1350 | BIO_printf(bio_err, "writing %s\n", pempath); | 
| 1351 | 1351 | ||
| 1352 | if (BIO_write_filename(Cout, pempath) <= 0) { | 1352 | if (BIO_write_filename(Cout, pempath) <= 0) { | 
| @@ -1354,10 +1354,10 @@ ca_main(int argc, char **argv) | |||
| 1354 | goto err; | 1354 | goto err; | 
| 1355 | } | 1355 | } | 
| 1356 | if (!write_new_certificate(Cout, x, 0, | 1356 | if (!write_new_certificate(Cout, x, 0, | 
| 1357 | ca_config.notext)) | 1357 | cfg.notext)) | 
| 1358 | goto err; | 1358 | goto err; | 
| 1359 | if (!write_new_certificate(Sout, x, output_der, | 1359 | if (!write_new_certificate(Sout, x, output_der, | 
| 1360 | ca_config.notext)) | 1360 | cfg.notext)) | 
| 1361 | goto err; | 1361 | goto err; | 
| 1362 | } | 1362 | } | 
| 1363 | 1363 | ||
| @@ -1373,29 +1373,29 @@ ca_main(int argc, char **argv) | |||
| 1373 | } | 1373 | } | 
| 1374 | } | 1374 | } | 
| 1375 | /*****************************************************************/ | 1375 | /*****************************************************************/ | 
| 1376 | if (ca_config.gencrl) { | 1376 | if (cfg.gencrl) { | 
| 1377 | int crl_v2 = 0; | 1377 | int crl_v2 = 0; | 
| 1378 | if (ca_config.crl_ext == NULL) { | 1378 | if (cfg.crl_ext == NULL) { | 
| 1379 | ca_config.crl_ext = NCONF_get_string(conf, | 1379 | cfg.crl_ext = NCONF_get_string(conf, | 
| 1380 | ca_config.section, ENV_CRLEXT); | 1380 | cfg.section, ENV_CRLEXT); | 
| 1381 | if (ca_config.crl_ext == NULL) | 1381 | if (cfg.crl_ext == NULL) | 
| 1382 | ERR_clear_error(); | 1382 | ERR_clear_error(); | 
| 1383 | } | 1383 | } | 
| 1384 | if (ca_config.crl_ext != NULL) { | 1384 | if (cfg.crl_ext != NULL) { | 
| 1385 | /* Check syntax of file */ | 1385 | /* Check syntax of file */ | 
| 1386 | X509V3_CTX ctx; | 1386 | X509V3_CTX ctx; | 
| 1387 | X509V3_set_ctx_test(&ctx); | 1387 | X509V3_set_ctx_test(&ctx); | 
| 1388 | X509V3_set_nconf(&ctx, conf); | 1388 | X509V3_set_nconf(&ctx, conf); | 
| 1389 | if (!X509V3_EXT_add_nconf(conf, &ctx, ca_config.crl_ext, | 1389 | if (!X509V3_EXT_add_nconf(conf, &ctx, cfg.crl_ext, | 
| 1390 | NULL)) { | 1390 | NULL)) { | 
| 1391 | BIO_printf(bio_err, | 1391 | BIO_printf(bio_err, | 
| 1392 | "Error Loading CRL extension section %s\n", | 1392 | "Error Loading CRL extension section %s\n", | 
| 1393 | ca_config.crl_ext); | 1393 | cfg.crl_ext); | 
| 1394 | ret = 1; | 1394 | ret = 1; | 
| 1395 | goto err; | 1395 | goto err; | 
| 1396 | } | 1396 | } | 
| 1397 | } | 1397 | } | 
| 1398 | if ((crlnumberfile = NCONF_get_string(conf, ca_config.section, | 1398 | if ((crlnumberfile = NCONF_get_string(conf, cfg.section, | 
| 1399 | ENV_CRLNUMBER)) != NULL) | 1399 | ENV_CRLNUMBER)) != NULL) | 
| 1400 | if ((crlnumber = load_serial(crlnumberfile, 0, | 1400 | if ((crlnumber = load_serial(crlnumberfile, 0, | 
| 1401 | NULL)) == NULL) { | 1401 | NULL)) == NULL) { | 
| @@ -1403,23 +1403,23 @@ ca_main(int argc, char **argv) | |||
| 1403 | "error while loading CRL number\n"); | 1403 | "error while loading CRL number\n"); | 
| 1404 | goto err; | 1404 | goto err; | 
| 1405 | } | 1405 | } | 
| 1406 | if (!ca_config.crldays && !ca_config.crlhours && | 1406 | if (!cfg.crldays && !cfg.crlhours && | 
| 1407 | !ca_config.crlsec) { | 1407 | !cfg.crlsec) { | 
| 1408 | if (!NCONF_get_number(conf, ca_config.section, | 1408 | if (!NCONF_get_number(conf, cfg.section, | 
| 1409 | ENV_DEFAULT_CRL_DAYS, &ca_config.crldays)) | 1409 | ENV_DEFAULT_CRL_DAYS, &cfg.crldays)) | 
| 1410 | ca_config.crldays = 0; | 1410 | cfg.crldays = 0; | 
| 1411 | if (!NCONF_get_number(conf, ca_config.section, | 1411 | if (!NCONF_get_number(conf, cfg.section, | 
| 1412 | ENV_DEFAULT_CRL_HOURS, &ca_config.crlhours)) | 1412 | ENV_DEFAULT_CRL_HOURS, &cfg.crlhours)) | 
| 1413 | ca_config.crlhours = 0; | 1413 | cfg.crlhours = 0; | 
| 1414 | ERR_clear_error(); | 1414 | ERR_clear_error(); | 
| 1415 | } | 1415 | } | 
| 1416 | if ((ca_config.crldays == 0) && (ca_config.crlhours == 0) && | 1416 | if ((cfg.crldays == 0) && (cfg.crlhours == 0) && | 
| 1417 | (ca_config.crlsec == 0)) { | 1417 | (cfg.crlsec == 0)) { | 
| 1418 | BIO_printf(bio_err, | 1418 | BIO_printf(bio_err, | 
| 1419 | "cannot lookup how long until the next CRL is issued\n"); | 1419 | "cannot lookup how long until the next CRL is issued\n"); | 
| 1420 | goto err; | 1420 | goto err; | 
| 1421 | } | 1421 | } | 
| 1422 | if (ca_config.verbose) | 1422 | if (cfg.verbose) | 
| 1423 | BIO_printf(bio_err, "making CRL\n"); | 1423 | BIO_printf(bio_err, "making CRL\n"); | 
| 1424 | if ((crl = X509_CRL_new()) == NULL) | 1424 | if ((crl = X509_CRL_new()) == NULL) | 
| 1425 | goto err; | 1425 | goto err; | 
| @@ -1430,8 +1430,8 @@ ca_main(int argc, char **argv) | |||
| 1430 | goto err; | 1430 | goto err; | 
| 1431 | if (!X509_CRL_set_lastUpdate(crl, tmptm)) | 1431 | if (!X509_CRL_set_lastUpdate(crl, tmptm)) | 
| 1432 | goto err; | 1432 | goto err; | 
| 1433 | if (X509_time_adj_ex(tmptm, ca_config.crldays, | 1433 | if (X509_time_adj_ex(tmptm, cfg.crldays, | 
| 1434 | ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) == | 1434 | cfg.crlhours * 60 * 60 + cfg.crlsec, NULL) == | 
| 1435 | NULL) { | 1435 | NULL) { | 
| 1436 | BIO_puts(bio_err, "error setting CRL nextUpdate\n"); | 1436 | BIO_puts(bio_err, "error setting CRL nextUpdate\n"); | 
| 1437 | goto err; | 1437 | goto err; | 
| @@ -1475,19 +1475,19 @@ ca_main(int argc, char **argv) | |||
| 1475 | X509_CRL_sort(crl); | 1475 | X509_CRL_sort(crl); | 
| 1476 | 1476 | ||
| 1477 | /* we now have a CRL */ | 1477 | /* we now have a CRL */ | 
| 1478 | if (ca_config.verbose) | 1478 | if (cfg.verbose) | 
| 1479 | BIO_printf(bio_err, "signing CRL\n"); | 1479 | BIO_printf(bio_err, "signing CRL\n"); | 
| 1480 | 1480 | ||
| 1481 | /* Add any extensions asked for */ | 1481 | /* Add any extensions asked for */ | 
| 1482 | 1482 | ||
| 1483 | if (ca_config.crl_ext != NULL || crlnumberfile != NULL) { | 1483 | if (cfg.crl_ext != NULL || crlnumberfile != NULL) { | 
| 1484 | X509V3_CTX crlctx; | 1484 | X509V3_CTX crlctx; | 
| 1485 | X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); | 1485 | X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); | 
| 1486 | X509V3_set_nconf(&crlctx, conf); | 1486 | X509V3_set_nconf(&crlctx, conf); | 
| 1487 | 1487 | ||
| 1488 | if (ca_config.crl_ext != NULL) | 1488 | if (cfg.crl_ext != NULL) | 
| 1489 | if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, | 1489 | if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, | 
| 1490 | ca_config.crl_ext, crl)) | 1490 | cfg.crl_ext, crl)) | 
| 1491 | goto err; | 1491 | goto err; | 
| 1492 | if (crlnumberfile != NULL) { | 1492 | if (crlnumberfile != NULL) { | 
| 1493 | tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL); | 1493 | tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL); | 
| @@ -1504,7 +1504,7 @@ ca_main(int argc, char **argv) | |||
| 1504 | goto err; | 1504 | goto err; | 
| 1505 | } | 1505 | } | 
| 1506 | } | 1506 | } | 
| 1507 | if (ca_config.crl_ext != NULL || crl_v2) { | 1507 | if (cfg.crl_ext != NULL || crl_v2) { | 
| 1508 | if (!X509_CRL_set_version(crl, 1)) | 1508 | if (!X509_CRL_set_version(crl, 1)) | 
| 1509 | goto err; /* version 2 CRL */ | 1509 | goto err; /* version 2 CRL */ | 
| 1510 | } | 1510 | } | 
| @@ -1517,7 +1517,7 @@ ca_main(int argc, char **argv) | |||
| 1517 | crlnumber = NULL; | 1517 | crlnumber = NULL; | 
| 1518 | 1518 | ||
| 1519 | if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, | 1519 | if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, | 
| 1520 | ca_config.sigopts)) | 1520 | cfg.sigopts)) | 
| 1521 | goto err; | 1521 | goto err; | 
| 1522 | 1522 | ||
| 1523 | if (!PEM_write_bio_X509_CRL(Sout, crl)) | 1523 | if (!PEM_write_bio_X509_CRL(Sout, crl)) | 
| @@ -1529,18 +1529,18 @@ ca_main(int argc, char **argv) | |||
| 1529 | 1529 | ||
| 1530 | } | 1530 | } | 
| 1531 | /*****************************************************************/ | 1531 | /*****************************************************************/ | 
| 1532 | if (ca_config.dorevoke) { | 1532 | if (cfg.dorevoke) { | 
| 1533 | if (ca_config.infile == NULL) { | 1533 | if (cfg.infile == NULL) { | 
| 1534 | BIO_printf(bio_err, "no input files\n"); | 1534 | BIO_printf(bio_err, "no input files\n"); | 
| 1535 | goto err; | 1535 | goto err; | 
| 1536 | } else { | 1536 | } else { | 
| 1537 | X509 *revcert; | 1537 | X509 *revcert; | 
| 1538 | revcert = load_cert(bio_err, ca_config.infile, | 1538 | revcert = load_cert(bio_err, cfg.infile, | 
| 1539 | FORMAT_PEM, NULL, ca_config.infile); | 1539 | FORMAT_PEM, NULL, cfg.infile); | 
| 1540 | if (revcert == NULL) | 1540 | if (revcert == NULL) | 
| 1541 | goto err; | 1541 | goto err; | 
| 1542 | j = do_revoke(revcert, db, ca_config.rev_type, | 1542 | j = do_revoke(revcert, db, cfg.rev_type, | 
| 1543 | ca_config.rev_arg); | 1543 | cfg.rev_arg); | 
| 1544 | if (j <= 0) | 1544 | if (j <= 0) | 
| 1545 | goto err; | 1545 | goto err; | 
| 1546 | X509_free(revcert); | 1546 | X509_free(revcert); | 
| @@ -1570,11 +1570,11 @@ ca_main(int argc, char **argv) | |||
| 1570 | if (ret) | 1570 | if (ret) | 
| 1571 | ERR_print_errors(bio_err); | 1571 | ERR_print_errors(bio_err); | 
| 1572 | if (free_key) | 1572 | if (free_key) | 
| 1573 | free(ca_config.key); | 1573 | free(cfg.key); | 
| 1574 | BN_free(serial); | 1574 | BN_free(serial); | 
| 1575 | BN_free(crlnumber); | 1575 | BN_free(crlnumber); | 
| 1576 | free_index(db); | 1576 | free_index(db); | 
| 1577 | sk_OPENSSL_STRING_free(ca_config.sigopts); | 1577 | sk_OPENSSL_STRING_free(cfg.sigopts); | 
| 1578 | EVP_PKEY_free(pkey); | 1578 | EVP_PKEY_free(pkey); | 
| 1579 | X509_free(x509); | 1579 | X509_free(x509); | 
| 1580 | X509_CRL_free(crl); | 1580 | X509_CRL_free(crl); | 
| @@ -1778,7 +1778,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1778 | if (obj == NULL) | 1778 | if (obj == NULL) | 
| 1779 | goto err; | 1779 | goto err; | 
| 1780 | 1780 | ||
| 1781 | if (ca_config.msie_hack) { | 1781 | if (cfg.msie_hack) { | 
| 1782 | /* assume all type should be strings */ | 1782 | /* assume all type should be strings */ | 
| 1783 | nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne)); | 1783 | nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne)); | 
| 1784 | if (nid == NID_undef) | 1784 | if (nid == NID_undef) | 
| @@ -1940,7 +1940,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1940 | } | 1940 | } | 
| 1941 | } | 1941 | } | 
| 1942 | 1942 | ||
| 1943 | if (ca_config.preserve) { | 1943 | if (cfg.preserve) { | 
| 1944 | X509_NAME_free(subject); | 1944 | X509_NAME_free(subject); | 
| 1945 | /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ | 1945 | /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ | 
| 1946 | subject = X509_NAME_dup(name); | 1946 | subject = X509_NAME_dup(name); | 
| diff --git a/src/usr.bin/openssl/certhash.c b/src/usr.bin/openssl/certhash.c index 785f1216ad..5ee29b8d01 100644 --- a/src/usr.bin/openssl/certhash.c +++ b/src/usr.bin/openssl/certhash.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: certhash.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: certhash.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> | 
| 4 | * | 4 | * | 
| @@ -36,20 +36,20 @@ | |||
| 36 | static struct { | 36 | static struct { | 
| 37 | int dryrun; | 37 | int dryrun; | 
| 38 | int verbose; | 38 | int verbose; | 
| 39 | } certhash_config; | 39 | } cfg; | 
| 40 | 40 | ||
| 41 | static const struct option certhash_options[] = { | 41 | static const struct option certhash_options[] = { | 
| 42 | { | 42 | { | 
| 43 | .name = "n", | 43 | .name = "n", | 
| 44 | .desc = "Perform a dry-run - do not make any changes", | 44 | .desc = "Perform a dry-run - do not make any changes", | 
| 45 | .type = OPTION_FLAG, | 45 | .type = OPTION_FLAG, | 
| 46 | .opt.flag = &certhash_config.dryrun, | 46 | .opt.flag = &cfg.dryrun, | 
| 47 | }, | 47 | }, | 
| 48 | { | 48 | { | 
| 49 | .name = "v", | 49 | .name = "v", | 
| 50 | .desc = "Verbose", | 50 | .desc = "Verbose", | 
| 51 | .type = OPTION_FLAG, | 51 | .type = OPTION_FLAG, | 
| 52 | .opt.flag = &certhash_config.verbose, | 52 | .opt.flag = &cfg.verbose, | 
| 53 | }, | 53 | }, | 
| 54 | { NULL }, | 54 | { NULL }, | 
| 55 | }; | 55 | }; | 
| @@ -569,7 +569,7 @@ certhash_directory(const char *path) | |||
| 569 | goto err; | 569 | goto err; | 
| 570 | } | 570 | } | 
| 571 | 571 | ||
| 572 | if (certhash_config.verbose) | 572 | if (cfg.verbose) | 
| 573 | fprintf(stdout, "scanning directory %s\n", path); | 573 | fprintf(stdout, "scanning directory %s\n", path); | 
| 574 | 574 | ||
| 575 | /* Create lists of existing hash links, certs and CRLs. */ | 575 | /* Create lists of existing hash links, certs and CRLs. */ | 
| @@ -594,11 +594,11 @@ certhash_directory(const char *path) | |||
| 594 | if (link->exists == 0 || | 594 | if (link->exists == 0 || | 
| 595 | (link->reference != NULL && link->changed == 0)) | 595 | (link->reference != NULL && link->changed == 0)) | 
| 596 | continue; | 596 | continue; | 
| 597 | if (certhash_config.verbose) | 597 | if (cfg.verbose) | 
| 598 | fprintf(stdout, "%s link %s -> %s\n", | 598 | fprintf(stdout, "%s link %s -> %s\n", | 
| 599 | (certhash_config.dryrun ? "would remove" : | 599 | (cfg.dryrun ? "would remove" : | 
| 600 | "removing"), link->filename, link->target); | 600 | "removing"), link->filename, link->target); | 
| 601 | if (certhash_config.dryrun) | 601 | if (cfg.dryrun) | 
| 602 | continue; | 602 | continue; | 
| 603 | if (unlink(link->filename) == -1) { | 603 | if (unlink(link->filename) == -1) { | 
| 604 | fprintf(stderr, "failed to remove link %s\n", | 604 | fprintf(stderr, "failed to remove link %s\n", | 
| @@ -611,12 +611,12 @@ certhash_directory(const char *path) | |||
| 611 | for (link = links; link != NULL; link = link->next) { | 611 | for (link = links; link != NULL; link = link->next) { | 
| 612 | if (link->exists == 1 && link->changed == 0) | 612 | if (link->exists == 1 && link->changed == 0) | 
| 613 | continue; | 613 | continue; | 
| 614 | if (certhash_config.verbose) | 614 | if (cfg.verbose) | 
| 615 | fprintf(stdout, "%s link %s -> %s\n", | 615 | fprintf(stdout, "%s link %s -> %s\n", | 
| 616 | (certhash_config.dryrun ? "would create" : | 616 | (cfg.dryrun ? "would create" : | 
| 617 | "creating"), link->filename, | 617 | "creating"), link->filename, | 
| 618 | link->reference->filename); | 618 | link->reference->filename); | 
| 619 | if (certhash_config.dryrun) | 619 | if (cfg.dryrun) | 
| 620 | continue; | 620 | continue; | 
| 621 | if (symlink(link->reference->filename, link->filename) == -1) { | 621 | if (symlink(link->reference->filename, link->filename) == -1) { | 
| 622 | fprintf(stderr, "failed to create link %s -> %s\n", | 622 | fprintf(stderr, "failed to create link %s -> %s\n", | 
| @@ -658,7 +658,7 @@ certhash_main(int argc, char **argv) | |||
| 658 | exit(1); | 658 | exit(1); | 
| 659 | } | 659 | } | 
| 660 | 660 | ||
| 661 | memset(&certhash_config, 0, sizeof(certhash_config)); | 661 | memset(&cfg, 0, sizeof(cfg)); | 
| 662 | 662 | ||
| 663 | if (options_parse(argc, argv, certhash_options, NULL, &argsused) != 0) { | 663 | if (options_parse(argc, argv, certhash_options, NULL, &argsused) != 0) { | 
| 664 | certhash_usage(); | 664 | certhash_usage(); | 
| diff --git a/src/usr.bin/openssl/ciphers.c b/src/usr.bin/openssl/ciphers.c index 73d9e63b6f..247929bb9e 100644 --- a/src/usr.bin/openssl/ciphers.c +++ b/src/usr.bin/openssl/ciphers.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ciphers.c,v 1.17 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: ciphers.c,v 1.18 2023/03/06 14:32:05 tb Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 
| 4 | * | 4 | * | 
| @@ -29,65 +29,65 @@ static struct { | |||
| 29 | int use_supported; | 29 | int use_supported; | 
| 30 | int verbose; | 30 | int verbose; | 
| 31 | int version; | 31 | int version; | 
| 32 | } ciphers_config; | 32 | } cfg; | 
| 33 | 33 | ||
| 34 | static const struct option ciphers_options[] = { | 34 | static const struct option ciphers_options[] = { | 
| 35 | { | 35 | { | 
| 36 | .name = "h", | 36 | .name = "h", | 
| 37 | .type = OPTION_FLAG, | 37 | .type = OPTION_FLAG, | 
| 38 | .opt.flag = &ciphers_config.usage, | 38 | .opt.flag = &cfg.usage, | 
| 39 | }, | 39 | }, | 
| 40 | { | 40 | { | 
| 41 | .name = "?", | 41 | .name = "?", | 
| 42 | .type = OPTION_FLAG, | 42 | .type = OPTION_FLAG, | 
| 43 | .opt.flag = &ciphers_config.usage, | 43 | .opt.flag = &cfg.usage, | 
| 44 | }, | 44 | }, | 
| 45 | { | 45 | { | 
| 46 | .name = "s", | 46 | .name = "s", | 
| 47 | .desc = "Only list ciphers that are supported by the TLS method", | 47 | .desc = "Only list ciphers that are supported by the TLS method", | 
| 48 | .type = OPTION_FLAG, | 48 | .type = OPTION_FLAG, | 
| 49 | .opt.flag = &ciphers_config.use_supported, | 49 | .opt.flag = &cfg.use_supported, | 
| 50 | }, | 50 | }, | 
| 51 | { | 51 | { | 
| 52 | .name = "tls1", | 52 | .name = "tls1", | 
| 53 | .desc = "Use TLS protocol version 1", | 53 | .desc = "Use TLS protocol version 1", | 
| 54 | .type = OPTION_VALUE, | 54 | .type = OPTION_VALUE, | 
| 55 | .opt.value = &ciphers_config.version, | 55 | .opt.value = &cfg.version, | 
| 56 | .value = TLS1_VERSION, | 56 | .value = TLS1_VERSION, | 
| 57 | }, | 57 | }, | 
| 58 | { | 58 | { | 
| 59 | .name = "tls1_1", | 59 | .name = "tls1_1", | 
| 60 | .desc = "Use TLS protocol version 1.1", | 60 | .desc = "Use TLS protocol version 1.1", | 
| 61 | .type = OPTION_VALUE, | 61 | .type = OPTION_VALUE, | 
| 62 | .opt.value = &ciphers_config.version, | 62 | .opt.value = &cfg.version, | 
| 63 | .value = TLS1_1_VERSION, | 63 | .value = TLS1_1_VERSION, | 
| 64 | }, | 64 | }, | 
| 65 | { | 65 | { | 
| 66 | .name = "tls1_2", | 66 | .name = "tls1_2", | 
| 67 | .desc = "Use TLS protocol version 1.2", | 67 | .desc = "Use TLS protocol version 1.2", | 
| 68 | .type = OPTION_VALUE, | 68 | .type = OPTION_VALUE, | 
| 69 | .opt.value = &ciphers_config.version, | 69 | .opt.value = &cfg.version, | 
| 70 | .value = TLS1_2_VERSION, | 70 | .value = TLS1_2_VERSION, | 
| 71 | }, | 71 | }, | 
| 72 | { | 72 | { | 
| 73 | .name = "tls1_3", | 73 | .name = "tls1_3", | 
| 74 | .desc = "Use TLS protocol version 1.3", | 74 | .desc = "Use TLS protocol version 1.3", | 
| 75 | .type = OPTION_VALUE, | 75 | .type = OPTION_VALUE, | 
| 76 | .opt.value = &ciphers_config.version, | 76 | .opt.value = &cfg.version, | 
| 77 | .value = TLS1_3_VERSION, | 77 | .value = TLS1_3_VERSION, | 
| 78 | }, | 78 | }, | 
| 79 | { | 79 | { | 
| 80 | .name = "v", | 80 | .name = "v", | 
| 81 | .desc = "Provide cipher listing", | 81 | .desc = "Provide cipher listing", | 
| 82 | .type = OPTION_VALUE, | 82 | .type = OPTION_VALUE, | 
| 83 | .opt.value = &ciphers_config.verbose, | 83 | .opt.value = &cfg.verbose, | 
| 84 | .value = 1, | 84 | .value = 1, | 
| 85 | }, | 85 | }, | 
| 86 | { | 86 | { | 
| 87 | .name = "V", | 87 | .name = "V", | 
| 88 | .desc = "Provide cipher listing with cipher suite values", | 88 | .desc = "Provide cipher listing with cipher suite values", | 
| 89 | .type = OPTION_VALUE, | 89 | .type = OPTION_VALUE, | 
| 90 | .opt.value = &ciphers_config.verbose, | 90 | .opt.value = &cfg.verbose, | 
| 91 | .value = 2, | 91 | .value = 2, | 
| 92 | }, | 92 | }, | 
| 93 | { NULL }, | 93 | { NULL }, | 
| @@ -119,7 +119,7 @@ ciphers_main(int argc, char **argv) | |||
| 119 | exit(1); | 119 | exit(1); | 
| 120 | } | 120 | } | 
| 121 | 121 | ||
| 122 | memset(&ciphers_config, 0, sizeof(ciphers_config)); | 122 | memset(&cfg, 0, sizeof(cfg)); | 
| 123 | 123 | ||
| 124 | if (options_parse(argc, argv, ciphers_options, &cipherlist, | 124 | if (options_parse(argc, argv, ciphers_options, &cipherlist, | 
| 125 | NULL) != 0) { | 125 | NULL) != 0) { | 
| @@ -127,7 +127,7 @@ ciphers_main(int argc, char **argv) | |||
| 127 | return (1); | 127 | return (1); | 
| 128 | } | 128 | } | 
| 129 | 129 | ||
| 130 | if (ciphers_config.usage) { | 130 | if (cfg.usage) { | 
| 131 | ciphers_usage(); | 131 | ciphers_usage(); | 
| 132 | return (1); | 132 | return (1); | 
| 133 | } | 133 | } | 
| @@ -135,12 +135,12 @@ ciphers_main(int argc, char **argv) | |||
| 135 | if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) | 135 | if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) | 
| 136 | goto err; | 136 | goto err; | 
| 137 | 137 | ||
| 138 | if (ciphers_config.version != 0) { | 138 | if (cfg.version != 0) { | 
| 139 | if (!SSL_CTX_set_min_proto_version(ssl_ctx, | 139 | if (!SSL_CTX_set_min_proto_version(ssl_ctx, | 
| 140 | ciphers_config.version)) | 140 | cfg.version)) | 
| 141 | goto err; | 141 | goto err; | 
| 142 | if (!SSL_CTX_set_max_proto_version(ssl_ctx, | 142 | if (!SSL_CTX_set_max_proto_version(ssl_ctx, | 
| 143 | ciphers_config.version)) | 143 | cfg.version)) | 
| 144 | goto err; | 144 | goto err; | 
| 145 | } | 145 | } | 
| 146 | 146 | ||
| @@ -152,7 +152,7 @@ ciphers_main(int argc, char **argv) | |||
| 152 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 152 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 
| 153 | goto err; | 153 | goto err; | 
| 154 | 154 | ||
| 155 | if (ciphers_config.use_supported) { | 155 | if (cfg.use_supported) { | 
| 156 | if ((supported_ciphers = | 156 | if ((supported_ciphers = | 
| 157 | SSL_get1_supported_ciphers(ssl)) == NULL) | 157 | SSL_get1_supported_ciphers(ssl)) == NULL) | 
| 158 | goto err; | 158 | goto err; | 
| @@ -164,12 +164,12 @@ ciphers_main(int argc, char **argv) | |||
| 164 | 164 | ||
| 165 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { | 165 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { | 
| 166 | cipher = sk_SSL_CIPHER_value(ciphers, i); | 166 | cipher = sk_SSL_CIPHER_value(ciphers, i); | 
| 167 | if (ciphers_config.verbose == 0) { | 167 | if (cfg.verbose == 0) { | 
| 168 | fprintf(stdout, "%s%s", (i ? ":" : ""), | 168 | fprintf(stdout, "%s%s", (i ? ":" : ""), | 
| 169 | SSL_CIPHER_get_name(cipher)); | 169 | SSL_CIPHER_get_name(cipher)); | 
| 170 | continue; | 170 | continue; | 
| 171 | } | 171 | } | 
| 172 | if (ciphers_config.verbose > 1) { | 172 | if (cfg.verbose > 1) { | 
| 173 | value = SSL_CIPHER_get_value(cipher); | 173 | value = SSL_CIPHER_get_value(cipher); | 
| 174 | fprintf(stdout, "%-*s0x%02X,0x%02X - ", 10, "", | 174 | fprintf(stdout, "%-*s0x%02X,0x%02X - ", 10, "", | 
| 175 | ((value >> 8) & 0xff), (value & 0xff)); | 175 | ((value >> 8) & 0xff), (value & 0xff)); | 
| @@ -182,7 +182,7 @@ ciphers_main(int argc, char **argv) | |||
| 182 | fprintf(stdout, "%s", desc); | 182 | fprintf(stdout, "%s", desc); | 
| 183 | free(desc); | 183 | free(desc); | 
| 184 | } | 184 | } | 
| 185 | if (ciphers_config.verbose == 0) | 185 | if (cfg.verbose == 0) | 
| 186 | fprintf(stdout, "\n"); | 186 | fprintf(stdout, "\n"); | 
| 187 | 187 | ||
| 188 | goto done; | 188 | goto done; | 
| diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c index b88fd55b3c..0ddf26e5a7 100644 --- a/src/usr.bin/openssl/cms.c +++ b/src/usr.bin/openssl/cms.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cms.c,v 1.32 2023/03/05 13:08:22 tb Exp $ */ | 1 | /* $OpenBSD: cms.c,v 1.33 2023/03/06 14:32:05 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project. | 3 | * project. | 
| 4 | */ | 4 | */ | 
| @@ -149,7 +149,7 @@ static struct { | |||
| 149 | char *to; | 149 | char *to; | 
| 150 | int verify_retcode; | 150 | int verify_retcode; | 
| 151 | X509_VERIFY_PARAM *vpm; | 151 | X509_VERIFY_PARAM *vpm; | 
| 152 | } cms_config; | 152 | } cfg; | 
| 153 | 153 | ||
| 154 | static const EVP_CIPHER * | 154 | static const EVP_CIPHER * | 
| 155 | get_cipher_by_name(char *name) | 155 | get_cipher_by_name(char *name) | 
| @@ -198,8 +198,8 @@ cms_opt_cipher(int argc, char **argv, int *argsused) | |||
| 198 | if (*name++ != '-') | 198 | if (*name++ != '-') | 
| 199 | return (1); | 199 | return (1); | 
| 200 | 200 | ||
| 201 | if ((cms_config.cipher = get_cipher_by_name(name)) == NULL) | 201 | if ((cfg.cipher = get_cipher_by_name(name)) == NULL) | 
| 202 | if ((cms_config.cipher = EVP_get_cipherbyname(name)) == NULL) | 202 | if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) | 
| 203 | return (1); | 203 | return (1); | 
| 204 | 204 | ||
| 205 | *argsused = 1; | 205 | *argsused = 1; | 
| @@ -209,9 +209,9 @@ cms_opt_cipher(int argc, char **argv, int *argsused) | |||
| 209 | static int | 209 | static int | 
| 210 | cms_opt_econtent_type(char *arg) | 210 | cms_opt_econtent_type(char *arg) | 
| 211 | { | 211 | { | 
| 212 | ASN1_OBJECT_free(cms_config.econtent_type); | 212 | ASN1_OBJECT_free(cfg.econtent_type); | 
| 213 | 213 | ||
| 214 | if ((cms_config.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) { | 214 | if ((cfg.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) { | 
| 215 | BIO_printf(bio_err, "Invalid OID %s\n", arg); | 215 | BIO_printf(bio_err, "Invalid OID %s\n", arg); | 
| 216 | return (1); | 216 | return (1); | 
| 217 | } | 217 | } | 
| @@ -221,33 +221,33 @@ cms_opt_econtent_type(char *arg) | |||
| 221 | static int | 221 | static int | 
| 222 | cms_opt_inkey(char *arg) | 222 | cms_opt_inkey(char *arg) | 
| 223 | { | 223 | { | 
| 224 | if (cms_config.keyfile == NULL) { | 224 | if (cfg.keyfile == NULL) { | 
| 225 | cms_config.keyfile = arg; | 225 | cfg.keyfile = arg; | 
| 226 | return (0); | 226 | return (0); | 
| 227 | } | 227 | } | 
| 228 | 228 | ||
| 229 | if (cms_config.signerfile == NULL) { | 229 | if (cfg.signerfile == NULL) { | 
| 230 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | 230 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | 
| 231 | return (1); | 231 | return (1); | 
| 232 | } | 232 | } | 
| 233 | 233 | ||
| 234 | if (cms_config.sksigners == NULL) | 234 | if (cfg.sksigners == NULL) | 
| 235 | cms_config.sksigners = sk_OPENSSL_STRING_new_null(); | 235 | cfg.sksigners = sk_OPENSSL_STRING_new_null(); | 
| 236 | if (cms_config.sksigners == NULL) | 236 | if (cfg.sksigners == NULL) | 
| 237 | return (1); | 237 | return (1); | 
| 238 | if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) | 238 | if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile)) | 
| 239 | return (1); | 239 | return (1); | 
| 240 | 240 | ||
| 241 | cms_config.signerfile = NULL; | 241 | cfg.signerfile = NULL; | 
| 242 | 242 | ||
| 243 | if (cms_config.skkeys == NULL) | 243 | if (cfg.skkeys == NULL) | 
| 244 | cms_config.skkeys = sk_OPENSSL_STRING_new_null(); | 244 | cfg.skkeys = sk_OPENSSL_STRING_new_null(); | 
| 245 | if (cms_config.skkeys == NULL) | 245 | if (cfg.skkeys == NULL) | 
| 246 | return (1); | 246 | return (1); | 
| 247 | if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) | 247 | if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) | 
| 248 | return (1); | 248 | return (1); | 
| 249 | 249 | ||
| 250 | cms_config.keyfile = arg; | 250 | cfg.keyfile = arg; | 
| 251 | return (0); | 251 | return (0); | 
| 252 | } | 252 | } | 
| 253 | 253 | ||
| @@ -256,14 +256,14 @@ cms_opt_keyopt(char *arg) | |||
| 256 | { | 256 | { | 
| 257 | int keyidx = -1; | 257 | int keyidx = -1; | 
| 258 | 258 | ||
| 259 | if (cms_config.operation == SMIME_ENCRYPT) { | 259 | if (cfg.operation == SMIME_ENCRYPT) { | 
| 260 | if (cms_config.encerts != NULL) | 260 | if (cfg.encerts != NULL) | 
| 261 | keyidx += sk_X509_num(cms_config.encerts); | 261 | keyidx += sk_X509_num(cfg.encerts); | 
| 262 | } else { | 262 | } else { | 
| 263 | if (cms_config.keyfile != NULL || cms_config.signerfile != NULL) | 263 | if (cfg.keyfile != NULL || cfg.signerfile != NULL) | 
| 264 | keyidx++; | 264 | keyidx++; | 
| 265 | if (cms_config.skkeys != NULL) | 265 | if (cfg.skkeys != NULL) | 
| 266 | keyidx += sk_OPENSSL_STRING_num(cms_config.skkeys); | 266 | keyidx += sk_OPENSSL_STRING_num(cfg.skkeys); | 
| 267 | } | 267 | } | 
| 268 | 268 | ||
| 269 | if (keyidx < 0) { | 269 | if (keyidx < 0) { | 
| @@ -271,8 +271,8 @@ cms_opt_keyopt(char *arg) | |||
| 271 | return (1); | 271 | return (1); | 
| 272 | } | 272 | } | 
| 273 | 273 | ||
| 274 | if (cms_config.key_param == NULL || | 274 | if (cfg.key_param == NULL || | 
| 275 | cms_config.key_param->idx != keyidx) { | 275 | cfg.key_param->idx != keyidx) { | 
| 276 | struct cms_key_param *nparam; | 276 | struct cms_key_param *nparam; | 
| 277 | 277 | ||
| 278 | if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL) | 278 | if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL) | 
| @@ -285,15 +285,15 @@ cms_opt_keyopt(char *arg) | |||
| 285 | } | 285 | } | 
| 286 | 286 | ||
| 287 | nparam->next = NULL; | 287 | nparam->next = NULL; | 
| 288 | if (cms_config.key_first == NULL) | 288 | if (cfg.key_first == NULL) | 
| 289 | cms_config.key_first = nparam; | 289 | cfg.key_first = nparam; | 
| 290 | else | 290 | else | 
| 291 | cms_config.key_param->next = nparam; | 291 | cfg.key_param->next = nparam; | 
| 292 | 292 | ||
| 293 | cms_config.key_param = nparam; | 293 | cfg.key_param = nparam; | 
| 294 | } | 294 | } | 
| 295 | 295 | ||
| 296 | if (!sk_OPENSSL_STRING_push(cms_config.key_param->param, arg)) | 296 | if (!sk_OPENSSL_STRING_push(cfg.key_param->param, arg)) | 
| 297 | return (1); | 297 | return (1); | 
| 298 | 298 | ||
| 299 | return (0); | 299 | return (0); | 
| @@ -302,7 +302,7 @@ cms_opt_keyopt(char *arg) | |||
| 302 | static int | 302 | static int | 
| 303 | cms_opt_md(char *arg) | 303 | cms_opt_md(char *arg) | 
| 304 | { | 304 | { | 
| 305 | if ((cms_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { | 305 | if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) { | 
| 306 | BIO_printf(bio_err, "Unknown digest %s\n", arg); | 306 | BIO_printf(bio_err, "Unknown digest %s\n", arg); | 
| 307 | return (1); | 307 | return (1); | 
| 308 | } | 308 | } | 
| @@ -312,38 +312,38 @@ cms_opt_md(char *arg) | |||
| 312 | static int | 312 | static int | 
| 313 | cms_opt_print(void) | 313 | cms_opt_print(void) | 
| 314 | { | 314 | { | 
| 315 | cms_config.noout = 1; | 315 | cfg.noout = 1; | 
| 316 | cms_config.print = 1; | 316 | cfg.print = 1; | 
| 317 | return (0); | 317 | return (0); | 
| 318 | } | 318 | } | 
| 319 | 319 | ||
| 320 | static int | 320 | static int | 
| 321 | cms_opt_pwri_pass(char *arg) | 321 | cms_opt_pwri_pass(char *arg) | 
| 322 | { | 322 | { | 
| 323 | cms_config.pwri_pass = (unsigned char *)arg; | 323 | cfg.pwri_pass = (unsigned char *)arg; | 
| 324 | return (0); | 324 | return (0); | 
| 325 | } | 325 | } | 
| 326 | 326 | ||
| 327 | static int | 327 | static int | 
| 328 | cms_opt_recip(char *arg) | 328 | cms_opt_recip(char *arg) | 
| 329 | { | 329 | { | 
| 330 | if (cms_config.operation == SMIME_ENCRYPT) { | 330 | if (cfg.operation == SMIME_ENCRYPT) { | 
| 331 | if (cms_config.encerts == NULL) { | 331 | if (cfg.encerts == NULL) { | 
| 332 | if ((cms_config.encerts = sk_X509_new_null()) == NULL) | 332 | if ((cfg.encerts = sk_X509_new_null()) == NULL) | 
| 333 | return (1); | 333 | return (1); | 
| 334 | } | 334 | } | 
| 335 | 335 | ||
| 336 | cms_config.cert = load_cert(bio_err, arg, FORMAT_PEM, | 336 | cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, | 
| 337 | NULL, "recipient certificate file"); | 337 | NULL, "recipient certificate file"); | 
| 338 | if (cms_config.cert == NULL) | 338 | if (cfg.cert == NULL) | 
| 339 | return (1); | 339 | return (1); | 
| 340 | 340 | ||
| 341 | if (!sk_X509_push(cms_config.encerts, cms_config.cert)) | 341 | if (!sk_X509_push(cfg.encerts, cfg.cert)) | 
| 342 | return (1); | 342 | return (1); | 
| 343 | 343 | ||
| 344 | cms_config.cert = NULL; | 344 | cfg.cert = NULL; | 
| 345 | } else { | 345 | } else { | 
| 346 | cms_config.recipfile = arg; | 346 | cfg.recipfile = arg; | 
| 347 | } | 347 | } | 
| 348 | return (0); | 348 | return (0); | 
| 349 | } | 349 | } | 
| @@ -351,11 +351,11 @@ cms_opt_recip(char *arg) | |||
| 351 | static int | 351 | static int | 
| 352 | cms_opt_receipt_request_from(char *arg) | 352 | cms_opt_receipt_request_from(char *arg) | 
| 353 | { | 353 | { | 
| 354 | if (cms_config.rr_from == NULL) | 354 | if (cfg.rr_from == NULL) | 
| 355 | cms_config.rr_from = sk_OPENSSL_STRING_new_null(); | 355 | cfg.rr_from = sk_OPENSSL_STRING_new_null(); | 
| 356 | if (cms_config.rr_from == NULL) | 356 | if (cfg.rr_from == NULL) | 
| 357 | return (1); | 357 | return (1); | 
| 358 | if (!sk_OPENSSL_STRING_push(cms_config.rr_from, arg)) | 358 | if (!sk_OPENSSL_STRING_push(cfg.rr_from, arg)) | 
| 359 | return (1); | 359 | return (1); | 
| 360 | 360 | ||
| 361 | return (0); | 361 | return (0); | 
| @@ -364,11 +364,11 @@ cms_opt_receipt_request_from(char *arg) | |||
| 364 | static int | 364 | static int | 
| 365 | cms_opt_receipt_request_to(char *arg) | 365 | cms_opt_receipt_request_to(char *arg) | 
| 366 | { | 366 | { | 
| 367 | if (cms_config.rr_to == NULL) | 367 | if (cfg.rr_to == NULL) | 
| 368 | cms_config.rr_to = sk_OPENSSL_STRING_new_null(); | 368 | cfg.rr_to = sk_OPENSSL_STRING_new_null(); | 
| 369 | if (cms_config.rr_to == NULL) | 369 | if (cfg.rr_to == NULL) | 
| 370 | return (1); | 370 | return (1); | 
| 371 | if (!sk_OPENSSL_STRING_push(cms_config.rr_to, arg)) | 371 | if (!sk_OPENSSL_STRING_push(cfg.rr_to, arg)) | 
| 372 | return (1); | 372 | return (1); | 
| 373 | 373 | ||
| 374 | return (0); | 374 | return (0); | 
| @@ -379,13 +379,13 @@ cms_opt_secretkey(char *arg) | |||
| 379 | { | 379 | { | 
| 380 | long ltmp; | 380 | long ltmp; | 
| 381 | 381 | ||
| 382 | free(cms_config.secret_key); | 382 | free(cfg.secret_key); | 
| 383 | 383 | ||
| 384 | if ((cms_config.secret_key = string_to_hex(arg, <mp)) == NULL) { | 384 | if ((cfg.secret_key = string_to_hex(arg, <mp)) == NULL) { | 
| 385 | BIO_printf(bio_err, "Invalid key %s\n", arg); | 385 | BIO_printf(bio_err, "Invalid key %s\n", arg); | 
| 386 | return (1); | 386 | return (1); | 
| 387 | } | 387 | } | 
| 388 | cms_config.secret_keylen = (size_t)ltmp; | 388 | cfg.secret_keylen = (size_t)ltmp; | 
| 389 | return (0); | 389 | return (0); | 
| 390 | } | 390 | } | 
| 391 | 391 | ||
| @@ -394,44 +394,44 @@ cms_opt_secretkeyid(char *arg) | |||
| 394 | { | 394 | { | 
| 395 | long ltmp; | 395 | long ltmp; | 
| 396 | 396 | ||
| 397 | free(cms_config.secret_keyid); | 397 | free(cfg.secret_keyid); | 
| 398 | 398 | ||
| 399 | if ((cms_config.secret_keyid = string_to_hex(arg, <mp)) == NULL) { | 399 | if ((cfg.secret_keyid = string_to_hex(arg, <mp)) == NULL) { | 
| 400 | BIO_printf(bio_err, "Invalid id %s\n", arg); | 400 | BIO_printf(bio_err, "Invalid id %s\n", arg); | 
| 401 | return (1); | 401 | return (1); | 
| 402 | } | 402 | } | 
| 403 | cms_config.secret_keyidlen = (size_t)ltmp; | 403 | cfg.secret_keyidlen = (size_t)ltmp; | 
| 404 | return (0); | 404 | return (0); | 
| 405 | } | 405 | } | 
| 406 | 406 | ||
| 407 | static int | 407 | static int | 
| 408 | cms_opt_signer(char *arg) | 408 | cms_opt_signer(char *arg) | 
| 409 | { | 409 | { | 
| 410 | if (cms_config.signerfile == NULL) { | 410 | if (cfg.signerfile == NULL) { | 
| 411 | cms_config.signerfile = arg; | 411 | cfg.signerfile = arg; | 
| 412 | return (0); | 412 | return (0); | 
| 413 | } | 413 | } | 
| 414 | 414 | ||
| 415 | if (cms_config.sksigners == NULL) | 415 | if (cfg.sksigners == NULL) | 
| 416 | cms_config.sksigners = sk_OPENSSL_STRING_new_null(); | 416 | cfg.sksigners = sk_OPENSSL_STRING_new_null(); | 
| 417 | if (cms_config.sksigners == NULL) | 417 | if (cfg.sksigners == NULL) | 
| 418 | return (1); | 418 | return (1); | 
| 419 | if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) | 419 | if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile)) | 
| 420 | return (1); | 420 | return (1); | 
| 421 | 421 | ||
| 422 | if (cms_config.keyfile == NULL) | 422 | if (cfg.keyfile == NULL) | 
| 423 | cms_config.keyfile = cms_config.signerfile; | 423 | cfg.keyfile = cfg.signerfile; | 
| 424 | 424 | ||
| 425 | if (cms_config.skkeys == NULL) | 425 | if (cfg.skkeys == NULL) | 
| 426 | cms_config.skkeys = sk_OPENSSL_STRING_new_null(); | 426 | cfg.skkeys = sk_OPENSSL_STRING_new_null(); | 
| 427 | if (cms_config.skkeys == NULL) | 427 | if (cfg.skkeys == NULL) | 
| 428 | return (1); | 428 | return (1); | 
| 429 | if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) | 429 | if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) | 
| 430 | return (1); | 430 | return (1); | 
| 431 | 431 | ||
| 432 | cms_config.keyfile = NULL; | 432 | cfg.keyfile = NULL; | 
| 433 | 433 | ||
| 434 | cms_config.signerfile = arg; | 434 | cfg.signerfile = arg; | 
| 435 | return (0); | 435 | return (0); | 
| 436 | } | 436 | } | 
| 437 | 437 | ||
| @@ -441,7 +441,7 @@ cms_opt_verify_param(int argc, char **argv, int *argsused) | |||
| 441 | int oargc = argc; | 441 | int oargc = argc; | 
| 442 | int badarg = 0; | 442 | int badarg = 0; | 
| 443 | 443 | ||
| 444 | if (!args_verify(&argv, &argc, &badarg, bio_err, &cms_config.vpm)) | 444 | if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm)) | 
| 445 | return (1); | 445 | return (1); | 
| 446 | if (badarg) | 446 | if (badarg) | 
| 447 | return (1); | 447 | return (1); | 
| @@ -454,8 +454,8 @@ cms_opt_verify_param(int argc, char **argv, int *argsused) | |||
| 454 | static int | 454 | static int | 
| 455 | cms_opt_verify_receipt(char *arg) | 455 | cms_opt_verify_receipt(char *arg) | 
| 456 | { | 456 | { | 
| 457 | cms_config.operation = SMIME_VERIFY_RECEIPT; | 457 | cfg.operation = SMIME_VERIFY_RECEIPT; | 
| 458 | cms_config.rctfile = arg; | 458 | cfg.rctfile = arg; | 
| 459 | return (0); | 459 | return (0); | 
| 460 | } | 460 | } | 
| 461 | 461 | ||
| @@ -539,20 +539,20 @@ static const struct option cms_options[] = { | |||
| 539 | .argname = "file", | 539 | .argname = "file", | 
| 540 | .desc = "Certificate Authority file", | 540 | .desc = "Certificate Authority file", | 
| 541 | .type = OPTION_ARG, | 541 | .type = OPTION_ARG, | 
| 542 | .opt.arg = &cms_config.CAfile, | 542 | .opt.arg = &cfg.CAfile, | 
| 543 | }, | 543 | }, | 
| 544 | { | 544 | { | 
| 545 | .name = "CApath", | 545 | .name = "CApath", | 
| 546 | .argname = "path", | 546 | .argname = "path", | 
| 547 | .desc = "Certificate Authority path", | 547 | .desc = "Certificate Authority path", | 
| 548 | .type = OPTION_ARG, | 548 | .type = OPTION_ARG, | 
| 549 | .opt.arg = &cms_config.CApath, | 549 | .opt.arg = &cfg.CApath, | 
| 550 | }, | 550 | }, | 
| 551 | { | 551 | { | 
| 552 | .name = "binary", | 552 | .name = "binary", | 
| 553 | .desc = "Do not translate message to text", | 553 | .desc = "Do not translate message to text", | 
| 554 | .type = OPTION_VALUE_OR, | 554 | .type = OPTION_VALUE_OR, | 
| 555 | .opt.value = &cms_config.flags, | 555 | .opt.value = &cfg.flags, | 
| 556 | .value = CMS_BINARY, | 556 | .value = CMS_BINARY, | 
| 557 | }, | 557 | }, | 
| 558 | { | 558 | { | 
| @@ -560,27 +560,27 @@ static const struct option cms_options[] = { | |||
| 560 | .argname = "file", | 560 | .argname = "file", | 
| 561 | .desc = "Other certificates file", | 561 | .desc = "Other certificates file", | 
| 562 | .type = OPTION_ARG, | 562 | .type = OPTION_ARG, | 
| 563 | .opt.arg = &cms_config.certfile, | 563 | .opt.arg = &cfg.certfile, | 
| 564 | }, | 564 | }, | 
| 565 | { | 565 | { | 
| 566 | .name = "certsout", | 566 | .name = "certsout", | 
| 567 | .argname = "file", | 567 | .argname = "file", | 
| 568 | .desc = "Certificate output file", | 568 | .desc = "Certificate output file", | 
| 569 | .type = OPTION_ARG, | 569 | .type = OPTION_ARG, | 
| 570 | .opt.arg = &cms_config.certsoutfile, | 570 | .opt.arg = &cfg.certsoutfile, | 
| 571 | }, | 571 | }, | 
| 572 | { | 572 | { | 
| 573 | .name = "cmsout", | 573 | .name = "cmsout", | 
| 574 | .desc = "Output CMS structure", | 574 | .desc = "Output CMS structure", | 
| 575 | .type = OPTION_VALUE, | 575 | .type = OPTION_VALUE, | 
| 576 | .opt.value = &cms_config.operation, | 576 | .opt.value = &cfg.operation, | 
| 577 | .value = SMIME_CMSOUT, | 577 | .value = SMIME_CMSOUT, | 
| 578 | }, | 578 | }, | 
| 579 | { | 579 | { | 
| 580 | .name = "compress", | 580 | .name = "compress", | 
| 581 | .desc = "Create CMS CompressedData type", | 581 | .desc = "Create CMS CompressedData type", | 
| 582 | .type = OPTION_VALUE, | 582 | .type = OPTION_VALUE, | 
| 583 | .opt.value = &cms_config.operation, | 583 | .opt.value = &cfg.operation, | 
| 584 | .value = SMIME_COMPRESS, | 584 | .value = SMIME_COMPRESS, | 
| 585 | }, | 585 | }, | 
| 586 | { | 586 | { | 
| @@ -588,55 +588,55 @@ static const struct option cms_options[] = { | |||
| 588 | .argname = "file", | 588 | .argname = "file", | 
| 589 | .desc = "Supply or override content for detached signature", | 589 | .desc = "Supply or override content for detached signature", | 
| 590 | .type = OPTION_ARG, | 590 | .type = OPTION_ARG, | 
| 591 | .opt.arg = &cms_config.contfile, | 591 | .opt.arg = &cfg.contfile, | 
| 592 | }, | 592 | }, | 
| 593 | { | 593 | { | 
| 594 | .name = "crlfeol", | 594 | .name = "crlfeol", | 
| 595 | .desc = "Use CRLF as EOL termination instead of CR only", | 595 | .desc = "Use CRLF as EOL termination instead of CR only", | 
| 596 | .type = OPTION_VALUE_OR, | 596 | .type = OPTION_VALUE_OR, | 
| 597 | .opt.value = &cms_config.flags, | 597 | .opt.value = &cfg.flags, | 
| 598 | .value = CMS_CRLFEOL, | 598 | .value = CMS_CRLFEOL, | 
| 599 | }, | 599 | }, | 
| 600 | { | 600 | { | 
| 601 | .name = "data_create", | 601 | .name = "data_create", | 
| 602 | .desc = "Create CMS Data type", | 602 | .desc = "Create CMS Data type", | 
| 603 | .type = OPTION_VALUE, | 603 | .type = OPTION_VALUE, | 
| 604 | .opt.value = &cms_config.operation, | 604 | .opt.value = &cfg.operation, | 
| 605 | .value = SMIME_DATA_CREATE, | 605 | .value = SMIME_DATA_CREATE, | 
| 606 | }, | 606 | }, | 
| 607 | { | 607 | { | 
| 608 | .name = "data_out", | 608 | .name = "data_out", | 
| 609 | .desc = "Output content from the input CMS Data type", | 609 | .desc = "Output content from the input CMS Data type", | 
| 610 | .type = OPTION_VALUE, | 610 | .type = OPTION_VALUE, | 
| 611 | .opt.value = &cms_config.operation, | 611 | .opt.value = &cfg.operation, | 
| 612 | .value = SMIME_DATAOUT, | 612 | .value = SMIME_DATAOUT, | 
| 613 | }, | 613 | }, | 
| 614 | { | 614 | { | 
| 615 | .name = "debug_decrypt", | 615 | .name = "debug_decrypt", | 
| 616 | .desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting", | 616 | .desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting", | 
| 617 | .type = OPTION_VALUE_OR, | 617 | .type = OPTION_VALUE_OR, | 
| 618 | .opt.value = &cms_config.flags, | 618 | .opt.value = &cfg.flags, | 
| 619 | .value = CMS_DEBUG_DECRYPT, | 619 | .value = CMS_DEBUG_DECRYPT, | 
| 620 | }, | 620 | }, | 
| 621 | { | 621 | { | 
| 622 | .name = "decrypt", | 622 | .name = "decrypt", | 
| 623 | .desc = "Decrypt encrypted message", | 623 | .desc = "Decrypt encrypted message", | 
| 624 | .type = OPTION_VALUE, | 624 | .type = OPTION_VALUE, | 
| 625 | .opt.value = &cms_config.operation, | 625 | .opt.value = &cfg.operation, | 
| 626 | .value = SMIME_DECRYPT, | 626 | .value = SMIME_DECRYPT, | 
| 627 | }, | 627 | }, | 
| 628 | { | 628 | { | 
| 629 | .name = "digest_create", | 629 | .name = "digest_create", | 
| 630 | .desc = "Create CMS DigestedData type", | 630 | .desc = "Create CMS DigestedData type", | 
| 631 | .type = OPTION_VALUE, | 631 | .type = OPTION_VALUE, | 
| 632 | .opt.value = &cms_config.operation, | 632 | .opt.value = &cfg.operation, | 
| 633 | .value = SMIME_DIGEST_CREATE, | 633 | .value = SMIME_DIGEST_CREATE, | 
| 634 | }, | 634 | }, | 
| 635 | { | 635 | { | 
| 636 | .name = "digest_verify", | 636 | .name = "digest_verify", | 
| 637 | .desc = "Verify CMS DigestedData type and output the content", | 637 | .desc = "Verify CMS DigestedData type and output the content", | 
| 638 | .type = OPTION_VALUE, | 638 | .type = OPTION_VALUE, | 
| 639 | .opt.value = &cms_config.operation, | 639 | .opt.value = &cfg.operation, | 
| 640 | .value = SMIME_DIGEST_VERIFY, | 640 | .value = SMIME_DIGEST_VERIFY, | 
| 641 | }, | 641 | }, | 
| 642 | { | 642 | { | 
| @@ -650,21 +650,21 @@ static const struct option cms_options[] = { | |||
| 650 | .name = "encrypt", | 650 | .name = "encrypt", | 
| 651 | .desc = "Encrypt message", | 651 | .desc = "Encrypt message", | 
| 652 | .type = OPTION_VALUE, | 652 | .type = OPTION_VALUE, | 
| 653 | .opt.value = &cms_config.operation, | 653 | .opt.value = &cfg.operation, | 
| 654 | .value = SMIME_ENCRYPT, | 654 | .value = SMIME_ENCRYPT, | 
| 655 | }, | 655 | }, | 
| 656 | { | 656 | { | 
| 657 | .name = "EncryptedData_decrypt", | 657 | .name = "EncryptedData_decrypt", | 
| 658 | .desc = "Decrypt CMS EncryptedData", | 658 | .desc = "Decrypt CMS EncryptedData", | 
| 659 | .type = OPTION_VALUE, | 659 | .type = OPTION_VALUE, | 
| 660 | .opt.value = &cms_config.operation, | 660 | .opt.value = &cfg.operation, | 
| 661 | .value = SMIME_ENCRYPTED_DECRYPT, | 661 | .value = SMIME_ENCRYPTED_DECRYPT, | 
| 662 | }, | 662 | }, | 
| 663 | { | 663 | { | 
| 664 | .name = "EncryptedData_encrypt", | 664 | .name = "EncryptedData_encrypt", | 
| 665 | .desc = "Encrypt content using supplied symmetric key and algorithm", | 665 | .desc = "Encrypt content using supplied symmetric key and algorithm", | 
| 666 | .type = OPTION_VALUE, | 666 | .type = OPTION_VALUE, | 
| 667 | .opt.value = &cms_config.operation, | 667 | .opt.value = &cfg.operation, | 
| 668 | .value = SMIME_ENCRYPTED_ENCRYPT, | 668 | .value = SMIME_ENCRYPTED_ENCRYPT, | 
| 669 | }, | 669 | }, | 
| 670 | { | 670 | { | 
| @@ -672,20 +672,20 @@ static const struct option cms_options[] = { | |||
| 672 | .argname = "addr", | 672 | .argname = "addr", | 
| 673 | .desc = "From address", | 673 | .desc = "From address", | 
| 674 | .type = OPTION_ARG, | 674 | .type = OPTION_ARG, | 
| 675 | .opt.arg = &cms_config.from, | 675 | .opt.arg = &cfg.from, | 
| 676 | }, | 676 | }, | 
| 677 | { | 677 | { | 
| 678 | .name = "in", | 678 | .name = "in", | 
| 679 | .argname = "file", | 679 | .argname = "file", | 
| 680 | .desc = "Input file", | 680 | .desc = "Input file", | 
| 681 | .type = OPTION_ARG, | 681 | .type = OPTION_ARG, | 
| 682 | .opt.arg = &cms_config.infile, | 682 | .opt.arg = &cfg.infile, | 
| 683 | }, | 683 | }, | 
| 684 | { | 684 | { | 
| 685 | .name = "indef", | 685 | .name = "indef", | 
| 686 | .desc = "Same as -stream", | 686 | .desc = "Same as -stream", | 
| 687 | .type = OPTION_VALUE_OR, | 687 | .type = OPTION_VALUE_OR, | 
| 688 | .opt.value = &cms_config.flags, | 688 | .opt.value = &cfg.flags, | 
| 689 | .value = CMS_STREAM, | 689 | .value = CMS_STREAM, | 
| 690 | }, | 690 | }, | 
| 691 | { | 691 | { | 
| @@ -693,7 +693,7 @@ static const struct option cms_options[] = { | |||
| 693 | .argname = "fmt", | 693 | .argname = "fmt", | 
| 694 | .desc = "Input format (DER, PEM or SMIME (default))", | 694 | .desc = "Input format (DER, PEM or SMIME (default))", | 
| 695 | .type = OPTION_ARG_FORMAT, | 695 | .type = OPTION_ARG_FORMAT, | 
| 696 | .opt.value = &cms_config.informat, | 696 | .opt.value = &cfg.informat, | 
| 697 | }, | 697 | }, | 
| 698 | { | 698 | { | 
| 699 | .name = "inkey", | 699 | .name = "inkey", | 
| @@ -707,13 +707,13 @@ static const struct option cms_options[] = { | |||
| 707 | .argname = "fmt", | 707 | .argname = "fmt", | 
| 708 | .desc = "Input key format (DER or PEM (default))", | 708 | .desc = "Input key format (DER or PEM (default))", | 
| 709 | .type = OPTION_ARG_FORMAT, | 709 | .type = OPTION_ARG_FORMAT, | 
| 710 | .opt.value = &cms_config.keyform, | 710 | .opt.value = &cfg.keyform, | 
| 711 | }, | 711 | }, | 
| 712 | { | 712 | { | 
| 713 | .name = "keyid", | 713 | .name = "keyid", | 
| 714 | .desc = "Use subject key identifier", | 714 | .desc = "Use subject key identifier", | 
| 715 | .type = OPTION_VALUE_OR, | 715 | .type = OPTION_VALUE_OR, | 
| 716 | .opt.value = &cms_config.flags, | 716 | .opt.value = &cfg.flags, | 
| 717 | .value = CMS_USE_KEYID, | 717 | .value = CMS_USE_KEYID, | 
| 718 | }, | 718 | }, | 
| 719 | { | 719 | { | 
| @@ -734,90 +734,90 @@ static const struct option cms_options[] = { | |||
| 734 | .name = "no_attr_verify", | 734 | .name = "no_attr_verify", | 
| 735 | .desc = "Do not verify the signer's attribute of a signature", | 735 | .desc = "Do not verify the signer's attribute of a signature", | 
| 736 | .type = OPTION_VALUE_OR, | 736 | .type = OPTION_VALUE_OR, | 
| 737 | .opt.value = &cms_config.flags, | 737 | .opt.value = &cfg.flags, | 
| 738 | .value = CMS_NO_ATTR_VERIFY, | 738 | .value = CMS_NO_ATTR_VERIFY, | 
| 739 | }, | 739 | }, | 
| 740 | { | 740 | { | 
| 741 | .name = "no_content_verify", | 741 | .name = "no_content_verify", | 
| 742 | .desc = "Do not verify the content of a signed message", | 742 | .desc = "Do not verify the content of a signed message", | 
| 743 | .type = OPTION_VALUE_OR, | 743 | .type = OPTION_VALUE_OR, | 
| 744 | .opt.value = &cms_config.flags, | 744 | .opt.value = &cfg.flags, | 
| 745 | .value = CMS_NO_CONTENT_VERIFY, | 745 | .value = CMS_NO_CONTENT_VERIFY, | 
| 746 | }, | 746 | }, | 
| 747 | { | 747 | { | 
| 748 | .name = "no_signer_cert_verify", | 748 | .name = "no_signer_cert_verify", | 
| 749 | .desc = "Do not verify the signer's certificate", | 749 | .desc = "Do not verify the signer's certificate", | 
| 750 | .type = OPTION_VALUE_OR, | 750 | .type = OPTION_VALUE_OR, | 
| 751 | .opt.value = &cms_config.flags, | 751 | .opt.value = &cfg.flags, | 
| 752 | .value = CMS_NO_SIGNER_CERT_VERIFY, | 752 | .value = CMS_NO_SIGNER_CERT_VERIFY, | 
| 753 | }, | 753 | }, | 
| 754 | { | 754 | { | 
| 755 | .name = "noattr", | 755 | .name = "noattr", | 
| 756 | .desc = "Do not include any signed attributes", | 756 | .desc = "Do not include any signed attributes", | 
| 757 | .type = OPTION_VALUE_OR, | 757 | .type = OPTION_VALUE_OR, | 
| 758 | .opt.value = &cms_config.flags, | 758 | .opt.value = &cfg.flags, | 
| 759 | .value = CMS_NOATTR, | 759 | .value = CMS_NOATTR, | 
| 760 | }, | 760 | }, | 
| 761 | { | 761 | { | 
| 762 | .name = "nocerts", | 762 | .name = "nocerts", | 
| 763 | .desc = "Do not include signer's certificate when signing", | 763 | .desc = "Do not include signer's certificate when signing", | 
| 764 | .type = OPTION_VALUE_OR, | 764 | .type = OPTION_VALUE_OR, | 
| 765 | .opt.value = &cms_config.flags, | 765 | .opt.value = &cfg.flags, | 
| 766 | .value = CMS_NOCERTS, | 766 | .value = CMS_NOCERTS, | 
| 767 | }, | 767 | }, | 
| 768 | { | 768 | { | 
| 769 | .name = "nodetach", | 769 | .name = "nodetach", | 
| 770 | .desc = "Use opaque signing", | 770 | .desc = "Use opaque signing", | 
| 771 | .type = OPTION_VALUE_AND, | 771 | .type = OPTION_VALUE_AND, | 
| 772 | .opt.value = &cms_config.flags, | 772 | .opt.value = &cfg.flags, | 
| 773 | .value = ~CMS_DETACHED, | 773 | .value = ~CMS_DETACHED, | 
| 774 | }, | 774 | }, | 
| 775 | { | 775 | { | 
| 776 | .name = "noindef", | 776 | .name = "noindef", | 
| 777 | .desc = "Disable CMS streaming", | 777 | .desc = "Disable CMS streaming", | 
| 778 | .type = OPTION_VALUE_AND, | 778 | .type = OPTION_VALUE_AND, | 
| 779 | .opt.value = &cms_config.flags, | 779 | .opt.value = &cfg.flags, | 
| 780 | .value = ~CMS_STREAM, | 780 | .value = ~CMS_STREAM, | 
| 781 | }, | 781 | }, | 
| 782 | { | 782 | { | 
| 783 | .name = "nointern", | 783 | .name = "nointern", | 
| 784 | .desc = "Do not search certificates in message for signer", | 784 | .desc = "Do not search certificates in message for signer", | 
| 785 | .type = OPTION_VALUE_OR, | 785 | .type = OPTION_VALUE_OR, | 
| 786 | .opt.value = &cms_config.flags, | 786 | .opt.value = &cfg.flags, | 
| 787 | .value = CMS_NOINTERN, | 787 | .value = CMS_NOINTERN, | 
| 788 | }, | 788 | }, | 
| 789 | { | 789 | { | 
| 790 | .name = "nooldmime", | 790 | .name = "nooldmime", | 
| 791 | .desc = "Output old S/MIME content type", | 791 | .desc = "Output old S/MIME content type", | 
| 792 | .type = OPTION_VALUE_OR, | 792 | .type = OPTION_VALUE_OR, | 
| 793 | .opt.value = &cms_config.flags, | 793 | .opt.value = &cfg.flags, | 
| 794 | .value = CMS_NOOLDMIMETYPE, | 794 | .value = CMS_NOOLDMIMETYPE, | 
| 795 | }, | 795 | }, | 
| 796 | { | 796 | { | 
| 797 | .name = "noout", | 797 | .name = "noout", | 
| 798 | .desc = "Do not output the parsed CMS structure", | 798 | .desc = "Do not output the parsed CMS structure", | 
| 799 | .type = OPTION_FLAG, | 799 | .type = OPTION_FLAG, | 
| 800 | .opt.flag = &cms_config.noout, | 800 | .opt.flag = &cfg.noout, | 
| 801 | }, | 801 | }, | 
| 802 | { | 802 | { | 
| 803 | .name = "nosigs", | 803 | .name = "nosigs", | 
| 804 | .desc = "Do not verify message signature", | 804 | .desc = "Do not verify message signature", | 
| 805 | .type = OPTION_VALUE_OR, | 805 | .type = OPTION_VALUE_OR, | 
| 806 | .opt.value = &cms_config.flags, | 806 | .opt.value = &cfg.flags, | 
| 807 | .value = CMS_NOSIGS, | 807 | .value = CMS_NOSIGS, | 
| 808 | }, | 808 | }, | 
| 809 | { | 809 | { | 
| 810 | .name = "nosmimecap", | 810 | .name = "nosmimecap", | 
| 811 | .desc = "Omit the SMIMECapabilities attribute", | 811 | .desc = "Omit the SMIMECapabilities attribute", | 
| 812 | .type = OPTION_VALUE_OR, | 812 | .type = OPTION_VALUE_OR, | 
| 813 | .opt.value = &cms_config.flags, | 813 | .opt.value = &cfg.flags, | 
| 814 | .value = CMS_NOSMIMECAP, | 814 | .value = CMS_NOSMIMECAP, | 
| 815 | }, | 815 | }, | 
| 816 | { | 816 | { | 
| 817 | .name = "noverify", | 817 | .name = "noverify", | 
| 818 | .desc = "Do not verify signer's certificate", | 818 | .desc = "Do not verify signer's certificate", | 
| 819 | .type = OPTION_VALUE_OR, | 819 | .type = OPTION_VALUE_OR, | 
| 820 | .opt.value = &cms_config.flags, | 820 | .opt.value = &cfg.flags, | 
| 821 | .value = CMS_NO_SIGNER_CERT_VERIFY, | 821 | .value = CMS_NO_SIGNER_CERT_VERIFY, | 
| 822 | }, | 822 | }, | 
| 823 | { | 823 | { | 
| @@ -825,21 +825,21 @@ static const struct option cms_options[] = { | |||
| 825 | .argname = "file", | 825 | .argname = "file", | 
| 826 | .desc = "Output file", | 826 | .desc = "Output file", | 
| 827 | .type = OPTION_ARG, | 827 | .type = OPTION_ARG, | 
| 828 | .opt.arg = &cms_config.outfile, | 828 | .opt.arg = &cfg.outfile, | 
| 829 | }, | 829 | }, | 
| 830 | { | 830 | { | 
| 831 | .name = "outform", | 831 | .name = "outform", | 
| 832 | .argname = "fmt", | 832 | .argname = "fmt", | 
| 833 | .desc = "Output format (DER, PEM or SMIME (default))", | 833 | .desc = "Output format (DER, PEM or SMIME (default))", | 
| 834 | .type = OPTION_ARG_FORMAT, | 834 | .type = OPTION_ARG_FORMAT, | 
| 835 | .opt.value = &cms_config.outformat, | 835 | .opt.value = &cfg.outformat, | 
| 836 | }, | 836 | }, | 
| 837 | { | 837 | { | 
| 838 | .name = "passin", | 838 | .name = "passin", | 
| 839 | .argname = "src", | 839 | .argname = "src", | 
| 840 | .desc = "Private key password source", | 840 | .desc = "Private key password source", | 
| 841 | .type = OPTION_ARG, | 841 | .type = OPTION_ARG, | 
| 842 | .opt.arg = &cms_config.passargin, | 842 | .opt.arg = &cfg.passargin, | 
| 843 | }, | 843 | }, | 
| 844 | { | 844 | { | 
| 845 | .name = "print", | 845 | .name = "print", | 
| @@ -859,20 +859,20 @@ static const struct option cms_options[] = { | |||
| 859 | .argname = "fmt", | 859 | .argname = "fmt", | 
| 860 | .desc = "Receipt file format (DER, PEM or SMIME (default))", | 860 | .desc = "Receipt file format (DER, PEM or SMIME (default))", | 
| 861 | .type = OPTION_ARG_FORMAT, | 861 | .type = OPTION_ARG_FORMAT, | 
| 862 | .opt.value = &cms_config.rctformat, | 862 | .opt.value = &cfg.rctformat, | 
| 863 | }, | 863 | }, | 
| 864 | { | 864 | { | 
| 865 | .name = "receipt_request_all", | 865 | .name = "receipt_request_all", | 
| 866 | .desc = "Indicate requests should be provided by all recipients", | 866 | .desc = "Indicate requests should be provided by all recipients", | 
| 867 | .type = OPTION_VALUE, | 867 | .type = OPTION_VALUE, | 
| 868 | .opt.value = &cms_config.rr_allorfirst, | 868 | .opt.value = &cfg.rr_allorfirst, | 
| 869 | .value = 0, | 869 | .value = 0, | 
| 870 | }, | 870 | }, | 
| 871 | { | 871 | { | 
| 872 | .name = "receipt_request_first", | 872 | .name = "receipt_request_first", | 
| 873 | .desc = "Indicate requests should be provided by first tier recipient", | 873 | .desc = "Indicate requests should be provided by first tier recipient", | 
| 874 | .type = OPTION_VALUE, | 874 | .type = OPTION_VALUE, | 
| 875 | .opt.value = &cms_config.rr_allorfirst, | 875 | .opt.value = &cfg.rr_allorfirst, | 
| 876 | .value = 1, | 876 | .value = 1, | 
| 877 | }, | 877 | }, | 
| 878 | { | 878 | { | 
| @@ -886,7 +886,7 @@ static const struct option cms_options[] = { | |||
| 886 | .name = "receipt_request_print", | 886 | .name = "receipt_request_print", | 
| 887 | .desc = "Print out the contents of any signed receipt requests", | 887 | .desc = "Print out the contents of any signed receipt requests", | 
| 888 | .type = OPTION_FLAG, | 888 | .type = OPTION_FLAG, | 
| 889 | .opt.flag = &cms_config.rr_print, | 889 | .opt.flag = &cfg.rr_print, | 
| 890 | }, | 890 | }, | 
| 891 | { | 891 | { | 
| 892 | .name = "receipt_request_to", | 892 | .name = "receipt_request_to", | 
| @@ -906,7 +906,7 @@ static const struct option cms_options[] = { | |||
| 906 | .name = "resign", | 906 | .name = "resign", | 
| 907 | .desc = "Resign a signed message", | 907 | .desc = "Resign a signed message", | 
| 908 | .type = OPTION_VALUE, | 908 | .type = OPTION_VALUE, | 
| 909 | .opt.value = &cms_config.operation, | 909 | .opt.value = &cfg.operation, | 
| 910 | .value = SMIME_RESIGN, | 910 | .value = SMIME_RESIGN, | 
| 911 | }, | 911 | }, | 
| 912 | { | 912 | { | 
| @@ -927,14 +927,14 @@ static const struct option cms_options[] = { | |||
| 927 | .name = "sign", | 927 | .name = "sign", | 
| 928 | .desc = "Sign message", | 928 | .desc = "Sign message", | 
| 929 | .type = OPTION_VALUE, | 929 | .type = OPTION_VALUE, | 
| 930 | .opt.value = &cms_config.operation, | 930 | .opt.value = &cfg.operation, | 
| 931 | .value = SMIME_SIGN, | 931 | .value = SMIME_SIGN, | 
| 932 | }, | 932 | }, | 
| 933 | { | 933 | { | 
| 934 | .name = "sign_receipt", | 934 | .name = "sign_receipt", | 
| 935 | .desc = "Generate a signed receipt for the message", | 935 | .desc = "Generate a signed receipt for the message", | 
| 936 | .type = OPTION_VALUE, | 936 | .type = OPTION_VALUE, | 
| 937 | .opt.value = &cms_config.operation, | 937 | .opt.value = &cfg.operation, | 
| 938 | .value = SMIME_SIGN_RECEIPT, | 938 | .value = SMIME_SIGN_RECEIPT, | 
| 939 | }, | 939 | }, | 
| 940 | { | 940 | { | 
| @@ -948,7 +948,7 @@ static const struct option cms_options[] = { | |||
| 948 | .name = "stream", | 948 | .name = "stream", | 
| 949 | .desc = "Enable CMS streaming", | 949 | .desc = "Enable CMS streaming", | 
| 950 | .type = OPTION_VALUE_OR, | 950 | .type = OPTION_VALUE_OR, | 
| 951 | .opt.value = &cms_config.flags, | 951 | .opt.value = &cfg.flags, | 
| 952 | .value = CMS_STREAM, | 952 | .value = CMS_STREAM, | 
| 953 | }, | 953 | }, | 
| 954 | { | 954 | { | 
| @@ -956,13 +956,13 @@ static const struct option cms_options[] = { | |||
| 956 | .argname = "s", | 956 | .argname = "s", | 
| 957 | .desc = "Subject", | 957 | .desc = "Subject", | 
| 958 | .type = OPTION_ARG, | 958 | .type = OPTION_ARG, | 
| 959 | .opt.arg = &cms_config.subject, | 959 | .opt.arg = &cfg.subject, | 
| 960 | }, | 960 | }, | 
| 961 | { | 961 | { | 
| 962 | .name = "text", | 962 | .name = "text", | 
| 963 | .desc = "Include or delete text MIME headers", | 963 | .desc = "Include or delete text MIME headers", | 
| 964 | .type = OPTION_VALUE_OR, | 964 | .type = OPTION_VALUE_OR, | 
| 965 | .opt.value = &cms_config.flags, | 965 | .opt.value = &cfg.flags, | 
| 966 | .value = CMS_TEXT, | 966 | .value = CMS_TEXT, | 
| 967 | }, | 967 | }, | 
| 968 | { | 968 | { | 
| @@ -970,20 +970,20 @@ static const struct option cms_options[] = { | |||
| 970 | .argname = "addr", | 970 | .argname = "addr", | 
| 971 | .desc = "To address", | 971 | .desc = "To address", | 
| 972 | .type = OPTION_ARG, | 972 | .type = OPTION_ARG, | 
| 973 | .opt.arg = &cms_config.to, | 973 | .opt.arg = &cfg.to, | 
| 974 | }, | 974 | }, | 
| 975 | { | 975 | { | 
| 976 | .name = "uncompress", | 976 | .name = "uncompress", | 
| 977 | .desc = "Uncompress CMS CompressedData type", | 977 | .desc = "Uncompress CMS CompressedData type", | 
| 978 | .type = OPTION_VALUE, | 978 | .type = OPTION_VALUE, | 
| 979 | .opt.value = &cms_config.operation, | 979 | .opt.value = &cfg.operation, | 
| 980 | .value = SMIME_UNCOMPRESS, | 980 | .value = SMIME_UNCOMPRESS, | 
| 981 | }, | 981 | }, | 
| 982 | { | 982 | { | 
| 983 | .name = "verify", | 983 | .name = "verify", | 
| 984 | .desc = "Verify signed message", | 984 | .desc = "Verify signed message", | 
| 985 | .type = OPTION_VALUE, | 985 | .type = OPTION_VALUE, | 
| 986 | .opt.value = &cms_config.operation, | 986 | .opt.value = &cfg.operation, | 
| 987 | .value = SMIME_VERIFY, | 987 | .value = SMIME_VERIFY, | 
| 988 | }, | 988 | }, | 
| 989 | { | 989 | { | 
| @@ -997,7 +997,7 @@ static const struct option cms_options[] = { | |||
| 997 | .name = "verify_retcode", | 997 | .name = "verify_retcode", | 
| 998 | .desc = "Set verification error code to exit code", | 998 | .desc = "Set verification error code to exit code", | 
| 999 | .type = OPTION_FLAG, | 999 | .type = OPTION_FLAG, | 
| 1000 | .opt.flag = &cms_config.verify_retcode, | 1000 | .opt.flag = &cfg.verify_retcode, | 
| 1001 | }, | 1001 | }, | 
| 1002 | { | 1002 | { | 
| 1003 | .name = "check_ss_sig", | 1003 | .name = "check_ss_sig", | 
| @@ -1170,84 +1170,84 @@ cms_main(int argc, char **argv) | |||
| 1170 | exit(1); | 1170 | exit(1); | 
| 1171 | } | 1171 | } | 
| 1172 | 1172 | ||
| 1173 | memset(&cms_config, 0, sizeof(cms_config)); | 1173 | memset(&cfg, 0, sizeof(cfg)); | 
| 1174 | cms_config.flags = CMS_DETACHED; | 1174 | cfg.flags = CMS_DETACHED; | 
| 1175 | cms_config.rr_allorfirst = -1; | 1175 | cfg.rr_allorfirst = -1; | 
| 1176 | cms_config.informat = FORMAT_SMIME; | 1176 | cfg.informat = FORMAT_SMIME; | 
| 1177 | cms_config.outformat = FORMAT_SMIME; | 1177 | cfg.outformat = FORMAT_SMIME; | 
| 1178 | cms_config.rctformat = FORMAT_SMIME; | 1178 | cfg.rctformat = FORMAT_SMIME; | 
| 1179 | cms_config.keyform = FORMAT_PEM; | 1179 | cfg.keyform = FORMAT_PEM; | 
| 1180 | if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) { | 1180 | if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) { | 
| 1181 | goto argerr; | 1181 | goto argerr; | 
| 1182 | } | 1182 | } | 
| 1183 | args = argv + argsused; | 1183 | args = argv + argsused; | 
| 1184 | ret = 1; | 1184 | ret = 1; | 
| 1185 | 1185 | ||
| 1186 | if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) && | 1186 | if (((cfg.rr_allorfirst != -1) || cfg.rr_from != NULL) && | 
| 1187 | cms_config.rr_to == NULL) { | 1187 | cfg.rr_to == NULL) { | 
| 1188 | BIO_puts(bio_err, "No Signed Receipts Recipients\n"); | 1188 | BIO_puts(bio_err, "No Signed Receipts Recipients\n"); | 
| 1189 | goto argerr; | 1189 | goto argerr; | 
| 1190 | } | 1190 | } | 
| 1191 | if (!(cms_config.operation & SMIME_SIGNERS) && | 1191 | if (!(cfg.operation & SMIME_SIGNERS) && | 
| 1192 | (cms_config.rr_to != NULL || cms_config.rr_from != NULL)) { | 1192 | (cfg.rr_to != NULL || cfg.rr_from != NULL)) { | 
| 1193 | BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); | 1193 | BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); | 
| 1194 | goto argerr; | 1194 | goto argerr; | 
| 1195 | } | 1195 | } | 
| 1196 | if (!(cms_config.operation & SMIME_SIGNERS) && | 1196 | if (!(cfg.operation & SMIME_SIGNERS) && | 
| 1197 | (cms_config.skkeys != NULL || cms_config.sksigners != NULL)) { | 1197 | (cfg.skkeys != NULL || cfg.sksigners != NULL)) { | 
| 1198 | BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); | 1198 | BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); | 
| 1199 | goto argerr; | 1199 | goto argerr; | 
| 1200 | } | 1200 | } | 
| 1201 | if (cms_config.operation & SMIME_SIGNERS) { | 1201 | if (cfg.operation & SMIME_SIGNERS) { | 
| 1202 | if (cms_config.keyfile != NULL && | 1202 | if (cfg.keyfile != NULL && | 
| 1203 | cms_config.signerfile == NULL) { | 1203 | cfg.signerfile == NULL) { | 
| 1204 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | 1204 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | 
| 1205 | goto argerr; | 1205 | goto argerr; | 
| 1206 | } | 1206 | } | 
| 1207 | /* Check to see if any final signer needs to be appended */ | 1207 | /* Check to see if any final signer needs to be appended */ | 
| 1208 | if (cms_config.signerfile != NULL) { | 1208 | if (cfg.signerfile != NULL) { | 
| 1209 | if (cms_config.sksigners == NULL && | 1209 | if (cfg.sksigners == NULL && | 
| 1210 | (cms_config.sksigners = | 1210 | (cfg.sksigners = | 
| 1211 | sk_OPENSSL_STRING_new_null()) == NULL) | 1211 | sk_OPENSSL_STRING_new_null()) == NULL) | 
| 1212 | goto end; | 1212 | goto end; | 
| 1213 | if (!sk_OPENSSL_STRING_push(cms_config.sksigners, | 1213 | if (!sk_OPENSSL_STRING_push(cfg.sksigners, | 
| 1214 | cms_config.signerfile)) | 1214 | cfg.signerfile)) | 
| 1215 | goto end; | 1215 | goto end; | 
| 1216 | if (cms_config.skkeys == NULL && | 1216 | if (cfg.skkeys == NULL && | 
| 1217 | (cms_config.skkeys = | 1217 | (cfg.skkeys = | 
| 1218 | sk_OPENSSL_STRING_new_null()) == NULL) | 1218 | sk_OPENSSL_STRING_new_null()) == NULL) | 
| 1219 | goto end; | 1219 | goto end; | 
| 1220 | if (cms_config.keyfile == NULL) | 1220 | if (cfg.keyfile == NULL) | 
| 1221 | cms_config.keyfile = cms_config.signerfile; | 1221 | cfg.keyfile = cfg.signerfile; | 
| 1222 | if (!sk_OPENSSL_STRING_push(cms_config.skkeys, | 1222 | if (!sk_OPENSSL_STRING_push(cfg.skkeys, | 
| 1223 | cms_config.keyfile)) | 1223 | cfg.keyfile)) | 
| 1224 | goto end; | 1224 | goto end; | 
| 1225 | } | 1225 | } | 
| 1226 | if (cms_config.sksigners == NULL) { | 1226 | if (cfg.sksigners == NULL) { | 
| 1227 | BIO_printf(bio_err, | 1227 | BIO_printf(bio_err, | 
| 1228 | "No signer certificate specified\n"); | 1228 | "No signer certificate specified\n"); | 
| 1229 | badarg = 1; | 1229 | badarg = 1; | 
| 1230 | } | 1230 | } | 
| 1231 | cms_config.signerfile = NULL; | 1231 | cfg.signerfile = NULL; | 
| 1232 | cms_config.keyfile = NULL; | 1232 | cfg.keyfile = NULL; | 
| 1233 | } else if (cms_config.operation == SMIME_DECRYPT) { | 1233 | } else if (cfg.operation == SMIME_DECRYPT) { | 
| 1234 | if (cms_config.recipfile == NULL && | 1234 | if (cfg.recipfile == NULL && | 
| 1235 | cms_config.keyfile == NULL && | 1235 | cfg.keyfile == NULL && | 
| 1236 | cms_config.secret_key == NULL && | 1236 | cfg.secret_key == NULL && | 
| 1237 | cms_config.pwri_pass == NULL) { | 1237 | cfg.pwri_pass == NULL) { | 
| 1238 | BIO_printf(bio_err, | 1238 | BIO_printf(bio_err, | 
| 1239 | "No recipient certificate or key specified\n"); | 1239 | "No recipient certificate or key specified\n"); | 
| 1240 | badarg = 1; | 1240 | badarg = 1; | 
| 1241 | } | 1241 | } | 
| 1242 | } else if (cms_config.operation == SMIME_ENCRYPT) { | 1242 | } else if (cfg.operation == SMIME_ENCRYPT) { | 
| 1243 | if (*args == NULL && cms_config.secret_key == NULL && | 1243 | if (*args == NULL && cfg.secret_key == NULL && | 
| 1244 | cms_config.pwri_pass == NULL && | 1244 | cfg.pwri_pass == NULL && | 
| 1245 | cms_config.encerts == NULL) { | 1245 | cfg.encerts == NULL) { | 
| 1246 | BIO_printf(bio_err, | 1246 | BIO_printf(bio_err, | 
| 1247 | "No recipient(s) certificate(s) specified\n"); | 1247 | "No recipient(s) certificate(s) specified\n"); | 
| 1248 | badarg = 1; | 1248 | badarg = 1; | 
| 1249 | } | 1249 | } | 
| 1250 | } else if (!cms_config.operation) { | 1250 | } else if (!cfg.operation) { | 
| 1251 | badarg = 1; | 1251 | badarg = 1; | 
| 1252 | } | 1252 | } | 
| 1253 | 1253 | ||
| @@ -1257,103 +1257,103 @@ cms_main(int argc, char **argv) | |||
| 1257 | goto end; | 1257 | goto end; | 
| 1258 | } | 1258 | } | 
| 1259 | 1259 | ||
| 1260 | if (!app_passwd(bio_err, cms_config.passargin, NULL, &passin, NULL)) { | 1260 | if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { | 
| 1261 | BIO_printf(bio_err, "Error getting password\n"); | 1261 | BIO_printf(bio_err, "Error getting password\n"); | 
| 1262 | goto end; | 1262 | goto end; | 
| 1263 | } | 1263 | } | 
| 1264 | ret = 2; | 1264 | ret = 2; | 
| 1265 | 1265 | ||
| 1266 | if (!(cms_config.operation & SMIME_SIGNERS)) | 1266 | if (!(cfg.operation & SMIME_SIGNERS)) | 
| 1267 | cms_config.flags &= ~CMS_DETACHED; | 1267 | cfg.flags &= ~CMS_DETACHED; | 
| 1268 | 1268 | ||
| 1269 | if (cms_config.operation & SMIME_OP) { | 1269 | if (cfg.operation & SMIME_OP) { | 
| 1270 | if (cms_config.outformat == FORMAT_ASN1) | 1270 | if (cfg.outformat == FORMAT_ASN1) | 
| 1271 | outmode = "wb"; | 1271 | outmode = "wb"; | 
| 1272 | } else { | 1272 | } else { | 
| 1273 | if (cms_config.flags & CMS_BINARY) | 1273 | if (cfg.flags & CMS_BINARY) | 
| 1274 | outmode = "wb"; | 1274 | outmode = "wb"; | 
| 1275 | } | 1275 | } | 
| 1276 | 1276 | ||
| 1277 | if (cms_config.operation & SMIME_IP) { | 1277 | if (cfg.operation & SMIME_IP) { | 
| 1278 | if (cms_config.informat == FORMAT_ASN1) | 1278 | if (cfg.informat == FORMAT_ASN1) | 
| 1279 | inmode = "rb"; | 1279 | inmode = "rb"; | 
| 1280 | } else { | 1280 | } else { | 
| 1281 | if (cms_config.flags & CMS_BINARY) | 1281 | if (cfg.flags & CMS_BINARY) | 
| 1282 | inmode = "rb"; | 1282 | inmode = "rb"; | 
| 1283 | } | 1283 | } | 
| 1284 | 1284 | ||
| 1285 | if (cms_config.operation == SMIME_ENCRYPT) { | 1285 | if (cfg.operation == SMIME_ENCRYPT) { | 
| 1286 | if (cms_config.cipher == NULL) { | 1286 | if (cfg.cipher == NULL) { | 
| 1287 | #ifndef OPENSSL_NO_DES | 1287 | #ifndef OPENSSL_NO_DES | 
| 1288 | cms_config.cipher = EVP_des_ede3_cbc(); | 1288 | cfg.cipher = EVP_des_ede3_cbc(); | 
| 1289 | #else | 1289 | #else | 
| 1290 | BIO_printf(bio_err, "No cipher selected\n"); | 1290 | BIO_printf(bio_err, "No cipher selected\n"); | 
| 1291 | goto end; | 1291 | goto end; | 
| 1292 | #endif | 1292 | #endif | 
| 1293 | } | 1293 | } | 
| 1294 | if (cms_config.secret_key != NULL && | 1294 | if (cfg.secret_key != NULL && | 
| 1295 | cms_config.secret_keyid == NULL) { | 1295 | cfg.secret_keyid == NULL) { | 
| 1296 | BIO_printf(bio_err, "No secret key id\n"); | 1296 | BIO_printf(bio_err, "No secret key id\n"); | 
| 1297 | goto end; | 1297 | goto end; | 
| 1298 | } | 1298 | } | 
| 1299 | if (*args != NULL && cms_config.encerts == NULL) | 1299 | if (*args != NULL && cfg.encerts == NULL) | 
| 1300 | if ((cms_config.encerts = sk_X509_new_null()) == NULL) | 1300 | if ((cfg.encerts = sk_X509_new_null()) == NULL) | 
| 1301 | goto end; | 1301 | goto end; | 
| 1302 | while (*args) { | 1302 | while (*args) { | 
| 1303 | if ((cms_config.cert = load_cert(bio_err, *args, | 1303 | if ((cfg.cert = load_cert(bio_err, *args, | 
| 1304 | FORMAT_PEM, NULL, | 1304 | FORMAT_PEM, NULL, | 
| 1305 | "recipient certificate file")) == NULL) | 1305 | "recipient certificate file")) == NULL) | 
| 1306 | goto end; | 1306 | goto end; | 
| 1307 | if (!sk_X509_push(cms_config.encerts, cms_config.cert)) | 1307 | if (!sk_X509_push(cfg.encerts, cfg.cert)) | 
| 1308 | goto end; | 1308 | goto end; | 
| 1309 | cms_config.cert = NULL; | 1309 | cfg.cert = NULL; | 
| 1310 | args++; | 1310 | args++; | 
| 1311 | } | 1311 | } | 
| 1312 | } | 1312 | } | 
| 1313 | if (cms_config.certfile != NULL) { | 1313 | if (cfg.certfile != NULL) { | 
| 1314 | if ((other = load_certs(bio_err, cms_config.certfile, | 1314 | if ((other = load_certs(bio_err, cfg.certfile, | 
| 1315 | FORMAT_PEM, NULL, "certificate file")) == NULL) { | 1315 | FORMAT_PEM, NULL, "certificate file")) == NULL) { | 
| 1316 | ERR_print_errors(bio_err); | 1316 | ERR_print_errors(bio_err); | 
| 1317 | goto end; | 1317 | goto end; | 
| 1318 | } | 1318 | } | 
| 1319 | } | 1319 | } | 
| 1320 | if (cms_config.recipfile != NULL && | 1320 | if (cfg.recipfile != NULL && | 
| 1321 | (cms_config.operation == SMIME_DECRYPT)) { | 1321 | (cfg.operation == SMIME_DECRYPT)) { | 
| 1322 | if ((recip = load_cert(bio_err, cms_config.recipfile, | 1322 | if ((recip = load_cert(bio_err, cfg.recipfile, | 
| 1323 | FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { | 1323 | FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { | 
| 1324 | ERR_print_errors(bio_err); | 1324 | ERR_print_errors(bio_err); | 
| 1325 | goto end; | 1325 | goto end; | 
| 1326 | } | 1326 | } | 
| 1327 | } | 1327 | } | 
| 1328 | if (cms_config.operation == SMIME_SIGN_RECEIPT) { | 1328 | if (cfg.operation == SMIME_SIGN_RECEIPT) { | 
| 1329 | if ((signer = load_cert(bio_err, cms_config.signerfile, | 1329 | if ((signer = load_cert(bio_err, cfg.signerfile, | 
| 1330 | FORMAT_PEM, NULL, | 1330 | FORMAT_PEM, NULL, | 
| 1331 | "receipt signer certificate file")) == NULL) { | 1331 | "receipt signer certificate file")) == NULL) { | 
| 1332 | ERR_print_errors(bio_err); | 1332 | ERR_print_errors(bio_err); | 
| 1333 | goto end; | 1333 | goto end; | 
| 1334 | } | 1334 | } | 
| 1335 | } | 1335 | } | 
| 1336 | if (cms_config.operation == SMIME_DECRYPT) { | 1336 | if (cfg.operation == SMIME_DECRYPT) { | 
| 1337 | if (cms_config.keyfile == NULL) | 1337 | if (cfg.keyfile == NULL) | 
| 1338 | cms_config.keyfile = cms_config.recipfile; | 1338 | cfg.keyfile = cfg.recipfile; | 
| 1339 | } else if ((cms_config.operation == SMIME_SIGN) || | 1339 | } else if ((cfg.operation == SMIME_SIGN) || | 
| 1340 | (cms_config.operation == SMIME_SIGN_RECEIPT)) { | 1340 | (cfg.operation == SMIME_SIGN_RECEIPT)) { | 
| 1341 | if (cms_config.keyfile == NULL) | 1341 | if (cfg.keyfile == NULL) | 
| 1342 | cms_config.keyfile = cms_config.signerfile; | 1342 | cfg.keyfile = cfg.signerfile; | 
| 1343 | } else { | 1343 | } else { | 
| 1344 | cms_config.keyfile = NULL; | 1344 | cfg.keyfile = NULL; | 
| 1345 | } | 1345 | } | 
| 1346 | 1346 | ||
| 1347 | if (cms_config.keyfile != NULL) { | 1347 | if (cfg.keyfile != NULL) { | 
| 1348 | key = load_key(bio_err, cms_config.keyfile, cms_config.keyform, | 1348 | key = load_key(bio_err, cfg.keyfile, cfg.keyform, | 
| 1349 | 0, passin, "signing key file"); | 1349 | 0, passin, "signing key file"); | 
| 1350 | if (key == NULL) | 1350 | if (key == NULL) | 
| 1351 | goto end; | 1351 | goto end; | 
| 1352 | } | 1352 | } | 
| 1353 | if (cms_config.infile != NULL) { | 1353 | if (cfg.infile != NULL) { | 
| 1354 | if ((in = BIO_new_file(cms_config.infile, inmode)) == NULL) { | 1354 | if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) { | 
| 1355 | BIO_printf(bio_err, | 1355 | BIO_printf(bio_err, | 
| 1356 | "Can't open input file %s\n", cms_config.infile); | 1356 | "Can't open input file %s\n", cfg.infile); | 
| 1357 | goto end; | 1357 | goto end; | 
| 1358 | } | 1358 | } | 
| 1359 | } else { | 1359 | } else { | 
| @@ -1361,12 +1361,12 @@ cms_main(int argc, char **argv) | |||
| 1361 | goto end; | 1361 | goto end; | 
| 1362 | } | 1362 | } | 
| 1363 | 1363 | ||
| 1364 | if (cms_config.operation & SMIME_IP) { | 1364 | if (cfg.operation & SMIME_IP) { | 
| 1365 | if (cms_config.informat == FORMAT_SMIME) | 1365 | if (cfg.informat == FORMAT_SMIME) | 
| 1366 | cms = SMIME_read_CMS(in, &indata); | 1366 | cms = SMIME_read_CMS(in, &indata); | 
| 1367 | else if (cms_config.informat == FORMAT_PEM) | 1367 | else if (cfg.informat == FORMAT_PEM) | 
| 1368 | cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); | 1368 | cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); | 
| 1369 | else if (cms_config.informat == FORMAT_ASN1) | 1369 | else if (cfg.informat == FORMAT_ASN1) | 
| 1370 | cms = d2i_CMS_bio(in, NULL); | 1370 | cms = d2i_CMS_bio(in, NULL); | 
| 1371 | else { | 1371 | else { | 
| 1372 | BIO_printf(bio_err, "Bad input format for CMS file\n"); | 1372 | BIO_printf(bio_err, "Bad input format for CMS file\n"); | 
| @@ -1377,24 +1377,24 @@ cms_main(int argc, char **argv) | |||
| 1377 | BIO_printf(bio_err, "Error reading S/MIME message\n"); | 1377 | BIO_printf(bio_err, "Error reading S/MIME message\n"); | 
| 1378 | goto end; | 1378 | goto end; | 
| 1379 | } | 1379 | } | 
| 1380 | if (cms_config.contfile != NULL) { | 1380 | if (cfg.contfile != NULL) { | 
| 1381 | BIO_free(indata); | 1381 | BIO_free(indata); | 
| 1382 | if ((indata = BIO_new_file(cms_config.contfile, | 1382 | if ((indata = BIO_new_file(cfg.contfile, | 
| 1383 | "rb")) == NULL) { | 1383 | "rb")) == NULL) { | 
| 1384 | BIO_printf(bio_err, | 1384 | BIO_printf(bio_err, | 
| 1385 | "Can't read content file %s\n", | 1385 | "Can't read content file %s\n", | 
| 1386 | cms_config.contfile); | 1386 | cfg.contfile); | 
| 1387 | goto end; | 1387 | goto end; | 
| 1388 | } | 1388 | } | 
| 1389 | } | 1389 | } | 
| 1390 | if (cms_config.certsoutfile != NULL) { | 1390 | if (cfg.certsoutfile != NULL) { | 
| 1391 | STACK_OF(X509) *allcerts; | 1391 | STACK_OF(X509) *allcerts; | 
| 1392 | if ((allcerts = CMS_get1_certs(cms)) == NULL) | 1392 | if ((allcerts = CMS_get1_certs(cms)) == NULL) | 
| 1393 | goto end; | 1393 | goto end; | 
| 1394 | if (!save_certs(cms_config.certsoutfile, allcerts)) { | 1394 | if (!save_certs(cfg.certsoutfile, allcerts)) { | 
| 1395 | BIO_printf(bio_err, | 1395 | BIO_printf(bio_err, | 
| 1396 | "Error writing certs to %s\n", | 1396 | "Error writing certs to %s\n", | 
| 1397 | cms_config.certsoutfile); | 1397 | cfg.certsoutfile); | 
| 1398 | sk_X509_pop_free(allcerts, X509_free); | 1398 | sk_X509_pop_free(allcerts, X509_free); | 
| 1399 | ret = 5; | 1399 | ret = 5; | 
| 1400 | goto end; | 1400 | goto end; | 
| @@ -1402,19 +1402,19 @@ cms_main(int argc, char **argv) | |||
| 1402 | sk_X509_pop_free(allcerts, X509_free); | 1402 | sk_X509_pop_free(allcerts, X509_free); | 
| 1403 | } | 1403 | } | 
| 1404 | } | 1404 | } | 
| 1405 | if (cms_config.rctfile != NULL) { | 1405 | if (cfg.rctfile != NULL) { | 
| 1406 | char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ? | 1406 | char *rctmode = (cfg.rctformat == FORMAT_ASN1) ? | 
| 1407 | "rb" : "r"; | 1407 | "rb" : "r"; | 
| 1408 | if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) { | 1408 | if ((rctin = BIO_new_file(cfg.rctfile, rctmode)) == NULL) { | 
| 1409 | BIO_printf(bio_err, | 1409 | BIO_printf(bio_err, | 
| 1410 | "Can't open receipt file %s\n", cms_config.rctfile); | 1410 | "Can't open receipt file %s\n", cfg.rctfile); | 
| 1411 | goto end; | 1411 | goto end; | 
| 1412 | } | 1412 | } | 
| 1413 | if (cms_config.rctformat == FORMAT_SMIME) | 1413 | if (cfg.rctformat == FORMAT_SMIME) | 
| 1414 | rcms = SMIME_read_CMS(rctin, NULL); | 1414 | rcms = SMIME_read_CMS(rctin, NULL); | 
| 1415 | else if (cms_config.rctformat == FORMAT_PEM) | 1415 | else if (cfg.rctformat == FORMAT_PEM) | 
| 1416 | rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); | 1416 | rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); | 
| 1417 | else if (cms_config.rctformat == FORMAT_ASN1) | 1417 | else if (cfg.rctformat == FORMAT_ASN1) | 
| 1418 | rcms = d2i_CMS_bio(rctin, NULL); | 1418 | rcms = d2i_CMS_bio(rctin, NULL); | 
| 1419 | else { | 1419 | else { | 
| 1420 | BIO_printf(bio_err, "Bad input format for receipt\n"); | 1420 | BIO_printf(bio_err, "Bad input format for receipt\n"); | 
| @@ -1426,10 +1426,10 @@ cms_main(int argc, char **argv) | |||
| 1426 | goto end; | 1426 | goto end; | 
| 1427 | } | 1427 | } | 
| 1428 | } | 1428 | } | 
| 1429 | if (cms_config.outfile != NULL) { | 1429 | if (cfg.outfile != NULL) { | 
| 1430 | if ((out = BIO_new_file(cms_config.outfile, outmode)) == NULL) { | 1430 | if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) { | 
| 1431 | BIO_printf(bio_err, | 1431 | BIO_printf(bio_err, | 
| 1432 | "Can't open output file %s\n", cms_config.outfile); | 1432 | "Can't open output file %s\n", cfg.outfile); | 
| 1433 | goto end; | 1433 | goto end; | 
| 1434 | } | 1434 | } | 
| 1435 | } else { | 1435 | } else { | 
| @@ -1437,42 +1437,42 @@ cms_main(int argc, char **argv) | |||
| 1437 | goto end; | 1437 | goto end; | 
| 1438 | } | 1438 | } | 
| 1439 | 1439 | ||
| 1440 | if ((cms_config.operation == SMIME_VERIFY) || | 1440 | if ((cfg.operation == SMIME_VERIFY) || | 
| 1441 | (cms_config.operation == SMIME_VERIFY_RECEIPT)) { | 1441 | (cfg.operation == SMIME_VERIFY_RECEIPT)) { | 
| 1442 | if ((store = setup_verify(bio_err, cms_config.CAfile, | 1442 | if ((store = setup_verify(bio_err, cfg.CAfile, | 
| 1443 | cms_config.CApath)) == NULL) | 1443 | cfg.CApath)) == NULL) | 
| 1444 | goto end; | 1444 | goto end; | 
| 1445 | X509_STORE_set_verify_cb(store, cms_cb); | 1445 | X509_STORE_set_verify_cb(store, cms_cb); | 
| 1446 | if (cms_config.vpm != NULL) { | 1446 | if (cfg.vpm != NULL) { | 
| 1447 | if (!X509_STORE_set1_param(store, cms_config.vpm)) | 1447 | if (!X509_STORE_set1_param(store, cfg.vpm)) | 
| 1448 | goto end; | 1448 | goto end; | 
| 1449 | } | 1449 | } | 
| 1450 | } | 1450 | } | 
| 1451 | ret = 3; | 1451 | ret = 3; | 
| 1452 | 1452 | ||
| 1453 | if (cms_config.operation == SMIME_DATA_CREATE) { | 1453 | if (cfg.operation == SMIME_DATA_CREATE) { | 
| 1454 | cms = CMS_data_create(in, cms_config.flags); | 1454 | cms = CMS_data_create(in, cfg.flags); | 
| 1455 | } else if (cms_config.operation == SMIME_DIGEST_CREATE) { | 1455 | } else if (cfg.operation == SMIME_DIGEST_CREATE) { | 
| 1456 | cms = CMS_digest_create(in, cms_config.sign_md, | 1456 | cms = CMS_digest_create(in, cfg.sign_md, | 
| 1457 | cms_config.flags); | 1457 | cfg.flags); | 
| 1458 | } else if (cms_config.operation == SMIME_COMPRESS) { | 1458 | } else if (cfg.operation == SMIME_COMPRESS) { | 
| 1459 | cms = CMS_compress(in, -1, cms_config.flags); | 1459 | cms = CMS_compress(in, -1, cfg.flags); | 
| 1460 | } else if (cms_config.operation == SMIME_ENCRYPT) { | 1460 | } else if (cfg.operation == SMIME_ENCRYPT) { | 
| 1461 | int i; | 1461 | int i; | 
| 1462 | cms_config.flags |= CMS_PARTIAL; | 1462 | cfg.flags |= CMS_PARTIAL; | 
| 1463 | cms = CMS_encrypt(NULL, in, cms_config.cipher, | 1463 | cms = CMS_encrypt(NULL, in, cfg.cipher, | 
| 1464 | cms_config.flags); | 1464 | cfg.flags); | 
| 1465 | if (cms == NULL) | 1465 | if (cms == NULL) | 
| 1466 | goto end; | 1466 | goto end; | 
| 1467 | for (i = 0; i < sk_X509_num(cms_config.encerts); i++) { | 1467 | for (i = 0; i < sk_X509_num(cfg.encerts); i++) { | 
| 1468 | CMS_RecipientInfo *ri; | 1468 | CMS_RecipientInfo *ri; | 
| 1469 | struct cms_key_param *kparam; | 1469 | struct cms_key_param *kparam; | 
| 1470 | int tflags = cms_config.flags; | 1470 | int tflags = cfg.flags; | 
| 1471 | X509 *x; | 1471 | X509 *x; | 
| 1472 | 1472 | ||
| 1473 | if ((x = sk_X509_value(cms_config.encerts, i)) == NULL) | 1473 | if ((x = sk_X509_value(cfg.encerts, i)) == NULL) | 
| 1474 | goto end; | 1474 | goto end; | 
| 1475 | for (kparam = cms_config.key_first; kparam != NULL; | 1475 | for (kparam = cfg.key_first; kparam != NULL; | 
| 1476 | kparam = kparam->next) { | 1476 | kparam = kparam->next) { | 
| 1477 | if (kparam->idx == i) { | 1477 | if (kparam->idx == i) { | 
| 1478 | tflags |= CMS_KEY_PARAM; | 1478 | tflags |= CMS_KEY_PARAM; | 
| @@ -1492,18 +1492,18 @@ cms_main(int argc, char **argv) | |||
| 1492 | } | 1492 | } | 
| 1493 | } | 1493 | } | 
| 1494 | 1494 | ||
| 1495 | if (cms_config.secret_key != NULL) { | 1495 | if (cfg.secret_key != NULL) { | 
| 1496 | if (CMS_add0_recipient_key(cms, NID_undef, | 1496 | if (CMS_add0_recipient_key(cms, NID_undef, | 
| 1497 | cms_config.secret_key, cms_config.secret_keylen, | 1497 | cfg.secret_key, cfg.secret_keylen, | 
| 1498 | cms_config.secret_keyid, cms_config.secret_keyidlen, | 1498 | cfg.secret_keyid, cfg.secret_keyidlen, | 
| 1499 | NULL, NULL, NULL) == NULL) | 1499 | NULL, NULL, NULL) == NULL) | 
| 1500 | goto end; | 1500 | goto end; | 
| 1501 | /* NULL these because call absorbs them */ | 1501 | /* NULL these because call absorbs them */ | 
| 1502 | cms_config.secret_key = NULL; | 1502 | cfg.secret_key = NULL; | 
| 1503 | cms_config.secret_keyid = NULL; | 1503 | cfg.secret_keyid = NULL; | 
| 1504 | } | 1504 | } | 
| 1505 | if (cms_config.pwri_pass != NULL) { | 1505 | if (cfg.pwri_pass != NULL) { | 
| 1506 | pwri_tmp = strdup(cms_config.pwri_pass); | 1506 | pwri_tmp = strdup(cfg.pwri_pass); | 
| 1507 | if (pwri_tmp == NULL) | 1507 | if (pwri_tmp == NULL) | 
| 1508 | goto end; | 1508 | goto end; | 
| 1509 | if (CMS_add0_recipient_password(cms, -1, NID_undef, | 1509 | if (CMS_add0_recipient_password(cms, -1, NID_undef, | 
| @@ -1511,16 +1511,16 @@ cms_main(int argc, char **argv) | |||
| 1511 | goto end; | 1511 | goto end; | 
| 1512 | pwri_tmp = NULL; | 1512 | pwri_tmp = NULL; | 
| 1513 | } | 1513 | } | 
| 1514 | if (!(cms_config.flags & CMS_STREAM)) { | 1514 | if (!(cfg.flags & CMS_STREAM)) { | 
| 1515 | if (!CMS_final(cms, in, NULL, cms_config.flags)) | 1515 | if (!CMS_final(cms, in, NULL, cfg.flags)) | 
| 1516 | goto end; | 1516 | goto end; | 
| 1517 | } | 1517 | } | 
| 1518 | } else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) { | 1518 | } else if (cfg.operation == SMIME_ENCRYPTED_ENCRYPT) { | 
| 1519 | cms = CMS_EncryptedData_encrypt(in, cms_config.cipher, | 1519 | cms = CMS_EncryptedData_encrypt(in, cfg.cipher, | 
| 1520 | cms_config.secret_key, cms_config.secret_keylen, | 1520 | cfg.secret_key, cfg.secret_keylen, | 
| 1521 | cms_config.flags); | 1521 | cfg.flags); | 
| 1522 | 1522 | ||
| 1523 | } else if (cms_config.operation == SMIME_SIGN_RECEIPT) { | 1523 | } else if (cfg.operation == SMIME_SIGN_RECEIPT) { | 
| 1524 | CMS_ContentInfo *srcms = NULL; | 1524 | CMS_ContentInfo *srcms = NULL; | 
| 1525 | STACK_OF(CMS_SignerInfo) *sis; | 1525 | STACK_OF(CMS_SignerInfo) *sis; | 
| 1526 | CMS_SignerInfo *si; | 1526 | CMS_SignerInfo *si; | 
| @@ -1531,36 +1531,36 @@ cms_main(int argc, char **argv) | |||
| 1531 | if (si == NULL) | 1531 | if (si == NULL) | 
| 1532 | goto end; | 1532 | goto end; | 
| 1533 | srcms = CMS_sign_receipt(si, signer, key, other, | 1533 | srcms = CMS_sign_receipt(si, signer, key, other, | 
| 1534 | cms_config.flags); | 1534 | cfg.flags); | 
| 1535 | if (srcms == NULL) | 1535 | if (srcms == NULL) | 
| 1536 | goto end; | 1536 | goto end; | 
| 1537 | CMS_ContentInfo_free(cms); | 1537 | CMS_ContentInfo_free(cms); | 
| 1538 | cms = srcms; | 1538 | cms = srcms; | 
| 1539 | } else if (cms_config.operation & SMIME_SIGNERS) { | 1539 | } else if (cfg.operation & SMIME_SIGNERS) { | 
| 1540 | int i; | 1540 | int i; | 
| 1541 | /* | 1541 | /* | 
| 1542 | * If detached data content we enable streaming if S/MIME | 1542 | * If detached data content we enable streaming if S/MIME | 
| 1543 | * output format. | 1543 | * output format. | 
| 1544 | */ | 1544 | */ | 
| 1545 | if (cms_config.operation == SMIME_SIGN) { | 1545 | if (cfg.operation == SMIME_SIGN) { | 
| 1546 | 1546 | ||
| 1547 | if (cms_config.flags & CMS_DETACHED) { | 1547 | if (cfg.flags & CMS_DETACHED) { | 
| 1548 | if (cms_config.outformat == FORMAT_SMIME) | 1548 | if (cfg.outformat == FORMAT_SMIME) | 
| 1549 | cms_config.flags |= CMS_STREAM; | 1549 | cfg.flags |= CMS_STREAM; | 
| 1550 | } | 1550 | } | 
| 1551 | cms_config.flags |= CMS_PARTIAL; | 1551 | cfg.flags |= CMS_PARTIAL; | 
| 1552 | cms = CMS_sign(NULL, NULL, other, in, cms_config.flags); | 1552 | cms = CMS_sign(NULL, NULL, other, in, cfg.flags); | 
| 1553 | if (cms == NULL) | 1553 | if (cms == NULL) | 
| 1554 | goto end; | 1554 | goto end; | 
| 1555 | if (cms_config.econtent_type != NULL) | 1555 | if (cfg.econtent_type != NULL) | 
| 1556 | if (!CMS_set1_eContentType(cms, | 1556 | if (!CMS_set1_eContentType(cms, | 
| 1557 | cms_config.econtent_type)) | 1557 | cfg.econtent_type)) | 
| 1558 | goto end; | 1558 | goto end; | 
| 1559 | 1559 | ||
| 1560 | if (cms_config.rr_to != NULL) { | 1560 | if (cfg.rr_to != NULL) { | 
| 1561 | rr = make_receipt_request(cms_config.rr_to, | 1561 | rr = make_receipt_request(cfg.rr_to, | 
| 1562 | cms_config.rr_allorfirst, | 1562 | cfg.rr_allorfirst, | 
| 1563 | cms_config.rr_from); | 1563 | cfg.rr_from); | 
| 1564 | if (rr == NULL) { | 1564 | if (rr == NULL) { | 
| 1565 | BIO_puts(bio_err, | 1565 | BIO_puts(bio_err, | 
| 1566 | "Signed Receipt Request Creation Error\n"); | 1566 | "Signed Receipt Request Creation Error\n"); | 
| @@ -1568,28 +1568,28 @@ cms_main(int argc, char **argv) | |||
| 1568 | } | 1568 | } | 
| 1569 | } | 1569 | } | 
| 1570 | } else { | 1570 | } else { | 
| 1571 | cms_config.flags |= CMS_REUSE_DIGEST; | 1571 | cfg.flags |= CMS_REUSE_DIGEST; | 
| 1572 | } | 1572 | } | 
| 1573 | 1573 | ||
| 1574 | for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) { | 1574 | for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) { | 
| 1575 | CMS_SignerInfo *si; | 1575 | CMS_SignerInfo *si; | 
| 1576 | struct cms_key_param *kparam; | 1576 | struct cms_key_param *kparam; | 
| 1577 | int tflags = cms_config.flags; | 1577 | int tflags = cfg.flags; | 
| 1578 | 1578 | ||
| 1579 | cms_config.signerfile = sk_OPENSSL_STRING_value( | 1579 | cfg.signerfile = sk_OPENSSL_STRING_value( | 
| 1580 | cms_config.sksigners, i); | 1580 | cfg.sksigners, i); | 
| 1581 | cms_config.keyfile = sk_OPENSSL_STRING_value( | 1581 | cfg.keyfile = sk_OPENSSL_STRING_value( | 
| 1582 | cms_config.skkeys, i); | 1582 | cfg.skkeys, i); | 
| 1583 | 1583 | ||
| 1584 | signer = load_cert(bio_err, cms_config.signerfile, | 1584 | signer = load_cert(bio_err, cfg.signerfile, | 
| 1585 | FORMAT_PEM, NULL, "signer certificate"); | 1585 | FORMAT_PEM, NULL, "signer certificate"); | 
| 1586 | if (signer == NULL) | 1586 | if (signer == NULL) | 
| 1587 | goto end; | 1587 | goto end; | 
| 1588 | key = load_key(bio_err, cms_config.keyfile, | 1588 | key = load_key(bio_err, cfg.keyfile, | 
| 1589 | cms_config.keyform, 0, passin, "signing key file"); | 1589 | cfg.keyform, 0, passin, "signing key file"); | 
| 1590 | if (key == NULL) | 1590 | if (key == NULL) | 
| 1591 | goto end; | 1591 | goto end; | 
| 1592 | for (kparam = cms_config.key_first; kparam != NULL; | 1592 | for (kparam = cfg.key_first; kparam != NULL; | 
| 1593 | kparam = kparam->next) { | 1593 | kparam = kparam->next) { | 
| 1594 | if (kparam->idx == i) { | 1594 | if (kparam->idx == i) { | 
| 1595 | tflags |= CMS_KEY_PARAM; | 1595 | tflags |= CMS_KEY_PARAM; | 
| @@ -1597,7 +1597,7 @@ cms_main(int argc, char **argv) | |||
| 1597 | } | 1597 | } | 
| 1598 | } | 1598 | } | 
| 1599 | si = CMS_add1_signer(cms, signer, key, | 1599 | si = CMS_add1_signer(cms, signer, key, | 
| 1600 | cms_config.sign_md, tflags); | 1600 | cfg.sign_md, tflags); | 
| 1601 | if (si == NULL) | 1601 | if (si == NULL) | 
| 1602 | goto end; | 1602 | goto end; | 
| 1603 | if (kparam != NULL) { | 1603 | if (kparam != NULL) { | 
| @@ -1616,9 +1616,9 @@ cms_main(int argc, char **argv) | |||
| 1616 | key = NULL; | 1616 | key = NULL; | 
| 1617 | } | 1617 | } | 
| 1618 | /* If not streaming or resigning finalize structure */ | 1618 | /* If not streaming or resigning finalize structure */ | 
| 1619 | if ((cms_config.operation == SMIME_SIGN) && | 1619 | if ((cfg.operation == SMIME_SIGN) && | 
| 1620 | !(cms_config.flags & CMS_STREAM)) { | 1620 | !(cfg.flags & CMS_STREAM)) { | 
| 1621 | if (!CMS_final(cms, in, NULL, cms_config.flags)) | 1621 | if (!CMS_final(cms, in, NULL, cfg.flags)) | 
| 1622 | goto end; | 1622 | goto end; | 
| 1623 | } | 1623 | } | 
| 1624 | } | 1624 | } | 
| @@ -1627,15 +1627,15 @@ cms_main(int argc, char **argv) | |||
| 1627 | goto end; | 1627 | goto end; | 
| 1628 | } | 1628 | } | 
| 1629 | ret = 4; | 1629 | ret = 4; | 
| 1630 | if (cms_config.operation == SMIME_DECRYPT) { | 1630 | if (cfg.operation == SMIME_DECRYPT) { | 
| 1631 | if (cms_config.flags & CMS_DEBUG_DECRYPT) | 1631 | if (cfg.flags & CMS_DEBUG_DECRYPT) | 
| 1632 | CMS_decrypt(cms, NULL, NULL, NULL, NULL, | 1632 | CMS_decrypt(cms, NULL, NULL, NULL, NULL, | 
| 1633 | cms_config.flags); | 1633 | cfg.flags); | 
| 1634 | 1634 | ||
| 1635 | if (cms_config.secret_key != NULL) { | 1635 | if (cfg.secret_key != NULL) { | 
| 1636 | if (!CMS_decrypt_set1_key(cms, cms_config.secret_key, | 1636 | if (!CMS_decrypt_set1_key(cms, cfg.secret_key, | 
| 1637 | cms_config.secret_keylen, cms_config.secret_keyid, | 1637 | cfg.secret_keylen, cfg.secret_keyid, | 
| 1638 | cms_config.secret_keyidlen)) { | 1638 | cfg.secret_keyidlen)) { | 
| 1639 | BIO_puts(bio_err, | 1639 | BIO_puts(bio_err, | 
| 1640 | "Error decrypting CMS using secret key\n"); | 1640 | "Error decrypting CMS using secret key\n"); | 
| 1641 | goto end; | 1641 | goto end; | 
| @@ -1648,95 +1648,95 @@ cms_main(int argc, char **argv) | |||
| 1648 | goto end; | 1648 | goto end; | 
| 1649 | } | 1649 | } | 
| 1650 | } | 1650 | } | 
| 1651 | if (cms_config.pwri_pass != NULL) { | 1651 | if (cfg.pwri_pass != NULL) { | 
| 1652 | if (!CMS_decrypt_set1_password(cms, | 1652 | if (!CMS_decrypt_set1_password(cms, | 
| 1653 | cms_config.pwri_pass, -1)) { | 1653 | cfg.pwri_pass, -1)) { | 
| 1654 | BIO_puts(bio_err, | 1654 | BIO_puts(bio_err, | 
| 1655 | "Error decrypting CMS using password\n"); | 1655 | "Error decrypting CMS using password\n"); | 
| 1656 | goto end; | 1656 | goto end; | 
| 1657 | } | 1657 | } | 
| 1658 | } | 1658 | } | 
| 1659 | if (!CMS_decrypt(cms, NULL, NULL, indata, out, | 1659 | if (!CMS_decrypt(cms, NULL, NULL, indata, out, | 
| 1660 | cms_config.flags)) { | 1660 | cfg.flags)) { | 
| 1661 | BIO_printf(bio_err, "Error decrypting CMS structure\n"); | 1661 | BIO_printf(bio_err, "Error decrypting CMS structure\n"); | 
| 1662 | goto end; | 1662 | goto end; | 
| 1663 | } | 1663 | } | 
| 1664 | } else if (cms_config.operation == SMIME_DATAOUT) { | 1664 | } else if (cfg.operation == SMIME_DATAOUT) { | 
| 1665 | if (!CMS_data(cms, out, cms_config.flags)) | 1665 | if (!CMS_data(cms, out, cfg.flags)) | 
| 1666 | goto end; | 1666 | goto end; | 
| 1667 | } else if (cms_config.operation == SMIME_UNCOMPRESS) { | 1667 | } else if (cfg.operation == SMIME_UNCOMPRESS) { | 
| 1668 | if (!CMS_uncompress(cms, indata, out, cms_config.flags)) | 1668 | if (!CMS_uncompress(cms, indata, out, cfg.flags)) | 
| 1669 | goto end; | 1669 | goto end; | 
| 1670 | } else if (cms_config.operation == SMIME_DIGEST_VERIFY) { | 1670 | } else if (cfg.operation == SMIME_DIGEST_VERIFY) { | 
| 1671 | if (CMS_digest_verify(cms, indata, out, cms_config.flags) > 0) | 1671 | if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0) | 
| 1672 | BIO_printf(bio_err, "Verification successful\n"); | 1672 | BIO_printf(bio_err, "Verification successful\n"); | 
| 1673 | else { | 1673 | else { | 
| 1674 | BIO_printf(bio_err, "Verification failure\n"); | 1674 | BIO_printf(bio_err, "Verification failure\n"); | 
| 1675 | goto end; | 1675 | goto end; | 
| 1676 | } | 1676 | } | 
| 1677 | } else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) { | 1677 | } else if (cfg.operation == SMIME_ENCRYPTED_DECRYPT) { | 
| 1678 | if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key, | 1678 | if (!CMS_EncryptedData_decrypt(cms, cfg.secret_key, | 
| 1679 | cms_config.secret_keylen, indata, out, cms_config.flags)) | 1679 | cfg.secret_keylen, indata, out, cfg.flags)) | 
| 1680 | goto end; | 1680 | goto end; | 
| 1681 | } else if (cms_config.operation == SMIME_VERIFY) { | 1681 | } else if (cfg.operation == SMIME_VERIFY) { | 
| 1682 | if (CMS_verify(cms, other, store, indata, out, | 1682 | if (CMS_verify(cms, other, store, indata, out, | 
| 1683 | cms_config.flags) > 0) { | 1683 | cfg.flags) > 0) { | 
| 1684 | BIO_printf(bio_err, "Verification successful\n"); | 1684 | BIO_printf(bio_err, "Verification successful\n"); | 
| 1685 | } else { | 1685 | } else { | 
| 1686 | BIO_printf(bio_err, "Verification failure\n"); | 1686 | BIO_printf(bio_err, "Verification failure\n"); | 
| 1687 | if (cms_config.verify_retcode) | 1687 | if (cfg.verify_retcode) | 
| 1688 | ret = verify_err + 32; | 1688 | ret = verify_err + 32; | 
| 1689 | goto end; | 1689 | goto end; | 
| 1690 | } | 1690 | } | 
| 1691 | if (cms_config.signerfile != NULL) { | 1691 | if (cfg.signerfile != NULL) { | 
| 1692 | STACK_OF(X509) *signers; | 1692 | STACK_OF(X509) *signers; | 
| 1693 | if ((signers = CMS_get0_signers(cms)) == NULL) | 1693 | if ((signers = CMS_get0_signers(cms)) == NULL) | 
| 1694 | goto end; | 1694 | goto end; | 
| 1695 | if (!save_certs(cms_config.signerfile, signers)) { | 1695 | if (!save_certs(cfg.signerfile, signers)) { | 
| 1696 | BIO_printf(bio_err, | 1696 | BIO_printf(bio_err, | 
| 1697 | "Error writing signers to %s\n", | 1697 | "Error writing signers to %s\n", | 
| 1698 | cms_config.signerfile); | 1698 | cfg.signerfile); | 
| 1699 | sk_X509_free(signers); | 1699 | sk_X509_free(signers); | 
| 1700 | ret = 5; | 1700 | ret = 5; | 
| 1701 | goto end; | 1701 | goto end; | 
| 1702 | } | 1702 | } | 
| 1703 | sk_X509_free(signers); | 1703 | sk_X509_free(signers); | 
| 1704 | } | 1704 | } | 
| 1705 | if (cms_config.rr_print) | 1705 | if (cfg.rr_print) | 
| 1706 | receipt_request_print(bio_err, cms); | 1706 | receipt_request_print(bio_err, cms); | 
| 1707 | 1707 | ||
| 1708 | } else if (cms_config.operation == SMIME_VERIFY_RECEIPT) { | 1708 | } else if (cfg.operation == SMIME_VERIFY_RECEIPT) { | 
| 1709 | if (CMS_verify_receipt(rcms, cms, other, store, | 1709 | if (CMS_verify_receipt(rcms, cms, other, store, | 
| 1710 | cms_config.flags) > 0) { | 1710 | cfg.flags) > 0) { | 
| 1711 | BIO_printf(bio_err, "Verification successful\n"); | 1711 | BIO_printf(bio_err, "Verification successful\n"); | 
| 1712 | } else { | 1712 | } else { | 
| 1713 | BIO_printf(bio_err, "Verification failure\n"); | 1713 | BIO_printf(bio_err, "Verification failure\n"); | 
| 1714 | goto end; | 1714 | goto end; | 
| 1715 | } | 1715 | } | 
| 1716 | } else { | 1716 | } else { | 
| 1717 | if (cms_config.noout) { | 1717 | if (cfg.noout) { | 
| 1718 | if (cms_config.print && | 1718 | if (cfg.print && | 
| 1719 | !CMS_ContentInfo_print_ctx(out, cms, 0, NULL)) | 1719 | !CMS_ContentInfo_print_ctx(out, cms, 0, NULL)) | 
| 1720 | goto end; | 1720 | goto end; | 
| 1721 | } else if (cms_config.outformat == FORMAT_SMIME) { | 1721 | } else if (cfg.outformat == FORMAT_SMIME) { | 
| 1722 | if (cms_config.to != NULL) | 1722 | if (cfg.to != NULL) | 
| 1723 | BIO_printf(out, "To: %s\n", cms_config.to); | 1723 | BIO_printf(out, "To: %s\n", cfg.to); | 
| 1724 | if (cms_config.from != NULL) | 1724 | if (cfg.from != NULL) | 
| 1725 | BIO_printf(out, "From: %s\n", cms_config.from); | 1725 | BIO_printf(out, "From: %s\n", cfg.from); | 
| 1726 | if (cms_config.subject != NULL) | 1726 | if (cfg.subject != NULL) | 
| 1727 | BIO_printf(out, "Subject: %s\n", | 1727 | BIO_printf(out, "Subject: %s\n", | 
| 1728 | cms_config.subject); | 1728 | cfg.subject); | 
| 1729 | if (cms_config.operation == SMIME_RESIGN) | 1729 | if (cfg.operation == SMIME_RESIGN) | 
| 1730 | ret = SMIME_write_CMS(out, cms, indata, | 1730 | ret = SMIME_write_CMS(out, cms, indata, | 
| 1731 | cms_config.flags); | 1731 | cfg.flags); | 
| 1732 | else | 1732 | else | 
| 1733 | ret = SMIME_write_CMS(out, cms, in, | 1733 | ret = SMIME_write_CMS(out, cms, in, | 
| 1734 | cms_config.flags); | 1734 | cfg.flags); | 
| 1735 | } else if (cms_config.outformat == FORMAT_PEM) { | 1735 | } else if (cfg.outformat == FORMAT_PEM) { | 
| 1736 | ret = PEM_write_bio_CMS_stream(out, cms, in, | 1736 | ret = PEM_write_bio_CMS_stream(out, cms, in, | 
| 1737 | cms_config.flags); | 1737 | cfg.flags); | 
| 1738 | } else if (cms_config.outformat == FORMAT_ASN1) { | 1738 | } else if (cfg.outformat == FORMAT_ASN1) { | 
| 1739 | ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags); | 1739 | ret = i2d_CMS_bio_stream(out, cms, in, cfg.flags); | 
| 1740 | } else { | 1740 | } else { | 
| 1741 | BIO_printf(bio_err, "Bad output format for CMS file\n"); | 1741 | BIO_printf(bio_err, "Bad output format for CMS file\n"); | 
| 1742 | goto end; | 1742 | goto end; | 
| @@ -1752,27 +1752,27 @@ cms_main(int argc, char **argv) | |||
| 1752 | if (ret) | 1752 | if (ret) | 
| 1753 | ERR_print_errors(bio_err); | 1753 | ERR_print_errors(bio_err); | 
| 1754 | 1754 | ||
| 1755 | sk_X509_pop_free(cms_config.encerts, X509_free); | 1755 | sk_X509_pop_free(cfg.encerts, X509_free); | 
| 1756 | sk_X509_pop_free(other, X509_free); | 1756 | sk_X509_pop_free(other, X509_free); | 
| 1757 | X509_VERIFY_PARAM_free(cms_config.vpm); | 1757 | X509_VERIFY_PARAM_free(cfg.vpm); | 
| 1758 | sk_OPENSSL_STRING_free(cms_config.sksigners); | 1758 | sk_OPENSSL_STRING_free(cfg.sksigners); | 
| 1759 | sk_OPENSSL_STRING_free(cms_config.skkeys); | 1759 | sk_OPENSSL_STRING_free(cfg.skkeys); | 
| 1760 | free(cms_config.secret_key); | 1760 | free(cfg.secret_key); | 
| 1761 | free(cms_config.secret_keyid); | 1761 | free(cfg.secret_keyid); | 
| 1762 | free(pwri_tmp); | 1762 | free(pwri_tmp); | 
| 1763 | ASN1_OBJECT_free(cms_config.econtent_type); | 1763 | ASN1_OBJECT_free(cfg.econtent_type); | 
| 1764 | CMS_ReceiptRequest_free(rr); | 1764 | CMS_ReceiptRequest_free(rr); | 
| 1765 | sk_OPENSSL_STRING_free(cms_config.rr_to); | 1765 | sk_OPENSSL_STRING_free(cfg.rr_to); | 
| 1766 | sk_OPENSSL_STRING_free(cms_config.rr_from); | 1766 | sk_OPENSSL_STRING_free(cfg.rr_from); | 
| 1767 | for (cms_config.key_param = cms_config.key_first; cms_config.key_param;) { | 1767 | for (cfg.key_param = cfg.key_first; cfg.key_param;) { | 
| 1768 | struct cms_key_param *tparam; | 1768 | struct cms_key_param *tparam; | 
| 1769 | sk_OPENSSL_STRING_free(cms_config.key_param->param); | 1769 | sk_OPENSSL_STRING_free(cfg.key_param->param); | 
| 1770 | tparam = cms_config.key_param->next; | 1770 | tparam = cfg.key_param->next; | 
| 1771 | free(cms_config.key_param); | 1771 | free(cfg.key_param); | 
| 1772 | cms_config.key_param = tparam; | 1772 | cfg.key_param = tparam; | 
| 1773 | } | 1773 | } | 
| 1774 | X509_STORE_free(store); | 1774 | X509_STORE_free(store); | 
| 1775 | X509_free(cms_config.cert); | 1775 | X509_free(cfg.cert); | 
| 1776 | X509_free(recip); | 1776 | X509_free(recip); | 
| 1777 | X509_free(signer); | 1777 | X509_free(signer); | 
| 1778 | EVP_PKEY_free(key); | 1778 | EVP_PKEY_free(key); | 
| diff --git a/src/usr.bin/openssl/crl.c b/src/usr.bin/openssl/crl.c index 6b7bc5b72e..e64038dfda 100644 --- a/src/usr.bin/openssl/crl.c +++ b/src/usr.bin/openssl/crl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crl.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: crl.c,v 1.17 2023/03/06 14:32:05 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -86,7 +86,7 @@ static struct { | |||
| 86 | int outformat; | 86 | int outformat; | 
| 87 | int text; | 87 | int text; | 
| 88 | int verify; | 88 | int verify; | 
| 89 | } crl_config; | 89 | } cfg; | 
| 90 | 90 | ||
| 91 | static const struct option crl_options[] = { | 91 | static const struct option crl_options[] = { | 
| 92 | { | 92 | { | 
| @@ -94,109 +94,109 @@ static const struct option crl_options[] = { | |||
| 94 | .argname = "file", | 94 | .argname = "file", | 
| 95 | .desc = "Verify the CRL using certificates in the given file", | 95 | .desc = "Verify the CRL using certificates in the given file", | 
| 96 | .type = OPTION_ARG, | 96 | .type = OPTION_ARG, | 
| 97 | .opt.arg = &crl_config.cafile, | 97 | .opt.arg = &cfg.cafile, | 
| 98 | }, | 98 | }, | 
| 99 | { | 99 | { | 
| 100 | .name = "CApath", | 100 | .name = "CApath", | 
| 101 | .argname = "path", | 101 | .argname = "path", | 
| 102 | .desc = "Verify the CRL using certificates in the given path", | 102 | .desc = "Verify the CRL using certificates in the given path", | 
| 103 | .type = OPTION_ARG, | 103 | .type = OPTION_ARG, | 
| 104 | .opt.arg = &crl_config.capath, | 104 | .opt.arg = &cfg.capath, | 
| 105 | }, | 105 | }, | 
| 106 | { | 106 | { | 
| 107 | .name = "crlnumber", | 107 | .name = "crlnumber", | 
| 108 | .desc = "Print the CRL number", | 108 | .desc = "Print the CRL number", | 
| 109 | .type = OPTION_FLAG_ORD, | 109 | .type = OPTION_FLAG_ORD, | 
| 110 | .opt.flag = &crl_config.crlnumber, | 110 | .opt.flag = &cfg.crlnumber, | 
| 111 | }, | 111 | }, | 
| 112 | { | 112 | { | 
| 113 | .name = "fingerprint", | 113 | .name = "fingerprint", | 
| 114 | .desc = "Print the CRL fingerprint", | 114 | .desc = "Print the CRL fingerprint", | 
| 115 | .type = OPTION_FLAG_ORD, | 115 | .type = OPTION_FLAG_ORD, | 
| 116 | .opt.flag = &crl_config.fingerprint, | 116 | .opt.flag = &cfg.fingerprint, | 
| 117 | }, | 117 | }, | 
| 118 | { | 118 | { | 
| 119 | .name = "hash", | 119 | .name = "hash", | 
| 120 | .desc = "Print the hash of the issuer name", | 120 | .desc = "Print the hash of the issuer name", | 
| 121 | .type = OPTION_FLAG_ORD, | 121 | .type = OPTION_FLAG_ORD, | 
| 122 | .opt.flag = &crl_config.hash, | 122 | .opt.flag = &cfg.hash, | 
| 123 | }, | 123 | }, | 
| 124 | { | 124 | { | 
| 125 | .name = "hash_old", | 125 | .name = "hash_old", | 
| 126 | .desc = "Print an old-style (MD5) hash of the issuer name", | 126 | .desc = "Print an old-style (MD5) hash of the issuer name", | 
| 127 | .type = OPTION_FLAG_ORD, | 127 | .type = OPTION_FLAG_ORD, | 
| 128 | .opt.flag = &crl_config.hash_old, | 128 | .opt.flag = &cfg.hash_old, | 
| 129 | }, | 129 | }, | 
| 130 | { | 130 | { | 
| 131 | .name = "in", | 131 | .name = "in", | 
| 132 | .argname = "file", | 132 | .argname = "file", | 
| 133 | .desc = "Input file to read from (stdin if unspecified)", | 133 | .desc = "Input file to read from (stdin if unspecified)", | 
| 134 | .type = OPTION_ARG, | 134 | .type = OPTION_ARG, | 
| 135 | .opt.arg = &crl_config.infile, | 135 | .opt.arg = &cfg.infile, | 
| 136 | }, | 136 | }, | 
| 137 | { | 137 | { | 
| 138 | .name = "inform", | 138 | .name = "inform", | 
| 139 | .argname = "format", | 139 | .argname = "format", | 
| 140 | .desc = "Input format (DER or PEM)", | 140 | .desc = "Input format (DER or PEM)", | 
| 141 | .type = OPTION_ARG_FORMAT, | 141 | .type = OPTION_ARG_FORMAT, | 
| 142 | .opt.value = &crl_config.informat, | 142 | .opt.value = &cfg.informat, | 
| 143 | }, | 143 | }, | 
| 144 | { | 144 | { | 
| 145 | .name = "issuer", | 145 | .name = "issuer", | 
| 146 | .desc = "Print the issuer name", | 146 | .desc = "Print the issuer name", | 
| 147 | .type = OPTION_FLAG_ORD, | 147 | .type = OPTION_FLAG_ORD, | 
| 148 | .opt.flag = &crl_config.issuer, | 148 | .opt.flag = &cfg.issuer, | 
| 149 | }, | 149 | }, | 
| 150 | { | 150 | { | 
| 151 | .name = "lastupdate", | 151 | .name = "lastupdate", | 
| 152 | .desc = "Print the lastUpdate field", | 152 | .desc = "Print the lastUpdate field", | 
| 153 | .type = OPTION_FLAG_ORD, | 153 | .type = OPTION_FLAG_ORD, | 
| 154 | .opt.flag = &crl_config.lastupdate, | 154 | .opt.flag = &cfg.lastupdate, | 
| 155 | }, | 155 | }, | 
| 156 | { | 156 | { | 
| 157 | .name = "nameopt", | 157 | .name = "nameopt", | 
| 158 | .argname = "options", | 158 | .argname = "options", | 
| 159 | .desc = "Specify certificate name options", | 159 | .desc = "Specify certificate name options", | 
| 160 | .type = OPTION_ARG, | 160 | .type = OPTION_ARG, | 
| 161 | .opt.arg = &crl_config.nameopt, | 161 | .opt.arg = &cfg.nameopt, | 
| 162 | }, | 162 | }, | 
| 163 | { | 163 | { | 
| 164 | .name = "nextupdate", | 164 | .name = "nextupdate", | 
| 165 | .desc = "Print the nextUpdate field", | 165 | .desc = "Print the nextUpdate field", | 
| 166 | .type = OPTION_FLAG_ORD, | 166 | .type = OPTION_FLAG_ORD, | 
| 167 | .opt.flag = &crl_config.nextupdate, | 167 | .opt.flag = &cfg.nextupdate, | 
| 168 | }, | 168 | }, | 
| 169 | { | 169 | { | 
| 170 | .name = "noout", | 170 | .name = "noout", | 
| 171 | .desc = "Do not output the encoded version of the CRL", | 171 | .desc = "Do not output the encoded version of the CRL", | 
| 172 | .type = OPTION_FLAG, | 172 | .type = OPTION_FLAG, | 
| 173 | .opt.flag = &crl_config.noout, | 173 | .opt.flag = &cfg.noout, | 
| 174 | }, | 174 | }, | 
| 175 | { | 175 | { | 
| 176 | .name = "out", | 176 | .name = "out", | 
| 177 | .argname = "file", | 177 | .argname = "file", | 
| 178 | .desc = "Output file to write to (stdout if unspecified)", | 178 | .desc = "Output file to write to (stdout if unspecified)", | 
| 179 | .type = OPTION_ARG, | 179 | .type = OPTION_ARG, | 
| 180 | .opt.arg = &crl_config.outfile, | 180 | .opt.arg = &cfg.outfile, | 
| 181 | }, | 181 | }, | 
| 182 | { | 182 | { | 
| 183 | .name = "outform", | 183 | .name = "outform", | 
| 184 | .argname = "format", | 184 | .argname = "format", | 
| 185 | .desc = "Output format (DER or PEM)", | 185 | .desc = "Output format (DER or PEM)", | 
| 186 | .type = OPTION_ARG_FORMAT, | 186 | .type = OPTION_ARG_FORMAT, | 
| 187 | .opt.value = &crl_config.outformat, | 187 | .opt.value = &cfg.outformat, | 
| 188 | }, | 188 | }, | 
| 189 | { | 189 | { | 
| 190 | .name = "text", | 190 | .name = "text", | 
| 191 | .desc = "Print out the CRL in text form", | 191 | .desc = "Print out the CRL in text form", | 
| 192 | .type = OPTION_FLAG, | 192 | .type = OPTION_FLAG, | 
| 193 | .opt.flag = &crl_config.text, | 193 | .opt.flag = &cfg.text, | 
| 194 | }, | 194 | }, | 
| 195 | { | 195 | { | 
| 196 | .name = "verify", | 196 | .name = "verify", | 
| 197 | .desc = "Verify the signature on the CRL", | 197 | .desc = "Verify the signature on the CRL", | 
| 198 | .type = OPTION_FLAG, | 198 | .type = OPTION_FLAG, | 
| 199 | .opt.flag = &crl_config.verify, | 199 | .opt.flag = &cfg.verify, | 
| 200 | }, | 200 | }, | 
| 201 | {NULL}, | 201 | {NULL}, | 
| 202 | }; | 202 | }; | 
| @@ -243,23 +243,23 @@ crl_main(int argc, char **argv) | |||
| 243 | 243 | ||
| 244 | digest = EVP_sha256(); | 244 | digest = EVP_sha256(); | 
| 245 | 245 | ||
| 246 | memset(&crl_config, 0, sizeof(crl_config)); | 246 | memset(&cfg, 0, sizeof(cfg)); | 
| 247 | crl_config.informat = FORMAT_PEM; | 247 | cfg.informat = FORMAT_PEM; | 
| 248 | crl_config.outformat = FORMAT_PEM; | 248 | cfg.outformat = FORMAT_PEM; | 
| 249 | 249 | ||
| 250 | if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { | 250 | if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { | 
| 251 | crl_usage(); | 251 | crl_usage(); | 
| 252 | goto end; | 252 | goto end; | 
| 253 | } | 253 | } | 
| 254 | 254 | ||
| 255 | if (crl_config.cafile != NULL || crl_config.capath != NULL) | 255 | if (cfg.cafile != NULL || cfg.capath != NULL) | 
| 256 | crl_config.verify = 1; | 256 | cfg.verify = 1; | 
| 257 | 257 | ||
| 258 | if (crl_config.nameopt != NULL) { | 258 | if (cfg.nameopt != NULL) { | 
| 259 | if (set_name_ex(&nmflag, crl_config.nameopt) != 1) { | 259 | if (set_name_ex(&nmflag, cfg.nameopt) != 1) { | 
| 260 | fprintf(stderr, | 260 | fprintf(stderr, | 
| 261 | "Invalid -nameopt argument '%s'\n", | 261 | "Invalid -nameopt argument '%s'\n", | 
| 262 | crl_config.nameopt); | 262 | cfg.nameopt); | 
| 263 | goto end; | 263 | goto end; | 
| 264 | } | 264 | } | 
| 265 | } | 265 | } | 
| @@ -273,18 +273,18 @@ crl_main(int argc, char **argv) | |||
| 273 | } | 273 | } | 
| 274 | } | 274 | } | 
| 275 | 275 | ||
| 276 | x = load_crl(crl_config.infile, crl_config.informat); | 276 | x = load_crl(cfg.infile, cfg.informat); | 
| 277 | if (x == NULL) | 277 | if (x == NULL) | 
| 278 | goto end; | 278 | goto end; | 
| 279 | 279 | ||
| 280 | if (crl_config.verify) { | 280 | if (cfg.verify) { | 
| 281 | store = X509_STORE_new(); | 281 | store = X509_STORE_new(); | 
| 282 | if (store == NULL) | 282 | if (store == NULL) | 
| 283 | goto end; | 283 | goto end; | 
| 284 | lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); | 284 | lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); | 
| 285 | if (lookup == NULL) | 285 | if (lookup == NULL) | 
| 286 | goto end; | 286 | goto end; | 
| 287 | if (!X509_LOOKUP_load_file(lookup, crl_config.cafile, | 287 | if (!X509_LOOKUP_load_file(lookup, cfg.cafile, | 
| 288 | X509_FILETYPE_PEM)) | 288 | X509_FILETYPE_PEM)) | 
| 289 | X509_LOOKUP_load_file(lookup, NULL, | 289 | X509_LOOKUP_load_file(lookup, NULL, | 
| 290 | X509_FILETYPE_DEFAULT); | 290 | X509_FILETYPE_DEFAULT); | 
| @@ -292,7 +292,7 @@ crl_main(int argc, char **argv) | |||
| 292 | lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); | 292 | lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); | 
| 293 | if (lookup == NULL) | 293 | if (lookup == NULL) | 
| 294 | goto end; | 294 | goto end; | 
| 295 | if (!X509_LOOKUP_add_dir(lookup, crl_config.capath, | 295 | if (!X509_LOOKUP_add_dir(lookup, cfg.capath, | 
| 296 | X509_FILETYPE_PEM)) | 296 | X509_FILETYPE_PEM)) | 
| 297 | X509_LOOKUP_add_dir(lookup, NULL, | 297 | X509_LOOKUP_add_dir(lookup, NULL, | 
| 298 | X509_FILETYPE_DEFAULT); | 298 | X509_FILETYPE_DEFAULT); | 
| @@ -335,11 +335,11 @@ crl_main(int argc, char **argv) | |||
| 335 | 335 | ||
| 336 | /* Print requested information the order that the flags were given. */ | 336 | /* Print requested information the order that the flags were given. */ | 
| 337 | for (i = 1; i <= argc; i++) { | 337 | for (i = 1; i <= argc; i++) { | 
| 338 | if (crl_config.issuer == i) { | 338 | if (cfg.issuer == i) { | 
| 339 | print_name(bio_out, "issuer=", | 339 | print_name(bio_out, "issuer=", | 
| 340 | X509_CRL_get_issuer(x), nmflag); | 340 | X509_CRL_get_issuer(x), nmflag); | 
| 341 | } | 341 | } | 
| 342 | if (crl_config.crlnumber == i) { | 342 | if (cfg.crlnumber == i) { | 
| 343 | ASN1_INTEGER *crlnum; | 343 | ASN1_INTEGER *crlnum; | 
| 344 | crlnum = X509_CRL_get_ext_d2i(x, | 344 | crlnum = X509_CRL_get_ext_d2i(x, | 
| 345 | NID_crl_number, NULL, NULL); | 345 | NID_crl_number, NULL, NULL); | 
| @@ -351,23 +351,23 @@ crl_main(int argc, char **argv) | |||
| 351 | BIO_puts(bio_out, "<NONE>"); | 351 | BIO_puts(bio_out, "<NONE>"); | 
| 352 | BIO_printf(bio_out, "\n"); | 352 | BIO_printf(bio_out, "\n"); | 
| 353 | } | 353 | } | 
| 354 | if (crl_config.hash == i) { | 354 | if (cfg.hash == i) { | 
| 355 | BIO_printf(bio_out, "%08lx\n", | 355 | BIO_printf(bio_out, "%08lx\n", | 
| 356 | X509_NAME_hash(X509_CRL_get_issuer(x))); | 356 | X509_NAME_hash(X509_CRL_get_issuer(x))); | 
| 357 | } | 357 | } | 
| 358 | #ifndef OPENSSL_NO_MD5 | 358 | #ifndef OPENSSL_NO_MD5 | 
| 359 | if (crl_config.hash_old == i) { | 359 | if (cfg.hash_old == i) { | 
| 360 | BIO_printf(bio_out, "%08lx\n", | 360 | BIO_printf(bio_out, "%08lx\n", | 
| 361 | X509_NAME_hash_old(X509_CRL_get_issuer(x))); | 361 | X509_NAME_hash_old(X509_CRL_get_issuer(x))); | 
| 362 | } | 362 | } | 
| 363 | #endif | 363 | #endif | 
| 364 | if (crl_config.lastupdate == i) { | 364 | if (cfg.lastupdate == i) { | 
| 365 | BIO_printf(bio_out, "lastUpdate="); | 365 | BIO_printf(bio_out, "lastUpdate="); | 
| 366 | ASN1_TIME_print(bio_out, | 366 | ASN1_TIME_print(bio_out, | 
| 367 | X509_CRL_get_lastUpdate(x)); | 367 | X509_CRL_get_lastUpdate(x)); | 
| 368 | BIO_printf(bio_out, "\n"); | 368 | BIO_printf(bio_out, "\n"); | 
| 369 | } | 369 | } | 
| 370 | if (crl_config.nextupdate == i) { | 370 | if (cfg.nextupdate == i) { | 
| 371 | BIO_printf(bio_out, "nextUpdate="); | 371 | BIO_printf(bio_out, "nextUpdate="); | 
| 372 | if (X509_CRL_get_nextUpdate(x)) | 372 | if (X509_CRL_get_nextUpdate(x)) | 
| 373 | ASN1_TIME_print(bio_out, | 373 | ASN1_TIME_print(bio_out, | 
| @@ -376,7 +376,7 @@ crl_main(int argc, char **argv) | |||
| 376 | BIO_printf(bio_out, "NONE"); | 376 | BIO_printf(bio_out, "NONE"); | 
| 377 | BIO_printf(bio_out, "\n"); | 377 | BIO_printf(bio_out, "\n"); | 
| 378 | } | 378 | } | 
| 379 | if (crl_config.fingerprint == i) { | 379 | if (cfg.fingerprint == i) { | 
| 380 | int j; | 380 | int j; | 
| 381 | unsigned int n; | 381 | unsigned int n; | 
| 382 | unsigned char md[EVP_MAX_MD_SIZE]; | 382 | unsigned char md[EVP_MAX_MD_SIZE]; | 
| @@ -399,25 +399,25 @@ crl_main(int argc, char **argv) | |||
| 399 | ERR_print_errors(bio_err); | 399 | ERR_print_errors(bio_err); | 
| 400 | goto end; | 400 | goto end; | 
| 401 | } | 401 | } | 
| 402 | if (crl_config.outfile == NULL) { | 402 | if (cfg.outfile == NULL) { | 
| 403 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 403 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 404 | } else { | 404 | } else { | 
| 405 | if (BIO_write_filename(out, crl_config.outfile) <= 0) { | 405 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 406 | perror(crl_config.outfile); | 406 | perror(cfg.outfile); | 
| 407 | goto end; | 407 | goto end; | 
| 408 | } | 408 | } | 
| 409 | } | 409 | } | 
| 410 | 410 | ||
| 411 | if (crl_config.text) | 411 | if (cfg.text) | 
| 412 | X509_CRL_print(out, x); | 412 | X509_CRL_print(out, x); | 
| 413 | 413 | ||
| 414 | if (crl_config.noout) { | 414 | if (cfg.noout) { | 
| 415 | ret = 0; | 415 | ret = 0; | 
| 416 | goto end; | 416 | goto end; | 
| 417 | } | 417 | } | 
| 418 | if (crl_config.outformat == FORMAT_ASN1) | 418 | if (cfg.outformat == FORMAT_ASN1) | 
| 419 | i = (int) i2d_X509_CRL_bio(out, x); | 419 | i = (int) i2d_X509_CRL_bio(out, x); | 
| 420 | else if (crl_config.outformat == FORMAT_PEM) | 420 | else if (cfg.outformat == FORMAT_PEM) | 
| 421 | i = PEM_write_bio_X509_CRL(out, x); | 421 | i = PEM_write_bio_X509_CRL(out, x); | 
| 422 | else { | 422 | else { | 
| 423 | BIO_printf(bio_err, | 423 | BIO_printf(bio_err, | 
| diff --git a/src/usr.bin/openssl/crl2p7.c b/src/usr.bin/openssl/crl2p7.c index 0b0eae2a99..dfbc896a21 100644 --- a/src/usr.bin/openssl/crl2p7.c +++ b/src/usr.bin/openssl/crl2p7.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crl2p7.c,v 1.10 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: crl2p7.c,v 1.11 2023/03/06 14:32:05 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -83,18 +83,18 @@ static struct { | |||
| 83 | int nocrl; | 83 | int nocrl; | 
| 84 | char *outfile; | 84 | char *outfile; | 
| 85 | int outformat; | 85 | int outformat; | 
| 86 | } crl2p7_config; | 86 | } cfg; | 
| 87 | 87 | ||
| 88 | static int | 88 | static int | 
| 89 | crl2p7_opt_certfile(char *arg) | 89 | crl2p7_opt_certfile(char *arg) | 
| 90 | { | 90 | { | 
| 91 | if (crl2p7_config.certflst == NULL) | 91 | if (cfg.certflst == NULL) | 
| 92 | crl2p7_config.certflst = sk_OPENSSL_STRING_new_null(); | 92 | cfg.certflst = sk_OPENSSL_STRING_new_null(); | 
| 93 | if (crl2p7_config.certflst == NULL) { | 93 | if (cfg.certflst == NULL) { | 
| 94 | fprintf(stderr, "out of memory\n"); | 94 | fprintf(stderr, "out of memory\n"); | 
| 95 | return (1); | 95 | return (1); | 
| 96 | } | 96 | } | 
| 97 | if (!sk_OPENSSL_STRING_push(crl2p7_config.certflst, arg)) { | 97 | if (!sk_OPENSSL_STRING_push(cfg.certflst, arg)) { | 
| 98 | fprintf(stderr, "out of memory\n"); | 98 | fprintf(stderr, "out of memory\n"); | 
| 99 | return (1); | 99 | return (1); | 
| 100 | } | 100 | } | 
| @@ -115,34 +115,34 @@ static const struct option crl2p7_options[] = { | |||
| 115 | .argname = "file", | 115 | .argname = "file", | 
| 116 | .desc = "Input file (default stdin)", | 116 | .desc = "Input file (default stdin)", | 
| 117 | .type = OPTION_ARG, | 117 | .type = OPTION_ARG, | 
| 118 | .opt.arg = &crl2p7_config.infile, | 118 | .opt.arg = &cfg.infile, | 
| 119 | }, | 119 | }, | 
| 120 | { | 120 | { | 
| 121 | .name = "inform", | 121 | .name = "inform", | 
| 122 | .argname = "format", | 122 | .argname = "format", | 
| 123 | .desc = "Input format (DER or PEM (default))", | 123 | .desc = "Input format (DER or PEM (default))", | 
| 124 | .type = OPTION_ARG_FORMAT, | 124 | .type = OPTION_ARG_FORMAT, | 
| 125 | .opt.value = &crl2p7_config.informat, | 125 | .opt.value = &cfg.informat, | 
| 126 | }, | 126 | }, | 
| 127 | { | 127 | { | 
| 128 | .name = "nocrl", | 128 | .name = "nocrl", | 
| 129 | .desc = "Do not read CRL from input or include CRL in output", | 129 | .desc = "Do not read CRL from input or include CRL in output", | 
| 130 | .type = OPTION_FLAG, | 130 | .type = OPTION_FLAG, | 
| 131 | .opt.flag = &crl2p7_config.nocrl, | 131 | .opt.flag = &cfg.nocrl, | 
| 132 | }, | 132 | }, | 
| 133 | { | 133 | { | 
| 134 | .name = "out", | 134 | .name = "out", | 
| 135 | .argname = "file", | 135 | .argname = "file", | 
| 136 | .desc = "Output file (default stdout)", | 136 | .desc = "Output file (default stdout)", | 
| 137 | .type = OPTION_ARG, | 137 | .type = OPTION_ARG, | 
| 138 | .opt.arg = &crl2p7_config.outfile, | 138 | .opt.arg = &cfg.outfile, | 
| 139 | }, | 139 | }, | 
| 140 | { | 140 | { | 
| 141 | .name = "outform", | 141 | .name = "outform", | 
| 142 | .argname = "format", | 142 | .argname = "format", | 
| 143 | .desc = "Output format (DER or PEM (default))", | 143 | .desc = "Output format (DER or PEM (default))", | 
| 144 | .type = OPTION_ARG_FORMAT, | 144 | .type = OPTION_ARG_FORMAT, | 
| 145 | .opt.value = &crl2p7_config.outformat, | 145 | .opt.value = &cfg.outformat, | 
| 146 | }, | 146 | }, | 
| 147 | { NULL }, | 147 | { NULL }, | 
| 148 | }; | 148 | }; | 
| @@ -174,10 +174,10 @@ crl2pkcs7_main(int argc, char **argv) | |||
| 174 | exit(1); | 174 | exit(1); | 
| 175 | } | 175 | } | 
| 176 | 176 | ||
| 177 | memset(&crl2p7_config, 0, sizeof(crl2p7_config)); | 177 | memset(&cfg, 0, sizeof(cfg)); | 
| 178 | 178 | ||
| 179 | crl2p7_config.informat = FORMAT_PEM; | 179 | cfg.informat = FORMAT_PEM; | 
| 180 | crl2p7_config.outformat = FORMAT_PEM; | 180 | cfg.outformat = FORMAT_PEM; | 
| 181 | 181 | ||
| 182 | if (options_parse(argc, argv, crl2p7_options, NULL, NULL) != 0) { | 182 | if (options_parse(argc, argv, crl2p7_options, NULL, NULL) != 0) { | 
| 183 | crl2p7_usage(); | 183 | crl2p7_usage(); | 
| @@ -190,19 +190,19 @@ crl2pkcs7_main(int argc, char **argv) | |||
| 190 | ERR_print_errors(bio_err); | 190 | ERR_print_errors(bio_err); | 
| 191 | goto end; | 191 | goto end; | 
| 192 | } | 192 | } | 
| 193 | if (!crl2p7_config.nocrl) { | 193 | if (!cfg.nocrl) { | 
| 194 | if (crl2p7_config.infile == NULL) | 194 | if (cfg.infile == NULL) | 
| 195 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 195 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 196 | else { | 196 | else { | 
| 197 | if (BIO_read_filename(in, crl2p7_config.infile) <= 0) { | 197 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 198 | perror(crl2p7_config.infile); | 198 | perror(cfg.infile); | 
| 199 | goto end; | 199 | goto end; | 
| 200 | } | 200 | } | 
| 201 | } | 201 | } | 
| 202 | 202 | ||
| 203 | if (crl2p7_config.informat == FORMAT_ASN1) | 203 | if (cfg.informat == FORMAT_ASN1) | 
| 204 | crl = d2i_X509_CRL_bio(in, NULL); | 204 | crl = d2i_X509_CRL_bio(in, NULL); | 
| 205 | else if (crl2p7_config.informat == FORMAT_PEM) | 205 | else if (cfg.informat == FORMAT_PEM) | 
| 206 | crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); | 206 | crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); | 
| 207 | else { | 207 | else { | 
| 208 | BIO_printf(bio_err, | 208 | BIO_printf(bio_err, | 
| @@ -236,9 +236,9 @@ crl2pkcs7_main(int argc, char **argv) | |||
| 236 | goto end; | 236 | goto end; | 
| 237 | p7s->cert = cert_stack; | 237 | p7s->cert = cert_stack; | 
| 238 | 238 | ||
| 239 | if (crl2p7_config.certflst) { | 239 | if (cfg.certflst) { | 
| 240 | for (i = 0; i < sk_OPENSSL_STRING_num(crl2p7_config.certflst); i++) { | 240 | for (i = 0; i < sk_OPENSSL_STRING_num(cfg.certflst); i++) { | 
| 241 | certfile = sk_OPENSSL_STRING_value(crl2p7_config.certflst, i); | 241 | certfile = sk_OPENSSL_STRING_value(cfg.certflst, i); | 
| 242 | if (add_certs_from_file(cert_stack, certfile) < 0) { | 242 | if (add_certs_from_file(cert_stack, certfile) < 0) { | 
| 243 | BIO_printf(bio_err, | 243 | BIO_printf(bio_err, | 
| 244 | "error loading certificates\n"); | 244 | "error loading certificates\n"); | 
| @@ -248,20 +248,20 @@ crl2pkcs7_main(int argc, char **argv) | |||
| 248 | } | 248 | } | 
| 249 | } | 249 | } | 
| 250 | 250 | ||
| 251 | sk_OPENSSL_STRING_free(crl2p7_config.certflst); | 251 | sk_OPENSSL_STRING_free(cfg.certflst); | 
| 252 | 252 | ||
| 253 | if (crl2p7_config.outfile == NULL) { | 253 | if (cfg.outfile == NULL) { | 
| 254 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 254 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 255 | } else { | 255 | } else { | 
| 256 | if (BIO_write_filename(out, crl2p7_config.outfile) <= 0) { | 256 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 257 | perror(crl2p7_config.outfile); | 257 | perror(cfg.outfile); | 
| 258 | goto end; | 258 | goto end; | 
| 259 | } | 259 | } | 
| 260 | } | 260 | } | 
| 261 | 261 | ||
| 262 | if (crl2p7_config.outformat == FORMAT_ASN1) | 262 | if (cfg.outformat == FORMAT_ASN1) | 
| 263 | i = i2d_PKCS7_bio(out, p7); | 263 | i = i2d_PKCS7_bio(out, p7); | 
| 264 | else if (crl2p7_config.outformat == FORMAT_PEM) | 264 | else if (cfg.outformat == FORMAT_PEM) | 
| 265 | i = PEM_write_bio_PKCS7(out, p7); | 265 | i = PEM_write_bio_PKCS7(out, p7); | 
| 266 | else { | 266 | else { | 
| 267 | BIO_printf(bio_err, | 267 | BIO_printf(bio_err, | 
| diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c index d29bc6f98c..3979966481 100644 --- a/src/usr.bin/openssl/dgst.c +++ b/src/usr.bin/openssl/dgst.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dgst.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: dgst.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -96,7 +96,7 @@ static struct { | |||
| 96 | char *sigfile; | 96 | char *sigfile; | 
| 97 | STACK_OF(OPENSSL_STRING) *sigopts; | 97 | STACK_OF(OPENSSL_STRING) *sigopts; | 
| 98 | int want_pub; | 98 | int want_pub; | 
| 99 | } dgst_config; | 99 | } cfg; | 
| 100 | 100 | ||
| 101 | static int | 101 | static int | 
| 102 | dgst_opt_macopt(char *arg) | 102 | dgst_opt_macopt(char *arg) | 
| @@ -104,11 +104,11 @@ dgst_opt_macopt(char *arg) | |||
| 104 | if (arg == NULL) | 104 | if (arg == NULL) | 
| 105 | return (1); | 105 | return (1); | 
| 106 | 106 | ||
| 107 | if (dgst_config.macopts == NULL && | 107 | if (cfg.macopts == NULL && | 
| 108 | (dgst_config.macopts = sk_OPENSSL_STRING_new_null()) == NULL) | 108 | (cfg.macopts = sk_OPENSSL_STRING_new_null()) == NULL) | 
| 109 | return (1); | 109 | return (1); | 
| 110 | 110 | ||
| 111 | if (!sk_OPENSSL_STRING_push(dgst_config.macopts, arg)) | 111 | if (!sk_OPENSSL_STRING_push(cfg.macopts, arg)) | 
| 112 | return (1); | 112 | return (1); | 
| 113 | 113 | ||
| 114 | return (0); | 114 | return (0); | 
| @@ -122,10 +122,10 @@ dgst_opt_md(int argc, char **argv, int *argsused) | |||
| 122 | if (*name++ != '-') | 122 | if (*name++ != '-') | 
| 123 | return (1); | 123 | return (1); | 
| 124 | 124 | ||
| 125 | if ((dgst_config.m = EVP_get_digestbyname(name)) == NULL) | 125 | if ((cfg.m = EVP_get_digestbyname(name)) == NULL) | 
| 126 | return (1); | 126 | return (1); | 
| 127 | 127 | ||
| 128 | dgst_config.md = dgst_config.m; | 128 | cfg.md = cfg.m; | 
| 129 | 129 | ||
| 130 | *argsused = 1; | 130 | *argsused = 1; | 
| 131 | return (0); | 131 | return (0); | 
| @@ -137,8 +137,8 @@ dgst_opt_prverify(char *arg) | |||
| 137 | if (arg == NULL) | 137 | if (arg == NULL) | 
| 138 | return (1); | 138 | return (1); | 
| 139 | 139 | ||
| 140 | dgst_config.keyfile = arg; | 140 | cfg.keyfile = arg; | 
| 141 | dgst_config.do_verify = 1; | 141 | cfg.do_verify = 1; | 
| 142 | return (0); | 142 | return (0); | 
| 143 | } | 143 | } | 
| 144 | 144 | ||
| @@ -148,11 +148,11 @@ dgst_opt_sigopt(char *arg) | |||
| 148 | if (arg == NULL) | 148 | if (arg == NULL) | 
| 149 | return (1); | 149 | return (1); | 
| 150 | 150 | ||
| 151 | if (dgst_config.sigopts == NULL && | 151 | if (cfg.sigopts == NULL && | 
| 152 | (dgst_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) | 152 | (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) | 
| 153 | return (1); | 153 | return (1); | 
| 154 | 154 | ||
| 155 | if (!sk_OPENSSL_STRING_push(dgst_config.sigopts, arg)) | 155 | if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) | 
| 156 | return (1); | 156 | return (1); | 
| 157 | 157 | ||
| 158 | return (0); | 158 | return (0); | 
| @@ -164,9 +164,9 @@ dgst_opt_verify(char *arg) | |||
| 164 | if (arg == NULL) | 164 | if (arg == NULL) | 
| 165 | return (1); | 165 | return (1); | 
| 166 | 166 | ||
| 167 | dgst_config.keyfile = arg; | 167 | cfg.keyfile = arg; | 
| 168 | dgst_config.want_pub = 1; | 168 | cfg.want_pub = 1; | 
| 169 | dgst_config.do_verify = 1; | 169 | cfg.do_verify = 1; | 
| 170 | return (0); | 170 | return (0); | 
| 171 | } | 171 | } | 
| 172 | 172 | ||
| @@ -175,27 +175,27 @@ static const struct option dgst_options[] = { | |||
| 175 | .name = "binary", | 175 | .name = "binary", | 
| 176 | .desc = "Output the digest or signature in binary form", | 176 | .desc = "Output the digest or signature in binary form", | 
| 177 | .type = OPTION_VALUE, | 177 | .type = OPTION_VALUE, | 
| 178 | .opt.value = &dgst_config.out_bin, | 178 | .opt.value = &cfg.out_bin, | 
| 179 | .value = 1, | 179 | .value = 1, | 
| 180 | }, | 180 | }, | 
| 181 | { | 181 | { | 
| 182 | .name = "c", | 182 | .name = "c", | 
| 183 | .desc = "Print the digest in two-digit groups separated by colons", | 183 | .desc = "Print the digest in two-digit groups separated by colons", | 
| 184 | .type = OPTION_VALUE, | 184 | .type = OPTION_VALUE, | 
| 185 | .opt.value = &dgst_config.separator, | 185 | .opt.value = &cfg.separator, | 
| 186 | .value = 1, | 186 | .value = 1, | 
| 187 | }, | 187 | }, | 
| 188 | { | 188 | { | 
| 189 | .name = "d", | 189 | .name = "d", | 
| 190 | .desc = "Print BIO debugging information", | 190 | .desc = "Print BIO debugging information", | 
| 191 | .type = OPTION_FLAG, | 191 | .type = OPTION_FLAG, | 
| 192 | .opt.flag = &dgst_config.debug, | 192 | .opt.flag = &cfg.debug, | 
| 193 | }, | 193 | }, | 
| 194 | { | 194 | { | 
| 195 | .name = "hex", | 195 | .name = "hex", | 
| 196 | .desc = "Output as hex dump", | 196 | .desc = "Output as hex dump", | 
| 197 | .type = OPTION_VALUE, | 197 | .type = OPTION_VALUE, | 
| 198 | .opt.value = &dgst_config.out_bin, | 198 | .opt.value = &cfg.out_bin, | 
| 199 | .value = 0, | 199 | .value = 0, | 
| 200 | }, | 200 | }, | 
| 201 | { | 201 | { | 
| @@ -203,21 +203,21 @@ static const struct option dgst_options[] = { | |||
| 203 | .argname = "key", | 203 | .argname = "key", | 
| 204 | .desc = "Create hashed MAC with key", | 204 | .desc = "Create hashed MAC with key", | 
| 205 | .type = OPTION_ARG, | 205 | .type = OPTION_ARG, | 
| 206 | .opt.arg = &dgst_config.hmac_key, | 206 | .opt.arg = &cfg.hmac_key, | 
| 207 | }, | 207 | }, | 
| 208 | { | 208 | { | 
| 209 | .name = "keyform", | 209 | .name = "keyform", | 
| 210 | .argname = "format", | 210 | .argname = "format", | 
| 211 | .desc = "Key file format (PEM)", | 211 | .desc = "Key file format (PEM)", | 
| 212 | .type = OPTION_ARG_FORMAT, | 212 | .type = OPTION_ARG_FORMAT, | 
| 213 | .opt.value = &dgst_config.keyform, | 213 | .opt.value = &cfg.keyform, | 
| 214 | }, | 214 | }, | 
| 215 | { | 215 | { | 
| 216 | .name = "mac", | 216 | .name = "mac", | 
| 217 | .argname = "algorithm", | 217 | .argname = "algorithm", | 
| 218 | .desc = "Create MAC (not necessarily HMAC)", | 218 | .desc = "Create MAC (not necessarily HMAC)", | 
| 219 | .type = OPTION_ARG, | 219 | .type = OPTION_ARG, | 
| 220 | .opt.arg = &dgst_config.mac_name, | 220 | .opt.arg = &cfg.mac_name, | 
| 221 | }, | 221 | }, | 
| 222 | { | 222 | { | 
| 223 | .name = "macopt", | 223 | .name = "macopt", | 
| @@ -231,14 +231,14 @@ static const struct option dgst_options[] = { | |||
| 231 | .argname = "file", | 231 | .argname = "file", | 
| 232 | .desc = "Output to file rather than stdout", | 232 | .desc = "Output to file rather than stdout", | 
| 233 | .type = OPTION_ARG, | 233 | .type = OPTION_ARG, | 
| 234 | .opt.arg = &dgst_config.outfile, | 234 | .opt.arg = &cfg.outfile, | 
| 235 | }, | 235 | }, | 
| 236 | { | 236 | { | 
| 237 | .name = "passin", | 237 | .name = "passin", | 
| 238 | .argname = "arg", | 238 | .argname = "arg", | 
| 239 | .desc = "Input file passphrase source", | 239 | .desc = "Input file passphrase source", | 
| 240 | .type = OPTION_ARG, | 240 | .type = OPTION_ARG, | 
| 241 | .opt.arg = &dgst_config.passargin, | 241 | .opt.arg = &cfg.passargin, | 
| 242 | }, | 242 | }, | 
| 243 | { | 243 | { | 
| 244 | .name = "prverify", | 244 | .name = "prverify", | 
| @@ -251,7 +251,7 @@ static const struct option dgst_options[] = { | |||
| 251 | .name = "r", | 251 | .name = "r", | 
| 252 | .desc = "Output the digest in coreutils format", | 252 | .desc = "Output the digest in coreutils format", | 
| 253 | .type = OPTION_VALUE, | 253 | .type = OPTION_VALUE, | 
| 254 | .opt.value = &dgst_config.separator, | 254 | .opt.value = &cfg.separator, | 
| 255 | .value = 2, | 255 | .value = 2, | 
| 256 | }, | 256 | }, | 
| 257 | { | 257 | { | 
| @@ -259,14 +259,14 @@ static const struct option dgst_options[] = { | |||
| 259 | .argname = "file", | 259 | .argname = "file", | 
| 260 | .desc = "Sign digest using private key in file", | 260 | .desc = "Sign digest using private key in file", | 
| 261 | .type = OPTION_ARG, | 261 | .type = OPTION_ARG, | 
| 262 | .opt.arg = &dgst_config.keyfile, | 262 | .opt.arg = &cfg.keyfile, | 
| 263 | }, | 263 | }, | 
| 264 | { | 264 | { | 
| 265 | .name = "signature", | 265 | .name = "signature", | 
| 266 | .argname = "file", | 266 | .argname = "file", | 
| 267 | .desc = "Signature to verify", | 267 | .desc = "Signature to verify", | 
| 268 | .type = OPTION_ARG, | 268 | .type = OPTION_ARG, | 
| 269 | .opt.arg = &dgst_config.sigfile, | 269 | .opt.arg = &cfg.sigfile, | 
| 270 | }, | 270 | }, | 
| 271 | { | 271 | { | 
| 272 | .name = "sigopt", | 272 | .name = "sigopt", | 
| @@ -348,24 +348,24 @@ dgst_main(int argc, char **argv) | |||
| 348 | goto end; | 348 | goto end; | 
| 349 | } | 349 | } | 
| 350 | 350 | ||
| 351 | memset(&dgst_config, 0, sizeof(dgst_config)); | 351 | memset(&cfg, 0, sizeof(cfg)); | 
| 352 | dgst_config.keyform = FORMAT_PEM; | 352 | cfg.keyform = FORMAT_PEM; | 
| 353 | dgst_config.out_bin = -1; | 353 | cfg.out_bin = -1; | 
| 354 | 354 | ||
| 355 | /* first check the program name */ | 355 | /* first check the program name */ | 
| 356 | program_name(argv[0], pname, sizeof pname); | 356 | program_name(argv[0], pname, sizeof pname); | 
| 357 | 357 | ||
| 358 | dgst_config.md = EVP_get_digestbyname(pname); | 358 | cfg.md = EVP_get_digestbyname(pname); | 
| 359 | 359 | ||
| 360 | if (options_parse(argc, argv, dgst_options, NULL, | 360 | if (options_parse(argc, argv, dgst_options, NULL, | 
| 361 | &dgst_config.argsused) != 0) { | 361 | &cfg.argsused) != 0) { | 
| 362 | dgst_usage(); | 362 | dgst_usage(); | 
| 363 | goto end; | 363 | goto end; | 
| 364 | } | 364 | } | 
| 365 | argc -= dgst_config.argsused; | 365 | argc -= cfg.argsused; | 
| 366 | argv += dgst_config.argsused; | 366 | argv += cfg.argsused; | 
| 367 | 367 | ||
| 368 | if (dgst_config.do_verify && !dgst_config.sigfile) { | 368 | if (cfg.do_verify && !cfg.sigfile) { | 
| 369 | BIO_printf(bio_err, | 369 | BIO_printf(bio_err, | 
| 370 | "No signature to verify: use the -signature option\n"); | 370 | "No signature to verify: use the -signature option\n"); | 
| 371 | goto end; | 371 | goto end; | 
| @@ -378,50 +378,50 @@ dgst_main(int argc, char **argv) | |||
| 378 | goto end; | 378 | goto end; | 
| 379 | } | 379 | } | 
| 380 | 380 | ||
| 381 | if (dgst_config.debug) { | 381 | if (cfg.debug) { | 
| 382 | BIO_set_callback(in, BIO_debug_callback); | 382 | BIO_set_callback(in, BIO_debug_callback); | 
| 383 | /* needed for windows 3.1 */ | 383 | /* needed for windows 3.1 */ | 
| 384 | BIO_set_callback_arg(in, (char *) bio_err); | 384 | BIO_set_callback_arg(in, (char *) bio_err); | 
| 385 | } | 385 | } | 
| 386 | if (!app_passwd(bio_err, dgst_config.passargin, NULL, &passin, NULL)) { | 386 | if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { | 
| 387 | BIO_printf(bio_err, "Error getting password\n"); | 387 | BIO_printf(bio_err, "Error getting password\n"); | 
| 388 | goto end; | 388 | goto end; | 
| 389 | } | 389 | } | 
| 390 | if (dgst_config.out_bin == -1) { | 390 | if (cfg.out_bin == -1) { | 
| 391 | if (dgst_config.keyfile) | 391 | if (cfg.keyfile) | 
| 392 | dgst_config.out_bin = 1; | 392 | cfg.out_bin = 1; | 
| 393 | else | 393 | else | 
| 394 | dgst_config.out_bin = 0; | 394 | cfg.out_bin = 0; | 
| 395 | } | 395 | } | 
| 396 | 396 | ||
| 397 | if (dgst_config.outfile) { | 397 | if (cfg.outfile) { | 
| 398 | if (dgst_config.out_bin) | 398 | if (cfg.out_bin) | 
| 399 | out = BIO_new_file(dgst_config.outfile, "wb"); | 399 | out = BIO_new_file(cfg.outfile, "wb"); | 
| 400 | else | 400 | else | 
| 401 | out = BIO_new_file(dgst_config.outfile, "w"); | 401 | out = BIO_new_file(cfg.outfile, "w"); | 
| 402 | } else { | 402 | } else { | 
| 403 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 403 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 404 | } | 404 | } | 
| 405 | 405 | ||
| 406 | if (!out) { | 406 | if (!out) { | 
| 407 | BIO_printf(bio_err, "Error opening output file %s\n", | 407 | BIO_printf(bio_err, "Error opening output file %s\n", | 
| 408 | dgst_config.outfile ? dgst_config.outfile : "(stdout)"); | 408 | cfg.outfile ? cfg.outfile : "(stdout)"); | 
| 409 | ERR_print_errors(bio_err); | 409 | ERR_print_errors(bio_err); | 
| 410 | goto end; | 410 | goto end; | 
| 411 | } | 411 | } | 
| 412 | if ((!!dgst_config.mac_name + !!dgst_config.keyfile + | 412 | if ((!!cfg.mac_name + !!cfg.keyfile + | 
| 413 | !!dgst_config.hmac_key) > 1) { | 413 | !!cfg.hmac_key) > 1) { | 
| 414 | BIO_printf(bio_err, | 414 | BIO_printf(bio_err, | 
| 415 | "MAC and Signing key cannot both be specified\n"); | 415 | "MAC and Signing key cannot both be specified\n"); | 
| 416 | goto end; | 416 | goto end; | 
| 417 | } | 417 | } | 
| 418 | if (dgst_config.keyfile) { | 418 | if (cfg.keyfile) { | 
| 419 | if (dgst_config.want_pub) | 419 | if (cfg.want_pub) | 
| 420 | sigkey = load_pubkey(bio_err, dgst_config.keyfile, | 420 | sigkey = load_pubkey(bio_err, cfg.keyfile, | 
| 421 | dgst_config.keyform, 0, NULL, "key file"); | 421 | cfg.keyform, 0, NULL, "key file"); | 
| 422 | else | 422 | else | 
| 423 | sigkey = load_key(bio_err, dgst_config.keyfile, | 423 | sigkey = load_key(bio_err, cfg.keyfile, | 
| 424 | dgst_config.keyform, 0, passin, "key file"); | 424 | cfg.keyform, 0, passin, "key file"); | 
| 425 | if (!sigkey) { | 425 | if (!sigkey) { | 
| 426 | /* | 426 | /* | 
| 427 | * load_[pub]key() has already printed an appropriate | 427 | * load_[pub]key() has already printed an appropriate | 
| @@ -430,17 +430,17 @@ dgst_main(int argc, char **argv) | |||
| 430 | goto end; | 430 | goto end; | 
| 431 | } | 431 | } | 
| 432 | } | 432 | } | 
| 433 | if (dgst_config.mac_name) { | 433 | if (cfg.mac_name) { | 
| 434 | EVP_PKEY_CTX *mac_ctx = NULL; | 434 | EVP_PKEY_CTX *mac_ctx = NULL; | 
| 435 | int r = 0; | 435 | int r = 0; | 
| 436 | if (!init_gen_str(bio_err, &mac_ctx, dgst_config.mac_name, 0)) | 436 | if (!init_gen_str(bio_err, &mac_ctx, cfg.mac_name, 0)) | 
| 437 | goto mac_end; | 437 | goto mac_end; | 
| 438 | if (dgst_config.macopts) { | 438 | if (cfg.macopts) { | 
| 439 | char *macopt; | 439 | char *macopt; | 
| 440 | for (i = 0; i < sk_OPENSSL_STRING_num( | 440 | for (i = 0; i < sk_OPENSSL_STRING_num( | 
| 441 | dgst_config.macopts); i++) { | 441 | cfg.macopts); i++) { | 
| 442 | macopt = sk_OPENSSL_STRING_value( | 442 | macopt = sk_OPENSSL_STRING_value( | 
| 443 | dgst_config.macopts, i); | 443 | cfg.macopts, i); | 
| 444 | if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { | 444 | if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { | 
| 445 | BIO_printf(bio_err, | 445 | BIO_printf(bio_err, | 
| 446 | "MAC parameter error \"%s\"\n", | 446 | "MAC parameter error \"%s\"\n", | 
| @@ -461,9 +461,9 @@ dgst_main(int argc, char **argv) | |||
| 461 | if (r == 0) | 461 | if (r == 0) | 
| 462 | goto end; | 462 | goto end; | 
| 463 | } | 463 | } | 
| 464 | if (dgst_config.hmac_key) { | 464 | if (cfg.hmac_key) { | 
| 465 | sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, | 465 | sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, | 
| 466 | (unsigned char *) dgst_config.hmac_key, -1); | 466 | (unsigned char *) cfg.hmac_key, -1); | 
| 467 | if (!sigkey) | 467 | if (!sigkey) | 
| 468 | goto end; | 468 | goto end; | 
| 469 | } | 469 | } | 
| @@ -476,23 +476,23 @@ dgst_main(int argc, char **argv) | |||
| 476 | ERR_print_errors(bio_err); | 476 | ERR_print_errors(bio_err); | 
| 477 | goto end; | 477 | goto end; | 
| 478 | } | 478 | } | 
| 479 | if (dgst_config.do_verify) | 479 | if (cfg.do_verify) | 
| 480 | r = EVP_DigestVerifyInit(mctx, &pctx, dgst_config.md, | 480 | r = EVP_DigestVerifyInit(mctx, &pctx, cfg.md, | 
| 481 | NULL, sigkey); | 481 | NULL, sigkey); | 
| 482 | else | 482 | else | 
| 483 | r = EVP_DigestSignInit(mctx, &pctx, dgst_config.md, | 483 | r = EVP_DigestSignInit(mctx, &pctx, cfg.md, | 
| 484 | NULL, sigkey); | 484 | NULL, sigkey); | 
| 485 | if (!r) { | 485 | if (!r) { | 
| 486 | BIO_printf(bio_err, "Error setting context\n"); | 486 | BIO_printf(bio_err, "Error setting context\n"); | 
| 487 | ERR_print_errors(bio_err); | 487 | ERR_print_errors(bio_err); | 
| 488 | goto end; | 488 | goto end; | 
| 489 | } | 489 | } | 
| 490 | if (dgst_config.sigopts) { | 490 | if (cfg.sigopts) { | 
| 491 | char *sigopt; | 491 | char *sigopt; | 
| 492 | for (i = 0; i < sk_OPENSSL_STRING_num( | 492 | for (i = 0; i < sk_OPENSSL_STRING_num( | 
| 493 | dgst_config.sigopts); i++) { | 493 | cfg.sigopts); i++) { | 
| 494 | sigopt = sk_OPENSSL_STRING_value( | 494 | sigopt = sk_OPENSSL_STRING_value( | 
| 495 | dgst_config.sigopts, i); | 495 | cfg.sigopts, i); | 
| 496 | if (pkey_ctrl_string(pctx, sigopt) <= 0) { | 496 | if (pkey_ctrl_string(pctx, sigopt) <= 0) { | 
| 497 | BIO_printf(bio_err, | 497 | BIO_printf(bio_err, | 
| 498 | "parameter error \"%s\"\n", | 498 | "parameter error \"%s\"\n", | 
| @@ -505,16 +505,16 @@ dgst_main(int argc, char **argv) | |||
| 505 | } | 505 | } | 
| 506 | /* we use md as a filter, reading from 'in' */ | 506 | /* we use md as a filter, reading from 'in' */ | 
| 507 | else { | 507 | else { | 
| 508 | if (dgst_config.md == NULL) | 508 | if (cfg.md == NULL) | 
| 509 | dgst_config.md = EVP_sha256(); | 509 | cfg.md = EVP_sha256(); | 
| 510 | if (!BIO_set_md(bmd, dgst_config.md)) { | 510 | if (!BIO_set_md(bmd, cfg.md)) { | 
| 511 | BIO_printf(bio_err, "Error setting digest %s\n", pname); | 511 | BIO_printf(bio_err, "Error setting digest %s\n", pname); | 
| 512 | ERR_print_errors(bio_err); | 512 | ERR_print_errors(bio_err); | 
| 513 | goto end; | 513 | goto end; | 
| 514 | } | 514 | } | 
| 515 | } | 515 | } | 
| 516 | 516 | ||
| 517 | if (dgst_config.sigfile && sigkey) { | 517 | if (cfg.sigfile && sigkey) { | 
| 518 | BIO *sigbio; | 518 | BIO *sigbio; | 
| 519 | siglen = EVP_PKEY_size(sigkey); | 519 | siglen = EVP_PKEY_size(sigkey); | 
| 520 | sigbuf = malloc(siglen); | 520 | sigbuf = malloc(siglen); | 
| @@ -523,10 +523,10 @@ dgst_main(int argc, char **argv) | |||
| 523 | ERR_print_errors(bio_err); | 523 | ERR_print_errors(bio_err); | 
| 524 | goto end; | 524 | goto end; | 
| 525 | } | 525 | } | 
| 526 | sigbio = BIO_new_file(dgst_config.sigfile, "rb"); | 526 | sigbio = BIO_new_file(cfg.sigfile, "rb"); | 
| 527 | if (!sigbio) { | 527 | if (!sigbio) { | 
| 528 | BIO_printf(bio_err, "Error opening signature file %s\n", | 528 | BIO_printf(bio_err, "Error opening signature file %s\n", | 
| 529 | dgst_config.sigfile); | 529 | cfg.sigfile); | 
| 530 | ERR_print_errors(bio_err); | 530 | ERR_print_errors(bio_err); | 
| 531 | goto end; | 531 | goto end; | 
| 532 | } | 532 | } | 
| @@ -534,26 +534,26 @@ dgst_main(int argc, char **argv) | |||
| 534 | BIO_free(sigbio); | 534 | BIO_free(sigbio); | 
| 535 | if (siglen <= 0) { | 535 | if (siglen <= 0) { | 
| 536 | BIO_printf(bio_err, "Error reading signature file %s\n", | 536 | BIO_printf(bio_err, "Error reading signature file %s\n", | 
| 537 | dgst_config.sigfile); | 537 | cfg.sigfile); | 
| 538 | ERR_print_errors(bio_err); | 538 | ERR_print_errors(bio_err); | 
| 539 | goto end; | 539 | goto end; | 
| 540 | } | 540 | } | 
| 541 | } | 541 | } | 
| 542 | inp = BIO_push(bmd, in); | 542 | inp = BIO_push(bmd, in); | 
| 543 | 543 | ||
| 544 | if (dgst_config.md == NULL) { | 544 | if (cfg.md == NULL) { | 
| 545 | EVP_MD_CTX *tctx; | 545 | EVP_MD_CTX *tctx; | 
| 546 | BIO_get_md_ctx(bmd, &tctx); | 546 | BIO_get_md_ctx(bmd, &tctx); | 
| 547 | dgst_config.md = EVP_MD_CTX_md(tctx); | 547 | cfg.md = EVP_MD_CTX_md(tctx); | 
| 548 | } | 548 | } | 
| 549 | if (argc == 0) { | 549 | if (argc == 0) { | 
| 550 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 550 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 551 | err = do_fp(out, buf, inp, dgst_config.separator, | 551 | err = do_fp(out, buf, inp, cfg.separator, | 
| 552 | dgst_config.out_bin, sigkey, sigbuf, siglen, NULL, NULL, | 552 | cfg.out_bin, sigkey, sigbuf, siglen, NULL, NULL, | 
| 553 | "stdin", bmd); | 553 | "stdin", bmd); | 
| 554 | } else { | 554 | } else { | 
| 555 | const char *md_name = NULL, *sig_name = NULL; | 555 | const char *md_name = NULL, *sig_name = NULL; | 
| 556 | if (!dgst_config.out_bin) { | 556 | if (!cfg.out_bin) { | 
| 557 | if (sigkey) { | 557 | if (sigkey) { | 
| 558 | const EVP_PKEY_ASN1_METHOD *ameth; | 558 | const EVP_PKEY_ASN1_METHOD *ameth; | 
| 559 | ameth = EVP_PKEY_get0_asn1(sigkey); | 559 | ameth = EVP_PKEY_get0_asn1(sigkey); | 
| @@ -561,7 +561,7 @@ dgst_main(int argc, char **argv) | |||
| 561 | EVP_PKEY_asn1_get0_info(NULL, NULL, | 561 | EVP_PKEY_asn1_get0_info(NULL, NULL, | 
| 562 | NULL, NULL, &sig_name, ameth); | 562 | NULL, NULL, &sig_name, ameth); | 
| 563 | } | 563 | } | 
| 564 | md_name = EVP_MD_name(dgst_config.md); | 564 | md_name = EVP_MD_name(cfg.md); | 
| 565 | } | 565 | } | 
| 566 | err = 0; | 566 | err = 0; | 
| 567 | for (i = 0; i < argc; i++) { | 567 | for (i = 0; i < argc; i++) { | 
| @@ -571,8 +571,8 @@ dgst_main(int argc, char **argv) | |||
| 571 | err++; | 571 | err++; | 
| 572 | continue; | 572 | continue; | 
| 573 | } else { | 573 | } else { | 
| 574 | r = do_fp(out, buf, inp, dgst_config.separator, | 574 | r = do_fp(out, buf, inp, cfg.separator, | 
| 575 | dgst_config.out_bin, sigkey, sigbuf, siglen, | 575 | cfg.out_bin, sigkey, sigbuf, siglen, | 
| 576 | sig_name, md_name, argv[i], bmd); | 576 | sig_name, md_name, argv[i], bmd); | 
| 577 | } | 577 | } | 
| 578 | if (r) | 578 | if (r) | 
| @@ -587,8 +587,8 @@ dgst_main(int argc, char **argv) | |||
| 587 | free(passin); | 587 | free(passin); | 
| 588 | BIO_free_all(out); | 588 | BIO_free_all(out); | 
| 589 | EVP_PKEY_free(sigkey); | 589 | EVP_PKEY_free(sigkey); | 
| 590 | sk_OPENSSL_STRING_free(dgst_config.sigopts); | 590 | sk_OPENSSL_STRING_free(cfg.sigopts); | 
| 591 | sk_OPENSSL_STRING_free(dgst_config.macopts); | 591 | sk_OPENSSL_STRING_free(cfg.macopts); | 
| 592 | free(sigbuf); | 592 | free(sigbuf); | 
| 593 | BIO_free(bmd); | 593 | BIO_free(bmd); | 
| 594 | 594 | ||
| diff --git a/src/usr.bin/openssl/dh.c b/src/usr.bin/openssl/dh.c index 200233c0f2..a4c02235f2 100644 --- a/src/usr.bin/openssl/dh.c +++ b/src/usr.bin/openssl/dh.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: dh.c,v 1.15 2023/03/06 14:32:05 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -83,60 +83,60 @@ static struct { | |||
| 83 | char *outfile; | 83 | char *outfile; | 
| 84 | int outformat; | 84 | int outformat; | 
| 85 | int text; | 85 | int text; | 
| 86 | } dh_config; | 86 | } cfg; | 
| 87 | 87 | ||
| 88 | static const struct option dh_options[] = { | 88 | static const struct option dh_options[] = { | 
| 89 | { | 89 | { | 
| 90 | .name = "C", | 90 | .name = "C", | 
| 91 | .desc = "Convert DH parameters into C code", | 91 | .desc = "Convert DH parameters into C code", | 
| 92 | .type = OPTION_FLAG, | 92 | .type = OPTION_FLAG, | 
| 93 | .opt.flag = &dh_config.C, | 93 | .opt.flag = &cfg.C, | 
| 94 | }, | 94 | }, | 
| 95 | { | 95 | { | 
| 96 | .name = "check", | 96 | .name = "check", | 
| 97 | .desc = "Check the DH parameters", | 97 | .desc = "Check the DH parameters", | 
| 98 | .type = OPTION_FLAG, | 98 | .type = OPTION_FLAG, | 
| 99 | .opt.flag = &dh_config.check, | 99 | .opt.flag = &cfg.check, | 
| 100 | }, | 100 | }, | 
| 101 | { | 101 | { | 
| 102 | .name = "in", | 102 | .name = "in", | 
| 103 | .argname = "file", | 103 | .argname = "file", | 
| 104 | .desc = "Input file (default stdin)", | 104 | .desc = "Input file (default stdin)", | 
| 105 | .type = OPTION_ARG, | 105 | .type = OPTION_ARG, | 
| 106 | .opt.arg = &dh_config.infile, | 106 | .opt.arg = &cfg.infile, | 
| 107 | }, | 107 | }, | 
| 108 | { | 108 | { | 
| 109 | .name = "inform", | 109 | .name = "inform", | 
| 110 | .argname = "format", | 110 | .argname = "format", | 
| 111 | .desc = "Input format (DER or PEM (default))", | 111 | .desc = "Input format (DER or PEM (default))", | 
| 112 | .type = OPTION_ARG_FORMAT, | 112 | .type = OPTION_ARG_FORMAT, | 
| 113 | .opt.value = &dh_config.informat, | 113 | .opt.value = &cfg.informat, | 
| 114 | }, | 114 | }, | 
| 115 | { | 115 | { | 
| 116 | .name = "noout", | 116 | .name = "noout", | 
| 117 | .desc = "No output", | 117 | .desc = "No output", | 
| 118 | .type = OPTION_FLAG, | 118 | .type = OPTION_FLAG, | 
| 119 | .opt.flag = &dh_config.noout, | 119 | .opt.flag = &cfg.noout, | 
| 120 | }, | 120 | }, | 
| 121 | { | 121 | { | 
| 122 | .name = "out", | 122 | .name = "out", | 
| 123 | .argname = "file", | 123 | .argname = "file", | 
| 124 | .desc = "Output file (default stdout)", | 124 | .desc = "Output file (default stdout)", | 
| 125 | .type = OPTION_ARG, | 125 | .type = OPTION_ARG, | 
| 126 | .opt.arg = &dh_config.outfile, | 126 | .opt.arg = &cfg.outfile, | 
| 127 | }, | 127 | }, | 
| 128 | { | 128 | { | 
| 129 | .name = "outform", | 129 | .name = "outform", | 
| 130 | .argname = "format", | 130 | .argname = "format", | 
| 131 | .desc = "Output format (DER or PEM (default))", | 131 | .desc = "Output format (DER or PEM (default))", | 
| 132 | .type = OPTION_ARG_FORMAT, | 132 | .type = OPTION_ARG_FORMAT, | 
| 133 | .opt.value = &dh_config.outformat, | 133 | .opt.value = &cfg.outformat, | 
| 134 | }, | 134 | }, | 
| 135 | { | 135 | { | 
| 136 | .name = "text", | 136 | .name = "text", | 
| 137 | .desc = "Print a text form of the DH parameters", | 137 | .desc = "Print a text form of the DH parameters", | 
| 138 | .type = OPTION_FLAG, | 138 | .type = OPTION_FLAG, | 
| 139 | .opt.flag = &dh_config.text, | 139 | .opt.flag = &cfg.text, | 
| 140 | }, | 140 | }, | 
| 141 | { NULL }, | 141 | { NULL }, | 
| 142 | }; | 142 | }; | 
| @@ -163,10 +163,10 @@ dh_main(int argc, char **argv) | |||
| 163 | exit(1); | 163 | exit(1); | 
| 164 | } | 164 | } | 
| 165 | 165 | ||
| 166 | memset(&dh_config, 0, sizeof(dh_config)); | 166 | memset(&cfg, 0, sizeof(cfg)); | 
| 167 | 167 | ||
| 168 | dh_config.informat = FORMAT_PEM; | 168 | cfg.informat = FORMAT_PEM; | 
| 169 | dh_config.outformat = FORMAT_PEM; | 169 | cfg.outformat = FORMAT_PEM; | 
| 170 | 170 | ||
| 171 | if (options_parse(argc, argv, dh_options, NULL, NULL) != 0) { | 171 | if (options_parse(argc, argv, dh_options, NULL, NULL) != 0) { | 
| 172 | dh_usage(); | 172 | dh_usage(); | 
| @@ -179,26 +179,26 @@ dh_main(int argc, char **argv) | |||
| 179 | ERR_print_errors(bio_err); | 179 | ERR_print_errors(bio_err); | 
| 180 | goto end; | 180 | goto end; | 
| 181 | } | 181 | } | 
| 182 | if (dh_config.infile == NULL) | 182 | if (cfg.infile == NULL) | 
| 183 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 183 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 184 | else { | 184 | else { | 
| 185 | if (BIO_read_filename(in, dh_config.infile) <= 0) { | 185 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 186 | perror(dh_config.infile); | 186 | perror(cfg.infile); | 
| 187 | goto end; | 187 | goto end; | 
| 188 | } | 188 | } | 
| 189 | } | 189 | } | 
| 190 | if (dh_config.outfile == NULL) { | 190 | if (cfg.outfile == NULL) { | 
| 191 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 191 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 192 | } else { | 192 | } else { | 
| 193 | if (BIO_write_filename(out, dh_config.outfile) <= 0) { | 193 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 194 | perror(dh_config.outfile); | 194 | perror(cfg.outfile); | 
| 195 | goto end; | 195 | goto end; | 
| 196 | } | 196 | } | 
| 197 | } | 197 | } | 
| 198 | 198 | ||
| 199 | if (dh_config.informat == FORMAT_ASN1) | 199 | if (cfg.informat == FORMAT_ASN1) | 
| 200 | dh = d2i_DHparams_bio(in, NULL); | 200 | dh = d2i_DHparams_bio(in, NULL); | 
| 201 | else if (dh_config.informat == FORMAT_PEM) | 201 | else if (cfg.informat == FORMAT_PEM) | 
| 202 | dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); | 202 | dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); | 
| 203 | else { | 203 | else { | 
| 204 | BIO_printf(bio_err, "bad input format specified\n"); | 204 | BIO_printf(bio_err, "bad input format specified\n"); | 
| @@ -209,10 +209,10 @@ dh_main(int argc, char **argv) | |||
| 209 | ERR_print_errors(bio_err); | 209 | ERR_print_errors(bio_err); | 
| 210 | goto end; | 210 | goto end; | 
| 211 | } | 211 | } | 
| 212 | if (dh_config.text) { | 212 | if (cfg.text) { | 
| 213 | DHparams_print(out, dh); | 213 | DHparams_print(out, dh); | 
| 214 | } | 214 | } | 
| 215 | if (dh_config.check) { | 215 | if (cfg.check) { | 
| 216 | if (!DH_check(dh, &i)) { | 216 | if (!DH_check(dh, &i)) { | 
| 217 | ERR_print_errors(bio_err); | 217 | ERR_print_errors(bio_err); | 
| 218 | goto end; | 218 | goto end; | 
| @@ -228,7 +228,7 @@ dh_main(int argc, char **argv) | |||
| 228 | if (i == 0) | 228 | if (i == 0) | 
| 229 | printf("DH parameters appear to be ok.\n"); | 229 | printf("DH parameters appear to be ok.\n"); | 
| 230 | } | 230 | } | 
| 231 | if (dh_config.C) { | 231 | if (cfg.C) { | 
| 232 | unsigned char *data; | 232 | unsigned char *data; | 
| 233 | int len, l, bits; | 233 | int len, l, bits; | 
| 234 | 234 | ||
| @@ -271,10 +271,10 @@ dh_main(int argc, char **argv) | |||
| 271 | printf("\treturn(dh);\n\t}\n"); | 271 | printf("\treturn(dh);\n\t}\n"); | 
| 272 | free(data); | 272 | free(data); | 
| 273 | } | 273 | } | 
| 274 | if (!dh_config.noout) { | 274 | if (!cfg.noout) { | 
| 275 | if (dh_config.outformat == FORMAT_ASN1) | 275 | if (cfg.outformat == FORMAT_ASN1) | 
| 276 | i = i2d_DHparams_bio(out, dh); | 276 | i = i2d_DHparams_bio(out, dh); | 
| 277 | else if (dh_config.outformat == FORMAT_PEM) | 277 | else if (cfg.outformat == FORMAT_PEM) | 
| 278 | i = PEM_write_bio_DHparams(out, dh); | 278 | i = PEM_write_bio_DHparams(out, dh); | 
| 279 | else { | 279 | else { | 
| 280 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 280 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 
| diff --git a/src/usr.bin/openssl/dhparam.c b/src/usr.bin/openssl/dhparam.c index 8a487cb918..0542464d7b 100644 --- a/src/usr.bin/openssl/dhparam.c +++ b/src/usr.bin/openssl/dhparam.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dhparam.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: dhparam.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -142,7 +142,7 @@ static struct { | |||
| 142 | char *outfile; | 142 | char *outfile; | 
| 143 | int outformat; | 143 | int outformat; | 
| 144 | int text; | 144 | int text; | 
| 145 | } dhparam_config; | 145 | } cfg; | 
| 146 | 146 | ||
| 147 | static const struct option dhparam_options[] = { | 147 | static const struct option dhparam_options[] = { | 
| 148 | { | 148 | { | 
| @@ -150,73 +150,73 @@ static const struct option dhparam_options[] = { | |||
| 150 | .desc = "Generate DH parameters with a generator value of 2 " | 150 | .desc = "Generate DH parameters with a generator value of 2 " | 
| 151 | "(default)", | 151 | "(default)", | 
| 152 | .type = OPTION_VALUE, | 152 | .type = OPTION_VALUE, | 
| 153 | .opt.value = &dhparam_config.g, | 153 | .opt.value = &cfg.g, | 
| 154 | .value = 2, | 154 | .value = 2, | 
| 155 | }, | 155 | }, | 
| 156 | { | 156 | { | 
| 157 | .name = "5", | 157 | .name = "5", | 
| 158 | .desc = "Generate DH parameters with a generator value of 5", | 158 | .desc = "Generate DH parameters with a generator value of 5", | 
| 159 | .type = OPTION_VALUE, | 159 | .type = OPTION_VALUE, | 
| 160 | .opt.value = &dhparam_config.g, | 160 | .opt.value = &cfg.g, | 
| 161 | .value = 5, | 161 | .value = 5, | 
| 162 | }, | 162 | }, | 
| 163 | { | 163 | { | 
| 164 | .name = "C", | 164 | .name = "C", | 
| 165 | .desc = "Convert DH parameters into C code", | 165 | .desc = "Convert DH parameters into C code", | 
| 166 | .type = OPTION_FLAG, | 166 | .type = OPTION_FLAG, | 
| 167 | .opt.flag = &dhparam_config.C, | 167 | .opt.flag = &cfg.C, | 
| 168 | }, | 168 | }, | 
| 169 | { | 169 | { | 
| 170 | .name = "check", | 170 | .name = "check", | 
| 171 | .desc = "Check the DH parameters", | 171 | .desc = "Check the DH parameters", | 
| 172 | .type = OPTION_FLAG, | 172 | .type = OPTION_FLAG, | 
| 173 | .opt.flag = &dhparam_config.check, | 173 | .opt.flag = &cfg.check, | 
| 174 | }, | 174 | }, | 
| 175 | { | 175 | { | 
| 176 | .name = "dsaparam", | 176 | .name = "dsaparam", | 
| 177 | .desc = "Read or generate DSA parameters and convert to DH", | 177 | .desc = "Read or generate DSA parameters and convert to DH", | 
| 178 | .type = OPTION_FLAG, | 178 | .type = OPTION_FLAG, | 
| 179 | .opt.flag = &dhparam_config.dsaparam, | 179 | .opt.flag = &cfg.dsaparam, | 
| 180 | }, | 180 | }, | 
| 181 | { | 181 | { | 
| 182 | .name = "in", | 182 | .name = "in", | 
| 183 | .argname = "file", | 183 | .argname = "file", | 
| 184 | .desc = "Input file (default stdin)", | 184 | .desc = "Input file (default stdin)", | 
| 185 | .type = OPTION_ARG, | 185 | .type = OPTION_ARG, | 
| 186 | .opt.arg = &dhparam_config.infile, | 186 | .opt.arg = &cfg.infile, | 
| 187 | }, | 187 | }, | 
| 188 | { | 188 | { | 
| 189 | .name = "inform", | 189 | .name = "inform", | 
| 190 | .argname = "format", | 190 | .argname = "format", | 
| 191 | .desc = "Input format (DER or PEM (default))", | 191 | .desc = "Input format (DER or PEM (default))", | 
| 192 | .type = OPTION_ARG_FORMAT, | 192 | .type = OPTION_ARG_FORMAT, | 
| 193 | .opt.value = &dhparam_config.informat, | 193 | .opt.value = &cfg.informat, | 
| 194 | }, | 194 | }, | 
| 195 | { | 195 | { | 
| 196 | .name = "noout", | 196 | .name = "noout", | 
| 197 | .desc = "Do not output encoded version of DH parameters", | 197 | .desc = "Do not output encoded version of DH parameters", | 
| 198 | .type = OPTION_FLAG, | 198 | .type = OPTION_FLAG, | 
| 199 | .opt.flag = &dhparam_config.noout, | 199 | .opt.flag = &cfg.noout, | 
| 200 | }, | 200 | }, | 
| 201 | { | 201 | { | 
| 202 | .name = "out", | 202 | .name = "out", | 
| 203 | .argname = "file", | 203 | .argname = "file", | 
| 204 | .desc = "Output file (default stdout)", | 204 | .desc = "Output file (default stdout)", | 
| 205 | .type = OPTION_ARG, | 205 | .type = OPTION_ARG, | 
| 206 | .opt.arg = &dhparam_config.outfile, | 206 | .opt.arg = &cfg.outfile, | 
| 207 | }, | 207 | }, | 
| 208 | { | 208 | { | 
| 209 | .name = "outform", | 209 | .name = "outform", | 
| 210 | .argname = "format", | 210 | .argname = "format", | 
| 211 | .desc = "Output format (DER or PEM (default))", | 211 | .desc = "Output format (DER or PEM (default))", | 
| 212 | .type = OPTION_ARG_FORMAT, | 212 | .type = OPTION_ARG_FORMAT, | 
| 213 | .opt.value = &dhparam_config.outformat, | 213 | .opt.value = &cfg.outformat, | 
| 214 | }, | 214 | }, | 
| 215 | { | 215 | { | 
| 216 | .name = "text", | 216 | .name = "text", | 
| 217 | .desc = "Print DH parameters in plain text", | 217 | .desc = "Print DH parameters in plain text", | 
| 218 | .type = OPTION_FLAG, | 218 | .type = OPTION_FLAG, | 
| 219 | .opt.flag = &dhparam_config.text, | 219 | .opt.flag = &cfg.text, | 
| 220 | }, | 220 | }, | 
| 221 | { NULL }, | 221 | { NULL }, | 
| 222 | }; | 222 | }; | 
| @@ -249,10 +249,10 @@ dhparam_main(int argc, char **argv) | |||
| 249 | exit(1); | 249 | exit(1); | 
| 250 | } | 250 | } | 
| 251 | 251 | ||
| 252 | memset(&dhparam_config, 0, sizeof(dhparam_config)); | 252 | memset(&cfg, 0, sizeof(cfg)); | 
| 253 | 253 | ||
| 254 | dhparam_config.informat = FORMAT_PEM; | 254 | cfg.informat = FORMAT_PEM; | 
| 255 | dhparam_config.outformat = FORMAT_PEM; | 255 | cfg.outformat = FORMAT_PEM; | 
| 256 | 256 | ||
| 257 | if (options_parse(argc, argv, dhparam_options, &num_bits, NULL) != 0) { | 257 | if (options_parse(argc, argv, dhparam_options, &num_bits, NULL) != 0) { | 
| 258 | dhparam_usage(); | 258 | dhparam_usage(); | 
| @@ -267,18 +267,18 @@ dhparam_main(int argc, char **argv) | |||
| 267 | } | 267 | } | 
| 268 | } | 268 | } | 
| 269 | 269 | ||
| 270 | if (dhparam_config.g && !num) | 270 | if (cfg.g && !num) | 
| 271 | num = DEFBITS; | 271 | num = DEFBITS; | 
| 272 | 272 | ||
| 273 | if (dhparam_config.dsaparam) { | 273 | if (cfg.dsaparam) { | 
| 274 | if (dhparam_config.g) { | 274 | if (cfg.g) { | 
| 275 | BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); | 275 | BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); | 
| 276 | goto end; | 276 | goto end; | 
| 277 | } | 277 | } | 
| 278 | } else { | 278 | } else { | 
| 279 | /* DH parameters */ | 279 | /* DH parameters */ | 
| 280 | if (num && !dhparam_config.g) | 280 | if (num && !cfg.g) | 
| 281 | dhparam_config.g = 2; | 281 | cfg.g = 2; | 
| 282 | } | 282 | } | 
| 283 | 283 | ||
| 284 | if (num) { | 284 | if (num) { | 
| @@ -289,7 +289,7 @@ dhparam_main(int argc, char **argv) | |||
| 289 | } | 289 | } | 
| 290 | 290 | ||
| 291 | BN_GENCB_set(cb, dh_cb, bio_err); | 291 | BN_GENCB_set(cb, dh_cb, bio_err); | 
| 292 | if (dhparam_config.dsaparam) { | 292 | if (cfg.dsaparam) { | 
| 293 | DSA *dsa = DSA_new(); | 293 | DSA *dsa = DSA_new(); | 
| 294 | 294 | ||
| 295 | BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); | 295 | BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); | 
| @@ -307,9 +307,9 @@ dhparam_main(int argc, char **argv) | |||
| 307 | } | 307 | } | 
| 308 | } else { | 308 | } else { | 
| 309 | dh = DH_new(); | 309 | dh = DH_new(); | 
| 310 | BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, dhparam_config.g); | 310 | BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, cfg.g); | 
| 311 | BIO_printf(bio_err, "This is going to take a long time\n"); | 311 | BIO_printf(bio_err, "This is going to take a long time\n"); | 
| 312 | if (!dh || !DH_generate_parameters_ex(dh, num, dhparam_config.g, cb)) { | 312 | if (!dh || !DH_generate_parameters_ex(dh, num, cfg.g, cb)) { | 
| 313 | ERR_print_errors(bio_err); | 313 | ERR_print_errors(bio_err); | 
| 314 | goto end; | 314 | goto end; | 
| 315 | } | 315 | } | 
| @@ -321,24 +321,24 @@ dhparam_main(int argc, char **argv) | |||
| 321 | ERR_print_errors(bio_err); | 321 | ERR_print_errors(bio_err); | 
| 322 | goto end; | 322 | goto end; | 
| 323 | } | 323 | } | 
| 324 | if (dhparam_config.infile == NULL) | 324 | if (cfg.infile == NULL) | 
| 325 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 325 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 326 | else { | 326 | else { | 
| 327 | if (BIO_read_filename(in, dhparam_config.infile) <= 0) { | 327 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 328 | perror(dhparam_config.infile); | 328 | perror(cfg.infile); | 
| 329 | goto end; | 329 | goto end; | 
| 330 | } | 330 | } | 
| 331 | } | 331 | } | 
| 332 | 332 | ||
| 333 | if (dhparam_config.informat != FORMAT_ASN1 && | 333 | if (cfg.informat != FORMAT_ASN1 && | 
| 334 | dhparam_config.informat != FORMAT_PEM) { | 334 | cfg.informat != FORMAT_PEM) { | 
| 335 | BIO_printf(bio_err, "bad input format specified\n"); | 335 | BIO_printf(bio_err, "bad input format specified\n"); | 
| 336 | goto end; | 336 | goto end; | 
| 337 | } | 337 | } | 
| 338 | if (dhparam_config.dsaparam) { | 338 | if (cfg.dsaparam) { | 
| 339 | DSA *dsa; | 339 | DSA *dsa; | 
| 340 | 340 | ||
| 341 | if (dhparam_config.informat == FORMAT_ASN1) | 341 | if (cfg.informat == FORMAT_ASN1) | 
| 342 | dsa = d2i_DSAparams_bio(in, NULL); | 342 | dsa = d2i_DSAparams_bio(in, NULL); | 
| 343 | else /* informat == FORMAT_PEM */ | 343 | else /* informat == FORMAT_PEM */ | 
| 344 | dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); | 344 | dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); | 
| @@ -356,7 +356,7 @@ dhparam_main(int argc, char **argv) | |||
| 356 | } | 356 | } | 
| 357 | } else | 357 | } else | 
| 358 | { | 358 | { | 
| 359 | if (dhparam_config.informat == FORMAT_ASN1) | 359 | if (cfg.informat == FORMAT_ASN1) | 
| 360 | dh = d2i_DHparams_bio(in, NULL); | 360 | dh = d2i_DHparams_bio(in, NULL); | 
| 361 | else /* informat == FORMAT_PEM */ | 361 | else /* informat == FORMAT_PEM */ | 
| 362 | dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); | 362 | dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); | 
| @@ -376,20 +376,20 @@ dhparam_main(int argc, char **argv) | |||
| 376 | ERR_print_errors(bio_err); | 376 | ERR_print_errors(bio_err); | 
| 377 | goto end; | 377 | goto end; | 
| 378 | } | 378 | } | 
| 379 | if (dhparam_config.outfile == NULL) { | 379 | if (cfg.outfile == NULL) { | 
| 380 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 380 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 381 | } else { | 381 | } else { | 
| 382 | if (BIO_write_filename(out, dhparam_config.outfile) <= 0) { | 382 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 383 | perror(dhparam_config.outfile); | 383 | perror(cfg.outfile); | 
| 384 | goto end; | 384 | goto end; | 
| 385 | } | 385 | } | 
| 386 | } | 386 | } | 
| 387 | 387 | ||
| 388 | 388 | ||
| 389 | if (dhparam_config.text) { | 389 | if (cfg.text) { | 
| 390 | DHparams_print(out, dh); | 390 | DHparams_print(out, dh); | 
| 391 | } | 391 | } | 
| 392 | if (dhparam_config.check) { | 392 | if (cfg.check) { | 
| 393 | if (!DH_check(dh, &i)) { | 393 | if (!DH_check(dh, &i)) { | 
| 394 | ERR_print_errors(bio_err); | 394 | ERR_print_errors(bio_err); | 
| 395 | goto end; | 395 | goto end; | 
| @@ -405,7 +405,7 @@ dhparam_main(int argc, char **argv) | |||
| 405 | if (i == 0) | 405 | if (i == 0) | 
| 406 | printf("DH parameters appear to be ok.\n"); | 406 | printf("DH parameters appear to be ok.\n"); | 
| 407 | } | 407 | } | 
| 408 | if (dhparam_config.C) { | 408 | if (cfg.C) { | 
| 409 | unsigned char *data; | 409 | unsigned char *data; | 
| 410 | int len, l, bits; | 410 | int len, l, bits; | 
| 411 | 411 | ||
| @@ -454,10 +454,10 @@ dhparam_main(int argc, char **argv) | |||
| 454 | printf("\treturn(dh);\n\t}\n"); | 454 | printf("\treturn(dh);\n\t}\n"); | 
| 455 | free(data); | 455 | free(data); | 
| 456 | } | 456 | } | 
| 457 | if (!dhparam_config.noout) { | 457 | if (!cfg.noout) { | 
| 458 | if (dhparam_config.outformat == FORMAT_ASN1) | 458 | if (cfg.outformat == FORMAT_ASN1) | 
| 459 | i = i2d_DHparams_bio(out, dh); | 459 | i = i2d_DHparams_bio(out, dh); | 
| 460 | else if (dhparam_config.outformat == FORMAT_PEM) | 460 | else if (cfg.outformat == FORMAT_PEM) | 
| 461 | i = PEM_write_bio_DHparams(out, dh); | 461 | i = PEM_write_bio_DHparams(out, dh); | 
| 462 | else { | 462 | else { | 
| 463 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 463 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 
| diff --git a/src/usr.bin/openssl/dsa.c b/src/usr.bin/openssl/dsa.c index 0a3772dff7..f1de78cf4d 100644 --- a/src/usr.bin/openssl/dsa.c +++ b/src/usr.bin/openssl/dsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa.c,v 1.17 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: dsa.c,v 1.18 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -87,7 +87,7 @@ static struct { | |||
| 87 | int pubout; | 87 | int pubout; | 
| 88 | int pvk_encr; | 88 | int pvk_encr; | 
| 89 | int text; | 89 | int text; | 
| 90 | } dsa_config; | 90 | } cfg; | 
| 91 | 91 | ||
| 92 | static int | 92 | static int | 
| 93 | dsa_opt_enc(int argc, char **argv, int *argsused) | 93 | dsa_opt_enc(int argc, char **argv, int *argsused) | 
| @@ -97,7 +97,7 @@ dsa_opt_enc(int argc, char **argv, int *argsused) | |||
| 97 | if (*name++ != '-') | 97 | if (*name++ != '-') | 
| 98 | return (1); | 98 | return (1); | 
| 99 | 99 | ||
| 100 | if ((dsa_config.enc = EVP_get_cipherbyname(name)) != NULL) { | 100 | if ((cfg.enc = EVP_get_cipherbyname(name)) != NULL) { | 
| 101 | *argsused = 1; | 101 | *argsused = 1; | 
| 102 | return (0); | 102 | return (0); | 
| 103 | } | 103 | } | 
| @@ -111,7 +111,7 @@ static const struct option dsa_options[] = { | |||
| 111 | .argname = "file", | 111 | .argname = "file", | 
| 112 | .desc = "Input file (default stdin)", | 112 | .desc = "Input file (default stdin)", | 
| 113 | .type = OPTION_ARG, | 113 | .type = OPTION_ARG, | 
| 114 | .opt.arg = &dsa_config.infile, | 114 | .opt.arg = &cfg.infile, | 
| 115 | }, | 115 | }, | 
| 116 | { | 116 | { | 
| 117 | .name = "inform", | 117 | .name = "inform", | 
| @@ -119,87 +119,87 @@ static const struct option dsa_options[] = { | |||
| 119 | .desc = "Input format (PEM (default) or any other supported" | 119 | .desc = "Input format (PEM (default) or any other supported" | 
| 120 | " format)", | 120 | " format)", | 
| 121 | .type = OPTION_ARG_FORMAT, | 121 | .type = OPTION_ARG_FORMAT, | 
| 122 | .opt.value = &dsa_config.informat, | 122 | .opt.value = &cfg.informat, | 
| 123 | }, | 123 | }, | 
| 124 | { | 124 | { | 
| 125 | .name = "modulus", | 125 | .name = "modulus", | 
| 126 | .desc = "Print the DSA public value", | 126 | .desc = "Print the DSA public value", | 
| 127 | .type = OPTION_FLAG, | 127 | .type = OPTION_FLAG, | 
| 128 | .opt.flag = &dsa_config.modulus, | 128 | .opt.flag = &cfg.modulus, | 
| 129 | }, | 129 | }, | 
| 130 | { | 130 | { | 
| 131 | .name = "noout", | 131 | .name = "noout", | 
| 132 | .desc = "No output", | 132 | .desc = "No output", | 
| 133 | .type = OPTION_FLAG, | 133 | .type = OPTION_FLAG, | 
| 134 | .opt.flag = &dsa_config.noout, | 134 | .opt.flag = &cfg.noout, | 
| 135 | }, | 135 | }, | 
| 136 | { | 136 | { | 
| 137 | .name = "out", | 137 | .name = "out", | 
| 138 | .argname = "file", | 138 | .argname = "file", | 
| 139 | .desc = "Output file (default stdout)", | 139 | .desc = "Output file (default stdout)", | 
| 140 | .type = OPTION_ARG, | 140 | .type = OPTION_ARG, | 
| 141 | .opt.arg = &dsa_config.outfile, | 141 | .opt.arg = &cfg.outfile, | 
| 142 | }, | 142 | }, | 
| 143 | { | 143 | { | 
| 144 | .name = "outform", | 144 | .name = "outform", | 
| 145 | .argname = "format", | 145 | .argname = "format", | 
| 146 | .desc = "Output format (DER, MSBLOB, PEM (default) or PVK)", | 146 | .desc = "Output format (DER, MSBLOB, PEM (default) or PVK)", | 
| 147 | .type = OPTION_ARG_FORMAT, | 147 | .type = OPTION_ARG_FORMAT, | 
| 148 | .opt.value = &dsa_config.outformat, | 148 | .opt.value = &cfg.outformat, | 
| 149 | }, | 149 | }, | 
| 150 | { | 150 | { | 
| 151 | .name = "passin", | 151 | .name = "passin", | 
| 152 | .argname = "source", | 152 | .argname = "source", | 
| 153 | .desc = "Input file passphrase source", | 153 | .desc = "Input file passphrase source", | 
| 154 | .type = OPTION_ARG, | 154 | .type = OPTION_ARG, | 
| 155 | .opt.arg = &dsa_config.passargin, | 155 | .opt.arg = &cfg.passargin, | 
| 156 | }, | 156 | }, | 
| 157 | { | 157 | { | 
| 158 | .name = "passout", | 158 | .name = "passout", | 
| 159 | .argname = "source", | 159 | .argname = "source", | 
| 160 | .desc = "Output file passphrase source", | 160 | .desc = "Output file passphrase source", | 
| 161 | .type = OPTION_ARG, | 161 | .type = OPTION_ARG, | 
| 162 | .opt.arg = &dsa_config.passargout, | 162 | .opt.arg = &cfg.passargout, | 
| 163 | }, | 163 | }, | 
| 164 | { | 164 | { | 
| 165 | .name = "pubin", | 165 | .name = "pubin", | 
| 166 | .desc = "Read a public key from the input file instead of" | 166 | .desc = "Read a public key from the input file instead of" | 
| 167 | " private key", | 167 | " private key", | 
| 168 | .type = OPTION_FLAG, | 168 | .type = OPTION_FLAG, | 
| 169 | .opt.flag = &dsa_config.pubin, | 169 | .opt.flag = &cfg.pubin, | 
| 170 | }, | 170 | }, | 
| 171 | { | 171 | { | 
| 172 | .name = "pubout", | 172 | .name = "pubout", | 
| 173 | .desc = "Output a public key instead of private key", | 173 | .desc = "Output a public key instead of private key", | 
| 174 | .type = OPTION_FLAG, | 174 | .type = OPTION_FLAG, | 
| 175 | .opt.flag = &dsa_config.pubout, | 175 | .opt.flag = &cfg.pubout, | 
| 176 | }, | 176 | }, | 
| 177 | { | 177 | { | 
| 178 | .name = "pvk-none", | 178 | .name = "pvk-none", | 
| 179 | .desc = "PVK encryption level", | 179 | .desc = "PVK encryption level", | 
| 180 | .type = OPTION_VALUE, | 180 | .type = OPTION_VALUE, | 
| 181 | .value = 0, | 181 | .value = 0, | 
| 182 | .opt.value = &dsa_config.pvk_encr, | 182 | .opt.value = &cfg.pvk_encr, | 
| 183 | }, | 183 | }, | 
| 184 | { | 184 | { | 
| 185 | .name = "pvk-strong", | 185 | .name = "pvk-strong", | 
| 186 | .desc = "PVK encryption level (default)", | 186 | .desc = "PVK encryption level (default)", | 
| 187 | .type = OPTION_VALUE, | 187 | .type = OPTION_VALUE, | 
| 188 | .value = 2, | 188 | .value = 2, | 
| 189 | .opt.value = &dsa_config.pvk_encr, | 189 | .opt.value = &cfg.pvk_encr, | 
| 190 | }, | 190 | }, | 
| 191 | { | 191 | { | 
| 192 | .name = "pvk-weak", | 192 | .name = "pvk-weak", | 
| 193 | .desc = "PVK encryption level", | 193 | .desc = "PVK encryption level", | 
| 194 | .type = OPTION_VALUE, | 194 | .type = OPTION_VALUE, | 
| 195 | .value = 1, | 195 | .value = 1, | 
| 196 | .opt.value = &dsa_config.pvk_encr, | 196 | .opt.value = &cfg.pvk_encr, | 
| 197 | }, | 197 | }, | 
| 198 | { | 198 | { | 
| 199 | .name = "text", | 199 | .name = "text", | 
| 200 | .desc = "Print the key in text form", | 200 | .desc = "Print the key in text form", | 
| 201 | .type = OPTION_FLAG, | 201 | .type = OPTION_FLAG, | 
| 202 | .opt.flag = &dsa_config.text, | 202 | .opt.flag = &cfg.text, | 
| 203 | }, | 203 | }, | 
| 204 | { | 204 | { | 
| 205 | .name = NULL, | 205 | .name = NULL, | 
| @@ -241,18 +241,18 @@ dsa_main(int argc, char **argv) | |||
| 241 | exit(1); | 241 | exit(1); | 
| 242 | } | 242 | } | 
| 243 | 243 | ||
| 244 | memset(&dsa_config, 0, sizeof(dsa_config)); | 244 | memset(&cfg, 0, sizeof(cfg)); | 
| 245 | 245 | ||
| 246 | dsa_config.pvk_encr = 2; | 246 | cfg.pvk_encr = 2; | 
| 247 | dsa_config.informat = FORMAT_PEM; | 247 | cfg.informat = FORMAT_PEM; | 
| 248 | dsa_config.outformat = FORMAT_PEM; | 248 | cfg.outformat = FORMAT_PEM; | 
| 249 | 249 | ||
| 250 | if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) { | 250 | if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) { | 
| 251 | dsa_usage(); | 251 | dsa_usage(); | 
| 252 | goto end; | 252 | goto end; | 
| 253 | } | 253 | } | 
| 254 | 254 | ||
| 255 | if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout, | 255 | if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, | 
| 256 | &passin, &passout)) { | 256 | &passin, &passout)) { | 
| 257 | BIO_printf(bio_err, "Error getting passwords\n"); | 257 | BIO_printf(bio_err, "Error getting passwords\n"); | 
| 258 | goto end; | 258 | goto end; | 
| @@ -264,11 +264,11 @@ dsa_main(int argc, char **argv) | |||
| 264 | ERR_print_errors(bio_err); | 264 | ERR_print_errors(bio_err); | 
| 265 | goto end; | 265 | goto end; | 
| 266 | } | 266 | } | 
| 267 | if (dsa_config.infile == NULL) | 267 | if (cfg.infile == NULL) | 
| 268 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 268 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 269 | else { | 269 | else { | 
| 270 | if (BIO_read_filename(in, dsa_config.infile) <= 0) { | 270 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 271 | perror(dsa_config.infile); | 271 | perror(cfg.infile); | 
| 272 | goto end; | 272 | goto end; | 
| 273 | } | 273 | } | 
| 274 | } | 274 | } | 
| @@ -278,12 +278,12 @@ dsa_main(int argc, char **argv) | |||
| 278 | { | 278 | { | 
| 279 | EVP_PKEY *pkey; | 279 | EVP_PKEY *pkey; | 
| 280 | 280 | ||
| 281 | if (dsa_config.pubin) | 281 | if (cfg.pubin) | 
| 282 | pkey = load_pubkey(bio_err, dsa_config.infile, | 282 | pkey = load_pubkey(bio_err, cfg.infile, | 
| 283 | dsa_config.informat, 1, passin, "Public Key"); | 283 | cfg.informat, 1, passin, "Public Key"); | 
| 284 | else | 284 | else | 
| 285 | pkey = load_key(bio_err, dsa_config.infile, | 285 | pkey = load_key(bio_err, cfg.infile, | 
| 286 | dsa_config.informat, 1, passin, "Private Key"); | 286 | cfg.informat, 1, passin, "Private Key"); | 
| 287 | 287 | ||
| 288 | if (pkey) { | 288 | if (pkey) { | 
| 289 | dsa = EVP_PKEY_get1_DSA(pkey); | 289 | dsa = EVP_PKEY_get1_DSA(pkey); | 
| @@ -295,51 +295,51 @@ dsa_main(int argc, char **argv) | |||
| 295 | ERR_print_errors(bio_err); | 295 | ERR_print_errors(bio_err); | 
| 296 | goto end; | 296 | goto end; | 
| 297 | } | 297 | } | 
| 298 | if (dsa_config.outfile == NULL) { | 298 | if (cfg.outfile == NULL) { | 
| 299 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 299 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 300 | } else { | 300 | } else { | 
| 301 | if (BIO_write_filename(out, dsa_config.outfile) <= 0) { | 301 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 302 | perror(dsa_config.outfile); | 302 | perror(cfg.outfile); | 
| 303 | goto end; | 303 | goto end; | 
| 304 | } | 304 | } | 
| 305 | } | 305 | } | 
| 306 | 306 | ||
| 307 | if (dsa_config.text) { | 307 | if (cfg.text) { | 
| 308 | if (!DSA_print(out, dsa, 0)) { | 308 | if (!DSA_print(out, dsa, 0)) { | 
| 309 | perror(dsa_config.outfile); | 309 | perror(cfg.outfile); | 
| 310 | ERR_print_errors(bio_err); | 310 | ERR_print_errors(bio_err); | 
| 311 | goto end; | 311 | goto end; | 
| 312 | } | 312 | } | 
| 313 | } | 313 | } | 
| 314 | if (dsa_config.modulus) { | 314 | if (cfg.modulus) { | 
| 315 | fprintf(stdout, "Public Key="); | 315 | fprintf(stdout, "Public Key="); | 
| 316 | BN_print(out, DSA_get0_pub_key(dsa)); | 316 | BN_print(out, DSA_get0_pub_key(dsa)); | 
| 317 | fprintf(stdout, "\n"); | 317 | fprintf(stdout, "\n"); | 
| 318 | } | 318 | } | 
| 319 | if (dsa_config.noout) | 319 | if (cfg.noout) | 
| 320 | goto end; | 320 | goto end; | 
| 321 | BIO_printf(bio_err, "writing DSA key\n"); | 321 | BIO_printf(bio_err, "writing DSA key\n"); | 
| 322 | if (dsa_config.outformat == FORMAT_ASN1) { | 322 | if (cfg.outformat == FORMAT_ASN1) { | 
| 323 | if (dsa_config.pubin || dsa_config.pubout) | 323 | if (cfg.pubin || cfg.pubout) | 
| 324 | i = i2d_DSA_PUBKEY_bio(out, dsa); | 324 | i = i2d_DSA_PUBKEY_bio(out, dsa); | 
| 325 | else | 325 | else | 
| 326 | i = i2d_DSAPrivateKey_bio(out, dsa); | 326 | i = i2d_DSAPrivateKey_bio(out, dsa); | 
| 327 | } else if (dsa_config.outformat == FORMAT_PEM) { | 327 | } else if (cfg.outformat == FORMAT_PEM) { | 
| 328 | if (dsa_config.pubin || dsa_config.pubout) | 328 | if (cfg.pubin || cfg.pubout) | 
| 329 | i = PEM_write_bio_DSA_PUBKEY(out, dsa); | 329 | i = PEM_write_bio_DSA_PUBKEY(out, dsa); | 
| 330 | else | 330 | else | 
| 331 | i = PEM_write_bio_DSAPrivateKey(out, dsa, dsa_config.enc, | 331 | i = PEM_write_bio_DSAPrivateKey(out, dsa, cfg.enc, | 
| 332 | NULL, 0, NULL, passout); | 332 | NULL, 0, NULL, passout); | 
| 333 | #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) | 333 | #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) | 
| 334 | } else if (dsa_config.outformat == FORMAT_MSBLOB || | 334 | } else if (cfg.outformat == FORMAT_MSBLOB || | 
| 335 | dsa_config.outformat == FORMAT_PVK) { | 335 | cfg.outformat == FORMAT_PVK) { | 
| 336 | EVP_PKEY *pk; | 336 | EVP_PKEY *pk; | 
| 337 | pk = EVP_PKEY_new(); | 337 | pk = EVP_PKEY_new(); | 
| 338 | EVP_PKEY_set1_DSA(pk, dsa); | 338 | EVP_PKEY_set1_DSA(pk, dsa); | 
| 339 | if (dsa_config.outformat == FORMAT_PVK) | 339 | if (cfg.outformat == FORMAT_PVK) | 
| 340 | i = i2b_PVK_bio(out, pk, dsa_config.pvk_encr, 0, | 340 | i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0, | 
| 341 | passout); | 341 | passout); | 
| 342 | else if (dsa_config.pubin || dsa_config.pubout) | 342 | else if (cfg.pubin || cfg.pubout) | 
| 343 | i = i2b_PublicKey_bio(out, pk); | 343 | i = i2b_PublicKey_bio(out, pk); | 
| 344 | else | 344 | else | 
| 345 | i = i2b_PrivateKey_bio(out, pk); | 345 | i = i2b_PrivateKey_bio(out, pk); | 
| diff --git a/src/usr.bin/openssl/dsaparam.c b/src/usr.bin/openssl/dsaparam.c index 892ae72ba1..bc9ccd14d8 100644 --- a/src/usr.bin/openssl/dsaparam.c +++ b/src/usr.bin/openssl/dsaparam.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsaparam.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: dsaparam.c,v 1.15 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -88,60 +88,60 @@ static struct { | |||
| 88 | char *outfile; | 88 | char *outfile; | 
| 89 | int outformat; | 89 | int outformat; | 
| 90 | int text; | 90 | int text; | 
| 91 | } dsaparam_config; | 91 | } cfg; | 
| 92 | 92 | ||
| 93 | static const struct option dsaparam_options[] = { | 93 | static const struct option dsaparam_options[] = { | 
| 94 | { | 94 | { | 
| 95 | .name = "C", | 95 | .name = "C", | 
| 96 | .desc = "Convert DSA parameters into C code", | 96 | .desc = "Convert DSA parameters into C code", | 
| 97 | .type = OPTION_FLAG, | 97 | .type = OPTION_FLAG, | 
| 98 | .opt.flag = &dsaparam_config.C, | 98 | .opt.flag = &cfg.C, | 
| 99 | }, | 99 | }, | 
| 100 | { | 100 | { | 
| 101 | .name = "genkey", | 101 | .name = "genkey", | 
| 102 | .desc = "Generate a DSA key", | 102 | .desc = "Generate a DSA key", | 
| 103 | .type = OPTION_FLAG, | 103 | .type = OPTION_FLAG, | 
| 104 | .opt.flag = &dsaparam_config.genkey, | 104 | .opt.flag = &cfg.genkey, | 
| 105 | }, | 105 | }, | 
| 106 | { | 106 | { | 
| 107 | .name = "in", | 107 | .name = "in", | 
| 108 | .argname = "file", | 108 | .argname = "file", | 
| 109 | .desc = "Input file (default stdin)", | 109 | .desc = "Input file (default stdin)", | 
| 110 | .type = OPTION_ARG, | 110 | .type = OPTION_ARG, | 
| 111 | .opt.arg = &dsaparam_config.infile, | 111 | .opt.arg = &cfg.infile, | 
| 112 | }, | 112 | }, | 
| 113 | { | 113 | { | 
| 114 | .name = "inform", | 114 | .name = "inform", | 
| 115 | .argname = "format", | 115 | .argname = "format", | 
| 116 | .desc = "Input format (DER or PEM (default))", | 116 | .desc = "Input format (DER or PEM (default))", | 
| 117 | .type = OPTION_ARG_FORMAT, | 117 | .type = OPTION_ARG_FORMAT, | 
| 118 | .opt.value = &dsaparam_config.informat, | 118 | .opt.value = &cfg.informat, | 
| 119 | }, | 119 | }, | 
| 120 | { | 120 | { | 
| 121 | .name = "noout", | 121 | .name = "noout", | 
| 122 | .desc = "No output", | 122 | .desc = "No output", | 
| 123 | .type = OPTION_FLAG, | 123 | .type = OPTION_FLAG, | 
| 124 | .opt.flag = &dsaparam_config.noout, | 124 | .opt.flag = &cfg.noout, | 
| 125 | }, | 125 | }, | 
| 126 | { | 126 | { | 
| 127 | .name = "out", | 127 | .name = "out", | 
| 128 | .argname = "file", | 128 | .argname = "file", | 
| 129 | .desc = "Output file (default stdout)", | 129 | .desc = "Output file (default stdout)", | 
| 130 | .type = OPTION_ARG, | 130 | .type = OPTION_ARG, | 
| 131 | .opt.arg = &dsaparam_config.outfile, | 131 | .opt.arg = &cfg.outfile, | 
| 132 | }, | 132 | }, | 
| 133 | { | 133 | { | 
| 134 | .name = "outform", | 134 | .name = "outform", | 
| 135 | .argname = "format", | 135 | .argname = "format", | 
| 136 | .desc = "Output format (DER or PEM (default))", | 136 | .desc = "Output format (DER or PEM (default))", | 
| 137 | .type = OPTION_ARG_FORMAT, | 137 | .type = OPTION_ARG_FORMAT, | 
| 138 | .opt.value = &dsaparam_config.outformat, | 138 | .opt.value = &cfg.outformat, | 
| 139 | }, | 139 | }, | 
| 140 | { | 140 | { | 
| 141 | .name = "text", | 141 | .name = "text", | 
| 142 | .desc = "Print as text", | 142 | .desc = "Print as text", | 
| 143 | .type = OPTION_FLAG, | 143 | .type = OPTION_FLAG, | 
| 144 | .opt.flag = &dsaparam_config.text, | 144 | .opt.flag = &cfg.text, | 
| 145 | }, | 145 | }, | 
| 146 | { NULL }, | 146 | { NULL }, | 
| 147 | }; | 147 | }; | 
| @@ -174,10 +174,10 @@ dsaparam_main(int argc, char **argv) | |||
| 174 | exit(1); | 174 | exit(1); | 
| 175 | } | 175 | } | 
| 176 | 176 | ||
| 177 | memset(&dsaparam_config, 0, sizeof(dsaparam_config)); | 177 | memset(&cfg, 0, sizeof(cfg)); | 
| 178 | 178 | ||
| 179 | dsaparam_config.informat = FORMAT_PEM; | 179 | cfg.informat = FORMAT_PEM; | 
| 180 | dsaparam_config.outformat = FORMAT_PEM; | 180 | cfg.outformat = FORMAT_PEM; | 
| 181 | 181 | ||
| 182 | if (options_parse(argc, argv, dsaparam_options, &strbits, NULL) != 0) { | 182 | if (options_parse(argc, argv, dsaparam_options, &strbits, NULL) != 0) { | 
| 183 | dsaparam_usage(); | 183 | dsaparam_usage(); | 
| @@ -199,19 +199,19 @@ dsaparam_main(int argc, char **argv) | |||
| 199 | ERR_print_errors(bio_err); | 199 | ERR_print_errors(bio_err); | 
| 200 | goto end; | 200 | goto end; | 
| 201 | } | 201 | } | 
| 202 | if (dsaparam_config.infile == NULL) | 202 | if (cfg.infile == NULL) | 
| 203 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 203 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 204 | else { | 204 | else { | 
| 205 | if (BIO_read_filename(in, dsaparam_config.infile) <= 0) { | 205 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 206 | perror(dsaparam_config.infile); | 206 | perror(cfg.infile); | 
| 207 | goto end; | 207 | goto end; | 
| 208 | } | 208 | } | 
| 209 | } | 209 | } | 
| 210 | if (dsaparam_config.outfile == NULL) { | 210 | if (cfg.outfile == NULL) { | 
| 211 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 211 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 212 | } else { | 212 | } else { | 
| 213 | if (BIO_write_filename(out, dsaparam_config.outfile) <= 0) { | 213 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 214 | perror(dsaparam_config.outfile); | 214 | perror(cfg.outfile); | 
| 215 | goto end; | 215 | goto end; | 
| 216 | } | 216 | } | 
| 217 | } | 217 | } | 
| @@ -237,9 +237,9 @@ dsaparam_main(int argc, char **argv) | |||
| 237 | BIO_printf(bio_err, "Error, DSA key generation failed\n"); | 237 | BIO_printf(bio_err, "Error, DSA key generation failed\n"); | 
| 238 | goto end; | 238 | goto end; | 
| 239 | } | 239 | } | 
| 240 | } else if (dsaparam_config.informat == FORMAT_ASN1) | 240 | } else if (cfg.informat == FORMAT_ASN1) | 
| 241 | dsa = d2i_DSAparams_bio(in, NULL); | 241 | dsa = d2i_DSAparams_bio(in, NULL); | 
| 242 | else if (dsaparam_config.informat == FORMAT_PEM) | 242 | else if (cfg.informat == FORMAT_PEM) | 
| 243 | dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); | 243 | dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); | 
| 244 | else { | 244 | else { | 
| 245 | BIO_printf(bio_err, "bad input format specified\n"); | 245 | BIO_printf(bio_err, "bad input format specified\n"); | 
| @@ -250,10 +250,10 @@ dsaparam_main(int argc, char **argv) | |||
| 250 | ERR_print_errors(bio_err); | 250 | ERR_print_errors(bio_err); | 
| 251 | goto end; | 251 | goto end; | 
| 252 | } | 252 | } | 
| 253 | if (dsaparam_config.text) { | 253 | if (cfg.text) { | 
| 254 | DSAparams_print(out, dsa); | 254 | DSAparams_print(out, dsa); | 
| 255 | } | 255 | } | 
| 256 | if (dsaparam_config.C) { | 256 | if (cfg.C) { | 
| 257 | unsigned char *data; | 257 | unsigned char *data; | 
| 258 | int l, len, bits_p; | 258 | int l, len, bits_p; | 
| 259 | 259 | ||
| @@ -307,10 +307,10 @@ dsaparam_main(int argc, char **argv) | |||
| 307 | printf("\tDSA_set0_pqg(dsa, p, q, g);\n"); | 307 | printf("\tDSA_set0_pqg(dsa, p, q, g);\n"); | 
| 308 | printf("\treturn(dsa);\n\t}\n"); | 308 | printf("\treturn(dsa);\n\t}\n"); | 
| 309 | } | 309 | } | 
| 310 | if (!dsaparam_config.noout) { | 310 | if (!cfg.noout) { | 
| 311 | if (dsaparam_config.outformat == FORMAT_ASN1) | 311 | if (cfg.outformat == FORMAT_ASN1) | 
| 312 | i = i2d_DSAparams_bio(out, dsa); | 312 | i = i2d_DSAparams_bio(out, dsa); | 
| 313 | else if (dsaparam_config.outformat == FORMAT_PEM) | 313 | else if (cfg.outformat == FORMAT_PEM) | 
| 314 | i = PEM_write_bio_DSAparams(out, dsa); | 314 | i = PEM_write_bio_DSAparams(out, dsa); | 
| 315 | else { | 315 | else { | 
| 316 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 316 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 
| @@ -322,7 +322,7 @@ dsaparam_main(int argc, char **argv) | |||
| 322 | goto end; | 322 | goto end; | 
| 323 | } | 323 | } | 
| 324 | } | 324 | } | 
| 325 | if (dsaparam_config.genkey) { | 325 | if (cfg.genkey) { | 
| 326 | DSA *dsakey; | 326 | DSA *dsakey; | 
| 327 | 327 | ||
| 328 | if ((dsakey = DSAparams_dup(dsa)) == NULL) | 328 | if ((dsakey = DSAparams_dup(dsa)) == NULL) | 
| @@ -332,9 +332,9 @@ dsaparam_main(int argc, char **argv) | |||
| 332 | DSA_free(dsakey); | 332 | DSA_free(dsakey); | 
| 333 | goto end; | 333 | goto end; | 
| 334 | } | 334 | } | 
| 335 | if (dsaparam_config.outformat == FORMAT_ASN1) | 335 | if (cfg.outformat == FORMAT_ASN1) | 
| 336 | i = i2d_DSAPrivateKey_bio(out, dsakey); | 336 | i = i2d_DSAPrivateKey_bio(out, dsakey); | 
| 337 | else if (dsaparam_config.outformat == FORMAT_PEM) | 337 | else if (cfg.outformat == FORMAT_PEM) | 
| 338 | i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL, NULL); | 338 | i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL, NULL); | 
| 339 | else { | 339 | else { | 
| 340 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 340 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 
| diff --git a/src/usr.bin/openssl/ec.c b/src/usr.bin/openssl/ec.c index 3dace88d6f..c6af1263d4 100644 --- a/src/usr.bin/openssl/ec.c +++ b/src/usr.bin/openssl/ec.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec.c,v 1.15 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: ec.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Written by Nils Larsch for the OpenSSL project. | 3 | * Written by Nils Larsch for the OpenSSL project. | 
| 4 | */ | 4 | */ | 
| @@ -88,7 +88,7 @@ static struct { | |||
| 88 | int pubin; | 88 | int pubin; | 
| 89 | int pubout; | 89 | int pubout; | 
| 90 | int text; | 90 | int text; | 
| 91 | } ec_config; | 91 | } cfg; | 
| 92 | 92 | ||
| 93 | static int | 93 | static int | 
| 94 | ec_opt_enc(int argc, char **argv, int *argsused) | 94 | ec_opt_enc(int argc, char **argv, int *argsused) | 
| @@ -98,7 +98,7 @@ ec_opt_enc(int argc, char **argv, int *argsused) | |||
| 98 | if (*name++ != '-') | 98 | if (*name++ != '-') | 
| 99 | return (1); | 99 | return (1); | 
| 100 | 100 | ||
| 101 | if ((ec_config.enc = EVP_get_cipherbyname(name)) != NULL) { | 101 | if ((cfg.enc = EVP_get_cipherbyname(name)) != NULL) { | 
| 102 | *argsused = 1; | 102 | *argsused = 1; | 
| 103 | return (0); | 103 | return (0); | 
| 104 | } | 104 | } | 
| @@ -110,17 +110,17 @@ static int | |||
| 110 | ec_opt_form(char *arg) | 110 | ec_opt_form(char *arg) | 
| 111 | { | 111 | { | 
| 112 | if (strcmp(arg, "compressed") == 0) | 112 | if (strcmp(arg, "compressed") == 0) | 
| 113 | ec_config.form = POINT_CONVERSION_COMPRESSED; | 113 | cfg.form = POINT_CONVERSION_COMPRESSED; | 
| 114 | else if (strcmp(arg, "uncompressed") == 0) | 114 | else if (strcmp(arg, "uncompressed") == 0) | 
| 115 | ec_config.form = POINT_CONVERSION_UNCOMPRESSED; | 115 | cfg.form = POINT_CONVERSION_UNCOMPRESSED; | 
| 116 | else if (strcmp(arg, "hybrid") == 0) | 116 | else if (strcmp(arg, "hybrid") == 0) | 
| 117 | ec_config.form = POINT_CONVERSION_HYBRID; | 117 | cfg.form = POINT_CONVERSION_HYBRID; | 
| 118 | else { | 118 | else { | 
| 119 | fprintf(stderr, "Invalid point conversion: %s\n", arg); | 119 | fprintf(stderr, "Invalid point conversion: %s\n", arg); | 
| 120 | return (1); | 120 | return (1); | 
| 121 | } | 121 | } | 
| 122 | 122 | ||
| 123 | ec_config.new_form = 1; | 123 | cfg.new_form = 1; | 
| 124 | return (0); | 124 | return (0); | 
| 125 | } | 125 | } | 
| 126 | 126 | ||
| @@ -128,15 +128,15 @@ static int | |||
| 128 | ec_opt_named(char *arg) | 128 | ec_opt_named(char *arg) | 
| 129 | { | 129 | { | 
| 130 | if (strcmp(arg, "named_curve") == 0) | 130 | if (strcmp(arg, "named_curve") == 0) | 
| 131 | ec_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; | 131 | cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE; | 
| 132 | else if (strcmp(arg, "explicit") == 0) | 132 | else if (strcmp(arg, "explicit") == 0) | 
| 133 | ec_config.asn1_flag = 0; | 133 | cfg.asn1_flag = 0; | 
| 134 | else { | 134 | else { | 
| 135 | fprintf(stderr, "Invalid curve type: %s\n", arg); | 135 | fprintf(stderr, "Invalid curve type: %s\n", arg); | 
| 136 | return (1); | 136 | return (1); | 
| 137 | } | 137 | } | 
| 138 | 138 | ||
| 139 | ec_config.new_asn1_flag = 1; | 139 | cfg.new_asn1_flag = 1; | 
| 140 | return (0); | 140 | return (0); | 
| 141 | } | 141 | } | 
| 142 | 142 | ||
| @@ -154,34 +154,34 @@ static const struct option ec_options[] = { | |||
| 154 | .argname = "file", | 154 | .argname = "file", | 
| 155 | .desc = "Input file (default stdin)", | 155 | .desc = "Input file (default stdin)", | 
| 156 | .type = OPTION_ARG, | 156 | .type = OPTION_ARG, | 
| 157 | .opt.arg = &ec_config.infile, | 157 | .opt.arg = &cfg.infile, | 
| 158 | }, | 158 | }, | 
| 159 | { | 159 | { | 
| 160 | .name = "inform", | 160 | .name = "inform", | 
| 161 | .argname = "format", | 161 | .argname = "format", | 
| 162 | .desc = "Input format (DER or PEM (default))", | 162 | .desc = "Input format (DER or PEM (default))", | 
| 163 | .type = OPTION_ARG_FORMAT, | 163 | .type = OPTION_ARG_FORMAT, | 
| 164 | .opt.value = &ec_config.informat, | 164 | .opt.value = &cfg.informat, | 
| 165 | }, | 165 | }, | 
| 166 | { | 166 | { | 
| 167 | .name = "noout", | 167 | .name = "noout", | 
| 168 | .desc = "No output", | 168 | .desc = "No output", | 
| 169 | .type = OPTION_FLAG, | 169 | .type = OPTION_FLAG, | 
| 170 | .opt.flag = &ec_config.noout, | 170 | .opt.flag = &cfg.noout, | 
| 171 | }, | 171 | }, | 
| 172 | { | 172 | { | 
| 173 | .name = "out", | 173 | .name = "out", | 
| 174 | .argname = "file", | 174 | .argname = "file", | 
| 175 | .desc = "Output file (default stdout)", | 175 | .desc = "Output file (default stdout)", | 
| 176 | .type = OPTION_ARG, | 176 | .type = OPTION_ARG, | 
| 177 | .opt.arg = &ec_config.outfile, | 177 | .opt.arg = &cfg.outfile, | 
| 178 | }, | 178 | }, | 
| 179 | { | 179 | { | 
| 180 | .name = "outform", | 180 | .name = "outform", | 
| 181 | .argname = "format", | 181 | .argname = "format", | 
| 182 | .desc = "Output format (DER or PEM (default))", | 182 | .desc = "Output format (DER or PEM (default))", | 
| 183 | .type = OPTION_ARG_FORMAT, | 183 | .type = OPTION_ARG_FORMAT, | 
| 184 | .opt.value = &ec_config.outformat, | 184 | .opt.value = &cfg.outformat, | 
| 185 | }, | 185 | }, | 
| 186 | { | 186 | { | 
| 187 | .name = "param_enc", | 187 | .name = "param_enc", | 
| @@ -195,39 +195,39 @@ static const struct option ec_options[] = { | |||
| 195 | .name = "param_out", | 195 | .name = "param_out", | 
| 196 | .desc = "Print the elliptic curve parameters", | 196 | .desc = "Print the elliptic curve parameters", | 
| 197 | .type = OPTION_FLAG, | 197 | .type = OPTION_FLAG, | 
| 198 | .opt.flag = &ec_config.param_out, | 198 | .opt.flag = &cfg.param_out, | 
| 199 | }, | 199 | }, | 
| 200 | { | 200 | { | 
| 201 | .name = "passin", | 201 | .name = "passin", | 
| 202 | .argname = "source", | 202 | .argname = "source", | 
| 203 | .desc = "Input file passphrase source", | 203 | .desc = "Input file passphrase source", | 
| 204 | .type = OPTION_ARG, | 204 | .type = OPTION_ARG, | 
| 205 | .opt.arg = &ec_config.passargin, | 205 | .opt.arg = &cfg.passargin, | 
| 206 | }, | 206 | }, | 
| 207 | { | 207 | { | 
| 208 | .name = "passout", | 208 | .name = "passout", | 
| 209 | .argname = "source", | 209 | .argname = "source", | 
| 210 | .desc = "Output file passphrase source", | 210 | .desc = "Output file passphrase source", | 
| 211 | .type = OPTION_ARG, | 211 | .type = OPTION_ARG, | 
| 212 | .opt.arg = &ec_config.passargout, | 212 | .opt.arg = &cfg.passargout, | 
| 213 | }, | 213 | }, | 
| 214 | { | 214 | { | 
| 215 | .name = "pubin", | 215 | .name = "pubin", | 
| 216 | .desc = "Read public key instead of private key from input", | 216 | .desc = "Read public key instead of private key from input", | 
| 217 | .type = OPTION_FLAG, | 217 | .type = OPTION_FLAG, | 
| 218 | .opt.flag = &ec_config.pubin, | 218 | .opt.flag = &cfg.pubin, | 
| 219 | }, | 219 | }, | 
| 220 | { | 220 | { | 
| 221 | .name = "pubout", | 221 | .name = "pubout", | 
| 222 | .desc = "Output public key instead of private key in output", | 222 | .desc = "Output public key instead of private key in output", | 
| 223 | .type = OPTION_FLAG, | 223 | .type = OPTION_FLAG, | 
| 224 | .opt.flag = &ec_config.pubout, | 224 | .opt.flag = &cfg.pubout, | 
| 225 | }, | 225 | }, | 
| 226 | { | 226 | { | 
| 227 | .name = "text", | 227 | .name = "text", | 
| 228 | .desc = "Print the public/private key components and parameters", | 228 | .desc = "Print the public/private key components and parameters", | 
| 229 | .type = OPTION_FLAG, | 229 | .type = OPTION_FLAG, | 
| 230 | .opt.flag = &ec_config.text, | 230 | .opt.flag = &cfg.text, | 
| 231 | }, | 231 | }, | 
| 232 | { | 232 | { | 
| 233 | .name = NULL, | 233 | .name = NULL, | 
| @@ -272,19 +272,19 @@ ec_main(int argc, char **argv) | |||
| 272 | exit(1); | 272 | exit(1); | 
| 273 | } | 273 | } | 
| 274 | 274 | ||
| 275 | memset(&ec_config, 0, sizeof(ec_config)); | 275 | memset(&cfg, 0, sizeof(cfg)); | 
| 276 | 276 | ||
| 277 | ec_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; | 277 | cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE; | 
| 278 | ec_config.form = POINT_CONVERSION_UNCOMPRESSED; | 278 | cfg.form = POINT_CONVERSION_UNCOMPRESSED; | 
| 279 | ec_config.informat = FORMAT_PEM; | 279 | cfg.informat = FORMAT_PEM; | 
| 280 | ec_config.outformat = FORMAT_PEM; | 280 | cfg.outformat = FORMAT_PEM; | 
| 281 | 281 | ||
| 282 | if (options_parse(argc, argv, ec_options, NULL, NULL) != 0) { | 282 | if (options_parse(argc, argv, ec_options, NULL, NULL) != 0) { | 
| 283 | ec_usage(); | 283 | ec_usage(); | 
| 284 | goto end; | 284 | goto end; | 
| 285 | } | 285 | } | 
| 286 | 286 | ||
| 287 | if (!app_passwd(bio_err, ec_config.passargin, ec_config.passargout, | 287 | if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, | 
| 288 | &passin, &passout)) { | 288 | &passin, &passout)) { | 
| 289 | BIO_printf(bio_err, "Error getting passwords\n"); | 289 | BIO_printf(bio_err, "Error getting passwords\n"); | 
| 290 | goto end; | 290 | goto end; | 
| @@ -295,23 +295,23 @@ ec_main(int argc, char **argv) | |||
| 295 | ERR_print_errors(bio_err); | 295 | ERR_print_errors(bio_err); | 
| 296 | goto end; | 296 | goto end; | 
| 297 | } | 297 | } | 
| 298 | if (ec_config.infile == NULL) | 298 | if (cfg.infile == NULL) | 
| 299 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 299 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 300 | else { | 300 | else { | 
| 301 | if (BIO_read_filename(in, ec_config.infile) <= 0) { | 301 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 302 | perror(ec_config.infile); | 302 | perror(cfg.infile); | 
| 303 | goto end; | 303 | goto end; | 
| 304 | } | 304 | } | 
| 305 | } | 305 | } | 
| 306 | 306 | ||
| 307 | BIO_printf(bio_err, "read EC key\n"); | 307 | BIO_printf(bio_err, "read EC key\n"); | 
| 308 | if (ec_config.informat == FORMAT_ASN1) { | 308 | if (cfg.informat == FORMAT_ASN1) { | 
| 309 | if (ec_config.pubin) | 309 | if (cfg.pubin) | 
| 310 | eckey = d2i_EC_PUBKEY_bio(in, NULL); | 310 | eckey = d2i_EC_PUBKEY_bio(in, NULL); | 
| 311 | else | 311 | else | 
| 312 | eckey = d2i_ECPrivateKey_bio(in, NULL); | 312 | eckey = d2i_ECPrivateKey_bio(in, NULL); | 
| 313 | } else if (ec_config.informat == FORMAT_PEM) { | 313 | } else if (cfg.informat == FORMAT_PEM) { | 
| 314 | if (ec_config.pubin) | 314 | if (cfg.pubin) | 
| 315 | eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, | 315 | eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, | 
| 316 | NULL); | 316 | NULL); | 
| 317 | else | 317 | else | 
| @@ -326,49 +326,49 @@ ec_main(int argc, char **argv) | |||
| 326 | ERR_print_errors(bio_err); | 326 | ERR_print_errors(bio_err); | 
| 327 | goto end; | 327 | goto end; | 
| 328 | } | 328 | } | 
| 329 | if (ec_config.outfile == NULL) { | 329 | if (cfg.outfile == NULL) { | 
| 330 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 330 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 331 | } else { | 331 | } else { | 
| 332 | if (BIO_write_filename(out, ec_config.outfile) <= 0) { | 332 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 333 | perror(ec_config.outfile); | 333 | perror(cfg.outfile); | 
| 334 | goto end; | 334 | goto end; | 
| 335 | } | 335 | } | 
| 336 | } | 336 | } | 
| 337 | 337 | ||
| 338 | group = EC_KEY_get0_group(eckey); | 338 | group = EC_KEY_get0_group(eckey); | 
| 339 | 339 | ||
| 340 | if (ec_config.new_form) | 340 | if (cfg.new_form) | 
| 341 | EC_KEY_set_conv_form(eckey, ec_config.form); | 341 | EC_KEY_set_conv_form(eckey, cfg.form); | 
| 342 | 342 | ||
| 343 | if (ec_config.new_asn1_flag) | 343 | if (cfg.new_asn1_flag) | 
| 344 | EC_KEY_set_asn1_flag(eckey, ec_config.asn1_flag); | 344 | EC_KEY_set_asn1_flag(eckey, cfg.asn1_flag); | 
| 345 | 345 | ||
| 346 | if (ec_config.text) | 346 | if (cfg.text) | 
| 347 | if (!EC_KEY_print(out, eckey, 0)) { | 347 | if (!EC_KEY_print(out, eckey, 0)) { | 
| 348 | perror(ec_config.outfile); | 348 | perror(cfg.outfile); | 
| 349 | ERR_print_errors(bio_err); | 349 | ERR_print_errors(bio_err); | 
| 350 | goto end; | 350 | goto end; | 
| 351 | } | 351 | } | 
| 352 | if (ec_config.noout) { | 352 | if (cfg.noout) { | 
| 353 | ret = 0; | 353 | ret = 0; | 
| 354 | goto end; | 354 | goto end; | 
| 355 | } | 355 | } | 
| 356 | BIO_printf(bio_err, "writing EC key\n"); | 356 | BIO_printf(bio_err, "writing EC key\n"); | 
| 357 | if (ec_config.outformat == FORMAT_ASN1) { | 357 | if (cfg.outformat == FORMAT_ASN1) { | 
| 358 | if (ec_config.param_out) | 358 | if (cfg.param_out) | 
| 359 | i = i2d_ECPKParameters_bio(out, group); | 359 | i = i2d_ECPKParameters_bio(out, group); | 
| 360 | else if (ec_config.pubin || ec_config.pubout) | 360 | else if (cfg.pubin || cfg.pubout) | 
| 361 | i = i2d_EC_PUBKEY_bio(out, eckey); | 361 | i = i2d_EC_PUBKEY_bio(out, eckey); | 
| 362 | else | 362 | else | 
| 363 | i = i2d_ECPrivateKey_bio(out, eckey); | 363 | i = i2d_ECPrivateKey_bio(out, eckey); | 
| 364 | } else if (ec_config.outformat == FORMAT_PEM) { | 364 | } else if (cfg.outformat == FORMAT_PEM) { | 
| 365 | if (ec_config.param_out) | 365 | if (cfg.param_out) | 
| 366 | i = PEM_write_bio_ECPKParameters(out, group); | 366 | i = PEM_write_bio_ECPKParameters(out, group); | 
| 367 | else if (ec_config.pubin || ec_config.pubout) | 367 | else if (cfg.pubin || cfg.pubout) | 
| 368 | i = PEM_write_bio_EC_PUBKEY(out, eckey); | 368 | i = PEM_write_bio_EC_PUBKEY(out, eckey); | 
| 369 | else | 369 | else | 
| 370 | i = PEM_write_bio_ECPrivateKey(out, eckey, | 370 | i = PEM_write_bio_ECPrivateKey(out, eckey, | 
| 371 | ec_config.enc, NULL, 0, NULL, passout); | 371 | cfg.enc, NULL, 0, NULL, passout); | 
| 372 | } else { | 372 | } else { | 
| 373 | BIO_printf(bio_err, "bad output format specified for " | 373 | BIO_printf(bio_err, "bad output format specified for " | 
| 374 | "outfile\n"); | 374 | "outfile\n"); | 
| diff --git a/src/usr.bin/openssl/ecparam.c b/src/usr.bin/openssl/ecparam.c index 52ccc491fc..933cd3eb69 100644 --- a/src/usr.bin/openssl/ecparam.c +++ b/src/usr.bin/openssl/ecparam.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecparam.c,v 1.22 2022/11/11 17:07:38 joshua Exp $ */ | 1 | /* $OpenBSD: ecparam.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Written by Nils Larsch for the OpenSSL project. | 3 | * Written by Nils Larsch for the OpenSSL project. | 
| 4 | */ | 4 | */ | 
| @@ -107,21 +107,21 @@ static struct { | |||
| 107 | char *outfile; | 107 | char *outfile; | 
| 108 | int outformat; | 108 | int outformat; | 
| 109 | int text; | 109 | int text; | 
| 110 | } ecparam_config; | 110 | } cfg; | 
| 111 | 111 | ||
| 112 | static int | 112 | static int | 
| 113 | ecparam_opt_form(char *arg) | 113 | ecparam_opt_form(char *arg) | 
| 114 | { | 114 | { | 
| 115 | if (strcmp(arg, "compressed") == 0) | 115 | if (strcmp(arg, "compressed") == 0) | 
| 116 | ecparam_config.form = POINT_CONVERSION_COMPRESSED; | 116 | cfg.form = POINT_CONVERSION_COMPRESSED; | 
| 117 | else if (strcmp(arg, "uncompressed") == 0) | 117 | else if (strcmp(arg, "uncompressed") == 0) | 
| 118 | ecparam_config.form = POINT_CONVERSION_UNCOMPRESSED; | 118 | cfg.form = POINT_CONVERSION_UNCOMPRESSED; | 
| 119 | else if (strcmp(arg, "hybrid") == 0) | 119 | else if (strcmp(arg, "hybrid") == 0) | 
| 120 | ecparam_config.form = POINT_CONVERSION_HYBRID; | 120 | cfg.form = POINT_CONVERSION_HYBRID; | 
| 121 | else | 121 | else | 
| 122 | return (1); | 122 | return (1); | 
| 123 | 123 | ||
| 124 | ecparam_config.new_form = 1; | 124 | cfg.new_form = 1; | 
| 125 | return (0); | 125 | return (0); | 
| 126 | } | 126 | } | 
| 127 | 127 | ||
| @@ -129,13 +129,13 @@ static int | |||
| 129 | ecparam_opt_enctype(char *arg) | 129 | ecparam_opt_enctype(char *arg) | 
| 130 | { | 130 | { | 
| 131 | if (strcmp(arg, "explicit") == 0) | 131 | if (strcmp(arg, "explicit") == 0) | 
| 132 | ecparam_config.asn1_flag = 0; | 132 | cfg.asn1_flag = 0; | 
| 133 | else if (strcmp(arg, "named_curve") == 0) | 133 | else if (strcmp(arg, "named_curve") == 0) | 
| 134 | ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; | 134 | cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE; | 
| 135 | else | 135 | else | 
| 136 | return (1); | 136 | return (1); | 
| 137 | 137 | ||
| 138 | ecparam_config.new_asn1_flag = 1; | 138 | cfg.new_asn1_flag = 1; | 
| 139 | return (0); | 139 | return (0); | 
| 140 | } | 140 | } | 
| 141 | 141 | ||
| @@ -144,13 +144,13 @@ static const struct option ecparam_options[] = { | |||
| 144 | .name = "C", | 144 | .name = "C", | 
| 145 | .desc = "Convert the EC parameters into C code", | 145 | .desc = "Convert the EC parameters into C code", | 
| 146 | .type = OPTION_FLAG, | 146 | .type = OPTION_FLAG, | 
| 147 | .opt.flag = &ecparam_config.C, | 147 | .opt.flag = &cfg.C, | 
| 148 | }, | 148 | }, | 
| 149 | { | 149 | { | 
| 150 | .name = "check", | 150 | .name = "check", | 
| 151 | .desc = "Validate the elliptic curve parameters", | 151 | .desc = "Validate the elliptic curve parameters", | 
| 152 | .type = OPTION_FLAG, | 152 | .type = OPTION_FLAG, | 
| 153 | .opt.flag = &ecparam_config.check, | 153 | .opt.flag = &cfg.check, | 
| 154 | }, | 154 | }, | 
| 155 | { | 155 | { | 
| 156 | .name = "conv_form", | 156 | .name = "conv_form", | 
| @@ -165,61 +165,61 @@ static const struct option ecparam_options[] = { | |||
| 165 | .desc = "Generate an EC private key using the specified " | 165 | .desc = "Generate an EC private key using the specified " | 
| 166 | "parameters", | 166 | "parameters", | 
| 167 | .type = OPTION_FLAG, | 167 | .type = OPTION_FLAG, | 
| 168 | .opt.flag = &ecparam_config.genkey, | 168 | .opt.flag = &cfg.genkey, | 
| 169 | }, | 169 | }, | 
| 170 | { | 170 | { | 
| 171 | .name = "in", | 171 | .name = "in", | 
| 172 | .argname = "file", | 172 | .argname = "file", | 
| 173 | .desc = "Input file to read parameters from (default stdin)", | 173 | .desc = "Input file to read parameters from (default stdin)", | 
| 174 | .type = OPTION_ARG, | 174 | .type = OPTION_ARG, | 
| 175 | .opt.arg = &ecparam_config.infile, | 175 | .opt.arg = &cfg.infile, | 
| 176 | }, | 176 | }, | 
| 177 | { | 177 | { | 
| 178 | .name = "inform", | 178 | .name = "inform", | 
| 179 | .argname = "format", | 179 | .argname = "format", | 
| 180 | .desc = "Input format (DER or PEM)", | 180 | .desc = "Input format (DER or PEM)", | 
| 181 | .type = OPTION_ARG_FORMAT, | 181 | .type = OPTION_ARG_FORMAT, | 
| 182 | .opt.value = &ecparam_config.informat, | 182 | .opt.value = &cfg.informat, | 
| 183 | }, | 183 | }, | 
| 184 | { | 184 | { | 
| 185 | .name = "list_curves", | 185 | .name = "list_curves", | 
| 186 | .desc = "Print list of all currently implemented EC " | 186 | .desc = "Print list of all currently implemented EC " | 
| 187 | "parameter names", | 187 | "parameter names", | 
| 188 | .type = OPTION_FLAG, | 188 | .type = OPTION_FLAG, | 
| 189 | .opt.flag = &ecparam_config.list_curves, | 189 | .opt.flag = &cfg.list_curves, | 
| 190 | }, | 190 | }, | 
| 191 | { | 191 | { | 
| 192 | .name = "name", | 192 | .name = "name", | 
| 193 | .argname = "curve", | 193 | .argname = "curve", | 
| 194 | .desc = "Use the EC parameters with the specified name", | 194 | .desc = "Use the EC parameters with the specified name", | 
| 195 | .type = OPTION_ARG, | 195 | .type = OPTION_ARG, | 
| 196 | .opt.arg = &ecparam_config.curve_name, | 196 | .opt.arg = &cfg.curve_name, | 
| 197 | }, | 197 | }, | 
| 198 | { | 198 | { | 
| 199 | .name = "no_seed", | 199 | .name = "no_seed", | 
| 200 | .desc = "Do not output seed with explicit parameter encoding", | 200 | .desc = "Do not output seed with explicit parameter encoding", | 
| 201 | .type = OPTION_FLAG, | 201 | .type = OPTION_FLAG, | 
| 202 | .opt.flag = &ecparam_config.no_seed, | 202 | .opt.flag = &cfg.no_seed, | 
| 203 | }, | 203 | }, | 
| 204 | { | 204 | { | 
| 205 | .name = "noout", | 205 | .name = "noout", | 
| 206 | .desc = "Do not output encoded version of EC parameters", | 206 | .desc = "Do not output encoded version of EC parameters", | 
| 207 | .type = OPTION_FLAG, | 207 | .type = OPTION_FLAG, | 
| 208 | .opt.flag = &ecparam_config.noout, | 208 | .opt.flag = &cfg.noout, | 
| 209 | }, | 209 | }, | 
| 210 | { | 210 | { | 
| 211 | .name = "out", | 211 | .name = "out", | 
| 212 | .argname = "file", | 212 | .argname = "file", | 
| 213 | .desc = "Output file to write parameters to (default stdout)", | 213 | .desc = "Output file to write parameters to (default stdout)", | 
| 214 | .type = OPTION_ARG, | 214 | .type = OPTION_ARG, | 
| 215 | .opt.arg = &ecparam_config.outfile, | 215 | .opt.arg = &cfg.outfile, | 
| 216 | }, | 216 | }, | 
| 217 | { | 217 | { | 
| 218 | .name = "outform", | 218 | .name = "outform", | 
| 219 | .argname = "format", | 219 | .argname = "format", | 
| 220 | .desc = "Output format (DER or PEM)", | 220 | .desc = "Output format (DER or PEM)", | 
| 221 | .type = OPTION_ARG_FORMAT, | 221 | .type = OPTION_ARG_FORMAT, | 
| 222 | .opt.value = &ecparam_config.outformat, | 222 | .opt.value = &cfg.outformat, | 
| 223 | }, | 223 | }, | 
| 224 | { | 224 | { | 
| 225 | .name = "param_enc", | 225 | .name = "param_enc", | 
| @@ -233,7 +233,7 @@ static const struct option ecparam_options[] = { | |||
| 233 | .name = "text", | 233 | .name = "text", | 
| 234 | .desc = "Print out the EC parameters in human readable form", | 234 | .desc = "Print out the EC parameters in human readable form", | 
| 235 | .type = OPTION_FLAG, | 235 | .type = OPTION_FLAG, | 
| 236 | .opt.flag = &ecparam_config.text, | 236 | .opt.flag = &cfg.text, | 
| 237 | }, | 237 | }, | 
| 238 | {NULL}, | 238 | {NULL}, | 
| 239 | }; | 239 | }; | 
| @@ -264,11 +264,11 @@ ecparam_main(int argc, char **argv) | |||
| 264 | exit(1); | 264 | exit(1); | 
| 265 | } | 265 | } | 
| 266 | 266 | ||
| 267 | memset(&ecparam_config, 0, sizeof(ecparam_config)); | 267 | memset(&cfg, 0, sizeof(cfg)); | 
| 268 | ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; | 268 | cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE; | 
| 269 | ecparam_config.form = POINT_CONVERSION_UNCOMPRESSED; | 269 | cfg.form = POINT_CONVERSION_UNCOMPRESSED; | 
| 270 | ecparam_config.informat = FORMAT_PEM; | 270 | cfg.informat = FORMAT_PEM; | 
| 271 | ecparam_config.outformat = FORMAT_PEM; | 271 | cfg.outformat = FORMAT_PEM; | 
| 272 | 272 | ||
| 273 | if (options_parse(argc, argv, ecparam_options, NULL, NULL) != 0) { | 273 | if (options_parse(argc, argv, ecparam_options, NULL, NULL) != 0) { | 
| 274 | ecparam_usage(); | 274 | ecparam_usage(); | 
| @@ -281,24 +281,24 @@ ecparam_main(int argc, char **argv) | |||
| 281 | ERR_print_errors(bio_err); | 281 | ERR_print_errors(bio_err); | 
| 282 | goto end; | 282 | goto end; | 
| 283 | } | 283 | } | 
| 284 | if (ecparam_config.infile == NULL) | 284 | if (cfg.infile == NULL) | 
| 285 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 285 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 286 | else { | 286 | else { | 
| 287 | if (BIO_read_filename(in, ecparam_config.infile) <= 0) { | 287 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 288 | perror(ecparam_config.infile); | 288 | perror(cfg.infile); | 
| 289 | goto end; | 289 | goto end; | 
| 290 | } | 290 | } | 
| 291 | } | 291 | } | 
| 292 | if (ecparam_config.outfile == NULL) { | 292 | if (cfg.outfile == NULL) { | 
| 293 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 293 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 294 | } else { | 294 | } else { | 
| 295 | if (BIO_write_filename(out, ecparam_config.outfile) <= 0) { | 295 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 296 | perror(ecparam_config.outfile); | 296 | perror(cfg.outfile); | 
| 297 | goto end; | 297 | goto end; | 
| 298 | } | 298 | } | 
| 299 | } | 299 | } | 
| 300 | 300 | ||
| 301 | if (ecparam_config.list_curves) { | 301 | if (cfg.list_curves) { | 
| 302 | EC_builtin_curve *curves = NULL; | 302 | EC_builtin_curve *curves = NULL; | 
| 303 | size_t crv_len = 0; | 303 | size_t crv_len = 0; | 
| 304 | size_t n = 0; | 304 | size_t n = 0; | 
| @@ -331,7 +331,7 @@ ecparam_main(int argc, char **argv) | |||
| 331 | ret = 0; | 331 | ret = 0; | 
| 332 | goto end; | 332 | goto end; | 
| 333 | } | 333 | } | 
| 334 | if (ecparam_config.curve_name != NULL) { | 334 | if (cfg.curve_name != NULL) { | 
| 335 | int nid; | 335 | int nid; | 
| 336 | 336 | ||
| 337 | /* | 337 | /* | 
| @@ -339,36 +339,36 @@ ecparam_main(int argc, char **argv) | |||
| 339 | * secp256r1 (which are the same as the curves prime192v1 and | 339 | * secp256r1 (which are the same as the curves prime192v1 and | 
| 340 | * prime256v1 defined in X9.62) | 340 | * prime256v1 defined in X9.62) | 
| 341 | */ | 341 | */ | 
| 342 | if (!strcmp(ecparam_config.curve_name, "secp192r1")) { | 342 | if (!strcmp(cfg.curve_name, "secp192r1")) { | 
| 343 | BIO_printf(bio_err, "using curve name prime192v1 " | 343 | BIO_printf(bio_err, "using curve name prime192v1 " | 
| 344 | "instead of secp192r1\n"); | 344 | "instead of secp192r1\n"); | 
| 345 | nid = NID_X9_62_prime192v1; | 345 | nid = NID_X9_62_prime192v1; | 
| 346 | } else if (!strcmp(ecparam_config.curve_name, "secp256r1")) { | 346 | } else if (!strcmp(cfg.curve_name, "secp256r1")) { | 
| 347 | BIO_printf(bio_err, "using curve name prime256v1 " | 347 | BIO_printf(bio_err, "using curve name prime256v1 " | 
| 348 | "instead of secp256r1\n"); | 348 | "instead of secp256r1\n"); | 
| 349 | nid = NID_X9_62_prime256v1; | 349 | nid = NID_X9_62_prime256v1; | 
| 350 | } else | 350 | } else | 
| 351 | nid = OBJ_sn2nid(ecparam_config.curve_name); | 351 | nid = OBJ_sn2nid(cfg.curve_name); | 
| 352 | 352 | ||
| 353 | if (nid == 0) | 353 | if (nid == 0) | 
| 354 | nid = EC_curve_nist2nid(ecparam_config.curve_name); | 354 | nid = EC_curve_nist2nid(cfg.curve_name); | 
| 355 | 355 | ||
| 356 | if (nid == 0) { | 356 | if (nid == 0) { | 
| 357 | BIO_printf(bio_err, "unknown curve name (%s)\n", | 357 | BIO_printf(bio_err, "unknown curve name (%s)\n", | 
| 358 | ecparam_config.curve_name); | 358 | cfg.curve_name); | 
| 359 | goto end; | 359 | goto end; | 
| 360 | } | 360 | } | 
| 361 | group = EC_GROUP_new_by_curve_name(nid); | 361 | group = EC_GROUP_new_by_curve_name(nid); | 
| 362 | if (group == NULL) { | 362 | if (group == NULL) { | 
| 363 | BIO_printf(bio_err, "unable to create curve (%s)\n", | 363 | BIO_printf(bio_err, "unable to create curve (%s)\n", | 
| 364 | ecparam_config.curve_name); | 364 | cfg.curve_name); | 
| 365 | goto end; | 365 | goto end; | 
| 366 | } | 366 | } | 
| 367 | EC_GROUP_set_asn1_flag(group, ecparam_config.asn1_flag); | 367 | EC_GROUP_set_asn1_flag(group, cfg.asn1_flag); | 
| 368 | EC_GROUP_set_point_conversion_form(group, ecparam_config.form); | 368 | EC_GROUP_set_point_conversion_form(group, cfg.form); | 
| 369 | } else if (ecparam_config.informat == FORMAT_ASN1) { | 369 | } else if (cfg.informat == FORMAT_ASN1) { | 
| 370 | group = d2i_ECPKParameters_bio(in, NULL); | 370 | group = d2i_ECPKParameters_bio(in, NULL); | 
| 371 | } else if (ecparam_config.informat == FORMAT_PEM) { | 371 | } else if (cfg.informat == FORMAT_PEM) { | 
| 372 | group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); | 372 | group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); | 
| 373 | } else { | 373 | } else { | 
| 374 | BIO_printf(bio_err, "bad input format specified\n"); | 374 | BIO_printf(bio_err, "bad input format specified\n"); | 
| @@ -381,20 +381,20 @@ ecparam_main(int argc, char **argv) | |||
| 381 | ERR_print_errors(bio_err); | 381 | ERR_print_errors(bio_err); | 
| 382 | goto end; | 382 | goto end; | 
| 383 | } | 383 | } | 
| 384 | if (ecparam_config.new_form) | 384 | if (cfg.new_form) | 
| 385 | EC_GROUP_set_point_conversion_form(group, ecparam_config.form); | 385 | EC_GROUP_set_point_conversion_form(group, cfg.form); | 
| 386 | 386 | ||
| 387 | if (ecparam_config.new_asn1_flag) | 387 | if (cfg.new_asn1_flag) | 
| 388 | EC_GROUP_set_asn1_flag(group, ecparam_config.asn1_flag); | 388 | EC_GROUP_set_asn1_flag(group, cfg.asn1_flag); | 
| 389 | 389 | ||
| 390 | if (ecparam_config.no_seed) | 390 | if (cfg.no_seed) | 
| 391 | EC_GROUP_set_seed(group, NULL, 0); | 391 | EC_GROUP_set_seed(group, NULL, 0); | 
| 392 | 392 | ||
| 393 | if (ecparam_config.text) { | 393 | if (cfg.text) { | 
| 394 | if (!ECPKParameters_print(out, group, 0)) | 394 | if (!ECPKParameters_print(out, group, 0)) | 
| 395 | goto end; | 395 | goto end; | 
| 396 | } | 396 | } | 
| 397 | if (ecparam_config.check) { | 397 | if (cfg.check) { | 
| 398 | BIO_printf(bio_err, "checking elliptic curve parameters: "); | 398 | BIO_printf(bio_err, "checking elliptic curve parameters: "); | 
| 399 | if (!EC_GROUP_check(group, NULL)) { | 399 | if (!EC_GROUP_check(group, NULL)) { | 
| 400 | BIO_printf(bio_err, "failed\n"); | 400 | BIO_printf(bio_err, "failed\n"); | 
| @@ -403,7 +403,7 @@ ecparam_main(int argc, char **argv) | |||
| 403 | BIO_printf(bio_err, "ok\n"); | 403 | BIO_printf(bio_err, "ok\n"); | 
| 404 | 404 | ||
| 405 | } | 405 | } | 
| 406 | if (ecparam_config.C) { | 406 | if (cfg.C) { | 
| 407 | size_t buf_len = 0, tmp_len = 0; | 407 | size_t buf_len = 0, tmp_len = 0; | 
| 408 | const EC_POINT *point; | 408 | const EC_POINT *point; | 
| 409 | int is_prime, len = 0; | 409 | int is_prime, len = 0; | 
| @@ -516,10 +516,10 @@ ecparam_main(int argc, char **argv) | |||
| 516 | BIO_printf(out, "\t\t}\n"); | 516 | BIO_printf(out, "\t\t}\n"); | 
| 517 | BIO_printf(out, "\treturn(group);\n\t}\n"); | 517 | BIO_printf(out, "\treturn(group);\n\t}\n"); | 
| 518 | } | 518 | } | 
| 519 | if (!ecparam_config.noout) { | 519 | if (!cfg.noout) { | 
| 520 | if (ecparam_config.outformat == FORMAT_ASN1) | 520 | if (cfg.outformat == FORMAT_ASN1) | 
| 521 | i = i2d_ECPKParameters_bio(out, group); | 521 | i = i2d_ECPKParameters_bio(out, group); | 
| 522 | else if (ecparam_config.outformat == FORMAT_PEM) | 522 | else if (cfg.outformat == FORMAT_PEM) | 
| 523 | i = PEM_write_bio_ECPKParameters(out, group); | 523 | i = PEM_write_bio_ECPKParameters(out, group); | 
| 524 | else { | 524 | else { | 
| 525 | BIO_printf(bio_err, "bad output format specified for" | 525 | BIO_printf(bio_err, "bad output format specified for" | 
| @@ -533,7 +533,7 @@ ecparam_main(int argc, char **argv) | |||
| 533 | goto end; | 533 | goto end; | 
| 534 | } | 534 | } | 
| 535 | } | 535 | } | 
| 536 | if (ecparam_config.genkey) { | 536 | if (cfg.genkey) { | 
| 537 | EC_KEY *eckey = EC_KEY_new(); | 537 | EC_KEY *eckey = EC_KEY_new(); | 
| 538 | 538 | ||
| 539 | if (eckey == NULL) | 539 | if (eckey == NULL) | 
| @@ -548,9 +548,9 @@ ecparam_main(int argc, char **argv) | |||
| 548 | EC_KEY_free(eckey); | 548 | EC_KEY_free(eckey); | 
| 549 | goto end; | 549 | goto end; | 
| 550 | } | 550 | } | 
| 551 | if (ecparam_config.outformat == FORMAT_ASN1) | 551 | if (cfg.outformat == FORMAT_ASN1) | 
| 552 | i = i2d_ECPrivateKey_bio(out, eckey); | 552 | i = i2d_ECPrivateKey_bio(out, eckey); | 
| 553 | else if (ecparam_config.outformat == FORMAT_PEM) | 553 | else if (cfg.outformat == FORMAT_PEM) | 
| 554 | i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, | 554 | i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, | 
| 555 | NULL, 0, NULL, NULL); | 555 | NULL, 0, NULL, NULL); | 
| 556 | else { | 556 | else { | 
| diff --git a/src/usr.bin/openssl/enc.c b/src/usr.bin/openssl/enc.c index 6be0a30dec..b80a177cd8 100644 --- a/src/usr.bin/openssl/enc.c +++ b/src/usr.bin/openssl/enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: enc.c,v 1.26 2023/03/04 21:58:54 tb Exp $ */ | 1 | /* $OpenBSD: enc.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -100,7 +100,7 @@ static struct { | |||
| 100 | int pbkdf2; | 100 | int pbkdf2; | 
| 101 | int printkey; | 101 | int printkey; | 
| 102 | int verbose; | 102 | int verbose; | 
| 103 | } enc_config; | 103 | } cfg; | 
| 104 | 104 | ||
| 105 | static int | 105 | static int | 
| 106 | enc_opt_cipher(int argc, char **argv, int *argsused) | 106 | enc_opt_cipher(int argc, char **argv, int *argsused) | 
| @@ -111,12 +111,12 @@ enc_opt_cipher(int argc, char **argv, int *argsused) | |||
| 111 | return (1); | 111 | return (1); | 
| 112 | 112 | ||
| 113 | if (strcmp(name, "none") == 0) { | 113 | if (strcmp(name, "none") == 0) { | 
| 114 | enc_config.cipher = NULL; | 114 | cfg.cipher = NULL; | 
| 115 | *argsused = 1; | 115 | *argsused = 1; | 
| 116 | return (0); | 116 | return (0); | 
| 117 | } | 117 | } | 
| 118 | 118 | ||
| 119 | if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) { | 119 | if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) { | 
| 120 | *argsused = 1; | 120 | *argsused = 1; | 
| 121 | return (0); | 121 | return (0); | 
| 122 | } | 122 | } | 
| @@ -129,44 +129,44 @@ static const struct option enc_options[] = { | |||
| 129 | .name = "A", | 129 | .name = "A", | 
| 130 | .desc = "Process base64 data on one line (requires -a)", | 130 | .desc = "Process base64 data on one line (requires -a)", | 
| 131 | .type = OPTION_FLAG, | 131 | .type = OPTION_FLAG, | 
| 132 | .opt.flag = &enc_config.olb64, | 132 | .opt.flag = &cfg.olb64, | 
| 133 | }, | 133 | }, | 
| 134 | { | 134 | { | 
| 135 | .name = "a", | 135 | .name = "a", | 
| 136 | .desc = "Perform base64 encoding/decoding (alias -base64)", | 136 | .desc = "Perform base64 encoding/decoding (alias -base64)", | 
| 137 | .type = OPTION_FLAG, | 137 | .type = OPTION_FLAG, | 
| 138 | .opt.flag = &enc_config.base64, | 138 | .opt.flag = &cfg.base64, | 
| 139 | }, | 139 | }, | 
| 140 | { | 140 | { | 
| 141 | .name = "base64", | 141 | .name = "base64", | 
| 142 | .type = OPTION_FLAG, | 142 | .type = OPTION_FLAG, | 
| 143 | .opt.flag = &enc_config.base64, | 143 | .opt.flag = &cfg.base64, | 
| 144 | }, | 144 | }, | 
| 145 | { | 145 | { | 
| 146 | .name = "bufsize", | 146 | .name = "bufsize", | 
| 147 | .argname = "size", | 147 | .argname = "size", | 
| 148 | .desc = "Specify the buffer size to use for I/O", | 148 | .desc = "Specify the buffer size to use for I/O", | 
| 149 | .type = OPTION_ARG, | 149 | .type = OPTION_ARG, | 
| 150 | .opt.arg = &enc_config.bufsize, | 150 | .opt.arg = &cfg.bufsize, | 
| 151 | }, | 151 | }, | 
| 152 | { | 152 | { | 
| 153 | .name = "d", | 153 | .name = "d", | 
| 154 | .desc = "Decrypt the input data", | 154 | .desc = "Decrypt the input data", | 
| 155 | .type = OPTION_VALUE, | 155 | .type = OPTION_VALUE, | 
| 156 | .opt.value = &enc_config.enc, | 156 | .opt.value = &cfg.enc, | 
| 157 | .value = 0, | 157 | .value = 0, | 
| 158 | }, | 158 | }, | 
| 159 | { | 159 | { | 
| 160 | .name = "debug", | 160 | .name = "debug", | 
| 161 | .desc = "Print debugging information", | 161 | .desc = "Print debugging information", | 
| 162 | .type = OPTION_FLAG, | 162 | .type = OPTION_FLAG, | 
| 163 | .opt.flag = &enc_config.debug, | 163 | .opt.flag = &cfg.debug, | 
| 164 | }, | 164 | }, | 
| 165 | { | 165 | { | 
| 166 | .name = "e", | 166 | .name = "e", | 
| 167 | .desc = "Encrypt the input data (default)", | 167 | .desc = "Encrypt the input data (default)", | 
| 168 | .type = OPTION_VALUE, | 168 | .type = OPTION_VALUE, | 
| 169 | .opt.value = &enc_config.enc, | 169 | .opt.value = &cfg.enc, | 
| 170 | .value = 1, | 170 | .value = 1, | 
| 171 | }, | 171 | }, | 
| 172 | { | 172 | { | 
| @@ -174,45 +174,45 @@ static const struct option enc_options[] = { | |||
| 174 | .argname = "file", | 174 | .argname = "file", | 
| 175 | .desc = "Input file to read from (default stdin)", | 175 | .desc = "Input file to read from (default stdin)", | 
| 176 | .type = OPTION_ARG, | 176 | .type = OPTION_ARG, | 
| 177 | .opt.arg = &enc_config.inf, | 177 | .opt.arg = &cfg.inf, | 
| 178 | }, | 178 | }, | 
| 179 | { | 179 | { | 
| 180 | .name = "iter", | 180 | .name = "iter", | 
| 181 | .argname = "iterations", | 181 | .argname = "iterations", | 
| 182 | .desc = "Specify iteration count and force use of PBKDF2", | 182 | .desc = "Specify iteration count and force use of PBKDF2", | 
| 183 | .type = OPTION_ARG_INT, | 183 | .type = OPTION_ARG_INT, | 
| 184 | .opt.value = &enc_config.iter, | 184 | .opt.value = &cfg.iter, | 
| 185 | }, | 185 | }, | 
| 186 | { | 186 | { | 
| 187 | .name = "iv", | 187 | .name = "iv", | 
| 188 | .argname = "IV", | 188 | .argname = "IV", | 
| 189 | .desc = "IV to use, specified as a hexadecimal string", | 189 | .desc = "IV to use, specified as a hexadecimal string", | 
| 190 | .type = OPTION_ARG, | 190 | .type = OPTION_ARG, | 
| 191 | .opt.arg = &enc_config.hiv, | 191 | .opt.arg = &cfg.hiv, | 
| 192 | }, | 192 | }, | 
| 193 | { | 193 | { | 
| 194 | .name = "K", | 194 | .name = "K", | 
| 195 | .argname = "key", | 195 | .argname = "key", | 
| 196 | .desc = "Key to use, specified as a hexadecimal string", | 196 | .desc = "Key to use, specified as a hexadecimal string", | 
| 197 | .type = OPTION_ARG, | 197 | .type = OPTION_ARG, | 
| 198 | .opt.arg = &enc_config.hkey, | 198 | .opt.arg = &cfg.hkey, | 
| 199 | }, | 199 | }, | 
| 200 | { | 200 | { | 
| 201 | .name = "k", /* Superseded by -pass. */ | 201 | .name = "k", /* Superseded by -pass. */ | 
| 202 | .type = OPTION_ARG, | 202 | .type = OPTION_ARG, | 
| 203 | .opt.arg = &enc_config.keystr, | 203 | .opt.arg = &cfg.keystr, | 
| 204 | }, | 204 | }, | 
| 205 | { | 205 | { | 
| 206 | .name = "kfile", /* Superseded by -pass. */ | 206 | .name = "kfile", /* Superseded by -pass. */ | 
| 207 | .type = OPTION_ARG, | 207 | .type = OPTION_ARG, | 
| 208 | .opt.arg = &enc_config.keyfile, | 208 | .opt.arg = &cfg.keyfile, | 
| 209 | }, | 209 | }, | 
| 210 | { | 210 | { | 
| 211 | .name = "md", | 211 | .name = "md", | 
| 212 | .argname = "digest", | 212 | .argname = "digest", | 
| 213 | .desc = "Digest to use to create a key from the passphrase", | 213 | .desc = "Digest to use to create a key from the passphrase", | 
| 214 | .type = OPTION_ARG, | 214 | .type = OPTION_ARG, | 
| 215 | .opt.arg = &enc_config.md, | 215 | .opt.arg = &cfg.md, | 
| 216 | }, | 216 | }, | 
| 217 | { | 217 | { | 
| 218 | .name = "none", | 218 | .name = "none", | 
| @@ -224,12 +224,12 @@ static const struct option enc_options[] = { | |||
| 224 | .name = "nopad", | 224 | .name = "nopad", | 
| 225 | .desc = "Disable standard block padding", | 225 | .desc = "Disable standard block padding", | 
| 226 | .type = OPTION_FLAG, | 226 | .type = OPTION_FLAG, | 
| 227 | .opt.flag = &enc_config.nopad, | 227 | .opt.flag = &cfg.nopad, | 
| 228 | }, | 228 | }, | 
| 229 | { | 229 | { | 
| 230 | .name = "nosalt", | 230 | .name = "nosalt", | 
| 231 | .type = OPTION_VALUE, | 231 | .type = OPTION_VALUE, | 
| 232 | .opt.value = &enc_config.nosalt, | 232 | .opt.value = &cfg.nosalt, | 
| 233 | .value = 1, | 233 | .value = 1, | 
| 234 | }, | 234 | }, | 
| 235 | { | 235 | { | 
| @@ -237,21 +237,21 @@ static const struct option enc_options[] = { | |||
| 237 | .argname = "file", | 237 | .argname = "file", | 
| 238 | .desc = "Output file to write to (default stdout)", | 238 | .desc = "Output file to write to (default stdout)", | 
| 239 | .type = OPTION_ARG, | 239 | .type = OPTION_ARG, | 
| 240 | .opt.arg = &enc_config.outf, | 240 | .opt.arg = &cfg.outf, | 
| 241 | }, | 241 | }, | 
| 242 | { | 242 | { | 
| 243 | .name = "P", | 243 | .name = "P", | 
| 244 | .desc = "Print out the salt, key and IV used, then exit\n" | 244 | .desc = "Print out the salt, key and IV used, then exit\n" | 
| 245 | " (no encryption or decryption is performed)", | 245 | " (no encryption or decryption is performed)", | 
| 246 | .type = OPTION_VALUE, | 246 | .type = OPTION_VALUE, | 
| 247 | .opt.value = &enc_config.printkey, | 247 | .opt.value = &cfg.printkey, | 
| 248 | .value = 2, | 248 | .value = 2, | 
| 249 | }, | 249 | }, | 
| 250 | { | 250 | { | 
| 251 | .name = "p", | 251 | .name = "p", | 
| 252 | .desc = "Print out the salt, key and IV used", | 252 | .desc = "Print out the salt, key and IV used", | 
| 253 | .type = OPTION_VALUE, | 253 | .type = OPTION_VALUE, | 
| 254 | .opt.value = &enc_config.printkey, | 254 | .opt.value = &cfg.printkey, | 
| 255 | .value = 1, | 255 | .value = 1, | 
| 256 | }, | 256 | }, | 
| 257 | { | 257 | { | 
| @@ -259,40 +259,40 @@ static const struct option enc_options[] = { | |||
| 259 | .argname = "source", | 259 | .argname = "source", | 
| 260 | .desc = "Password source", | 260 | .desc = "Password source", | 
| 261 | .type = OPTION_ARG, | 261 | .type = OPTION_ARG, | 
| 262 | .opt.arg = &enc_config.passarg, | 262 | .opt.arg = &cfg.passarg, | 
| 263 | }, | 263 | }, | 
| 264 | { | 264 | { | 
| 265 | .name = "pbkdf2", | 265 | .name = "pbkdf2", | 
| 266 | .desc = "Use the pbkdf2 key derivation function", | 266 | .desc = "Use the pbkdf2 key derivation function", | 
| 267 | .type = OPTION_FLAG, | 267 | .type = OPTION_FLAG, | 
| 268 | .opt.flag = &enc_config.pbkdf2, | 268 | .opt.flag = &cfg.pbkdf2, | 
| 269 | }, | 269 | }, | 
| 270 | { | 270 | { | 
| 271 | .name = "S", | 271 | .name = "S", | 
| 272 | .argname = "salt", | 272 | .argname = "salt", | 
| 273 | .desc = "Salt to use, specified as a hexadecimal string", | 273 | .desc = "Salt to use, specified as a hexadecimal string", | 
| 274 | .type = OPTION_ARG, | 274 | .type = OPTION_ARG, | 
| 275 | .opt.arg = &enc_config.hsalt, | 275 | .opt.arg = &cfg.hsalt, | 
| 276 | }, | 276 | }, | 
| 277 | { | 277 | { | 
| 278 | .name = "salt", | 278 | .name = "salt", | 
| 279 | .desc = "Use a salt in the key derivation routines (default)", | 279 | .desc = "Use a salt in the key derivation routines (default)", | 
| 280 | .type = OPTION_VALUE, | 280 | .type = OPTION_VALUE, | 
| 281 | .opt.value = &enc_config.nosalt, | 281 | .opt.value = &cfg.nosalt, | 
| 282 | .value = 0, | 282 | .value = 0, | 
| 283 | }, | 283 | }, | 
| 284 | { | 284 | { | 
| 285 | .name = "v", | 285 | .name = "v", | 
| 286 | .desc = "Verbose", | 286 | .desc = "Verbose", | 
| 287 | .type = OPTION_FLAG, | 287 | .type = OPTION_FLAG, | 
| 288 | .opt.flag = &enc_config.verbose, | 288 | .opt.flag = &cfg.verbose, | 
| 289 | }, | 289 | }, | 
| 290 | #ifdef ZLIB | 290 | #ifdef ZLIB | 
| 291 | { | 291 | { | 
| 292 | .name = "z", | 292 | .name = "z", | 
| 293 | .desc = "Perform zlib compression/decompression", | 293 | .desc = "Perform zlib compression/decompression", | 
| 294 | .type = OPTION_FLAG, | 294 | .type = OPTION_FLAG, | 
| 295 | .opt.flag = &enc_config.do_zlib, | 295 | .opt.flag = &cfg.do_zlib, | 
| 296 | }, | 296 | }, | 
| 297 | #endif | 297 | #endif | 
| 298 | { | 298 | { | 
| @@ -365,27 +365,27 @@ enc_main(int argc, char **argv) | |||
| 365 | exit(1); | 365 | exit(1); | 
| 366 | } | 366 | } | 
| 367 | 367 | ||
| 368 | memset(&enc_config, 0, sizeof(enc_config)); | 368 | memset(&cfg, 0, sizeof(cfg)); | 
| 369 | enc_config.enc = 1; | 369 | cfg.enc = 1; | 
| 370 | 370 | ||
| 371 | /* first check the program name */ | 371 | /* first check the program name */ | 
| 372 | program_name(argv[0], pname, sizeof(pname)); | 372 | program_name(argv[0], pname, sizeof(pname)); | 
| 373 | 373 | ||
| 374 | if (strcmp(pname, "base64") == 0) | 374 | if (strcmp(pname, "base64") == 0) | 
| 375 | enc_config.base64 = 1; | 375 | cfg.base64 = 1; | 
| 376 | 376 | ||
| 377 | #ifdef ZLIB | 377 | #ifdef ZLIB | 
| 378 | if (strcmp(pname, "zlib") == 0) | 378 | if (strcmp(pname, "zlib") == 0) | 
| 379 | enc_config.do_zlib = 1; | 379 | cfg.do_zlib = 1; | 
| 380 | #endif | 380 | #endif | 
| 381 | 381 | ||
| 382 | enc_config.cipher = EVP_get_cipherbyname(pname); | 382 | cfg.cipher = EVP_get_cipherbyname(pname); | 
| 383 | 383 | ||
| 384 | #ifdef ZLIB | 384 | #ifdef ZLIB | 
| 385 | if (!enc_config.do_zlib && !enc_config.base64 && | 385 | if (!cfg.do_zlib && !cfg.base64 && | 
| 386 | enc_config.cipher == NULL && strcmp(pname, "enc") != 0) | 386 | cfg.cipher == NULL && strcmp(pname, "enc") != 0) | 
| 387 | #else | 387 | #else | 
| 388 | if (!enc_config.base64 && enc_config.cipher == NULL && | 388 | if (!cfg.base64 && cfg.cipher == NULL && | 
| 389 | strcmp(pname, "enc") != 0) | 389 | strcmp(pname, "enc") != 0) | 
| 390 | #endif | 390 | #endif | 
| 391 | { | 391 | { | 
| @@ -398,20 +398,20 @@ enc_main(int argc, char **argv) | |||
| 398 | goto end; | 398 | goto end; | 
| 399 | } | 399 | } | 
| 400 | 400 | ||
| 401 | if (enc_config.keyfile != NULL) { | 401 | if (cfg.keyfile != NULL) { | 
| 402 | static char buf[128]; | 402 | static char buf[128]; | 
| 403 | FILE *infile; | 403 | FILE *infile; | 
| 404 | 404 | ||
| 405 | infile = fopen(enc_config.keyfile, "r"); | 405 | infile = fopen(cfg.keyfile, "r"); | 
| 406 | if (infile == NULL) { | 406 | if (infile == NULL) { | 
| 407 | BIO_printf(bio_err, "unable to read key from '%s'\n", | 407 | BIO_printf(bio_err, "unable to read key from '%s'\n", | 
| 408 | enc_config.keyfile); | 408 | cfg.keyfile); | 
| 409 | goto end; | 409 | goto end; | 
| 410 | } | 410 | } | 
| 411 | buf[0] = '\0'; | 411 | buf[0] = '\0'; | 
| 412 | if (!fgets(buf, sizeof buf, infile)) { | 412 | if (!fgets(buf, sizeof buf, infile)) { | 
| 413 | BIO_printf(bio_err, "unable to read key from '%s'\n", | 413 | BIO_printf(bio_err, "unable to read key from '%s'\n", | 
| 414 | enc_config.keyfile); | 414 | cfg.keyfile); | 
| 415 | fclose(infile); | 415 | fclose(infile); | 
| 416 | goto end; | 416 | goto end; | 
| 417 | } | 417 | } | 
| @@ -425,34 +425,34 @@ enc_main(int argc, char **argv) | |||
| 425 | BIO_printf(bio_err, "zero length password\n"); | 425 | BIO_printf(bio_err, "zero length password\n"); | 
| 426 | goto end; | 426 | goto end; | 
| 427 | } | 427 | } | 
| 428 | enc_config.keystr = buf; | 428 | cfg.keystr = buf; | 
| 429 | } | 429 | } | 
| 430 | 430 | ||
| 431 | if (enc_config.cipher != NULL && | 431 | if (cfg.cipher != NULL && | 
| 432 | (EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { | 432 | (EVP_CIPHER_flags(cfg.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { | 
| 433 | BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); | 433 | BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); | 
| 434 | goto end; | 434 | goto end; | 
| 435 | } | 435 | } | 
| 436 | 436 | ||
| 437 | if (enc_config.cipher != NULL && | 437 | if (cfg.cipher != NULL && | 
| 438 | EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) { | 438 | EVP_CIPHER_mode(cfg.cipher) == EVP_CIPH_XTS_MODE) { | 
| 439 | BIO_printf(bio_err, "enc does not support XTS mode\n"); | 439 | BIO_printf(bio_err, "enc does not support XTS mode\n"); | 
| 440 | goto end; | 440 | goto end; | 
| 441 | } | 441 | } | 
| 442 | 442 | ||
| 443 | if (enc_config.md != NULL && | 443 | if (cfg.md != NULL && | 
| 444 | (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { | 444 | (dgst = EVP_get_digestbyname(cfg.md)) == NULL) { | 
| 445 | BIO_printf(bio_err, | 445 | BIO_printf(bio_err, | 
| 446 | "%s is an unsupported message digest type\n", | 446 | "%s is an unsupported message digest type\n", | 
| 447 | enc_config.md); | 447 | cfg.md); | 
| 448 | goto end; | 448 | goto end; | 
| 449 | } | 449 | } | 
| 450 | if (dgst == NULL) { | 450 | if (dgst == NULL) { | 
| 451 | dgst = EVP_sha256(); | 451 | dgst = EVP_sha256(); | 
| 452 | } | 452 | } | 
| 453 | 453 | ||
| 454 | if (enc_config.bufsize != NULL) { | 454 | if (cfg.bufsize != NULL) { | 
| 455 | char *p = enc_config.bufsize; | 455 | char *p = cfg.bufsize; | 
| 456 | unsigned long n; | 456 | unsigned long n; | 
| 457 | 457 | ||
| 458 | /* XXX - provide an OPTION_ARG_DISKUNIT. */ | 458 | /* XXX - provide an OPTION_ARG_DISKUNIT. */ | 
| @@ -471,11 +471,11 @@ enc_main(int argc, char **argv) | |||
| 471 | goto end; | 471 | goto end; | 
| 472 | } | 472 | } | 
| 473 | /* It must be large enough for a base64 encoded line. */ | 473 | /* It must be large enough for a base64 encoded line. */ | 
| 474 | if (enc_config.base64 && n < 80) | 474 | if (cfg.base64 && n < 80) | 
| 475 | n = 80; | 475 | n = 80; | 
| 476 | 476 | ||
| 477 | bsize = (int)n; | 477 | bsize = (int)n; | 
| 478 | if (enc_config.verbose) | 478 | if (cfg.verbose) | 
| 479 | BIO_printf(bio_err, "bufsize=%d\n", bsize); | 479 | BIO_printf(bio_err, "bufsize=%d\n", bsize); | 
| 480 | } | 480 | } | 
| 481 | strbuf = malloc(SIZE); | 481 | strbuf = malloc(SIZE); | 
| @@ -490,41 +490,41 @@ enc_main(int argc, char **argv) | |||
| 490 | ERR_print_errors(bio_err); | 490 | ERR_print_errors(bio_err); | 
| 491 | goto end; | 491 | goto end; | 
| 492 | } | 492 | } | 
| 493 | if (enc_config.debug) { | 493 | if (cfg.debug) { | 
| 494 | BIO_set_callback(in, BIO_debug_callback); | 494 | BIO_set_callback(in, BIO_debug_callback); | 
| 495 | BIO_set_callback(out, BIO_debug_callback); | 495 | BIO_set_callback(out, BIO_debug_callback); | 
| 496 | BIO_set_callback_arg(in, (char *) bio_err); | 496 | BIO_set_callback_arg(in, (char *) bio_err); | 
| 497 | BIO_set_callback_arg(out, (char *) bio_err); | 497 | BIO_set_callback_arg(out, (char *) bio_err); | 
| 498 | } | 498 | } | 
| 499 | if (enc_config.inf == NULL) { | 499 | if (cfg.inf == NULL) { | 
| 500 | if (enc_config.bufsize != NULL) | 500 | if (cfg.bufsize != NULL) | 
| 501 | setvbuf(stdin, (char *) NULL, _IONBF, 0); | 501 | setvbuf(stdin, (char *) NULL, _IONBF, 0); | 
| 502 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 502 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 503 | } else { | 503 | } else { | 
| 504 | if (BIO_read_filename(in, enc_config.inf) <= 0) { | 504 | if (BIO_read_filename(in, cfg.inf) <= 0) { | 
| 505 | perror(enc_config.inf); | 505 | perror(cfg.inf); | 
| 506 | goto end; | 506 | goto end; | 
| 507 | } | 507 | } | 
| 508 | } | 508 | } | 
| 509 | 509 | ||
| 510 | if (!enc_config.keystr && enc_config.passarg) { | 510 | if (!cfg.keystr && cfg.passarg) { | 
| 511 | if (!app_passwd(bio_err, enc_config.passarg, NULL, | 511 | if (!app_passwd(bio_err, cfg.passarg, NULL, | 
| 512 | &pass, NULL)) { | 512 | &pass, NULL)) { | 
| 513 | BIO_printf(bio_err, "Error getting password\n"); | 513 | BIO_printf(bio_err, "Error getting password\n"); | 
| 514 | goto end; | 514 | goto end; | 
| 515 | } | 515 | } | 
| 516 | enc_config.keystr = pass; | 516 | cfg.keystr = pass; | 
| 517 | } | 517 | } | 
| 518 | if (enc_config.keystr == NULL && enc_config.cipher != NULL && | 518 | if (cfg.keystr == NULL && cfg.cipher != NULL && | 
| 519 | enc_config.hkey == NULL) { | 519 | cfg.hkey == NULL) { | 
| 520 | for (;;) { | 520 | for (;;) { | 
| 521 | char buf[200]; | 521 | char buf[200]; | 
| 522 | int retval; | 522 | int retval; | 
| 523 | 523 | ||
| 524 | retval = snprintf(buf, sizeof buf, | 524 | retval = snprintf(buf, sizeof buf, | 
| 525 | "enter %s %s password:", | 525 | "enter %s %s password:", | 
| 526 | OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)), | 526 | OBJ_nid2ln(EVP_CIPHER_nid(cfg.cipher)), | 
| 527 | enc_config.enc ? "encryption" : "decryption"); | 527 | cfg.enc ? "encryption" : "decryption"); | 
| 528 | if ((size_t)retval >= sizeof buf) { | 528 | if ((size_t)retval >= sizeof buf) { | 
| 529 | BIO_printf(bio_err, | 529 | BIO_printf(bio_err, | 
| 530 | "Password prompt too long\n"); | 530 | "Password prompt too long\n"); | 
| @@ -532,13 +532,13 @@ enc_main(int argc, char **argv) | |||
| 532 | } | 532 | } | 
| 533 | strbuf[0] = '\0'; | 533 | strbuf[0] = '\0'; | 
| 534 | i = EVP_read_pw_string((char *)strbuf, SIZE, buf, | 534 | i = EVP_read_pw_string((char *)strbuf, SIZE, buf, | 
| 535 | enc_config.enc); | 535 | cfg.enc); | 
| 536 | if (i == 0) { | 536 | if (i == 0) { | 
| 537 | if (strbuf[0] == '\0') { | 537 | if (strbuf[0] == '\0') { | 
| 538 | ret = 1; | 538 | ret = 1; | 
| 539 | goto end; | 539 | goto end; | 
| 540 | } | 540 | } | 
| 541 | enc_config.keystr = strbuf; | 541 | cfg.keystr = strbuf; | 
| 542 | break; | 542 | break; | 
| 543 | } | 543 | } | 
| 544 | if (i < 0) { | 544 | if (i < 0) { | 
| @@ -547,13 +547,13 @@ enc_main(int argc, char **argv) | |||
| 547 | } | 547 | } | 
| 548 | } | 548 | } | 
| 549 | } | 549 | } | 
| 550 | if (enc_config.outf == NULL) { | 550 | if (cfg.outf == NULL) { | 
| 551 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 551 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 552 | if (enc_config.bufsize != NULL) | 552 | if (cfg.bufsize != NULL) | 
| 553 | setvbuf(stdout, (char *)NULL, _IONBF, 0); | 553 | setvbuf(stdout, (char *)NULL, _IONBF, 0); | 
| 554 | } else { | 554 | } else { | 
| 555 | if (BIO_write_filename(out, enc_config.outf) <= 0) { | 555 | if (BIO_write_filename(out, cfg.outf) <= 0) { | 
| 556 | perror(enc_config.outf); | 556 | perror(cfg.outf); | 
| 557 | goto end; | 557 | goto end; | 
| 558 | } | 558 | } | 
| 559 | } | 559 | } | 
| @@ -572,38 +572,38 @@ enc_main(int argc, char **argv) | |||
| 572 | } | 572 | } | 
| 573 | #endif | 573 | #endif | 
| 574 | 574 | ||
| 575 | if (enc_config.base64) { | 575 | if (cfg.base64) { | 
| 576 | if ((b64 = BIO_new(BIO_f_base64())) == NULL) | 576 | if ((b64 = BIO_new(BIO_f_base64())) == NULL) | 
| 577 | goto end; | 577 | goto end; | 
| 578 | if (enc_config.debug) { | 578 | if (cfg.debug) { | 
| 579 | BIO_set_callback(b64, BIO_debug_callback); | 579 | BIO_set_callback(b64, BIO_debug_callback); | 
| 580 | BIO_set_callback_arg(b64, (char *) bio_err); | 580 | BIO_set_callback_arg(b64, (char *) bio_err); | 
| 581 | } | 581 | } | 
| 582 | if (enc_config.olb64) | 582 | if (cfg.olb64) | 
| 583 | BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); | 583 | BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); | 
| 584 | if (enc_config.enc) | 584 | if (cfg.enc) | 
| 585 | wbio = BIO_push(b64, wbio); | 585 | wbio = BIO_push(b64, wbio); | 
| 586 | else | 586 | else | 
| 587 | rbio = BIO_push(b64, rbio); | 587 | rbio = BIO_push(b64, rbio); | 
| 588 | } | 588 | } | 
| 589 | if (enc_config.cipher != NULL) { | 589 | if (cfg.cipher != NULL) { | 
| 590 | /* | 590 | /* | 
| 591 | * Note that keystr is NULL if a key was passed on the command | 591 | * Note that keystr is NULL if a key was passed on the command | 
| 592 | * line, so we get no salt in that case. Is this a bug? | 592 | * line, so we get no salt in that case. Is this a bug? | 
| 593 | */ | 593 | */ | 
| 594 | if (enc_config.keystr != NULL) { | 594 | if (cfg.keystr != NULL) { | 
| 595 | /* | 595 | /* | 
| 596 | * Salt handling: if encrypting generate a salt and | 596 | * Salt handling: if encrypting generate a salt and | 
| 597 | * write to output BIO. If decrypting read salt from | 597 | * write to output BIO. If decrypting read salt from | 
| 598 | * input BIO. | 598 | * input BIO. | 
| 599 | */ | 599 | */ | 
| 600 | unsigned char *sptr; | 600 | unsigned char *sptr; | 
| 601 | if (enc_config.nosalt) | 601 | if (cfg.nosalt) | 
| 602 | sptr = NULL; | 602 | sptr = NULL; | 
| 603 | else { | 603 | else { | 
| 604 | if (enc_config.enc) { | 604 | if (cfg.enc) { | 
| 605 | if (enc_config.hsalt) { | 605 | if (cfg.hsalt) { | 
| 606 | if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { | 606 | if (!set_hex(cfg.hsalt, salt, sizeof salt)) { | 
| 607 | BIO_printf(bio_err, | 607 | BIO_printf(bio_err, | 
| 608 | "invalid hex salt value\n"); | 608 | "invalid hex salt value\n"); | 
| 609 | goto end; | 609 | goto end; | 
| @@ -615,7 +615,7 @@ enc_main(int argc, char **argv) | |||
| 615 | * If -P option then don't bother | 615 | * If -P option then don't bother | 
| 616 | * writing | 616 | * writing | 
| 617 | */ | 617 | */ | 
| 618 | if ((enc_config.printkey != 2) | 618 | if ((cfg.printkey != 2) | 
| 619 | && (BIO_write(wbio, magic, | 619 | && (BIO_write(wbio, magic, | 
| 620 | sizeof magic - 1) != sizeof magic - 1 | 620 | sizeof magic - 1) != sizeof magic - 1 | 
| 621 | || BIO_write(wbio, | 621 | || BIO_write(wbio, | 
| @@ -636,23 +636,23 @@ enc_main(int argc, char **argv) | |||
| 636 | } | 636 | } | 
| 637 | sptr = salt; | 637 | sptr = salt; | 
| 638 | } | 638 | } | 
| 639 | if (enc_config.pbkdf2 == 1 || enc_config.iter > 0) { | 639 | if (cfg.pbkdf2 == 1 || cfg.iter > 0) { | 
| 640 | /* | 640 | /* | 
| 641 | * derive key and default iv | 641 | * derive key and default iv | 
| 642 | * concatenated into a temporary buffer | 642 | * concatenated into a temporary buffer | 
| 643 | */ | 643 | */ | 
| 644 | unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; | 644 | unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; | 
| 645 | int iklen = EVP_CIPHER_key_length(enc_config.cipher); | 645 | int iklen = EVP_CIPHER_key_length(cfg.cipher); | 
| 646 | int ivlen = EVP_CIPHER_iv_length(enc_config.cipher); | 646 | int ivlen = EVP_CIPHER_iv_length(cfg.cipher); | 
| 647 | /* not needed if HASH_UPDATE() is fixed : */ | 647 | /* not needed if HASH_UPDATE() is fixed : */ | 
| 648 | int islen = (sptr != NULL ? sizeof(salt) : 0); | 648 | int islen = (sptr != NULL ? sizeof(salt) : 0); | 
| 649 | 649 | ||
| 650 | if (enc_config.iter == 0) | 650 | if (cfg.iter == 0) | 
| 651 | enc_config.iter = 10000; | 651 | cfg.iter = 10000; | 
| 652 | 652 | ||
| 653 | if (!PKCS5_PBKDF2_HMAC(enc_config.keystr, | 653 | if (!PKCS5_PBKDF2_HMAC(cfg.keystr, | 
| 654 | strlen(enc_config.keystr), sptr, islen, | 654 | strlen(cfg.keystr), sptr, islen, | 
| 655 | enc_config.iter, dgst, iklen+ivlen, tmpkeyiv)) { | 655 | cfg.iter, dgst, iklen+ivlen, tmpkeyiv)) { | 
| 656 | BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); | 656 | BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); | 
| 657 | goto end; | 657 | goto end; | 
| 658 | } | 658 | } | 
| @@ -661,9 +661,9 @@ enc_main(int argc, char **argv) | |||
| 661 | memcpy(iv, tmpkeyiv + iklen, ivlen); | 661 | memcpy(iv, tmpkeyiv + iklen, ivlen); | 
| 662 | explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); | 662 | explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); | 
| 663 | } else { | 663 | } else { | 
| 664 | EVP_BytesToKey(enc_config.cipher, dgst, sptr, | 664 | EVP_BytesToKey(cfg.cipher, dgst, sptr, | 
| 665 | (unsigned char *)enc_config.keystr, | 665 | (unsigned char *)cfg.keystr, | 
| 666 | strlen(enc_config.keystr), 1, key, iv); | 666 | strlen(cfg.keystr), 1, key, iv); | 
| 667 | } | 667 | } | 
| 668 | 668 | ||
| 669 | /* | 669 | /* | 
| @@ -671,19 +671,19 @@ enc_main(int argc, char **argv) | |||
| 671 | * the command line bug picked up by Larry J. Hughes | 671 | * the command line bug picked up by Larry J. Hughes | 
| 672 | * Jr. <hughes@indiana.edu> | 672 | * Jr. <hughes@indiana.edu> | 
| 673 | */ | 673 | */ | 
| 674 | if (enc_config.keystr == strbuf) | 674 | if (cfg.keystr == strbuf) | 
| 675 | explicit_bzero(enc_config.keystr, SIZE); | 675 | explicit_bzero(cfg.keystr, SIZE); | 
| 676 | else | 676 | else | 
| 677 | explicit_bzero(enc_config.keystr, | 677 | explicit_bzero(cfg.keystr, | 
| 678 | strlen(enc_config.keystr)); | 678 | strlen(cfg.keystr)); | 
| 679 | } | 679 | } | 
| 680 | if (enc_config.hiv != NULL && | 680 | if (cfg.hiv != NULL && | 
| 681 | !set_hex(enc_config.hiv, iv, sizeof iv)) { | 681 | !set_hex(cfg.hiv, iv, sizeof iv)) { | 
| 682 | BIO_printf(bio_err, "invalid hex iv value\n"); | 682 | BIO_printf(bio_err, "invalid hex iv value\n"); | 
| 683 | goto end; | 683 | goto end; | 
| 684 | } | 684 | } | 
| 685 | if (enc_config.hiv == NULL && enc_config.keystr == NULL && | 685 | if (cfg.hiv == NULL && cfg.keystr == NULL && | 
| 686 | EVP_CIPHER_iv_length(enc_config.cipher) != 0) { | 686 | EVP_CIPHER_iv_length(cfg.cipher) != 0) { | 
| 687 | /* | 687 | /* | 
| 688 | * No IV was explicitly set and no IV was generated | 688 | * No IV was explicitly set and no IV was generated | 
| 689 | * during EVP_BytesToKey. Hence the IV is undefined, | 689 | * during EVP_BytesToKey. Hence the IV is undefined, | 
| @@ -692,8 +692,8 @@ enc_main(int argc, char **argv) | |||
| 692 | BIO_printf(bio_err, "iv undefined\n"); | 692 | BIO_printf(bio_err, "iv undefined\n"); | 
| 693 | goto end; | 693 | goto end; | 
| 694 | } | 694 | } | 
| 695 | if (enc_config.hkey != NULL && | 695 | if (cfg.hkey != NULL && | 
| 696 | !set_hex(enc_config.hkey, key, sizeof key)) { | 696 | !set_hex(cfg.hkey, key, sizeof key)) { | 
| 697 | BIO_printf(bio_err, "invalid hex key value\n"); | 697 | BIO_printf(bio_err, "invalid hex key value\n"); | 
| 698 | goto end; | 698 | goto end; | 
| 699 | } | 699 | } | 
| @@ -707,51 +707,51 @@ enc_main(int argc, char **argv) | |||
| 707 | 707 | ||
| 708 | BIO_get_cipher_ctx(benc, &ctx); | 708 | BIO_get_cipher_ctx(benc, &ctx); | 
| 709 | 709 | ||
| 710 | if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, | 710 | if (!EVP_CipherInit_ex(ctx, cfg.cipher, NULL, NULL, | 
| 711 | NULL, enc_config.enc)) { | 711 | NULL, cfg.enc)) { | 
| 712 | BIO_printf(bio_err, "Error setting cipher %s\n", | 712 | BIO_printf(bio_err, "Error setting cipher %s\n", | 
| 713 | EVP_CIPHER_name(enc_config.cipher)); | 713 | EVP_CIPHER_name(cfg.cipher)); | 
| 714 | ERR_print_errors(bio_err); | 714 | ERR_print_errors(bio_err); | 
| 715 | goto end; | 715 | goto end; | 
| 716 | } | 716 | } | 
| 717 | if (enc_config.nopad) | 717 | if (cfg.nopad) | 
| 718 | EVP_CIPHER_CTX_set_padding(ctx, 0); | 718 | EVP_CIPHER_CTX_set_padding(ctx, 0); | 
| 719 | 719 | ||
| 720 | if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, | 720 | if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, | 
| 721 | enc_config.enc)) { | 721 | cfg.enc)) { | 
| 722 | BIO_printf(bio_err, "Error setting cipher %s\n", | 722 | BIO_printf(bio_err, "Error setting cipher %s\n", | 
| 723 | EVP_CIPHER_name(enc_config.cipher)); | 723 | EVP_CIPHER_name(cfg.cipher)); | 
| 724 | ERR_print_errors(bio_err); | 724 | ERR_print_errors(bio_err); | 
| 725 | goto end; | 725 | goto end; | 
| 726 | } | 726 | } | 
| 727 | if (enc_config.debug) { | 727 | if (cfg.debug) { | 
| 728 | BIO_set_callback(benc, BIO_debug_callback); | 728 | BIO_set_callback(benc, BIO_debug_callback); | 
| 729 | BIO_set_callback_arg(benc, (char *) bio_err); | 729 | BIO_set_callback_arg(benc, (char *) bio_err); | 
| 730 | } | 730 | } | 
| 731 | if (enc_config.printkey) { | 731 | if (cfg.printkey) { | 
| 732 | int key_len, iv_len; | 732 | int key_len, iv_len; | 
| 733 | 733 | ||
| 734 | if (!enc_config.nosalt) { | 734 | if (!cfg.nosalt) { | 
| 735 | printf("salt="); | 735 | printf("salt="); | 
| 736 | for (i = 0; i < (int) sizeof(salt); i++) | 736 | for (i = 0; i < (int) sizeof(salt); i++) | 
| 737 | printf("%02X", salt[i]); | 737 | printf("%02X", salt[i]); | 
| 738 | printf("\n"); | 738 | printf("\n"); | 
| 739 | } | 739 | } | 
| 740 | key_len = EVP_CIPHER_key_length(enc_config.cipher); | 740 | key_len = EVP_CIPHER_key_length(cfg.cipher); | 
| 741 | if (key_len > 0) { | 741 | if (key_len > 0) { | 
| 742 | printf("key="); | 742 | printf("key="); | 
| 743 | for (i = 0; i < key_len; i++) | 743 | for (i = 0; i < key_len; i++) | 
| 744 | printf("%02X", key[i]); | 744 | printf("%02X", key[i]); | 
| 745 | printf("\n"); | 745 | printf("\n"); | 
| 746 | } | 746 | } | 
| 747 | iv_len = EVP_CIPHER_iv_length(enc_config.cipher); | 747 | iv_len = EVP_CIPHER_iv_length(cfg.cipher); | 
| 748 | if (iv_len > 0) { | 748 | if (iv_len > 0) { | 
| 749 | printf("iv ="); | 749 | printf("iv ="); | 
| 750 | for (i = 0; i < iv_len; i++) | 750 | for (i = 0; i < iv_len; i++) | 
| 751 | printf("%02X", iv[i]); | 751 | printf("%02X", iv[i]); | 
| 752 | printf("\n"); | 752 | printf("\n"); | 
| 753 | } | 753 | } | 
| 754 | if (enc_config.printkey == 2) { | 754 | if (cfg.printkey == 2) { | 
| 755 | ret = 0; | 755 | ret = 0; | 
| 756 | goto end; | 756 | goto end; | 
| 757 | } | 757 | } | 
| @@ -775,7 +775,7 @@ enc_main(int argc, char **argv) | |||
| 775 | goto end; | 775 | goto end; | 
| 776 | } | 776 | } | 
| 777 | ret = 0; | 777 | ret = 0; | 
| 778 | if (enc_config.verbose) { | 778 | if (cfg.verbose) { | 
| 779 | BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); | 779 | BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); | 
| 780 | BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); | 780 | BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); | 
| 781 | } | 781 | } | 
| diff --git a/src/usr.bin/openssl/errstr.c b/src/usr.bin/openssl/errstr.c index 64f0141ba0..cb7cf1d5a3 100644 --- a/src/usr.bin/openssl/errstr.c +++ b/src/usr.bin/openssl/errstr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: errstr.c,v 1.9 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: errstr.c,v 1.10 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -70,14 +70,14 @@ | |||
| 70 | 70 | ||
| 71 | static struct { | 71 | static struct { | 
| 72 | int stats; | 72 | int stats; | 
| 73 | } errstr_config; | 73 | } cfg; | 
| 74 | 74 | ||
| 75 | static const struct option errstr_options[] = { | 75 | static const struct option errstr_options[] = { | 
| 76 | { | 76 | { | 
| 77 | .name = "stats", | 77 | .name = "stats", | 
| 78 | .desc = "Print debugging statistics for the hash table", | 78 | .desc = "Print debugging statistics for the hash table", | 
| 79 | .type = OPTION_FLAG, | 79 | .type = OPTION_FLAG, | 
| 80 | .opt.flag = &errstr_config.stats, | 80 | .opt.flag = &cfg.stats, | 
| 81 | }, | 81 | }, | 
| 82 | { NULL }, | 82 | { NULL }, | 
| 83 | }; | 83 | }; | 
| @@ -103,14 +103,14 @@ errstr_main(int argc, char **argv) | |||
| 103 | exit(1); | 103 | exit(1); | 
| 104 | } | 104 | } | 
| 105 | 105 | ||
| 106 | memset(&errstr_config, 0, sizeof(errstr_config)); | 106 | memset(&cfg, 0, sizeof(cfg)); | 
| 107 | 107 | ||
| 108 | if (options_parse(argc, argv, errstr_options, NULL, &argsused) != 0) { | 108 | if (options_parse(argc, argv, errstr_options, NULL, &argsused) != 0) { | 
| 109 | errstr_usage(); | 109 | errstr_usage(); | 
| 110 | return (1); | 110 | return (1); | 
| 111 | } | 111 | } | 
| 112 | 112 | ||
| 113 | if (errstr_config.stats) { | 113 | if (cfg.stats) { | 
| 114 | BIO *out; | 114 | BIO *out; | 
| 115 | 115 | ||
| 116 | if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) { | 116 | if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) { | 
| diff --git a/src/usr.bin/openssl/gendh.c b/src/usr.bin/openssl/gendh.c index b4e4f29111..b9dde3c773 100644 --- a/src/usr.bin/openssl/gendh.c +++ b/src/usr.bin/openssl/gendh.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gendh.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: gendh.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -89,7 +89,7 @@ static int dh_cb(int p, int n, BN_GENCB *cb); | |||
| 89 | static struct { | 89 | static struct { | 
| 90 | int g; | 90 | int g; | 
| 91 | char *outfile; | 91 | char *outfile; | 
| 92 | } gendh_config; | 92 | } cfg; | 
| 93 | 93 | ||
| 94 | static const struct option gendh_options[] = { | 94 | static const struct option gendh_options[] = { | 
| 95 | { | 95 | { | 
| @@ -98,21 +98,21 @@ static const struct option gendh_options[] = { | |||
| 98 | "(default)", | 98 | "(default)", | 
| 99 | .type = OPTION_VALUE, | 99 | .type = OPTION_VALUE, | 
| 100 | .value = 2, | 100 | .value = 2, | 
| 101 | .opt.value = &gendh_config.g, | 101 | .opt.value = &cfg.g, | 
| 102 | }, | 102 | }, | 
| 103 | { | 103 | { | 
| 104 | .name = "5", | 104 | .name = "5", | 
| 105 | .desc = "Generate DH parameters with a generator value of 5", | 105 | .desc = "Generate DH parameters with a generator value of 5", | 
| 106 | .type = OPTION_VALUE, | 106 | .type = OPTION_VALUE, | 
| 107 | .value = 5, | 107 | .value = 5, | 
| 108 | .opt.value = &gendh_config.g, | 108 | .opt.value = &cfg.g, | 
| 109 | }, | 109 | }, | 
| 110 | { | 110 | { | 
| 111 | .name = "out", | 111 | .name = "out", | 
| 112 | .argname = "file", | 112 | .argname = "file", | 
| 113 | .desc = "Output file (default stdout)", | 113 | .desc = "Output file (default stdout)", | 
| 114 | .type = OPTION_ARG, | 114 | .type = OPTION_ARG, | 
| 115 | .opt.arg = &gendh_config.outfile, | 115 | .opt.arg = &cfg.outfile, | 
| 116 | }, | 116 | }, | 
| 117 | { NULL }, | 117 | { NULL }, | 
| 118 | }; | 118 | }; | 
| @@ -146,9 +146,9 @@ gendh_main(int argc, char **argv) | |||
| 146 | 146 | ||
| 147 | BN_GENCB_set(cb, dh_cb, bio_err); | 147 | BN_GENCB_set(cb, dh_cb, bio_err); | 
| 148 | 148 | ||
| 149 | memset(&gendh_config, 0, sizeof(gendh_config)); | 149 | memset(&cfg, 0, sizeof(cfg)); | 
| 150 | 150 | ||
| 151 | gendh_config.g = 2; | 151 | cfg.g = 2; | 
| 152 | 152 | ||
| 153 | if (options_parse(argc, argv, gendh_options, &strbits, NULL) != 0) { | 153 | if (options_parse(argc, argv, gendh_options, &strbits, NULL) != 0) { | 
| 154 | gendh_usage(); | 154 | gendh_usage(); | 
| @@ -169,21 +169,21 @@ gendh_main(int argc, char **argv) | |||
| 169 | ERR_print_errors(bio_err); | 169 | ERR_print_errors(bio_err); | 
| 170 | goto end; | 170 | goto end; | 
| 171 | } | 171 | } | 
| 172 | if (gendh_config.outfile == NULL) { | 172 | if (cfg.outfile == NULL) { | 
| 173 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 173 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 174 | } else { | 174 | } else { | 
| 175 | if (BIO_write_filename(out, gendh_config.outfile) <= 0) { | 175 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 176 | perror(gendh_config.outfile); | 176 | perror(cfg.outfile); | 
| 177 | goto end; | 177 | goto end; | 
| 178 | } | 178 | } | 
| 179 | } | 179 | } | 
| 180 | 180 | ||
| 181 | BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime," | 181 | BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime," | 
| 182 | " generator %d\n", numbits, gendh_config.g); | 182 | " generator %d\n", numbits, cfg.g); | 
| 183 | BIO_printf(bio_err, "This is going to take a long time\n"); | 183 | BIO_printf(bio_err, "This is going to take a long time\n"); | 
| 184 | 184 | ||
| 185 | if (((dh = DH_new()) == NULL) || | 185 | if (((dh = DH_new()) == NULL) || | 
| 186 | !DH_generate_parameters_ex(dh, numbits, gendh_config.g, cb)) | 186 | !DH_generate_parameters_ex(dh, numbits, cfg.g, cb)) | 
| 187 | goto end; | 187 | goto end; | 
| 188 | 188 | ||
| 189 | if (!PEM_write_bio_DHparams(out, dh)) | 189 | if (!PEM_write_bio_DHparams(out, dh)) | 
| diff --git a/src/usr.bin/openssl/gendsa.c b/src/usr.bin/openssl/gendsa.c index fa83ea2c67..00635c4551 100644 --- a/src/usr.bin/openssl/gendsa.c +++ b/src/usr.bin/openssl/gendsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gendsa.c,v 1.16 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: gendsa.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -78,7 +78,7 @@ static struct { | |||
| 78 | const EVP_CIPHER *enc; | 78 | const EVP_CIPHER *enc; | 
| 79 | char *outfile; | 79 | char *outfile; | 
| 80 | char *passargout; | 80 | char *passargout; | 
| 81 | } gendsa_config; | 81 | } cfg; | 
| 82 | 82 | ||
| 83 | static const EVP_CIPHER *get_cipher_by_name(char *name) | 83 | static const EVP_CIPHER *get_cipher_by_name(char *name) | 
| 84 | { | 84 | { | 
| @@ -122,7 +122,7 @@ set_enc(int argc, char **argv, int *argsused) | |||
| 122 | if (*name++ != '-') | 122 | if (*name++ != '-') | 
| 123 | return (1); | 123 | return (1); | 
| 124 | 124 | ||
| 125 | if ((gendsa_config.enc = get_cipher_by_name(name)) == NULL) | 125 | if ((cfg.enc = get_cipher_by_name(name)) == NULL) | 
| 126 | return (1); | 126 | return (1); | 
| 127 | 127 | ||
| 128 | *argsused = 1; | 128 | *argsused = 1; | 
| @@ -197,14 +197,14 @@ static const struct option gendsa_options[] = { | |||
| 197 | .argname = "file", | 197 | .argname = "file", | 
| 198 | .desc = "Output the key to 'file'", | 198 | .desc = "Output the key to 'file'", | 
| 199 | .type = OPTION_ARG, | 199 | .type = OPTION_ARG, | 
| 200 | .opt.arg = &gendsa_config.outfile, | 200 | .opt.arg = &cfg.outfile, | 
| 201 | }, | 201 | }, | 
| 202 | { | 202 | { | 
| 203 | .name = "passout", | 203 | .name = "passout", | 
| 204 | .argname = "src", | 204 | .argname = "src", | 
| 205 | .desc = "Output file passphrase source", | 205 | .desc = "Output file passphrase source", | 
| 206 | .type = OPTION_ARG, | 206 | .type = OPTION_ARG, | 
| 207 | .opt.arg = &gendsa_config.passargout, | 207 | .opt.arg = &cfg.passargout, | 
| 208 | }, | 208 | }, | 
| 209 | { NULL }, | 209 | { NULL }, | 
| 210 | }; | 210 | }; | 
| @@ -234,7 +234,7 @@ gendsa_main(int argc, char **argv) | |||
| 234 | exit(1); | 234 | exit(1); | 
| 235 | } | 235 | } | 
| 236 | 236 | ||
| 237 | memset(&gendsa_config, 0, sizeof(gendsa_config)); | 237 | memset(&cfg, 0, sizeof(cfg)); | 
| 238 | 238 | ||
| 239 | if (options_parse(argc, argv, gendsa_options, &dsaparams, NULL) != 0) { | 239 | if (options_parse(argc, argv, gendsa_options, &dsaparams, NULL) != 0) { | 
| 240 | gendsa_usage(); | 240 | gendsa_usage(); | 
| @@ -245,7 +245,7 @@ gendsa_main(int argc, char **argv) | |||
| 245 | gendsa_usage(); | 245 | gendsa_usage(); | 
| 246 | goto end; | 246 | goto end; | 
| 247 | } | 247 | } | 
| 248 | if (!app_passwd(bio_err, NULL, gendsa_config.passargout, NULL, | 248 | if (!app_passwd(bio_err, NULL, cfg.passargout, NULL, | 
| 249 | &passout)) { | 249 | &passout)) { | 
| 250 | BIO_printf(bio_err, "Error getting password\n"); | 250 | BIO_printf(bio_err, "Error getting password\n"); | 
| 251 | goto end; | 251 | goto end; | 
| @@ -266,11 +266,11 @@ gendsa_main(int argc, char **argv) | |||
| 266 | if (out == NULL) | 266 | if (out == NULL) | 
| 267 | goto end; | 267 | goto end; | 
| 268 | 268 | ||
| 269 | if (gendsa_config.outfile == NULL) { | 269 | if (cfg.outfile == NULL) { | 
| 270 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 270 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 271 | } else { | 271 | } else { | 
| 272 | if (BIO_write_filename(out, gendsa_config.outfile) <= 0) { | 272 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 273 | perror(gendsa_config.outfile); | 273 | perror(cfg.outfile); | 
| 274 | goto end; | 274 | goto end; | 
| 275 | } | 275 | } | 
| 276 | } | 276 | } | 
| @@ -280,7 +280,7 @@ gendsa_main(int argc, char **argv) | |||
| 280 | if (!DSA_generate_key(dsa)) | 280 | if (!DSA_generate_key(dsa)) | 
| 281 | goto end; | 281 | goto end; | 
| 282 | 282 | ||
| 283 | if (!PEM_write_bio_DSAPrivateKey(out, dsa, gendsa_config.enc, NULL, 0, | 283 | if (!PEM_write_bio_DSAPrivateKey(out, dsa, cfg.enc, NULL, 0, | 
| 284 | NULL, passout)) | 284 | NULL, passout)) | 
| 285 | goto end; | 285 | goto end; | 
| 286 | ret = 0; | 286 | ret = 0; | 
| diff --git a/src/usr.bin/openssl/genpkey.c b/src/usr.bin/openssl/genpkey.c index ce266f404c..e2445c1433 100644 --- a/src/usr.bin/openssl/genpkey.c +++ b/src/usr.bin/openssl/genpkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: genpkey.c,v 1.15 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: genpkey.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 2006 | 3 | * project 2006 | 
| 4 | */ | 4 | */ | 
| @@ -76,13 +76,13 @@ static struct { | |||
| 76 | int outformat; | 76 | int outformat; | 
| 77 | char *passarg; | 77 | char *passarg; | 
| 78 | int text; | 78 | int text; | 
| 79 | } genpkey_config; | 79 | } cfg; | 
| 80 | 80 | ||
| 81 | static int | 81 | static int | 
| 82 | genpkey_opt_algorithm(char *arg) | 82 | genpkey_opt_algorithm(char *arg) | 
| 83 | { | 83 | { | 
| 84 | if (!init_gen_str(bio_err, genpkey_config.ctx, arg, | 84 | if (!init_gen_str(bio_err, cfg.ctx, arg, | 
| 85 | genpkey_config.do_param)) | 85 | cfg.do_param)) | 
| 86 | return (1); | 86 | return (1); | 
| 87 | 87 | ||
| 88 | return (0); | 88 | return (0); | 
| @@ -96,16 +96,16 @@ genpkey_opt_cipher(int argc, char **argv, int *argsused) | |||
| 96 | if (*name++ != '-') | 96 | if (*name++ != '-') | 
| 97 | return (1); | 97 | return (1); | 
| 98 | 98 | ||
| 99 | if (genpkey_config.do_param == 1) | 99 | if (cfg.do_param == 1) | 
| 100 | return (1); | 100 | return (1); | 
| 101 | 101 | ||
| 102 | if (strcmp(name, "none") == 0) { | 102 | if (strcmp(name, "none") == 0) { | 
| 103 | genpkey_config.cipher = NULL; | 103 | cfg.cipher = NULL; | 
| 104 | *argsused = 1; | 104 | *argsused = 1; | 
| 105 | return (0); | 105 | return (0); | 
| 106 | } | 106 | } | 
| 107 | 107 | ||
| 108 | if ((genpkey_config.cipher = EVP_get_cipherbyname(name)) != NULL) { | 108 | if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) { | 
| 109 | *argsused = 1; | 109 | *argsused = 1; | 
| 110 | return (0); | 110 | return (0); | 
| 111 | } | 111 | } | 
| @@ -116,9 +116,9 @@ genpkey_opt_cipher(int argc, char **argv, int *argsused) | |||
| 116 | static int | 116 | static int | 
| 117 | genpkey_opt_paramfile(char *arg) | 117 | genpkey_opt_paramfile(char *arg) | 
| 118 | { | 118 | { | 
| 119 | if (genpkey_config.do_param == 1) | 119 | if (cfg.do_param == 1) | 
| 120 | return (1); | 120 | return (1); | 
| 121 | if (!init_keygen_file(bio_err, genpkey_config.ctx, arg)) | 121 | if (!init_keygen_file(bio_err, cfg.ctx, arg)) | 
| 122 | return (1); | 122 | return (1); | 
| 123 | 123 | ||
| 124 | return (0); | 124 | return (0); | 
| @@ -127,12 +127,12 @@ genpkey_opt_paramfile(char *arg) | |||
| 127 | static int | 127 | static int | 
| 128 | genpkey_opt_pkeyopt(char *arg) | 128 | genpkey_opt_pkeyopt(char *arg) | 
| 129 | { | 129 | { | 
| 130 | if (*genpkey_config.ctx == NULL) { | 130 | if (*cfg.ctx == NULL) { | 
| 131 | BIO_puts(bio_err, "No keytype specified\n"); | 131 | BIO_puts(bio_err, "No keytype specified\n"); | 
| 132 | return (1); | 132 | return (1); | 
| 133 | } | 133 | } | 
| 134 | 134 | ||
| 135 | if (pkey_ctrl_string(*genpkey_config.ctx, arg) <= 0) { | 135 | if (pkey_ctrl_string(*cfg.ctx, arg) <= 0) { | 
| 136 | BIO_puts(bio_err, "parameter setting error\n"); | 136 | BIO_puts(bio_err, "parameter setting error\n"); | 
| 137 | ERR_print_errors(bio_err); | 137 | ERR_print_errors(bio_err); | 
| 138 | return (1); | 138 | return (1); | 
| @@ -153,21 +153,21 @@ static const struct option genpkey_options[] = { | |||
| 153 | .name = "genparam", | 153 | .name = "genparam", | 
| 154 | .desc = "Generate a set of parameters instead of a private key", | 154 | .desc = "Generate a set of parameters instead of a private key", | 
| 155 | .type = OPTION_FLAG, | 155 | .type = OPTION_FLAG, | 
| 156 | .opt.flag = &genpkey_config.do_param, | 156 | .opt.flag = &cfg.do_param, | 
| 157 | }, | 157 | }, | 
| 158 | { | 158 | { | 
| 159 | .name = "out", | 159 | .name = "out", | 
| 160 | .argname = "file", | 160 | .argname = "file", | 
| 161 | .desc = "Output file to write to (default stdout)", | 161 | .desc = "Output file to write to (default stdout)", | 
| 162 | .type = OPTION_ARG, | 162 | .type = OPTION_ARG, | 
| 163 | .opt.arg = &genpkey_config.outfile, | 163 | .opt.arg = &cfg.outfile, | 
| 164 | }, | 164 | }, | 
| 165 | { | 165 | { | 
| 166 | .name = "outform", | 166 | .name = "outform", | 
| 167 | .argname = "format", | 167 | .argname = "format", | 
| 168 | .desc = "Output format (DER or PEM)", | 168 | .desc = "Output format (DER or PEM)", | 
| 169 | .type = OPTION_ARG_FORMAT, | 169 | .type = OPTION_ARG_FORMAT, | 
| 170 | .opt.value = &genpkey_config.outformat, | 170 | .opt.value = &cfg.outformat, | 
| 171 | }, | 171 | }, | 
| 172 | { | 172 | { | 
| 173 | .name = "paramfile", | 173 | .name = "paramfile", | 
| @@ -182,7 +182,7 @@ static const struct option genpkey_options[] = { | |||
| 182 | .argname = "arg", | 182 | .argname = "arg", | 
| 183 | .desc = "Output file password source", | 183 | .desc = "Output file password source", | 
| 184 | .type = OPTION_ARG, | 184 | .type = OPTION_ARG, | 
| 185 | .opt.arg = &genpkey_config.passarg, | 185 | .opt.arg = &cfg.passarg, | 
| 186 | }, | 186 | }, | 
| 187 | { | 187 | { | 
| 188 | .name = "pkeyopt", | 188 | .name = "pkeyopt", | 
| @@ -195,7 +195,7 @@ static const struct option genpkey_options[] = { | |||
| 195 | .name = "text", | 195 | .name = "text", | 
| 196 | .desc = "Print the private/public key in human readable form", | 196 | .desc = "Print the private/public key in human readable form", | 
| 197 | .type = OPTION_FLAG, | 197 | .type = OPTION_FLAG, | 
| 198 | .opt.flag = &genpkey_config.text, | 198 | .opt.flag = &cfg.text, | 
| 199 | }, | 199 | }, | 
| 200 | { | 200 | { | 
| 201 | .name = NULL, | 201 | .name = NULL, | 
| @@ -229,9 +229,9 @@ genpkey_main(int argc, char **argv) | |||
| 229 | exit(1); | 229 | exit(1); | 
| 230 | } | 230 | } | 
| 231 | 231 | ||
| 232 | memset(&genpkey_config, 0, sizeof(genpkey_config)); | 232 | memset(&cfg, 0, sizeof(cfg)); | 
| 233 | genpkey_config.ctx = &ctx; | 233 | cfg.ctx = &ctx; | 
| 234 | genpkey_config.outformat = FORMAT_PEM; | 234 | cfg.outformat = FORMAT_PEM; | 
| 235 | 235 | ||
| 236 | if (options_parse(argc, argv, genpkey_options, NULL, NULL) != 0) { | 236 | if (options_parse(argc, argv, genpkey_options, NULL, NULL) != 0) { | 
| 237 | genpkey_usage(); | 237 | genpkey_usage(); | 
| @@ -243,15 +243,15 @@ genpkey_main(int argc, char **argv) | |||
| 243 | goto end; | 243 | goto end; | 
| 244 | } | 244 | } | 
| 245 | 245 | ||
| 246 | if (!app_passwd(bio_err, genpkey_config.passarg, NULL, &pass, NULL)) { | 246 | if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) { | 
| 247 | BIO_puts(bio_err, "Error getting password\n"); | 247 | BIO_puts(bio_err, "Error getting password\n"); | 
| 248 | goto end; | 248 | goto end; | 
| 249 | } | 249 | } | 
| 250 | if (genpkey_config.outfile != NULL) { | 250 | if (cfg.outfile != NULL) { | 
| 251 | if ((out = BIO_new_file(genpkey_config.outfile, "wb")) == | 251 | if ((out = BIO_new_file(cfg.outfile, "wb")) == | 
| 252 | NULL) { | 252 | NULL) { | 
| 253 | BIO_printf(bio_err, "Can't open output file %s\n", | 253 | BIO_printf(bio_err, "Can't open output file %s\n", | 
| 254 | genpkey_config.outfile); | 254 | cfg.outfile); | 
| 255 | goto end; | 255 | goto end; | 
| 256 | } | 256 | } | 
| 257 | } else { | 257 | } else { | 
| @@ -261,7 +261,7 @@ genpkey_main(int argc, char **argv) | |||
| 261 | EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); | 261 | EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); | 
| 262 | EVP_PKEY_CTX_set_app_data(ctx, bio_err); | 262 | EVP_PKEY_CTX_set_app_data(ctx, bio_err); | 
| 263 | 263 | ||
| 264 | if (genpkey_config.do_param) { | 264 | if (cfg.do_param) { | 
| 265 | if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) { | 265 | if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) { | 
| 266 | BIO_puts(bio_err, "Error generating parameters\n"); | 266 | BIO_puts(bio_err, "Error generating parameters\n"); | 
| 267 | ERR_print_errors(bio_err); | 267 | ERR_print_errors(bio_err); | 
| @@ -275,12 +275,12 @@ genpkey_main(int argc, char **argv) | |||
| 275 | } | 275 | } | 
| 276 | } | 276 | } | 
| 277 | 277 | ||
| 278 | if (genpkey_config.do_param) | 278 | if (cfg.do_param) | 
| 279 | rv = PEM_write_bio_Parameters(out, pkey); | 279 | rv = PEM_write_bio_Parameters(out, pkey); | 
| 280 | else if (genpkey_config.outformat == FORMAT_PEM) | 280 | else if (cfg.outformat == FORMAT_PEM) | 
| 281 | rv = PEM_write_bio_PrivateKey(out, pkey, genpkey_config.cipher, | 281 | rv = PEM_write_bio_PrivateKey(out, pkey, cfg.cipher, | 
| 282 | NULL, 0, NULL, pass); | 282 | NULL, 0, NULL, pass); | 
| 283 | else if (genpkey_config.outformat == FORMAT_ASN1) | 283 | else if (cfg.outformat == FORMAT_ASN1) | 
| 284 | rv = i2d_PrivateKey_bio(out, pkey); | 284 | rv = i2d_PrivateKey_bio(out, pkey); | 
| 285 | else { | 285 | else { | 
| 286 | BIO_printf(bio_err, "Bad format specified for key\n"); | 286 | BIO_printf(bio_err, "Bad format specified for key\n"); | 
| @@ -291,8 +291,8 @@ genpkey_main(int argc, char **argv) | |||
| 291 | BIO_puts(bio_err, "Error writing key\n"); | 291 | BIO_puts(bio_err, "Error writing key\n"); | 
| 292 | ERR_print_errors(bio_err); | 292 | ERR_print_errors(bio_err); | 
| 293 | } | 293 | } | 
| 294 | if (genpkey_config.text) { | 294 | if (cfg.text) { | 
| 295 | if (genpkey_config.do_param) | 295 | if (cfg.do_param) | 
| 296 | rv = EVP_PKEY_print_params(out, pkey, 0, NULL); | 296 | rv = EVP_PKEY_print_params(out, pkey, 0, NULL); | 
| 297 | else | 297 | else | 
| 298 | rv = EVP_PKEY_print_private(out, pkey, 0, NULL); | 298 | rv = EVP_PKEY_print_private(out, pkey, 0, NULL); | 
| diff --git a/src/usr.bin/openssl/genrsa.c b/src/usr.bin/openssl/genrsa.c index e1628a682e..0b5323fa5f 100644 --- a/src/usr.bin/openssl/genrsa.c +++ b/src/usr.bin/openssl/genrsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: genrsa.c,v 1.21 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: genrsa.c,v 1.22 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -90,7 +90,7 @@ static struct { | |||
| 90 | unsigned long f4; | 90 | unsigned long f4; | 
| 91 | char *outfile; | 91 | char *outfile; | 
| 92 | char *passargout; | 92 | char *passargout; | 
| 93 | } genrsa_config; | 93 | } cfg; | 
| 94 | 94 | ||
| 95 | static int | 95 | static int | 
| 96 | set_public_exponent(int argc, char **argv, int *argsused) | 96 | set_public_exponent(int argc, char **argv, int *argsused) | 
| @@ -98,9 +98,9 @@ set_public_exponent(int argc, char **argv, int *argsused) | |||
| 98 | char *option = argv[0]; | 98 | char *option = argv[0]; | 
| 99 | 99 | ||
| 100 | if (strcmp(option, "-3") == 0) | 100 | if (strcmp(option, "-3") == 0) | 
| 101 | genrsa_config.f4 = 3; | 101 | cfg.f4 = 3; | 
| 102 | else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0) | 102 | else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0) | 
| 103 | genrsa_config.f4 = RSA_F4; | 103 | cfg.f4 = RSA_F4; | 
| 104 | else | 104 | else | 
| 105 | return (1); | 105 | return (1); | 
| 106 | 106 | ||
| @@ -150,7 +150,7 @@ set_enc(int argc, char **argv, int *argsused) | |||
| 150 | if (*name++ != '-') | 150 | if (*name++ != '-') | 
| 151 | return (1); | 151 | return (1); | 
| 152 | 152 | ||
| 153 | if ((genrsa_config.enc = get_cipher_by_name(name)) == NULL) | 153 | if ((cfg.enc = get_cipher_by_name(name)) == NULL) | 
| 154 | return (1); | 154 | return (1); | 
| 155 | 155 | ||
| 156 | *argsused = 1; | 156 | *argsused = 1; | 
| @@ -243,14 +243,14 @@ static const struct option genrsa_options[] = { | |||
| 243 | .argname = "file", | 243 | .argname = "file", | 
| 244 | .desc = "Output the key to 'file'", | 244 | .desc = "Output the key to 'file'", | 
| 245 | .type = OPTION_ARG, | 245 | .type = OPTION_ARG, | 
| 246 | .opt.arg = &genrsa_config.outfile, | 246 | .opt.arg = &cfg.outfile, | 
| 247 | }, | 247 | }, | 
| 248 | { | 248 | { | 
| 249 | .name = "passout", | 249 | .name = "passout", | 
| 250 | .argname = "arg", | 250 | .argname = "arg", | 
| 251 | .desc = "Output file passphrase source", | 251 | .desc = "Output file passphrase source", | 
| 252 | .type = OPTION_ARG, | 252 | .type = OPTION_ARG, | 
| 253 | .opt.arg = &genrsa_config.passargout, | 253 | .opt.arg = &cfg.passargout, | 
| 254 | }, | 254 | }, | 
| 255 | { NULL }, | 255 | { NULL }, | 
| 256 | }; | 256 | }; | 
| @@ -300,8 +300,8 @@ genrsa_main(int argc, char **argv) | |||
| 300 | goto err; | 300 | goto err; | 
| 301 | } | 301 | } | 
| 302 | 302 | ||
| 303 | memset(&genrsa_config, 0, sizeof(genrsa_config)); | 303 | memset(&cfg, 0, sizeof(cfg)); | 
| 304 | genrsa_config.f4 = RSA_F4; | 304 | cfg.f4 = RSA_F4; | 
| 305 | 305 | ||
| 306 | if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) { | 306 | if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) { | 
| 307 | genrsa_usage(); | 307 | genrsa_usage(); | 
| @@ -314,17 +314,17 @@ genrsa_main(int argc, char **argv) | |||
| 314 | goto err; | 314 | goto err; | 
| 315 | } | 315 | } | 
| 316 | 316 | ||
| 317 | if (!app_passwd(bio_err, NULL, genrsa_config.passargout, NULL, | 317 | if (!app_passwd(bio_err, NULL, cfg.passargout, NULL, | 
| 318 | &passout)) { | 318 | &passout)) { | 
| 319 | BIO_printf(bio_err, "Error getting password\n"); | 319 | BIO_printf(bio_err, "Error getting password\n"); | 
| 320 | goto err; | 320 | goto err; | 
| 321 | } | 321 | } | 
| 322 | 322 | ||
| 323 | if (genrsa_config.outfile == NULL) { | 323 | if (cfg.outfile == NULL) { | 
| 324 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 324 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 325 | } else { | 325 | } else { | 
| 326 | if (BIO_write_filename(out, genrsa_config.outfile) <= 0) { | 326 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 327 | perror(genrsa_config.outfile); | 327 | perror(cfg.outfile); | 
| 328 | goto err; | 328 | goto err; | 
| 329 | } | 329 | } | 
| 330 | } | 330 | } | 
| @@ -335,7 +335,7 @@ genrsa_main(int argc, char **argv) | |||
| 335 | if (!rsa) | 335 | if (!rsa) | 
| 336 | goto err; | 336 | goto err; | 
| 337 | 337 | ||
| 338 | if (!BN_set_word(bn, genrsa_config.f4) || | 338 | if (!BN_set_word(bn, cfg.f4) || | 
| 339 | !RSA_generate_key_ex(rsa, num, bn, cb)) | 339 | !RSA_generate_key_ex(rsa, num, bn, cb)) | 
| 340 | goto err; | 340 | goto err; | 
| 341 | 341 | ||
| @@ -348,8 +348,8 @@ genrsa_main(int argc, char **argv) | |||
| 348 | { | 348 | { | 
| 349 | PW_CB_DATA cb_data; | 349 | PW_CB_DATA cb_data; | 
| 350 | cb_data.password = passout; | 350 | cb_data.password = passout; | 
| 351 | cb_data.prompt_info = genrsa_config.outfile; | 351 | cb_data.prompt_info = cfg.outfile; | 
| 352 | if (!PEM_write_bio_RSAPrivateKey(out, rsa, genrsa_config.enc, | 352 | if (!PEM_write_bio_RSAPrivateKey(out, rsa, cfg.enc, | 
| 353 | NULL, 0, password_callback, &cb_data)) | 353 | NULL, 0, password_callback, &cb_data)) | 
| 354 | goto err; | 354 | goto err; | 
| 355 | } | 355 | } | 
| diff --git a/src/usr.bin/openssl/nseq.c b/src/usr.bin/openssl/nseq.c index 7be116e67b..fb0dda5dca 100644 --- a/src/usr.bin/openssl/nseq.c +++ b/src/usr.bin/openssl/nseq.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: nseq.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: nseq.c,v 1.11 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 1999. | 3 | * project 1999. | 
| 4 | */ | 4 | */ | 
| @@ -68,7 +68,7 @@ static struct { | |||
| 68 | char *infile; | 68 | char *infile; | 
| 69 | char *outfile; | 69 | char *outfile; | 
| 70 | int toseq; | 70 | int toseq; | 
| 71 | } nseq_config; | 71 | } cfg; | 
| 72 | 72 | ||
| 73 | static const struct option nseq_options[] = { | 73 | static const struct option nseq_options[] = { | 
| 74 | { | 74 | { | 
| @@ -76,20 +76,20 @@ static const struct option nseq_options[] = { | |||
| 76 | .argname = "file", | 76 | .argname = "file", | 
| 77 | .desc = "Input file to read from (default stdin)", | 77 | .desc = "Input file to read from (default stdin)", | 
| 78 | .type = OPTION_ARG, | 78 | .type = OPTION_ARG, | 
| 79 | .opt.arg = &nseq_config.infile, | 79 | .opt.arg = &cfg.infile, | 
| 80 | }, | 80 | }, | 
| 81 | { | 81 | { | 
| 82 | .name = "out", | 82 | .name = "out", | 
| 83 | .argname = "file", | 83 | .argname = "file", | 
| 84 | .desc = "Output file to write to (default stdout)", | 84 | .desc = "Output file to write to (default stdout)", | 
| 85 | .type = OPTION_ARG, | 85 | .type = OPTION_ARG, | 
| 86 | .opt.arg = &nseq_config.outfile, | 86 | .opt.arg = &cfg.outfile, | 
| 87 | }, | 87 | }, | 
| 88 | { | 88 | { | 
| 89 | .name = "toseq", | 89 | .name = "toseq", | 
| 90 | .desc = "Convert certificates to Netscape certificate sequence", | 90 | .desc = "Convert certificates to Netscape certificate sequence", | 
| 91 | .type = OPTION_FLAG, | 91 | .type = OPTION_FLAG, | 
| 92 | .opt.flag = &nseq_config.toseq, | 92 | .opt.flag = &cfg.toseq, | 
| 93 | }, | 93 | }, | 
| 94 | { NULL }, | 94 | { NULL }, | 
| 95 | }; | 95 | }; | 
| @@ -114,39 +114,39 @@ nseq_main(int argc, char **argv) | |||
| 114 | exit(1); | 114 | exit(1); | 
| 115 | } | 115 | } | 
| 116 | 116 | ||
| 117 | memset(&nseq_config, 0, sizeof(nseq_config)); | 117 | memset(&cfg, 0, sizeof(cfg)); | 
| 118 | 118 | ||
| 119 | if (options_parse(argc, argv, nseq_options, NULL, NULL) != 0) { | 119 | if (options_parse(argc, argv, nseq_options, NULL, NULL) != 0) { | 
| 120 | nseq_usage(); | 120 | nseq_usage(); | 
| 121 | return (1); | 121 | return (1); | 
| 122 | } | 122 | } | 
| 123 | 123 | ||
| 124 | if (nseq_config.infile) { | 124 | if (cfg.infile) { | 
| 125 | if (!(in = BIO_new_file(nseq_config.infile, "r"))) { | 125 | if (!(in = BIO_new_file(cfg.infile, "r"))) { | 
| 126 | BIO_printf(bio_err, | 126 | BIO_printf(bio_err, | 
| 127 | "Can't open input file %s\n", nseq_config.infile); | 127 | "Can't open input file %s\n", cfg.infile); | 
| 128 | goto end; | 128 | goto end; | 
| 129 | } | 129 | } | 
| 130 | } else | 130 | } else | 
| 131 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 131 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 
| 132 | 132 | ||
| 133 | if (nseq_config.outfile) { | 133 | if (cfg.outfile) { | 
| 134 | if (!(out = BIO_new_file(nseq_config.outfile, "w"))) { | 134 | if (!(out = BIO_new_file(cfg.outfile, "w"))) { | 
| 135 | BIO_printf(bio_err, | 135 | BIO_printf(bio_err, | 
| 136 | "Can't open output file %s\n", nseq_config.outfile); | 136 | "Can't open output file %s\n", cfg.outfile); | 
| 137 | goto end; | 137 | goto end; | 
| 138 | } | 138 | } | 
| 139 | } else { | 139 | } else { | 
| 140 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 140 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 141 | } | 141 | } | 
| 142 | if (nseq_config.toseq) { | 142 | if (cfg.toseq) { | 
| 143 | seq = NETSCAPE_CERT_SEQUENCE_new(); | 143 | seq = NETSCAPE_CERT_SEQUENCE_new(); | 
| 144 | seq->certs = sk_X509_new_null(); | 144 | seq->certs = sk_X509_new_null(); | 
| 145 | while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) | 145 | while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) | 
| 146 | sk_X509_push(seq->certs, x509); | 146 | sk_X509_push(seq->certs, x509); | 
| 147 | 147 | ||
| 148 | if (!sk_X509_num(seq->certs)) { | 148 | if (!sk_X509_num(seq->certs)) { | 
| 149 | BIO_printf(bio_err, "Error reading certs file %s\n", nseq_config.infile); | 149 | BIO_printf(bio_err, "Error reading certs file %s\n", cfg.infile); | 
| 150 | ERR_print_errors(bio_err); | 150 | ERR_print_errors(bio_err); | 
| 151 | goto end; | 151 | goto end; | 
| 152 | } | 152 | } | 
| @@ -155,7 +155,7 @@ nseq_main(int argc, char **argv) | |||
| 155 | goto end; | 155 | goto end; | 
| 156 | } | 156 | } | 
| 157 | if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { | 157 | if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { | 
| 158 | BIO_printf(bio_err, "Error reading sequence file %s\n", nseq_config.infile); | 158 | BIO_printf(bio_err, "Error reading sequence file %s\n", cfg.infile); | 
| 159 | ERR_print_errors(bio_err); | 159 | ERR_print_errors(bio_err); | 
| 160 | goto end; | 160 | goto end; | 
| 161 | } | 161 | } | 
| diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c index 026bd49b0a..cc942a459c 100644 --- a/src/usr.bin/openssl/ocsp.c +++ b/src/usr.bin/openssl/ocsp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ocsp.c,v 1.22 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: ocsp.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 2000. | 3 | * project 2000. | 
| 4 | */ | 4 | */ | 
| @@ -143,27 +143,27 @@ static struct { | |||
| 143 | int use_ssl; | 143 | int use_ssl; | 
| 144 | char *verify_certfile; | 144 | char *verify_certfile; | 
| 145 | unsigned long verify_flags; | 145 | unsigned long verify_flags; | 
| 146 | } ocsp_config; | 146 | } cfg; | 
| 147 | 147 | ||
| 148 | static int | 148 | static int | 
| 149 | ocsp_opt_cert(char *arg) | 149 | ocsp_opt_cert(char *arg) | 
| 150 | { | 150 | { | 
| 151 | X509_free(ocsp_config.cert); | 151 | X509_free(cfg.cert); | 
| 152 | ocsp_config.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL, | 152 | cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL, | 
| 153 | "certificate"); | 153 | "certificate"); | 
| 154 | if (ocsp_config.cert == NULL) { | 154 | if (cfg.cert == NULL) { | 
| 155 | ocsp_config.no_usage = 1; | 155 | cfg.no_usage = 1; | 
| 156 | return (1); | 156 | return (1); | 
| 157 | } | 157 | } | 
| 158 | if (ocsp_config.cert_id_md == NULL) | 158 | if (cfg.cert_id_md == NULL) | 
| 159 | ocsp_config.cert_id_md = EVP_sha1(); | 159 | cfg.cert_id_md = EVP_sha1(); | 
| 160 | if (!add_ocsp_cert(&ocsp_config.req, ocsp_config.cert, | 160 | if (!add_ocsp_cert(&cfg.req, cfg.cert, | 
| 161 | ocsp_config.cert_id_md, ocsp_config.issuer, ocsp_config.ids)) { | 161 | cfg.cert_id_md, cfg.issuer, cfg.ids)) { | 
| 162 | ocsp_config.no_usage = 1; | 162 | cfg.no_usage = 1; | 
| 163 | return (1); | 163 | return (1); | 
| 164 | } | 164 | } | 
| 165 | if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { | 165 | if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) { | 
| 166 | ocsp_config.no_usage = 1; | 166 | cfg.no_usage = 1; | 
| 167 | return (1); | 167 | return (1); | 
| 168 | } | 168 | } | 
| 169 | return (0); | 169 | return (0); | 
| @@ -177,7 +177,7 @@ ocsp_opt_cert_id_md(int argc, char **argv, int *argsused) | |||
| 177 | if (*name++ != '-') | 177 | if (*name++ != '-') | 
| 178 | return (1); | 178 | return (1); | 
| 179 | 179 | ||
| 180 | if ((ocsp_config.cert_id_md = EVP_get_digestbyname(name)) == NULL) | 180 | if ((cfg.cert_id_md = EVP_get_digestbyname(name)) == NULL) | 
| 181 | return (1); | 181 | return (1); | 
| 182 | 182 | ||
| 183 | *argsused = 1; | 183 | *argsused = 1; | 
| @@ -190,8 +190,8 @@ ocsp_opt_header(int argc, char **argv, int *argsused) | |||
| 190 | if (argc < 3 || argv[1] == NULL || argv[2] == NULL) | 190 | if (argc < 3 || argv[1] == NULL || argv[2] == NULL) | 
| 191 | return (1); | 191 | return (1); | 
| 192 | 192 | ||
| 193 | if (!X509V3_add_value(argv[1], argv[2], &ocsp_config.headers)) { | 193 | if (!X509V3_add_value(argv[1], argv[2], &cfg.headers)) { | 
| 194 | ocsp_config.no_usage = 1; | 194 | cfg.no_usage = 1; | 
| 195 | return (1); | 195 | return (1); | 
| 196 | } | 196 | } | 
| 197 | 197 | ||
| @@ -202,21 +202,21 @@ ocsp_opt_header(int argc, char **argv, int *argsused) | |||
| 202 | static int | 202 | static int | 
| 203 | ocsp_opt_host(char *arg) | 203 | ocsp_opt_host(char *arg) | 
| 204 | { | 204 | { | 
| 205 | if (ocsp_config.use_ssl != -1) | 205 | if (cfg.use_ssl != -1) | 
| 206 | return (1); | 206 | return (1); | 
| 207 | 207 | ||
| 208 | ocsp_config.host = arg; | 208 | cfg.host = arg; | 
| 209 | return (0); | 209 | return (0); | 
| 210 | } | 210 | } | 
| 211 | 211 | ||
| 212 | static int | 212 | static int | 
| 213 | ocsp_opt_issuer(char *arg) | 213 | ocsp_opt_issuer(char *arg) | 
| 214 | { | 214 | { | 
| 215 | X509_free(ocsp_config.issuer); | 215 | X509_free(cfg.issuer); | 
| 216 | ocsp_config.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL, | 216 | cfg.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL, | 
| 217 | "issuer certificate"); | 217 | "issuer certificate"); | 
| 218 | if (ocsp_config.issuer == NULL) { | 218 | if (cfg.issuer == NULL) { | 
| 219 | ocsp_config.no_usage = 1; | 219 | cfg.no_usage = 1; | 
| 220 | return (1); | 220 | return (1); | 
| 221 | } | 221 | } | 
| 222 | return (0); | 222 | return (0); | 
| @@ -227,7 +227,7 @@ ocsp_opt_ndays(char *arg) | |||
| 227 | { | 227 | { | 
| 228 | const char *errstr = NULL; | 228 | const char *errstr = NULL; | 
| 229 | 229 | ||
| 230 | ocsp_config.ndays = strtonum(arg, 0, INT_MAX, &errstr); | 230 | cfg.ndays = strtonum(arg, 0, INT_MAX, &errstr); | 
| 231 | if (errstr != NULL) { | 231 | if (errstr != NULL) { | 
| 232 | BIO_printf(bio_err, "Illegal update period %s: %s\n", | 232 | BIO_printf(bio_err, "Illegal update period %s: %s\n", | 
| 233 | arg, errstr); | 233 | arg, errstr); | 
| @@ -241,17 +241,17 @@ ocsp_opt_nmin(char *arg) | |||
| 241 | { | 241 | { | 
| 242 | const char *errstr = NULL; | 242 | const char *errstr = NULL; | 
| 243 | 243 | ||
| 244 | ocsp_config.nmin = strtonum(arg, 0, INT_MAX, &errstr); | 244 | cfg.nmin = strtonum(arg, 0, INT_MAX, &errstr); | 
| 245 | if (errstr != NULL) { | 245 | if (errstr != NULL) { | 
| 246 | BIO_printf(bio_err, "Illegal update period %s: %s\n", | 246 | BIO_printf(bio_err, "Illegal update period %s: %s\n", | 
| 247 | arg, errstr); | 247 | arg, errstr); | 
| 248 | return (1); | 248 | return (1); | 
| 249 | } | 249 | } | 
| 250 | 250 | ||
| 251 | if (ocsp_config.ndays != -1) | 251 | if (cfg.ndays != -1) | 
| 252 | return (1); | 252 | return (1); | 
| 253 | 253 | ||
| 254 | ocsp_config.ndays = 0; | 254 | cfg.ndays = 0; | 
| 255 | return (0); | 255 | return (0); | 
| 256 | } | 256 | } | 
| 257 | 257 | ||
| @@ -260,7 +260,7 @@ ocsp_opt_nrequest(char *arg) | |||
| 260 | { | 260 | { | 
| 261 | const char *errstr = NULL; | 261 | const char *errstr = NULL; | 
| 262 | 262 | ||
| 263 | ocsp_config.accept_count = strtonum(arg, 0, INT_MAX, &errstr); | 263 | cfg.accept_count = strtonum(arg, 0, INT_MAX, &errstr); | 
| 264 | if (errstr != NULL) { | 264 | if (errstr != NULL) { | 
| 265 | BIO_printf(bio_err, "Illegal accept count %s: %s\n", | 265 | BIO_printf(bio_err, "Illegal accept count %s: %s\n", | 
| 266 | arg, errstr); | 266 | arg, errstr); | 
| @@ -272,25 +272,25 @@ ocsp_opt_nrequest(char *arg) | |||
| 272 | static int | 272 | static int | 
| 273 | ocsp_opt_port(char *arg) | 273 | ocsp_opt_port(char *arg) | 
| 274 | { | 274 | { | 
| 275 | if (ocsp_config.use_ssl != -1) | 275 | if (cfg.use_ssl != -1) | 
| 276 | return (1); | 276 | return (1); | 
| 277 | 277 | ||
| 278 | ocsp_config.port = arg; | 278 | cfg.port = arg; | 
| 279 | return (0); | 279 | return (0); | 
| 280 | } | 280 | } | 
| 281 | 281 | ||
| 282 | static int | 282 | static int | 
| 283 | ocsp_opt_serial(char *arg) | 283 | ocsp_opt_serial(char *arg) | 
| 284 | { | 284 | { | 
| 285 | if (ocsp_config.cert_id_md == NULL) | 285 | if (cfg.cert_id_md == NULL) | 
| 286 | ocsp_config.cert_id_md = EVP_sha1(); | 286 | cfg.cert_id_md = EVP_sha1(); | 
| 287 | if (!add_ocsp_serial(&ocsp_config.req, arg, ocsp_config.cert_id_md, | 287 | if (!add_ocsp_serial(&cfg.req, arg, cfg.cert_id_md, | 
| 288 | ocsp_config.issuer, ocsp_config.ids)) { | 288 | cfg.issuer, cfg.ids)) { | 
| 289 | ocsp_config.no_usage = 1; | 289 | cfg.no_usage = 1; | 
| 290 | return (1); | 290 | return (1); | 
| 291 | } | 291 | } | 
| 292 | if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { | 292 | if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) { | 
| 293 | ocsp_config.no_usage = 1; | 293 | cfg.no_usage = 1; | 
| 294 | return (1); | 294 | return (1); | 
| 295 | } | 295 | } | 
| 296 | return (0); | 296 | return (0); | 
| @@ -301,7 +301,7 @@ ocsp_opt_status_age(char *arg) | |||
| 301 | { | 301 | { | 
| 302 | const char *errstr = NULL; | 302 | const char *errstr = NULL; | 
| 303 | 303 | ||
| 304 | ocsp_config.maxage = strtonum(arg, 0, LONG_MAX, &errstr); | 304 | cfg.maxage = strtonum(arg, 0, LONG_MAX, &errstr); | 
| 305 | if (errstr != NULL) { | 305 | if (errstr != NULL) { | 
| 306 | BIO_printf(bio_err, "Illegal validity age %s: %s\n", | 306 | BIO_printf(bio_err, "Illegal validity age %s: %s\n", | 
| 307 | arg, errstr); | 307 | arg, errstr); | 
| @@ -313,8 +313,8 @@ ocsp_opt_status_age(char *arg) | |||
| 313 | static int | 313 | static int | 
| 314 | ocsp_opt_text(void) | 314 | ocsp_opt_text(void) | 
| 315 | { | 315 | { | 
| 316 | ocsp_config.req_text = 1; | 316 | cfg.req_text = 1; | 
| 317 | ocsp_config.resp_text = 1; | 317 | cfg.resp_text = 1; | 
| 318 | return (0); | 318 | return (0); | 
| 319 | } | 319 | } | 
| 320 | 320 | ||
| @@ -323,7 +323,7 @@ ocsp_opt_timeout(char *arg) | |||
| 323 | { | 323 | { | 
| 324 | const char *errstr = NULL; | 324 | const char *errstr = NULL; | 
| 325 | 325 | ||
| 326 | ocsp_config.req_timeout = strtonum(arg, 0, INT_MAX, &errstr); | 326 | cfg.req_timeout = strtonum(arg, 0, INT_MAX, &errstr); | 
| 327 | if (errstr != NULL) { | 327 | if (errstr != NULL) { | 
| 328 | BIO_printf(bio_err, "Illegal timeout value %s: %s\n", | 328 | BIO_printf(bio_err, "Illegal timeout value %s: %s\n", | 
| 329 | arg, errstr); | 329 | arg, errstr); | 
| @@ -335,10 +335,10 @@ ocsp_opt_timeout(char *arg) | |||
| 335 | static int | 335 | static int | 
| 336 | ocsp_opt_url(char *arg) | 336 | ocsp_opt_url(char *arg) | 
| 337 | { | 337 | { | 
| 338 | if (ocsp_config.host == NULL && ocsp_config.port == NULL && | 338 | if (cfg.host == NULL && cfg.port == NULL && | 
| 339 | ocsp_config.path == NULL) { | 339 | cfg.path == NULL) { | 
| 340 | if (!OCSP_parse_url(arg, &ocsp_config.host, &ocsp_config.port, | 340 | if (!OCSP_parse_url(arg, &cfg.host, &cfg.port, | 
| 341 | &ocsp_config.path, &ocsp_config.use_ssl)) { | 341 | &cfg.path, &cfg.use_ssl)) { | 
| 342 | BIO_printf(bio_err, "Error parsing URL\n"); | 342 | BIO_printf(bio_err, "Error parsing URL\n"); | 
| 343 | return (1); | 343 | return (1); | 
| 344 | } | 344 | } | 
| @@ -349,8 +349,8 @@ ocsp_opt_url(char *arg) | |||
| 349 | static int | 349 | static int | 
| 350 | ocsp_opt_vafile(char *arg) | 350 | ocsp_opt_vafile(char *arg) | 
| 351 | { | 351 | { | 
| 352 | ocsp_config.verify_certfile = arg; | 352 | cfg.verify_certfile = arg; | 
| 353 | ocsp_config.verify_flags |= OCSP_TRUSTOTHER; | 353 | cfg.verify_flags |= OCSP_TRUSTOTHER; | 
| 354 | return (0); | 354 | return (0); | 
| 355 | } | 355 | } | 
| 356 | 356 | ||
| @@ -359,7 +359,7 @@ ocsp_opt_validity_period(char *arg) | |||
| 359 | { | 359 | { | 
| 360 | const char *errstr = NULL; | 360 | const char *errstr = NULL; | 
| 361 | 361 | ||
| 362 | ocsp_config.nsec = strtonum(arg, 0, LONG_MAX, &errstr); | 362 | cfg.nsec = strtonum(arg, 0, LONG_MAX, &errstr); | 
| 363 | if (errstr != NULL) { | 363 | if (errstr != NULL) { | 
| 364 | BIO_printf(bio_err, "Illegal validity period %s: %s\n", | 364 | BIO_printf(bio_err, "Illegal validity period %s: %s\n", | 
| 365 | arg, errstr); | 365 | arg, errstr); | 
| @@ -374,21 +374,21 @@ static const struct option ocsp_options[] = { | |||
| 374 | .argname = "file", | 374 | .argname = "file", | 
| 375 | .desc = "CA certificate corresponding to the revocation information", | 375 | .desc = "CA certificate corresponding to the revocation information", | 
| 376 | .type = OPTION_ARG, | 376 | .type = OPTION_ARG, | 
| 377 | .opt.arg = &ocsp_config.rca_filename, | 377 | .opt.arg = &cfg.rca_filename, | 
| 378 | }, | 378 | }, | 
| 379 | { | 379 | { | 
| 380 | .name = "CAfile", | 380 | .name = "CAfile", | 
| 381 | .argname = "file", | 381 | .argname = "file", | 
| 382 | .desc = "Trusted certificates file", | 382 | .desc = "Trusted certificates file", | 
| 383 | .type = OPTION_ARG, | 383 | .type = OPTION_ARG, | 
| 384 | .opt.arg = &ocsp_config.CAfile, | 384 | .opt.arg = &cfg.CAfile, | 
| 385 | }, | 385 | }, | 
| 386 | { | 386 | { | 
| 387 | .name = "CApath", | 387 | .name = "CApath", | 
| 388 | .argname = "directory", | 388 | .argname = "directory", | 
| 389 | .desc = "Trusted certificates directory", | 389 | .desc = "Trusted certificates directory", | 
| 390 | .type = OPTION_ARG, | 390 | .type = OPTION_ARG, | 
| 391 | .opt.arg = &ocsp_config.CApath, | 391 | .opt.arg = &cfg.CApath, | 
| 392 | }, | 392 | }, | 
| 393 | { | 393 | { | 
| 394 | .name = "cert", | 394 | .name = "cert", | 
| @@ -415,14 +415,14 @@ static const struct option ocsp_options[] = { | |||
| 415 | .name = "ignore_err", | 415 | .name = "ignore_err", | 
| 416 | .desc = "Ignore the invalid response", | 416 | .desc = "Ignore the invalid response", | 
| 417 | .type = OPTION_FLAG, | 417 | .type = OPTION_FLAG, | 
| 418 | .opt.flag = &ocsp_config.ignore_err, | 418 | .opt.flag = &cfg.ignore_err, | 
| 419 | }, | 419 | }, | 
| 420 | { | 420 | { | 
| 421 | .name = "index", | 421 | .name = "index", | 
| 422 | .argname = "indexfile", | 422 | .argname = "indexfile", | 
| 423 | .desc = "Certificate status index file", | 423 | .desc = "Certificate status index file", | 
| 424 | .type = OPTION_ARG, | 424 | .type = OPTION_ARG, | 
| 425 | .opt.arg = &ocsp_config.ridx_filename, | 425 | .opt.arg = &cfg.ridx_filename, | 
| 426 | }, | 426 | }, | 
| 427 | { | 427 | { | 
| 428 | .name = "issuer", | 428 | .name = "issuer", | 
| @@ -449,70 +449,70 @@ static const struct option ocsp_options[] = { | |||
| 449 | .name = "no_cert_checks", | 449 | .name = "no_cert_checks", | 
| 450 | .desc = "Don't do additional checks on signing certificate", | 450 | .desc = "Don't do additional checks on signing certificate", | 
| 451 | .type = OPTION_UL_VALUE_OR, | 451 | .type = OPTION_UL_VALUE_OR, | 
| 452 | .opt.ulvalue = &ocsp_config.verify_flags, | 452 | .opt.ulvalue = &cfg.verify_flags, | 
| 453 | .ulvalue = OCSP_NOCHECKS, | 453 | .ulvalue = OCSP_NOCHECKS, | 
| 454 | }, | 454 | }, | 
| 455 | { | 455 | { | 
| 456 | .name = "no_cert_verify", | 456 | .name = "no_cert_verify", | 
| 457 | .desc = "Don't check signing certificate", | 457 | .desc = "Don't check signing certificate", | 
| 458 | .type = OPTION_UL_VALUE_OR, | 458 | .type = OPTION_UL_VALUE_OR, | 
| 459 | .opt.ulvalue = &ocsp_config.verify_flags, | 459 | .opt.ulvalue = &cfg.verify_flags, | 
| 460 | .ulvalue = OCSP_NOVERIFY, | 460 | .ulvalue = OCSP_NOVERIFY, | 
| 461 | }, | 461 | }, | 
| 462 | { | 462 | { | 
| 463 | .name = "no_certs", | 463 | .name = "no_certs", | 
| 464 | .desc = "Don't include any certificates in signed request", | 464 | .desc = "Don't include any certificates in signed request", | 
| 465 | .type = OPTION_UL_VALUE_OR, | 465 | .type = OPTION_UL_VALUE_OR, | 
| 466 | .opt.ulvalue = &ocsp_config.sign_flags, | 466 | .opt.ulvalue = &cfg.sign_flags, | 
| 467 | .ulvalue = OCSP_NOCERTS, | 467 | .ulvalue = OCSP_NOCERTS, | 
| 468 | }, | 468 | }, | 
| 469 | { | 469 | { | 
| 470 | .name = "no_chain", | 470 | .name = "no_chain", | 
| 471 | .desc = "Don't use certificates in the response", | 471 | .desc = "Don't use certificates in the response", | 
| 472 | .type = OPTION_UL_VALUE_OR, | 472 | .type = OPTION_UL_VALUE_OR, | 
| 473 | .opt.ulvalue = &ocsp_config.verify_flags, | 473 | .opt.ulvalue = &cfg.verify_flags, | 
| 474 | .ulvalue = OCSP_NOCHAIN, | 474 | .ulvalue = OCSP_NOCHAIN, | 
| 475 | }, | 475 | }, | 
| 476 | { | 476 | { | 
| 477 | .name = "no_explicit", | 477 | .name = "no_explicit", | 
| 478 | .desc = "Don't check the explicit trust for OCSP signing", | 478 | .desc = "Don't check the explicit trust for OCSP signing", | 
| 479 | .type = OPTION_UL_VALUE_OR, | 479 | .type = OPTION_UL_VALUE_OR, | 
| 480 | .opt.ulvalue = &ocsp_config.verify_flags, | 480 | .opt.ulvalue = &cfg.verify_flags, | 
| 481 | .ulvalue = OCSP_NOEXPLICIT, | 481 | .ulvalue = OCSP_NOEXPLICIT, | 
| 482 | }, | 482 | }, | 
| 483 | { | 483 | { | 
| 484 | .name = "no_intern", | 484 | .name = "no_intern", | 
| 485 | .desc = "Don't search certificates contained in response for signer", | 485 | .desc = "Don't search certificates contained in response for signer", | 
| 486 | .type = OPTION_UL_VALUE_OR, | 486 | .type = OPTION_UL_VALUE_OR, | 
| 487 | .opt.ulvalue = &ocsp_config.verify_flags, | 487 | .opt.ulvalue = &cfg.verify_flags, | 
| 488 | .ulvalue = OCSP_NOINTERN, | 488 | .ulvalue = OCSP_NOINTERN, | 
| 489 | }, | 489 | }, | 
| 490 | { | 490 | { | 
| 491 | .name = "no_nonce", | 491 | .name = "no_nonce", | 
| 492 | .desc = "Don't add OCSP nonce to request", | 492 | .desc = "Don't add OCSP nonce to request", | 
| 493 | .type = OPTION_VALUE, | 493 | .type = OPTION_VALUE, | 
| 494 | .opt.value = &ocsp_config.add_nonce, | 494 | .opt.value = &cfg.add_nonce, | 
| 495 | .value = 0, | 495 | .value = 0, | 
| 496 | }, | 496 | }, | 
| 497 | { | 497 | { | 
| 498 | .name = "no_signature_verify", | 498 | .name = "no_signature_verify", | 
| 499 | .desc = "Don't check signature on response", | 499 | .desc = "Don't check signature on response", | 
| 500 | .type = OPTION_UL_VALUE_OR, | 500 | .type = OPTION_UL_VALUE_OR, | 
| 501 | .opt.ulvalue = &ocsp_config.verify_flags, | 501 | .opt.ulvalue = &cfg.verify_flags, | 
| 502 | .ulvalue = OCSP_NOSIGS, | 502 | .ulvalue = OCSP_NOSIGS, | 
| 503 | }, | 503 | }, | 
| 504 | { | 504 | { | 
| 505 | .name = "nonce", | 505 | .name = "nonce", | 
| 506 | .desc = "Add OCSP nonce to request", | 506 | .desc = "Add OCSP nonce to request", | 
| 507 | .type = OPTION_VALUE, | 507 | .type = OPTION_VALUE, | 
| 508 | .opt.value = &ocsp_config.add_nonce, | 508 | .opt.value = &cfg.add_nonce, | 
| 509 | .value = 2, | 509 | .value = 2, | 
| 510 | }, | 510 | }, | 
| 511 | { | 511 | { | 
| 512 | .name = "noverify", | 512 | .name = "noverify", | 
| 513 | .desc = "Don't verify response at all", | 513 | .desc = "Don't verify response at all", | 
| 514 | .type = OPTION_FLAG, | 514 | .type = OPTION_FLAG, | 
| 515 | .opt.flag = &ocsp_config.noverify, | 515 | .opt.flag = &cfg.noverify, | 
| 516 | }, | 516 | }, | 
| 517 | { | 517 | { | 
| 518 | .name = "nrequest", | 518 | .name = "nrequest", | 
| @@ -526,14 +526,14 @@ static const struct option ocsp_options[] = { | |||
| 526 | .argname = "file", | 526 | .argname = "file", | 
| 527 | .desc = "Output filename", | 527 | .desc = "Output filename", | 
| 528 | .type = OPTION_ARG, | 528 | .type = OPTION_ARG, | 
| 529 | .opt.arg = &ocsp_config.outfile, | 529 | .opt.arg = &cfg.outfile, | 
| 530 | }, | 530 | }, | 
| 531 | { | 531 | { | 
| 532 | .name = "path", | 532 | .name = "path", | 
| 533 | .argname = "path", | 533 | .argname = "path", | 
| 534 | .desc = "Path to use in OCSP request", | 534 | .desc = "Path to use in OCSP request", | 
| 535 | .type = OPTION_ARG, | 535 | .type = OPTION_ARG, | 
| 536 | .opt.arg = &ocsp_config.path, | 536 | .opt.arg = &cfg.path, | 
| 537 | }, | 537 | }, | 
| 538 | { | 538 | { | 
| 539 | .name = "port", | 539 | .name = "port", | 
| @@ -546,76 +546,76 @@ static const struct option ocsp_options[] = { | |||
| 546 | .name = "req_text", | 546 | .name = "req_text", | 
| 547 | .desc = "Print text form of request", | 547 | .desc = "Print text form of request", | 
| 548 | .type = OPTION_FLAG, | 548 | .type = OPTION_FLAG, | 
| 549 | .opt.flag = &ocsp_config.req_text, | 549 | .opt.flag = &cfg.req_text, | 
| 550 | }, | 550 | }, | 
| 551 | { | 551 | { | 
| 552 | .name = "reqin", | 552 | .name = "reqin", | 
| 553 | .argname = "file", | 553 | .argname = "file", | 
| 554 | .desc = "Read DER encoded OCSP request from \"file\"", | 554 | .desc = "Read DER encoded OCSP request from \"file\"", | 
| 555 | .type = OPTION_ARG, | 555 | .type = OPTION_ARG, | 
| 556 | .opt.arg = &ocsp_config.reqin, | 556 | .opt.arg = &cfg.reqin, | 
| 557 | }, | 557 | }, | 
| 558 | { | 558 | { | 
| 559 | .name = "reqout", | 559 | .name = "reqout", | 
| 560 | .argname = "file", | 560 | .argname = "file", | 
| 561 | .desc = "Write DER encoded OCSP request to \"file\"", | 561 | .desc = "Write DER encoded OCSP request to \"file\"", | 
| 562 | .type = OPTION_ARG, | 562 | .type = OPTION_ARG, | 
| 563 | .opt.arg = &ocsp_config.reqout, | 563 | .opt.arg = &cfg.reqout, | 
| 564 | }, | 564 | }, | 
| 565 | { | 565 | { | 
| 566 | .name = "resp_key_id", | 566 | .name = "resp_key_id", | 
| 567 | .desc = "Identify response by signing certificate key ID", | 567 | .desc = "Identify response by signing certificate key ID", | 
| 568 | .type = OPTION_UL_VALUE_OR, | 568 | .type = OPTION_UL_VALUE_OR, | 
| 569 | .opt.ulvalue = &ocsp_config.rflags, | 569 | .opt.ulvalue = &cfg.rflags, | 
| 570 | .ulvalue = OCSP_RESPID_KEY, | 570 | .ulvalue = OCSP_RESPID_KEY, | 
| 571 | }, | 571 | }, | 
| 572 | { | 572 | { | 
| 573 | .name = "resp_no_certs", | 573 | .name = "resp_no_certs", | 
| 574 | .desc = "Don't include any certificates in response", | 574 | .desc = "Don't include any certificates in response", | 
| 575 | .type = OPTION_UL_VALUE_OR, | 575 | .type = OPTION_UL_VALUE_OR, | 
| 576 | .opt.ulvalue = &ocsp_config.rflags, | 576 | .opt.ulvalue = &cfg.rflags, | 
| 577 | .ulvalue = OCSP_NOCERTS, | 577 | .ulvalue = OCSP_NOCERTS, | 
| 578 | }, | 578 | }, | 
| 579 | { | 579 | { | 
| 580 | .name = "resp_text", | 580 | .name = "resp_text", | 
| 581 | .desc = "Print text form of response", | 581 | .desc = "Print text form of response", | 
| 582 | .type = OPTION_FLAG, | 582 | .type = OPTION_FLAG, | 
| 583 | .opt.flag = &ocsp_config.resp_text, | 583 | .opt.flag = &cfg.resp_text, | 
| 584 | }, | 584 | }, | 
| 585 | { | 585 | { | 
| 586 | .name = "respin", | 586 | .name = "respin", | 
| 587 | .argname = "file", | 587 | .argname = "file", | 
| 588 | .desc = "Read DER encoded OCSP response from \"file\"", | 588 | .desc = "Read DER encoded OCSP response from \"file\"", | 
| 589 | .type = OPTION_ARG, | 589 | .type = OPTION_ARG, | 
| 590 | .opt.arg = &ocsp_config.respin, | 590 | .opt.arg = &cfg.respin, | 
| 591 | }, | 591 | }, | 
| 592 | { | 592 | { | 
| 593 | .name = "respout", | 593 | .name = "respout", | 
| 594 | .argname = "file", | 594 | .argname = "file", | 
| 595 | .desc = "Write DER encoded OCSP response to \"file\"", | 595 | .desc = "Write DER encoded OCSP response to \"file\"", | 
| 596 | .type = OPTION_ARG, | 596 | .type = OPTION_ARG, | 
| 597 | .opt.arg = &ocsp_config.respout, | 597 | .opt.arg = &cfg.respout, | 
| 598 | }, | 598 | }, | 
| 599 | { | 599 | { | 
| 600 | .name = "rkey", | 600 | .name = "rkey", | 
| 601 | .argname = "file", | 601 | .argname = "file", | 
| 602 | .desc = "Responder key to sign responses with", | 602 | .desc = "Responder key to sign responses with", | 
| 603 | .type = OPTION_ARG, | 603 | .type = OPTION_ARG, | 
| 604 | .opt.arg = &ocsp_config.rkeyfile, | 604 | .opt.arg = &cfg.rkeyfile, | 
| 605 | }, | 605 | }, | 
| 606 | { | 606 | { | 
| 607 | .name = "rother", | 607 | .name = "rother", | 
| 608 | .argname = "file", | 608 | .argname = "file", | 
| 609 | .desc = "Other certificates to include in response", | 609 | .desc = "Other certificates to include in response", | 
| 610 | .type = OPTION_ARG, | 610 | .type = OPTION_ARG, | 
| 611 | .opt.arg = &ocsp_config.rcertfile, | 611 | .opt.arg = &cfg.rcertfile, | 
| 612 | }, | 612 | }, | 
| 613 | { | 613 | { | 
| 614 | .name = "rsigner", | 614 | .name = "rsigner", | 
| 615 | .argname = "file", | 615 | .argname = "file", | 
| 616 | .desc = "Responder certificate to sign responses with", | 616 | .desc = "Responder certificate to sign responses with", | 
| 617 | .type = OPTION_ARG, | 617 | .type = OPTION_ARG, | 
| 618 | .opt.arg = &ocsp_config.rsignfile, | 618 | .opt.arg = &cfg.rsignfile, | 
| 619 | }, | 619 | }, | 
| 620 | { | 620 | { | 
| 621 | .name = "serial", | 621 | .name = "serial", | 
| @@ -629,21 +629,21 @@ static const struct option ocsp_options[] = { | |||
| 629 | .argname = "file", | 629 | .argname = "file", | 
| 630 | .desc = "Additional certificates to include in signed request", | 630 | .desc = "Additional certificates to include in signed request", | 
| 631 | .type = OPTION_ARG, | 631 | .type = OPTION_ARG, | 
| 632 | .opt.arg = &ocsp_config.sign_certfile, | 632 | .opt.arg = &cfg.sign_certfile, | 
| 633 | }, | 633 | }, | 
| 634 | { | 634 | { | 
| 635 | .name = "signer", | 635 | .name = "signer", | 
| 636 | .argname = "file", | 636 | .argname = "file", | 
| 637 | .desc = "Certificate to sign OCSP request with", | 637 | .desc = "Certificate to sign OCSP request with", | 
| 638 | .type = OPTION_ARG, | 638 | .type = OPTION_ARG, | 
| 639 | .opt.arg = &ocsp_config.signfile, | 639 | .opt.arg = &cfg.signfile, | 
| 640 | }, | 640 | }, | 
| 641 | { | 641 | { | 
| 642 | .name = "signkey", | 642 | .name = "signkey", | 
| 643 | .argname = "file", | 643 | .argname = "file", | 
| 644 | .desc = "Private key to sign OCSP request with", | 644 | .desc = "Private key to sign OCSP request with", | 
| 645 | .type = OPTION_ARG, | 645 | .type = OPTION_ARG, | 
| 646 | .opt.arg = &ocsp_config.keyfile, | 646 | .opt.arg = &cfg.keyfile, | 
| 647 | }, | 647 | }, | 
| 648 | { | 648 | { | 
| 649 | .name = "status_age", | 649 | .name = "status_age", | 
| @@ -669,7 +669,7 @@ static const struct option ocsp_options[] = { | |||
| 669 | .name = "trust_other", | 669 | .name = "trust_other", | 
| 670 | .desc = "Don't verify additional certificates", | 670 | .desc = "Don't verify additional certificates", | 
| 671 | .type = OPTION_UL_VALUE_OR, | 671 | .type = OPTION_UL_VALUE_OR, | 
| 672 | .opt.ulvalue = &ocsp_config.verify_flags, | 672 | .opt.ulvalue = &cfg.verify_flags, | 
| 673 | .ulvalue = OCSP_TRUSTOTHER, | 673 | .ulvalue = OCSP_TRUSTOTHER, | 
| 674 | }, | 674 | }, | 
| 675 | { | 675 | { | 
| @@ -698,7 +698,7 @@ static const struct option ocsp_options[] = { | |||
| 698 | .argname = "file", | 698 | .argname = "file", | 
| 699 | .desc = "Additional certificates to search for signer", | 699 | .desc = "Additional certificates to search for signer", | 
| 700 | .type = OPTION_ARG, | 700 | .type = OPTION_ARG, | 
| 701 | .opt.arg = &ocsp_config.verify_certfile, | 701 | .opt.arg = &cfg.verify_certfile, | 
| 702 | }, | 702 | }, | 
| 703 | { | 703 | { | 
| 704 | .name = NULL, | 704 | .name = NULL, | 
| @@ -755,37 +755,37 @@ ocsp_main(int argc, char **argv) | |||
| 755 | exit(1); | 755 | exit(1); | 
| 756 | } | 756 | } | 
| 757 | 757 | ||
| 758 | memset(&ocsp_config, 0, sizeof(ocsp_config)); | 758 | memset(&cfg, 0, sizeof(cfg)); | 
| 759 | ocsp_config.accept_count = -1; | 759 | cfg.accept_count = -1; | 
| 760 | ocsp_config.add_nonce = 1; | 760 | cfg.add_nonce = 1; | 
| 761 | if ((ocsp_config.ids = sk_OCSP_CERTID_new_null()) == NULL) | 761 | if ((cfg.ids = sk_OCSP_CERTID_new_null()) == NULL) | 
| 762 | goto end; | 762 | goto end; | 
| 763 | ocsp_config.maxage = -1; | 763 | cfg.maxage = -1; | 
| 764 | ocsp_config.ndays = -1; | 764 | cfg.ndays = -1; | 
| 765 | ocsp_config.nsec = MAX_VALIDITY_PERIOD; | 765 | cfg.nsec = MAX_VALIDITY_PERIOD; | 
| 766 | ocsp_config.req_timeout = -1; | 766 | cfg.req_timeout = -1; | 
| 767 | if ((ocsp_config.reqnames = sk_OPENSSL_STRING_new_null()) == NULL) | 767 | if ((cfg.reqnames = sk_OPENSSL_STRING_new_null()) == NULL) | 
| 768 | goto end; | 768 | goto end; | 
| 769 | ocsp_config.use_ssl = -1; | 769 | cfg.use_ssl = -1; | 
| 770 | 770 | ||
| 771 | if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) { | 771 | if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) { | 
| 772 | if (ocsp_config.no_usage) | 772 | if (cfg.no_usage) | 
| 773 | goto end; | 773 | goto end; | 
| 774 | else | 774 | else | 
| 775 | badarg = 1; | 775 | badarg = 1; | 
| 776 | } | 776 | } | 
| 777 | 777 | ||
| 778 | /* Have we anything to do? */ | 778 | /* Have we anything to do? */ | 
| 779 | if (!ocsp_config.req && !ocsp_config.reqin && !ocsp_config.respin && | 779 | if (!cfg.req && !cfg.reqin && !cfg.respin && | 
| 780 | !(ocsp_config.port && ocsp_config.ridx_filename)) | 780 | !(cfg.port && cfg.ridx_filename)) | 
| 781 | badarg = 1; | 781 | badarg = 1; | 
| 782 | 782 | ||
| 783 | if (badarg) { | 783 | if (badarg) { | 
| 784 | ocsp_usage(); | 784 | ocsp_usage(); | 
| 785 | goto end; | 785 | goto end; | 
| 786 | } | 786 | } | 
| 787 | if (ocsp_config.outfile) | 787 | if (cfg.outfile) | 
| 788 | out = BIO_new_file(ocsp_config.outfile, "w"); | 788 | out = BIO_new_file(cfg.outfile, "w"); | 
| 789 | else | 789 | else | 
| 790 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 790 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 791 | 791 | ||
| @@ -793,47 +793,47 @@ ocsp_main(int argc, char **argv) | |||
| 793 | BIO_printf(bio_err, "Error opening output file\n"); | 793 | BIO_printf(bio_err, "Error opening output file\n"); | 
| 794 | goto end; | 794 | goto end; | 
| 795 | } | 795 | } | 
| 796 | if (!ocsp_config.req && (ocsp_config.add_nonce != 2)) | 796 | if (!cfg.req && (cfg.add_nonce != 2)) | 
| 797 | ocsp_config.add_nonce = 0; | 797 | cfg.add_nonce = 0; | 
| 798 | 798 | ||
| 799 | if (!ocsp_config.req && ocsp_config.reqin) { | 799 | if (!cfg.req && cfg.reqin) { | 
| 800 | derbio = BIO_new_file(ocsp_config.reqin, "rb"); | 800 | derbio = BIO_new_file(cfg.reqin, "rb"); | 
| 801 | if (!derbio) { | 801 | if (!derbio) { | 
| 802 | BIO_printf(bio_err, | 802 | BIO_printf(bio_err, | 
| 803 | "Error Opening OCSP request file\n"); | 803 | "Error Opening OCSP request file\n"); | 
| 804 | goto end; | 804 | goto end; | 
| 805 | } | 805 | } | 
| 806 | ocsp_config.req = d2i_OCSP_REQUEST_bio(derbio, NULL); | 806 | cfg.req = d2i_OCSP_REQUEST_bio(derbio, NULL); | 
| 807 | BIO_free(derbio); | 807 | BIO_free(derbio); | 
| 808 | if (!ocsp_config.req) { | 808 | if (!cfg.req) { | 
| 809 | BIO_printf(bio_err, "Error reading OCSP request\n"); | 809 | BIO_printf(bio_err, "Error reading OCSP request\n"); | 
| 810 | goto end; | 810 | goto end; | 
| 811 | } | 811 | } | 
| 812 | } | 812 | } | 
| 813 | if (!ocsp_config.req && ocsp_config.port) { | 813 | if (!cfg.req && cfg.port) { | 
| 814 | acbio = init_responder(ocsp_config.port); | 814 | acbio = init_responder(cfg.port); | 
| 815 | if (!acbio) | 815 | if (!acbio) | 
| 816 | goto end; | 816 | goto end; | 
| 817 | } | 817 | } | 
| 818 | if (ocsp_config.rsignfile && !rdb) { | 818 | if (cfg.rsignfile && !rdb) { | 
| 819 | if (!ocsp_config.rkeyfile) | 819 | if (!cfg.rkeyfile) | 
| 820 | ocsp_config.rkeyfile = ocsp_config.rsignfile; | 820 | cfg.rkeyfile = cfg.rsignfile; | 
| 821 | rsigner = load_cert(bio_err, ocsp_config.rsignfile, FORMAT_PEM, | 821 | rsigner = load_cert(bio_err, cfg.rsignfile, FORMAT_PEM, | 
| 822 | NULL, "responder certificate"); | 822 | NULL, "responder certificate"); | 
| 823 | if (!rsigner) { | 823 | if (!rsigner) { | 
| 824 | BIO_printf(bio_err, | 824 | BIO_printf(bio_err, | 
| 825 | "Error loading responder certificate\n"); | 825 | "Error loading responder certificate\n"); | 
| 826 | goto end; | 826 | goto end; | 
| 827 | } | 827 | } | 
| 828 | rca_cert = load_cert(bio_err, ocsp_config.rca_filename, | 828 | rca_cert = load_cert(bio_err, cfg.rca_filename, | 
| 829 | FORMAT_PEM, NULL, "CA certificate"); | 829 | FORMAT_PEM, NULL, "CA certificate"); | 
| 830 | if (ocsp_config.rcertfile) { | 830 | if (cfg.rcertfile) { | 
| 831 | rother = load_certs(bio_err, ocsp_config.rcertfile, | 831 | rother = load_certs(bio_err, cfg.rcertfile, | 
| 832 | FORMAT_PEM, NULL, "responder other certificates"); | 832 | FORMAT_PEM, NULL, "responder other certificates"); | 
| 833 | if (!rother) | 833 | if (!rother) | 
| 834 | goto end; | 834 | goto end; | 
| 835 | } | 835 | } | 
| 836 | rkey = load_key(bio_err, ocsp_config.rkeyfile, FORMAT_PEM, 0, | 836 | rkey = load_key(bio_err, cfg.rkeyfile, FORMAT_PEM, 0, | 
| 837 | NULL, "responder private key"); | 837 | NULL, "responder private key"); | 
| 838 | if (!rkey) | 838 | if (!rkey) | 
| 839 | goto end; | 839 | goto end; | 
| @@ -844,95 +844,95 @@ ocsp_main(int argc, char **argv) | |||
| 844 | redo_accept: | 844 | redo_accept: | 
| 845 | 845 | ||
| 846 | if (acbio) { | 846 | if (acbio) { | 
| 847 | if (!do_responder(&ocsp_config.req, &cbio, acbio, | 847 | if (!do_responder(&cfg.req, &cbio, acbio, | 
| 848 | ocsp_config.port)) | 848 | cfg.port)) | 
| 849 | goto end; | 849 | goto end; | 
| 850 | if (!ocsp_config.req) { | 850 | if (!cfg.req) { | 
| 851 | resp = OCSP_response_create( | 851 | resp = OCSP_response_create( | 
| 852 | OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); | 852 | OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); | 
| 853 | send_ocsp_response(cbio, resp); | 853 | send_ocsp_response(cbio, resp); | 
| 854 | goto done_resp; | 854 | goto done_resp; | 
| 855 | } | 855 | } | 
| 856 | } | 856 | } | 
| 857 | if (!ocsp_config.req && | 857 | if (!cfg.req && | 
| 858 | (ocsp_config.signfile || ocsp_config.reqout || ocsp_config.host || | 858 | (cfg.signfile || cfg.reqout || cfg.host || | 
| 859 | ocsp_config.add_nonce || ocsp_config.ridx_filename)) { | 859 | cfg.add_nonce || cfg.ridx_filename)) { | 
| 860 | BIO_printf(bio_err, | 860 | BIO_printf(bio_err, | 
| 861 | "Need an OCSP request for this operation!\n"); | 861 | "Need an OCSP request for this operation!\n"); | 
| 862 | goto end; | 862 | goto end; | 
| 863 | } | 863 | } | 
| 864 | if (ocsp_config.req && ocsp_config.add_nonce) | 864 | if (cfg.req && cfg.add_nonce) | 
| 865 | OCSP_request_add1_nonce(ocsp_config.req, NULL, -1); | 865 | OCSP_request_add1_nonce(cfg.req, NULL, -1); | 
| 866 | 866 | ||
| 867 | if (ocsp_config.signfile) { | 867 | if (cfg.signfile) { | 
| 868 | if (!ocsp_config.keyfile) | 868 | if (!cfg.keyfile) | 
| 869 | ocsp_config.keyfile = ocsp_config.signfile; | 869 | cfg.keyfile = cfg.signfile; | 
| 870 | signer = load_cert(bio_err, ocsp_config.signfile, FORMAT_PEM, | 870 | signer = load_cert(bio_err, cfg.signfile, FORMAT_PEM, | 
| 871 | NULL, "signer certificate"); | 871 | NULL, "signer certificate"); | 
| 872 | if (!signer) { | 872 | if (!signer) { | 
| 873 | BIO_printf(bio_err, | 873 | BIO_printf(bio_err, | 
| 874 | "Error loading signer certificate\n"); | 874 | "Error loading signer certificate\n"); | 
| 875 | goto end; | 875 | goto end; | 
| 876 | } | 876 | } | 
| 877 | if (ocsp_config.sign_certfile) { | 877 | if (cfg.sign_certfile) { | 
| 878 | sign_other = load_certs(bio_err, | 878 | sign_other = load_certs(bio_err, | 
| 879 | ocsp_config.sign_certfile, FORMAT_PEM, NULL, | 879 | cfg.sign_certfile, FORMAT_PEM, NULL, | 
| 880 | "signer certificates"); | 880 | "signer certificates"); | 
| 881 | if (!sign_other) | 881 | if (!sign_other) | 
| 882 | goto end; | 882 | goto end; | 
| 883 | } | 883 | } | 
| 884 | key = load_key(bio_err, ocsp_config.keyfile, FORMAT_PEM, 0, | 884 | key = load_key(bio_err, cfg.keyfile, FORMAT_PEM, 0, | 
| 885 | NULL, "signer private key"); | 885 | NULL, "signer private key"); | 
| 886 | if (!key) | 886 | if (!key) | 
| 887 | goto end; | 887 | goto end; | 
| 888 | 888 | ||
| 889 | if (!OCSP_request_sign(ocsp_config.req, signer, key, NULL, | 889 | if (!OCSP_request_sign(cfg.req, signer, key, NULL, | 
| 890 | sign_other, ocsp_config.sign_flags)) { | 890 | sign_other, cfg.sign_flags)) { | 
| 891 | BIO_printf(bio_err, "Error signing OCSP request\n"); | 891 | BIO_printf(bio_err, "Error signing OCSP request\n"); | 
| 892 | goto end; | 892 | goto end; | 
| 893 | } | 893 | } | 
| 894 | } | 894 | } | 
| 895 | if (ocsp_config.req_text && ocsp_config.req) | 895 | if (cfg.req_text && cfg.req) | 
| 896 | OCSP_REQUEST_print(out, ocsp_config.req, 0); | 896 | OCSP_REQUEST_print(out, cfg.req, 0); | 
| 897 | 897 | ||
| 898 | if (ocsp_config.reqout) { | 898 | if (cfg.reqout) { | 
| 899 | derbio = BIO_new_file(ocsp_config.reqout, "wb"); | 899 | derbio = BIO_new_file(cfg.reqout, "wb"); | 
| 900 | if (!derbio) { | 900 | if (!derbio) { | 
| 901 | BIO_printf(bio_err, "Error opening file %s\n", | 901 | BIO_printf(bio_err, "Error opening file %s\n", | 
| 902 | ocsp_config.reqout); | 902 | cfg.reqout); | 
| 903 | goto end; | 903 | goto end; | 
| 904 | } | 904 | } | 
| 905 | i2d_OCSP_REQUEST_bio(derbio, ocsp_config.req); | 905 | i2d_OCSP_REQUEST_bio(derbio, cfg.req); | 
| 906 | BIO_free(derbio); | 906 | BIO_free(derbio); | 
| 907 | } | 907 | } | 
| 908 | if (ocsp_config.ridx_filename && (!rkey || !rsigner || !rca_cert)) { | 908 | if (cfg.ridx_filename && (!rkey || !rsigner || !rca_cert)) { | 
| 909 | BIO_printf(bio_err, | 909 | BIO_printf(bio_err, | 
| 910 | "Need a responder certificate, key and CA for this operation!\n"); | 910 | "Need a responder certificate, key and CA for this operation!\n"); | 
| 911 | goto end; | 911 | goto end; | 
| 912 | } | 912 | } | 
| 913 | if (ocsp_config.ridx_filename && !rdb) { | 913 | if (cfg.ridx_filename && !rdb) { | 
| 914 | rdb = load_index(ocsp_config.ridx_filename, NULL); | 914 | rdb = load_index(cfg.ridx_filename, NULL); | 
| 915 | if (!rdb) | 915 | if (!rdb) | 
| 916 | goto end; | 916 | goto end; | 
| 917 | if (!index_index(rdb)) | 917 | if (!index_index(rdb)) | 
| 918 | goto end; | 918 | goto end; | 
| 919 | } | 919 | } | 
| 920 | if (rdb) { | 920 | if (rdb) { | 
| 921 | i = make_ocsp_response(&resp, ocsp_config.req, rdb, rca_cert, | 921 | i = make_ocsp_response(&resp, cfg.req, rdb, rca_cert, | 
| 922 | rsigner, rkey, rother, ocsp_config.rflags, | 922 | rsigner, rkey, rother, cfg.rflags, | 
| 923 | ocsp_config.nmin, ocsp_config.ndays); | 923 | cfg.nmin, cfg.ndays); | 
| 924 | if (cbio) | 924 | if (cbio) | 
| 925 | send_ocsp_response(cbio, resp); | 925 | send_ocsp_response(cbio, resp); | 
| 926 | } else if (ocsp_config.host) { | 926 | } else if (cfg.host) { | 
| 927 | resp = process_responder(bio_err, ocsp_config.req, | 927 | resp = process_responder(bio_err, cfg.req, | 
| 928 | ocsp_config.host, | 928 | cfg.host, | 
| 929 | ocsp_config.path ? ocsp_config.path : "/", | 929 | cfg.path ? cfg.path : "/", | 
| 930 | ocsp_config.port, ocsp_config.use_ssl, ocsp_config.headers, | 930 | cfg.port, cfg.use_ssl, cfg.headers, | 
| 931 | ocsp_config.req_timeout); | 931 | cfg.req_timeout); | 
| 932 | if (!resp) | 932 | if (!resp) | 
| 933 | goto end; | 933 | goto end; | 
| 934 | } else if (ocsp_config.respin) { | 934 | } else if (cfg.respin) { | 
| 935 | derbio = BIO_new_file(ocsp_config.respin, "rb"); | 935 | derbio = BIO_new_file(cfg.respin, "rb"); | 
| 936 | if (!derbio) { | 936 | if (!derbio) { | 
| 937 | BIO_printf(bio_err, | 937 | BIO_printf(bio_err, | 
| 938 | "Error Opening OCSP response file\n"); | 938 | "Error Opening OCSP response file\n"); | 
| @@ -951,11 +951,11 @@ ocsp_main(int argc, char **argv) | |||
| 951 | 951 | ||
| 952 | done_resp: | 952 | done_resp: | 
| 953 | 953 | ||
| 954 | if (ocsp_config.respout) { | 954 | if (cfg.respout) { | 
| 955 | derbio = BIO_new_file(ocsp_config.respout, "wb"); | 955 | derbio = BIO_new_file(cfg.respout, "wb"); | 
| 956 | if (!derbio) { | 956 | if (!derbio) { | 
| 957 | BIO_printf(bio_err, "Error opening file %s\n", | 957 | BIO_printf(bio_err, "Error opening file %s\n", | 
| 958 | ocsp_config.respout); | 958 | cfg.respout); | 
| 959 | goto end; | 959 | goto end; | 
| 960 | } | 960 | } | 
| 961 | i2d_OCSP_RESPONSE_bio(derbio, resp); | 961 | i2d_OCSP_RESPONSE_bio(derbio, resp); | 
| @@ -966,24 +966,24 @@ ocsp_main(int argc, char **argv) | |||
| 966 | if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { | 966 | if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { | 
| 967 | BIO_printf(bio_err, "Responder Error: %s (%d)\n", | 967 | BIO_printf(bio_err, "Responder Error: %s (%d)\n", | 
| 968 | OCSP_response_status_str(i), i); | 968 | OCSP_response_status_str(i), i); | 
| 969 | if (ocsp_config.ignore_err) | 969 | if (cfg.ignore_err) | 
| 970 | goto redo_accept; | 970 | goto redo_accept; | 
| 971 | ret = 1; | 971 | ret = 1; | 
| 972 | goto end; | 972 | goto end; | 
| 973 | } | 973 | } | 
| 974 | if (ocsp_config.resp_text) | 974 | if (cfg.resp_text) | 
| 975 | OCSP_RESPONSE_print(out, resp, 0); | 975 | OCSP_RESPONSE_print(out, resp, 0); | 
| 976 | 976 | ||
| 977 | /* If running as responder don't verify our own response */ | 977 | /* If running as responder don't verify our own response */ | 
| 978 | if (cbio) { | 978 | if (cbio) { | 
| 979 | if (ocsp_config.accept_count > 0) | 979 | if (cfg.accept_count > 0) | 
| 980 | ocsp_config.accept_count--; | 980 | cfg.accept_count--; | 
| 981 | /* Redo if more connections needed */ | 981 | /* Redo if more connections needed */ | 
| 982 | if (ocsp_config.accept_count) { | 982 | if (cfg.accept_count) { | 
| 983 | BIO_free_all(cbio); | 983 | BIO_free_all(cbio); | 
| 984 | cbio = NULL; | 984 | cbio = NULL; | 
| 985 | OCSP_REQUEST_free(ocsp_config.req); | 985 | OCSP_REQUEST_free(cfg.req); | 
| 986 | ocsp_config.req = NULL; | 986 | cfg.req = NULL; | 
| 987 | OCSP_RESPONSE_free(resp); | 987 | OCSP_RESPONSE_free(resp); | 
| 988 | resp = NULL; | 988 | resp = NULL; | 
| 989 | goto redo_accept; | 989 | goto redo_accept; | 
| @@ -991,12 +991,12 @@ ocsp_main(int argc, char **argv) | |||
| 991 | goto end; | 991 | goto end; | 
| 992 | } | 992 | } | 
| 993 | if (!store) | 993 | if (!store) | 
| 994 | store = setup_verify(bio_err, ocsp_config.CAfile, | 994 | store = setup_verify(bio_err, cfg.CAfile, | 
| 995 | ocsp_config.CApath); | 995 | cfg.CApath); | 
| 996 | if (!store) | 996 | if (!store) | 
| 997 | goto end; | 997 | goto end; | 
| 998 | if (ocsp_config.verify_certfile) { | 998 | if (cfg.verify_certfile) { | 
| 999 | verify_other = load_certs(bio_err, ocsp_config.verify_certfile, | 999 | verify_other = load_certs(bio_err, cfg.verify_certfile, | 
| 1000 | FORMAT_PEM, NULL, "validator certificate"); | 1000 | FORMAT_PEM, NULL, "validator certificate"); | 
| 1001 | if (!verify_other) | 1001 | if (!verify_other) | 
| 1002 | goto end; | 1002 | goto end; | 
| @@ -1007,9 +1007,9 @@ ocsp_main(int argc, char **argv) | |||
| 1007 | BIO_printf(bio_err, "Error parsing response\n"); | 1007 | BIO_printf(bio_err, "Error parsing response\n"); | 
| 1008 | goto end; | 1008 | goto end; | 
| 1009 | } | 1009 | } | 
| 1010 | if (!ocsp_config.noverify) { | 1010 | if (!cfg.noverify) { | 
| 1011 | if (ocsp_config.req && | 1011 | if (cfg.req && | 
| 1012 | ((i = OCSP_check_nonce(ocsp_config.req, bs)) <= 0)) { | 1012 | ((i = OCSP_check_nonce(cfg.req, bs)) <= 0)) { | 
| 1013 | if (i == -1) { | 1013 | if (i == -1) { | 
| 1014 | BIO_printf(bio_err, | 1014 | BIO_printf(bio_err, | 
| 1015 | "WARNING: no nonce in response\n"); | 1015 | "WARNING: no nonce in response\n"); | 
| @@ -1019,7 +1019,7 @@ ocsp_main(int argc, char **argv) | |||
| 1019 | } | 1019 | } | 
| 1020 | } | 1020 | } | 
| 1021 | i = OCSP_basic_verify(bs, verify_other, store, | 1021 | i = OCSP_basic_verify(bs, verify_other, store, | 
| 1022 | ocsp_config.verify_flags); | 1022 | cfg.verify_flags); | 
| 1023 | if (i < 0) | 1023 | if (i < 0) | 
| 1024 | i = OCSP_basic_verify(bs, NULL, store, 0); | 1024 | i = OCSP_basic_verify(bs, NULL, store, 0); | 
| 1025 | 1025 | ||
| @@ -1030,8 +1030,8 @@ ocsp_main(int argc, char **argv) | |||
| 1030 | BIO_printf(bio_err, "Response verify OK\n"); | 1030 | BIO_printf(bio_err, "Response verify OK\n"); | 
| 1031 | } | 1031 | } | 
| 1032 | } | 1032 | } | 
| 1033 | if (!print_ocsp_summary(out, bs, ocsp_config.req, ocsp_config.reqnames, | 1033 | if (!print_ocsp_summary(out, bs, cfg.req, cfg.reqnames, | 
| 1034 | ocsp_config.ids, ocsp_config.nsec, ocsp_config.maxage)) | 1034 | cfg.ids, cfg.nsec, cfg.maxage)) | 
| 1035 | goto end; | 1035 | goto end; | 
| 1036 | 1036 | ||
| 1037 | ret = 0; | 1037 | ret = 0; | 
| @@ -1042,27 +1042,27 @@ ocsp_main(int argc, char **argv) | |||
| 1042 | X509_STORE_free(store); | 1042 | X509_STORE_free(store); | 
| 1043 | EVP_PKEY_free(key); | 1043 | EVP_PKEY_free(key); | 
| 1044 | EVP_PKEY_free(rkey); | 1044 | EVP_PKEY_free(rkey); | 
| 1045 | X509_free(ocsp_config.issuer); | 1045 | X509_free(cfg.issuer); | 
| 1046 | X509_free(ocsp_config.cert); | 1046 | X509_free(cfg.cert); | 
| 1047 | X509_free(rsigner); | 1047 | X509_free(rsigner); | 
| 1048 | X509_free(rca_cert); | 1048 | X509_free(rca_cert); | 
| 1049 | free_index(rdb); | 1049 | free_index(rdb); | 
| 1050 | BIO_free_all(cbio); | 1050 | BIO_free_all(cbio); | 
| 1051 | BIO_free_all(acbio); | 1051 | BIO_free_all(acbio); | 
| 1052 | BIO_free(out); | 1052 | BIO_free(out); | 
| 1053 | OCSP_REQUEST_free(ocsp_config.req); | 1053 | OCSP_REQUEST_free(cfg.req); | 
| 1054 | OCSP_RESPONSE_free(resp); | 1054 | OCSP_RESPONSE_free(resp); | 
| 1055 | OCSP_BASICRESP_free(bs); | 1055 | OCSP_BASICRESP_free(bs); | 
| 1056 | sk_OPENSSL_STRING_free(ocsp_config.reqnames); | 1056 | sk_OPENSSL_STRING_free(cfg.reqnames); | 
| 1057 | sk_OCSP_CERTID_free(ocsp_config.ids); | 1057 | sk_OCSP_CERTID_free(cfg.ids); | 
| 1058 | sk_X509_pop_free(sign_other, X509_free); | 1058 | sk_X509_pop_free(sign_other, X509_free); | 
| 1059 | sk_X509_pop_free(verify_other, X509_free); | 1059 | sk_X509_pop_free(verify_other, X509_free); | 
| 1060 | sk_CONF_VALUE_pop_free(ocsp_config.headers, X509V3_conf_free); | 1060 | sk_CONF_VALUE_pop_free(cfg.headers, X509V3_conf_free); | 
| 1061 | 1061 | ||
| 1062 | if (ocsp_config.use_ssl != -1) { | 1062 | if (cfg.use_ssl != -1) { | 
| 1063 | free(ocsp_config.host); | 1063 | free(cfg.host); | 
| 1064 | free(ocsp_config.port); | 1064 | free(cfg.port); | 
| 1065 | free(ocsp_config.path); | 1065 | free(cfg.path); | 
| 1066 | } | 1066 | } | 
| 1067 | return (ret); | 1067 | return (ret); | 
| 1068 | } | 1068 | } | 
| diff --git a/src/usr.bin/openssl/passwd.c b/src/usr.bin/openssl/passwd.c index f05751f165..a8dfa27db1 100644 --- a/src/usr.bin/openssl/passwd.c +++ b/src/usr.bin/openssl/passwd.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: passwd.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: passwd.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | 2 | ||
| 3 | #if defined OPENSSL_NO_MD5 | 3 | #if defined OPENSSL_NO_MD5 | 
| 4 | #define NO_MD5CRYPT_1 | 4 | #define NO_MD5CRYPT_1 | 
| @@ -51,7 +51,7 @@ static struct { | |||
| 51 | int use1; | 51 | int use1; | 
| 52 | int useapr1; | 52 | int useapr1; | 
| 53 | int usecrypt; | 53 | int usecrypt; | 
| 54 | } passwd_config; | 54 | } cfg; | 
| 55 | 55 | ||
| 56 | static const struct option passwd_options[] = { | 56 | static const struct option passwd_options[] = { | 
| 57 | #ifndef NO_MD5CRYPT_1 | 57 | #ifndef NO_MD5CRYPT_1 | 
| @@ -59,13 +59,13 @@ static const struct option passwd_options[] = { | |||
| 59 | .name = "1", | 59 | .name = "1", | 
| 60 | .desc = "Use MD5 based BSD password algorithm 1", | 60 | .desc = "Use MD5 based BSD password algorithm 1", | 
| 61 | .type = OPTION_FLAG, | 61 | .type = OPTION_FLAG, | 
| 62 | .opt.flag = &passwd_config.use1, | 62 | .opt.flag = &cfg.use1, | 
| 63 | }, | 63 | }, | 
| 64 | { | 64 | { | 
| 65 | .name = "apr1", | 65 | .name = "apr1", | 
| 66 | .desc = "Use apr1 algorithm (Apache variant of BSD algorithm)", | 66 | .desc = "Use apr1 algorithm (Apache variant of BSD algorithm)", | 
| 67 | .type = OPTION_FLAG, | 67 | .type = OPTION_FLAG, | 
| 68 | .opt.flag = &passwd_config.useapr1, | 68 | .opt.flag = &cfg.useapr1, | 
| 69 | }, | 69 | }, | 
| 70 | #endif | 70 | #endif | 
| 71 | #ifndef OPENSSL_NO_DES | 71 | #ifndef OPENSSL_NO_DES | 
| @@ -73,7 +73,7 @@ static const struct option passwd_options[] = { | |||
| 73 | .name = "crypt", | 73 | .name = "crypt", | 
| 74 | .desc = "Use crypt algorithm (default)", | 74 | .desc = "Use crypt algorithm (default)", | 
| 75 | .type = OPTION_FLAG, | 75 | .type = OPTION_FLAG, | 
| 76 | .opt.flag = &passwd_config.usecrypt, | 76 | .opt.flag = &cfg.usecrypt, | 
| 77 | }, | 77 | }, | 
| 78 | #endif | 78 | #endif | 
| 79 | { | 79 | { | 
| @@ -81,44 +81,44 @@ static const struct option passwd_options[] = { | |||
| 81 | .argname = "file", | 81 | .argname = "file", | 
| 82 | .desc = "Read passwords from specified file", | 82 | .desc = "Read passwords from specified file", | 
| 83 | .type = OPTION_ARG, | 83 | .type = OPTION_ARG, | 
| 84 | .opt.arg = &passwd_config.infile, | 84 | .opt.arg = &cfg.infile, | 
| 85 | }, | 85 | }, | 
| 86 | { | 86 | { | 
| 87 | .name = "noverify", | 87 | .name = "noverify", | 
| 88 | .desc = "Do not verify password", | 88 | .desc = "Do not verify password", | 
| 89 | .type = OPTION_FLAG, | 89 | .type = OPTION_FLAG, | 
| 90 | .opt.flag = &passwd_config.noverify, | 90 | .opt.flag = &cfg.noverify, | 
| 91 | }, | 91 | }, | 
| 92 | { | 92 | { | 
| 93 | .name = "quiet", | 93 | .name = "quiet", | 
| 94 | .desc = "Do not output warnings", | 94 | .desc = "Do not output warnings", | 
| 95 | .type = OPTION_FLAG, | 95 | .type = OPTION_FLAG, | 
| 96 | .opt.flag = &passwd_config.quiet, | 96 | .opt.flag = &cfg.quiet, | 
| 97 | }, | 97 | }, | 
| 98 | { | 98 | { | 
| 99 | .name = "reverse", | 99 | .name = "reverse", | 
| 100 | .desc = "Reverse table columns (requires -table)", | 100 | .desc = "Reverse table columns (requires -table)", | 
| 101 | .type = OPTION_FLAG, | 101 | .type = OPTION_FLAG, | 
| 102 | .opt.flag = &passwd_config.reverse, | 102 | .opt.flag = &cfg.reverse, | 
| 103 | }, | 103 | }, | 
| 104 | { | 104 | { | 
| 105 | .name = "salt", | 105 | .name = "salt", | 
| 106 | .argname = "string", | 106 | .argname = "string", | 
| 107 | .desc = "Use specified salt", | 107 | .desc = "Use specified salt", | 
| 108 | .type = OPTION_ARG, | 108 | .type = OPTION_ARG, | 
| 109 | .opt.arg = &passwd_config.salt, | 109 | .opt.arg = &cfg.salt, | 
| 110 | }, | 110 | }, | 
| 111 | { | 111 | { | 
| 112 | .name = "stdin", | 112 | .name = "stdin", | 
| 113 | .desc = "Read passwords from stdin", | 113 | .desc = "Read passwords from stdin", | 
| 114 | .type = OPTION_FLAG, | 114 | .type = OPTION_FLAG, | 
| 115 | .opt.flag = &passwd_config.in_stdin, | 115 | .opt.flag = &cfg.in_stdin, | 
| 116 | }, | 116 | }, | 
| 117 | { | 117 | { | 
| 118 | .name = "table", | 118 | .name = "table", | 
| 119 | .desc = "Output cleartext and hashed passwords (tab separated)", | 119 | .desc = "Output cleartext and hashed passwords (tab separated)", | 
| 120 | .type = OPTION_FLAG, | 120 | .type = OPTION_FLAG, | 
| 121 | .opt.flag = &passwd_config.table, | 121 | .opt.flag = &cfg.table, | 
| 122 | }, | 122 | }, | 
| 123 | { NULL }, | 123 | { NULL }, | 
| 124 | }; | 124 | }; | 
| @@ -150,7 +150,7 @@ passwd_main(int argc, char **argv) | |||
| 150 | exit(1); | 150 | exit(1); | 
| 151 | } | 151 | } | 
| 152 | 152 | ||
| 153 | memset(&passwd_config, 0, sizeof(passwd_config)); | 153 | memset(&cfg, 0, sizeof(cfg)); | 
| 154 | 154 | ||
| 155 | if (options_parse(argc, argv, passwd_options, NULL, &argsused) != 0) { | 155 | if (options_parse(argc, argv, passwd_options, NULL, &argsused) != 0) { | 
| 156 | passwd_usage(); | 156 | passwd_usage(); | 
| @@ -159,23 +159,23 @@ passwd_main(int argc, char **argv) | |||
| 159 | 159 | ||
| 160 | if (argsused < argc) | 160 | if (argsused < argc) | 
| 161 | passwds = &argv[argsused]; | 161 | passwds = &argv[argsused]; | 
| 162 | if (passwd_config.salt != NULL) | 162 | if (cfg.salt != NULL) | 
| 163 | passed_salt = 1; | 163 | passed_salt = 1; | 
| 164 | 164 | ||
| 165 | if (!passwd_config.usecrypt && !passwd_config.use1 && | 165 | if (!cfg.usecrypt && !cfg.use1 && | 
| 166 | !passwd_config.useapr1) | 166 | !cfg.useapr1) | 
| 167 | passwd_config.usecrypt = 1; /* use default */ | 167 | cfg.usecrypt = 1; /* use default */ | 
| 168 | if (passwd_config.usecrypt + passwd_config.use1 + | 168 | if (cfg.usecrypt + cfg.use1 + | 
| 169 | passwd_config.useapr1 > 1) | 169 | cfg.useapr1 > 1) | 
| 170 | badopt = 1; /* conflicting options */ | 170 | badopt = 1; /* conflicting options */ | 
| 171 | 171 | ||
| 172 | /* Reject unsupported algorithms */ | 172 | /* Reject unsupported algorithms */ | 
| 173 | #ifdef OPENSSL_NO_DES | 173 | #ifdef OPENSSL_NO_DES | 
| 174 | if (passwd_config.usecrypt) | 174 | if (cfg.usecrypt) | 
| 175 | badopt = 1; | 175 | badopt = 1; | 
| 176 | #endif | 176 | #endif | 
| 177 | #ifdef NO_MD5CRYPT_1 | 177 | #ifdef NO_MD5CRYPT_1 | 
| 178 | if (passwd_config.use1 || passwd_config.useapr1) | 178 | if (cfg.use1 || cfg.useapr1) | 
| 179 | badopt = 1; | 179 | badopt = 1; | 
| 180 | #endif | 180 | #endif | 
| 181 | 181 | ||
| @@ -188,21 +188,21 @@ passwd_main(int argc, char **argv) | |||
| 188 | goto err; | 188 | goto err; | 
| 189 | BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 189 | BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 
| 190 | 190 | ||
| 191 | if (passwd_config.infile != NULL || passwd_config.in_stdin) { | 191 | if (cfg.infile != NULL || cfg.in_stdin) { | 
| 192 | if ((in = BIO_new(BIO_s_file())) == NULL) | 192 | if ((in = BIO_new(BIO_s_file())) == NULL) | 
| 193 | goto err; | 193 | goto err; | 
| 194 | if (passwd_config.infile != NULL) { | 194 | if (cfg.infile != NULL) { | 
| 195 | assert(passwd_config.in_stdin == 0); | 195 | assert(cfg.in_stdin == 0); | 
| 196 | if (BIO_read_filename(in, passwd_config.infile) <= 0) | 196 | if (BIO_read_filename(in, cfg.infile) <= 0) | 
| 197 | goto err; | 197 | goto err; | 
| 198 | } else { | 198 | } else { | 
| 199 | assert(passwd_config.in_stdin); | 199 | assert(cfg.in_stdin); | 
| 200 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 200 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 201 | } | 201 | } | 
| 202 | } | 202 | } | 
| 203 | if (passwd_config.usecrypt) | 203 | if (cfg.usecrypt) | 
| 204 | pw_maxlen = 8; | 204 | pw_maxlen = 8; | 
| 205 | else if (passwd_config.use1 || passwd_config.useapr1) | 205 | else if (cfg.use1 || cfg.useapr1) | 
| 206 | pw_maxlen = 256;/* arbitrary limit, should be enough for most | 206 | pw_maxlen = 256;/* arbitrary limit, should be enough for most | 
| 207 | * passwords */ | 207 | * passwords */ | 
| 208 | 208 | ||
| @@ -223,7 +223,7 @@ passwd_main(int argc, char **argv) | |||
| 223 | if (in == NULL) | 223 | if (in == NULL) | 
| 224 | if (EVP_read_pw_string(passwd_malloc, | 224 | if (EVP_read_pw_string(passwd_malloc, | 
| 225 | passwd_malloc_size, "Password: ", | 225 | passwd_malloc_size, "Password: ", | 
| 226 | !(passed_salt || passwd_config.noverify)) != 0) | 226 | !(passed_salt || cfg.noverify)) != 0) | 
| 227 | goto err; | 227 | goto err; | 
| 228 | passwds[0] = passwd_malloc; | 228 | passwds[0] = passwd_malloc; | 
| 229 | } | 229 | } | 
| @@ -233,11 +233,11 @@ passwd_main(int argc, char **argv) | |||
| 233 | 233 | ||
| 234 | do { /* loop over list of passwords */ | 234 | do { /* loop over list of passwords */ | 
| 235 | passwd = *passwds++; | 235 | passwd = *passwds++; | 
| 236 | if (!do_passwd(passed_salt, &passwd_config.salt, | 236 | if (!do_passwd(passed_salt, &cfg.salt, | 
| 237 | &salt_malloc, passwd, out, passwd_config.quiet, | 237 | &salt_malloc, passwd, out, cfg.quiet, | 
| 238 | passwd_config.table, passwd_config.reverse, | 238 | cfg.table, cfg.reverse, | 
| 239 | pw_maxlen, passwd_config.usecrypt, | 239 | pw_maxlen, cfg.usecrypt, | 
| 240 | passwd_config.use1, passwd_config.useapr1)) | 240 | cfg.use1, cfg.useapr1)) | 
| 241 | goto err; | 241 | goto err; | 
| 242 | } while (*passwds != NULL); | 242 | } while (*passwds != NULL); | 
| 243 | } else { | 243 | } else { | 
| @@ -258,12 +258,12 @@ passwd_main(int argc, char **argv) | |||
| 258 | while ((r > 0) && (!strchr(trash, '\n'))); | 258 | while ((r > 0) && (!strchr(trash, '\n'))); | 
| 259 | } | 259 | } | 
| 260 | 260 | ||
| 261 | if (!do_passwd(passed_salt, &passwd_config.salt, | 261 | if (!do_passwd(passed_salt, &cfg.salt, | 
| 262 | &salt_malloc, passwd, out, | 262 | &salt_malloc, passwd, out, | 
| 263 | passwd_config.quiet, passwd_config.table, | 263 | cfg.quiet, cfg.table, | 
| 264 | passwd_config.reverse, pw_maxlen, | 264 | cfg.reverse, pw_maxlen, | 
| 265 | passwd_config.usecrypt, passwd_config.use1, | 265 | cfg.usecrypt, cfg.use1, | 
| 266 | passwd_config.useapr1)) | 266 | cfg.useapr1)) | 
| 267 | goto err; | 267 | goto err; | 
| 268 | } | 268 | } | 
| 269 | done = (r <= 0); | 269 | done = (r <= 0); | 
| diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c index 6e671e9275..aedae640e3 100644 --- a/src/usr.bin/openssl/pkcs12.c +++ b/src/usr.bin/openssl/pkcs12.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pkcs12.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project. | 3 | * project. | 
| 4 | */ | 4 | */ | 
| @@ -118,16 +118,16 @@ static struct { | |||
| 118 | char *passargin; | 118 | char *passargin; | 
| 119 | char *passargout; | 119 | char *passargout; | 
| 120 | int twopass; | 120 | int twopass; | 
| 121 | } pkcs12_config; | 121 | } cfg; | 
| 122 | 122 | ||
| 123 | static int | 123 | static int | 
| 124 | pkcs12_opt_canames(char *arg) | 124 | pkcs12_opt_canames(char *arg) | 
| 125 | { | 125 | { | 
| 126 | if (pkcs12_config.canames == NULL && | 126 | if (cfg.canames == NULL && | 
| 127 | (pkcs12_config.canames = sk_OPENSSL_STRING_new_null()) == NULL) | 127 | (cfg.canames = sk_OPENSSL_STRING_new_null()) == NULL) | 
| 128 | return (1); | 128 | return (1); | 
| 129 | 129 | ||
| 130 | if (!sk_OPENSSL_STRING_push(pkcs12_config.canames, arg)) | 130 | if (!sk_OPENSSL_STRING_push(cfg.canames, arg)) | 
| 131 | return (1); | 131 | return (1); | 
| 132 | 132 | ||
| 133 | return (0); | 133 | return (0); | 
| @@ -136,20 +136,20 @@ pkcs12_opt_canames(char *arg) | |||
| 136 | static int | 136 | static int | 
| 137 | pkcs12_opt_cert_pbe(char *arg) | 137 | pkcs12_opt_cert_pbe(char *arg) | 
| 138 | { | 138 | { | 
| 139 | return (!set_pbe(bio_err, &pkcs12_config.cert_pbe, arg)); | 139 | return (!set_pbe(bio_err, &cfg.cert_pbe, arg)); | 
| 140 | } | 140 | } | 
| 141 | 141 | ||
| 142 | static int | 142 | static int | 
| 143 | pkcs12_opt_key_pbe(char *arg) | 143 | pkcs12_opt_key_pbe(char *arg) | 
| 144 | { | 144 | { | 
| 145 | return (!set_pbe(bio_err, &pkcs12_config.key_pbe, arg)); | 145 | return (!set_pbe(bio_err, &cfg.key_pbe, arg)); | 
| 146 | } | 146 | } | 
| 147 | 147 | ||
| 148 | static int | 148 | static int | 
| 149 | pkcs12_opt_passarg(char *arg) | 149 | pkcs12_opt_passarg(char *arg) | 
| 150 | { | 150 | { | 
| 151 | pkcs12_config.passarg = arg; | 151 | cfg.passarg = arg; | 
| 152 | pkcs12_config.noprompt = 1; | 152 | cfg.noprompt = 1; | 
| 153 | return (0); | 153 | return (0); | 
| 154 | } | 154 | } | 
| 155 | 155 | ||
| @@ -196,8 +196,8 @@ pkcs12_opt_enc(int argc, char **argv, int *argsused) | |||
| 196 | return (1); | 196 | return (1); | 
| 197 | 197 | ||
| 198 | if (strcmp(name, "nodes") == 0) | 198 | if (strcmp(name, "nodes") == 0) | 
| 199 | pkcs12_config.enc = NULL; | 199 | cfg.enc = NULL; | 
| 200 | else if ((pkcs12_config.enc = get_cipher_by_name(name)) == NULL) | 200 | else if ((cfg.enc = get_cipher_by_name(name)) == NULL) | 
| 201 | return (1); | 201 | return (1); | 
| 202 | 202 | ||
| 203 | *argsused = 1; | 203 | *argsused = 1; | 
| @@ -269,7 +269,7 @@ static const struct option pkcs12_options[] = { | |||
| 269 | .name = "cacerts", | 269 | .name = "cacerts", | 
| 270 | .desc = "Only output CA certificates", | 270 | .desc = "Only output CA certificates", | 
| 271 | .type = OPTION_VALUE_OR, | 271 | .type = OPTION_VALUE_OR, | 
| 272 | .opt.value = &pkcs12_config.options, | 272 | .opt.value = &cfg.options, | 
| 273 | .value = CACERTS, | 273 | .value = CACERTS, | 
| 274 | }, | 274 | }, | 
| 275 | { | 275 | { | 
| @@ -277,7 +277,7 @@ static const struct option pkcs12_options[] = { | |||
| 277 | .argname = "file", | 277 | .argname = "file", | 
| 278 | .desc = "PEM format file of CA certificates", | 278 | .desc = "PEM format file of CA certificates", | 
| 279 | .type = OPTION_ARG, | 279 | .type = OPTION_ARG, | 
| 280 | .opt.arg = &pkcs12_config.CAfile, | 280 | .opt.arg = &cfg.CAfile, | 
| 281 | }, | 281 | }, | 
| 282 | { | 282 | { | 
| 283 | .name = "caname", | 283 | .name = "caname", | 
| @@ -291,14 +291,14 @@ static const struct option pkcs12_options[] = { | |||
| 291 | .argname = "directory", | 291 | .argname = "directory", | 
| 292 | .desc = "PEM format directory of CA certificates", | 292 | .desc = "PEM format directory of CA certificates", | 
| 293 | .type = OPTION_ARG, | 293 | .type = OPTION_ARG, | 
| 294 | .opt.arg = &pkcs12_config.CApath, | 294 | .opt.arg = &cfg.CApath, | 
| 295 | }, | 295 | }, | 
| 296 | { | 296 | { | 
| 297 | .name = "certfile", | 297 | .name = "certfile", | 
| 298 | .argname = "file", | 298 | .argname = "file", | 
| 299 | .desc = "Add all certs in file", | 299 | .desc = "Add all certs in file", | 
| 300 | .type = OPTION_ARG, | 300 | .type = OPTION_ARG, | 
| 301 | .opt.arg = &pkcs12_config.certfile, | 301 | .opt.arg = &cfg.certfile, | 
| 302 | }, | 302 | }, | 
| 303 | { | 303 | { | 
| 304 | .name = "certpbe", | 304 | .name = "certpbe", | 
| @@ -311,13 +311,13 @@ static const struct option pkcs12_options[] = { | |||
| 311 | .name = "chain", | 311 | .name = "chain", | 
| 312 | .desc = "Add certificate chain", | 312 | .desc = "Add certificate chain", | 
| 313 | .type = OPTION_FLAG, | 313 | .type = OPTION_FLAG, | 
| 314 | .opt.flag = &pkcs12_config.chain, | 314 | .opt.flag = &cfg.chain, | 
| 315 | }, | 315 | }, | 
| 316 | { | 316 | { | 
| 317 | .name = "clcerts", | 317 | .name = "clcerts", | 
| 318 | .desc = "Only output client certificates", | 318 | .desc = "Only output client certificates", | 
| 319 | .type = OPTION_VALUE_OR, | 319 | .type = OPTION_VALUE_OR, | 
| 320 | .opt.value = &pkcs12_config.options, | 320 | .opt.value = &cfg.options, | 
| 321 | .value = CLCERTS, | 321 | .value = CLCERTS, | 
| 322 | }, | 322 | }, | 
| 323 | { | 323 | { | 
| @@ -325,33 +325,33 @@ static const struct option pkcs12_options[] = { | |||
| 325 | .argname = "name", | 325 | .argname = "name", | 
| 326 | .desc = "Microsoft CSP name", | 326 | .desc = "Microsoft CSP name", | 
| 327 | .type = OPTION_ARG, | 327 | .type = OPTION_ARG, | 
| 328 | .opt.arg = &pkcs12_config.csp_name, | 328 | .opt.arg = &cfg.csp_name, | 
| 329 | }, | 329 | }, | 
| 330 | { | 330 | { | 
| 331 | .name = "descert", | 331 | .name = "descert", | 
| 332 | .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)", | 332 | .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)", | 
| 333 | .type = OPTION_VALUE, | 333 | .type = OPTION_VALUE, | 
| 334 | .opt.value = &pkcs12_config.cert_pbe, | 334 | .opt.value = &cfg.cert_pbe, | 
| 335 | .value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC, | 335 | .value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC, | 
| 336 | }, | 336 | }, | 
| 337 | { | 337 | { | 
| 338 | .name = "export", | 338 | .name = "export", | 
| 339 | .desc = "Output PKCS#12 file", | 339 | .desc = "Output PKCS#12 file", | 
| 340 | .type = OPTION_FLAG, | 340 | .type = OPTION_FLAG, | 
| 341 | .opt.flag = &pkcs12_config.export_cert, | 341 | .opt.flag = &cfg.export_cert, | 
| 342 | }, | 342 | }, | 
| 343 | { | 343 | { | 
| 344 | .name = "in", | 344 | .name = "in", | 
| 345 | .argname = "file", | 345 | .argname = "file", | 
| 346 | .desc = "Input filename", | 346 | .desc = "Input filename", | 
| 347 | .type = OPTION_ARG, | 347 | .type = OPTION_ARG, | 
| 348 | .opt.arg = &pkcs12_config.infile, | 348 | .opt.arg = &cfg.infile, | 
| 349 | }, | 349 | }, | 
| 350 | { | 350 | { | 
| 351 | .name = "info", | 351 | .name = "info", | 
| 352 | .desc = "Give info about PKCS#12 structure", | 352 | .desc = "Give info about PKCS#12 structure", | 
| 353 | .type = OPTION_VALUE_OR, | 353 | .type = OPTION_VALUE_OR, | 
| 354 | .opt.value = &pkcs12_config.options, | 354 | .opt.value = &cfg.options, | 
| 355 | .value = INFO, | 355 | .value = INFO, | 
| 356 | }, | 356 | }, | 
| 357 | { | 357 | { | 
| @@ -359,13 +359,13 @@ static const struct option pkcs12_options[] = { | |||
| 359 | .argname = "file", | 359 | .argname = "file", | 
| 360 | .desc = "Private key if not infile", | 360 | .desc = "Private key if not infile", | 
| 361 | .type = OPTION_ARG, | 361 | .type = OPTION_ARG, | 
| 362 | .opt.arg = &pkcs12_config.keyname, | 362 | .opt.arg = &cfg.keyname, | 
| 363 | }, | 363 | }, | 
| 364 | { | 364 | { | 
| 365 | .name = "keyex", | 365 | .name = "keyex", | 
| 366 | .desc = "Set MS key exchange type", | 366 | .desc = "Set MS key exchange type", | 
| 367 | .type = OPTION_VALUE, | 367 | .type = OPTION_VALUE, | 
| 368 | .opt.value = &pkcs12_config.keytype, | 368 | .opt.value = &cfg.keytype, | 
| 369 | .value = KEY_EX, | 369 | .value = KEY_EX, | 
| 370 | }, | 370 | }, | 
| 371 | { | 371 | { | 
| @@ -379,27 +379,27 @@ static const struct option pkcs12_options[] = { | |||
| 379 | .name = "keysig", | 379 | .name = "keysig", | 
| 380 | .desc = "Set MS key signature type", | 380 | .desc = "Set MS key signature type", | 
| 381 | .type = OPTION_VALUE, | 381 | .type = OPTION_VALUE, | 
| 382 | .opt.value = &pkcs12_config.keytype, | 382 | .opt.value = &cfg.keytype, | 
| 383 | .value = KEY_SIG, | 383 | .value = KEY_SIG, | 
| 384 | }, | 384 | }, | 
| 385 | { | 385 | { | 
| 386 | .name = "LMK", | 386 | .name = "LMK", | 
| 387 | .desc = "Add local machine keyset attribute to private key", | 387 | .desc = "Add local machine keyset attribute to private key", | 
| 388 | .type = OPTION_FLAG, | 388 | .type = OPTION_FLAG, | 
| 389 | .opt.flag = &pkcs12_config.add_lmk, | 389 | .opt.flag = &cfg.add_lmk, | 
| 390 | }, | 390 | }, | 
| 391 | { | 391 | { | 
| 392 | .name = "macalg", | 392 | .name = "macalg", | 
| 393 | .argname = "alg", | 393 | .argname = "alg", | 
| 394 | .desc = "Digest algorithm used in MAC (default SHA1)", | 394 | .desc = "Digest algorithm used in MAC (default SHA1)", | 
| 395 | .type = OPTION_ARG, | 395 | .type = OPTION_ARG, | 
| 396 | .opt.arg = &pkcs12_config.macalg, | 396 | .opt.arg = &cfg.macalg, | 
| 397 | }, | 397 | }, | 
| 398 | { | 398 | { | 
| 399 | .name = "maciter", | 399 | .name = "maciter", | 
| 400 | .desc = "Use MAC iteration", | 400 | .desc = "Use MAC iteration", | 
| 401 | .type = OPTION_VALUE, | 401 | .type = OPTION_VALUE, | 
| 402 | .opt.value = &pkcs12_config.maciter, | 402 | .opt.value = &cfg.maciter, | 
| 403 | .value = PKCS12_DEFAULT_ITER, | 403 | .value = PKCS12_DEFAULT_ITER, | 
| 404 | }, | 404 | }, | 
| 405 | { | 405 | { | 
| @@ -407,13 +407,13 @@ static const struct option pkcs12_options[] = { | |||
| 407 | .argname = "name", | 407 | .argname = "name", | 
| 408 | .desc = "Use name as friendly name", | 408 | .desc = "Use name as friendly name", | 
| 409 | .type = OPTION_ARG, | 409 | .type = OPTION_ARG, | 
| 410 | .opt.arg = &pkcs12_config.name, | 410 | .opt.arg = &cfg.name, | 
| 411 | }, | 411 | }, | 
| 412 | { | 412 | { | 
| 413 | .name = "nocerts", | 413 | .name = "nocerts", | 
| 414 | .desc = "Don't output certificates", | 414 | .desc = "Don't output certificates", | 
| 415 | .type = OPTION_VALUE_OR, | 415 | .type = OPTION_VALUE_OR, | 
| 416 | .opt.value = &pkcs12_config.options, | 416 | .opt.value = &cfg.options, | 
| 417 | .value = NOCERTS, | 417 | .value = NOCERTS, | 
| 418 | }, | 418 | }, | 
| 419 | { | 419 | { | 
| @@ -426,42 +426,42 @@ static const struct option pkcs12_options[] = { | |||
| 426 | .name = "noiter", | 426 | .name = "noiter", | 
| 427 | .desc = "Don't use encryption iteration", | 427 | .desc = "Don't use encryption iteration", | 
| 428 | .type = OPTION_VALUE, | 428 | .type = OPTION_VALUE, | 
| 429 | .opt.value = &pkcs12_config.iter, | 429 | .opt.value = &cfg.iter, | 
| 430 | .value = 1, | 430 | .value = 1, | 
| 431 | }, | 431 | }, | 
| 432 | { | 432 | { | 
| 433 | .name = "nokeys", | 433 | .name = "nokeys", | 
| 434 | .desc = "Don't output private keys", | 434 | .desc = "Don't output private keys", | 
| 435 | .type = OPTION_VALUE_OR, | 435 | .type = OPTION_VALUE_OR, | 
| 436 | .opt.value = &pkcs12_config.options, | 436 | .opt.value = &cfg.options, | 
| 437 | .value = NOKEYS, | 437 | .value = NOKEYS, | 
| 438 | }, | 438 | }, | 
| 439 | { | 439 | { | 
| 440 | .name = "nomac", | 440 | .name = "nomac", | 
| 441 | .desc = "Don't generate MAC", | 441 | .desc = "Don't generate MAC", | 
| 442 | .type = OPTION_VALUE, | 442 | .type = OPTION_VALUE, | 
| 443 | .opt.value = &pkcs12_config.maciter, | 443 | .opt.value = &cfg.maciter, | 
| 444 | .value = -1, | 444 | .value = -1, | 
| 445 | }, | 445 | }, | 
| 446 | { | 446 | { | 
| 447 | .name = "nomaciter", | 447 | .name = "nomaciter", | 
| 448 | .desc = "Don't use MAC iteration", | 448 | .desc = "Don't use MAC iteration", | 
| 449 | .type = OPTION_VALUE, | 449 | .type = OPTION_VALUE, | 
| 450 | .opt.value = &pkcs12_config.maciter, | 450 | .opt.value = &cfg.maciter, | 
| 451 | .value = 1, | 451 | .value = 1, | 
| 452 | }, | 452 | }, | 
| 453 | { | 453 | { | 
| 454 | .name = "nomacver", | 454 | .name = "nomacver", | 
| 455 | .desc = "Don't verify MAC", | 455 | .desc = "Don't verify MAC", | 
| 456 | .type = OPTION_VALUE, | 456 | .type = OPTION_VALUE, | 
| 457 | .opt.value = &pkcs12_config.macver, | 457 | .opt.value = &cfg.macver, | 
| 458 | .value = 0, | 458 | .value = 0, | 
| 459 | }, | 459 | }, | 
| 460 | { | 460 | { | 
| 461 | .name = "noout", | 461 | .name = "noout", | 
| 462 | .desc = "Don't output anything, just verify", | 462 | .desc = "Don't output anything, just verify", | 
| 463 | .type = OPTION_VALUE_OR, | 463 | .type = OPTION_VALUE_OR, | 
| 464 | .opt.value = &pkcs12_config.options, | 464 | .opt.value = &cfg.options, | 
| 465 | .value = (NOKEYS | NOCERTS), | 465 | .value = (NOKEYS | NOCERTS), | 
| 466 | }, | 466 | }, | 
| 467 | { | 467 | { | 
| @@ -469,21 +469,21 @@ static const struct option pkcs12_options[] = { | |||
| 469 | .argname = "file", | 469 | .argname = "file", | 
| 470 | .desc = "Output filename", | 470 | .desc = "Output filename", | 
| 471 | .type = OPTION_ARG, | 471 | .type = OPTION_ARG, | 
| 472 | .opt.arg = &pkcs12_config.outfile, | 472 | .opt.arg = &cfg.outfile, | 
| 473 | }, | 473 | }, | 
| 474 | { | 474 | { | 
| 475 | .name = "passin", | 475 | .name = "passin", | 
| 476 | .argname = "arg", | 476 | .argname = "arg", | 
| 477 | .desc = "Input file passphrase source", | 477 | .desc = "Input file passphrase source", | 
| 478 | .type = OPTION_ARG, | 478 | .type = OPTION_ARG, | 
| 479 | .opt.arg = &pkcs12_config.passargin, | 479 | .opt.arg = &cfg.passargin, | 
| 480 | }, | 480 | }, | 
| 481 | { | 481 | { | 
| 482 | .name = "passout", | 482 | .name = "passout", | 
| 483 | .argname = "arg", | 483 | .argname = "arg", | 
| 484 | .desc = "Output file passphrase source", | 484 | .desc = "Output file passphrase source", | 
| 485 | .type = OPTION_ARG, | 485 | .type = OPTION_ARG, | 
| 486 | .opt.arg = &pkcs12_config.passargout, | 486 | .opt.arg = &cfg.passargout, | 
| 487 | }, | 487 | }, | 
| 488 | { | 488 | { | 
| 489 | .name = "password", | 489 | .name = "password", | 
| @@ -496,7 +496,7 @@ static const struct option pkcs12_options[] = { | |||
| 496 | .name = "twopass", | 496 | .name = "twopass", | 
| 497 | .desc = "Separate MAC, encryption passwords", | 497 | .desc = "Separate MAC, encryption passwords", | 
| 498 | .type = OPTION_FLAG, | 498 | .type = OPTION_FLAG, | 
| 499 | .opt.flag = &pkcs12_config.twopass, | 499 | .opt.flag = &cfg.twopass, | 
| 500 | }, | 500 | }, | 
| 501 | { NULL }, | 501 | { NULL }, | 
| 502 | }; | 502 | }; | 
| @@ -541,73 +541,73 @@ pkcs12_main(int argc, char **argv) | |||
| 541 | exit(1); | 541 | exit(1); | 
| 542 | } | 542 | } | 
| 543 | 543 | ||
| 544 | memset(&pkcs12_config, 0, sizeof(pkcs12_config)); | 544 | memset(&cfg, 0, sizeof(cfg)); | 
| 545 | pkcs12_config.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; | 545 | cfg.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; | 
| 546 | pkcs12_config.enc = EVP_des_ede3_cbc(); | 546 | cfg.enc = EVP_des_ede3_cbc(); | 
| 547 | pkcs12_config.iter = PKCS12_DEFAULT_ITER; | 547 | cfg.iter = PKCS12_DEFAULT_ITER; | 
| 548 | pkcs12_config.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | 548 | cfg.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | 
| 549 | pkcs12_config.maciter = PKCS12_DEFAULT_ITER; | 549 | cfg.maciter = PKCS12_DEFAULT_ITER; | 
| 550 | pkcs12_config.macver = 1; | 550 | cfg.macver = 1; | 
| 551 | 551 | ||
| 552 | if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) { | 552 | if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) { | 
| 553 | pkcs12_usage(); | 553 | pkcs12_usage(); | 
| 554 | goto end; | 554 | goto end; | 
| 555 | } | 555 | } | 
| 556 | 556 | ||
| 557 | if (pkcs12_config.passarg != NULL) { | 557 | if (cfg.passarg != NULL) { | 
| 558 | if (pkcs12_config.export_cert) | 558 | if (cfg.export_cert) | 
| 559 | pkcs12_config.passargout = pkcs12_config.passarg; | 559 | cfg.passargout = cfg.passarg; | 
| 560 | else | 560 | else | 
| 561 | pkcs12_config.passargin = pkcs12_config.passarg; | 561 | cfg.passargin = cfg.passarg; | 
| 562 | } | 562 | } | 
| 563 | if (!app_passwd(bio_err, pkcs12_config.passargin, | 563 | if (!app_passwd(bio_err, cfg.passargin, | 
| 564 | pkcs12_config.passargout, &passin, &passout)) { | 564 | cfg.passargout, &passin, &passout)) { | 
| 565 | BIO_printf(bio_err, "Error getting passwords\n"); | 565 | BIO_printf(bio_err, "Error getting passwords\n"); | 
| 566 | goto end; | 566 | goto end; | 
| 567 | } | 567 | } | 
| 568 | if (cpass == NULL) { | 568 | if (cpass == NULL) { | 
| 569 | if (pkcs12_config.export_cert) | 569 | if (cfg.export_cert) | 
| 570 | cpass = passout; | 570 | cpass = passout; | 
| 571 | else | 571 | else | 
| 572 | cpass = passin; | 572 | cpass = passin; | 
| 573 | } | 573 | } | 
| 574 | if (cpass != NULL) { | 574 | if (cpass != NULL) { | 
| 575 | mpass = cpass; | 575 | mpass = cpass; | 
| 576 | pkcs12_config.noprompt = 1; | 576 | cfg.noprompt = 1; | 
| 577 | } else { | 577 | } else { | 
| 578 | cpass = pass; | 578 | cpass = pass; | 
| 579 | mpass = macpass; | 579 | mpass = macpass; | 
| 580 | } | 580 | } | 
| 581 | 581 | ||
| 582 | if (pkcs12_config.infile == NULL) | 582 | if (cfg.infile == NULL) | 
| 583 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 583 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 
| 584 | else | 584 | else | 
| 585 | in = BIO_new_file(pkcs12_config.infile, "rb"); | 585 | in = BIO_new_file(cfg.infile, "rb"); | 
| 586 | if (in == NULL) { | 586 | if (in == NULL) { | 
| 587 | BIO_printf(bio_err, "Error opening input file %s\n", | 587 | BIO_printf(bio_err, "Error opening input file %s\n", | 
| 588 | pkcs12_config.infile ? pkcs12_config.infile : "<stdin>"); | 588 | cfg.infile ? cfg.infile : "<stdin>"); | 
| 589 | perror(pkcs12_config.infile); | 589 | perror(cfg.infile); | 
| 590 | goto end; | 590 | goto end; | 
| 591 | } | 591 | } | 
| 592 | 592 | ||
| 593 | if (pkcs12_config.outfile == NULL) { | 593 | if (cfg.outfile == NULL) { | 
| 594 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 594 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 595 | } else | 595 | } else | 
| 596 | out = BIO_new_file(pkcs12_config.outfile, "wb"); | 596 | out = BIO_new_file(cfg.outfile, "wb"); | 
| 597 | if (out == NULL) { | 597 | if (out == NULL) { | 
| 598 | BIO_printf(bio_err, "Error opening output file %s\n", | 598 | BIO_printf(bio_err, "Error opening output file %s\n", | 
| 599 | pkcs12_config.outfile ? pkcs12_config.outfile : "<stdout>"); | 599 | cfg.outfile ? cfg.outfile : "<stdout>"); | 
| 600 | perror(pkcs12_config.outfile); | 600 | perror(cfg.outfile); | 
| 601 | goto end; | 601 | goto end; | 
| 602 | } | 602 | } | 
| 603 | if (pkcs12_config.twopass) { | 603 | if (cfg.twopass) { | 
| 604 | if (EVP_read_pw_string(macpass, sizeof macpass, | 604 | if (EVP_read_pw_string(macpass, sizeof macpass, | 
| 605 | "Enter MAC Password:", pkcs12_config.export_cert)) { | 605 | "Enter MAC Password:", cfg.export_cert)) { | 
| 606 | BIO_printf(bio_err, "Can't read Password\n"); | 606 | BIO_printf(bio_err, "Can't read Password\n"); | 
| 607 | goto end; | 607 | goto end; | 
| 608 | } | 608 | } | 
| 609 | } | 609 | } | 
| 610 | if (pkcs12_config.export_cert) { | 610 | if (cfg.export_cert) { | 
| 611 | EVP_PKEY *key = NULL; | 611 | EVP_PKEY *key = NULL; | 
| 612 | X509 *ucert = NULL, *x = NULL; | 612 | X509 *ucert = NULL, *x = NULL; | 
| 613 | STACK_OF(X509) *certs = NULL; | 613 | STACK_OF(X509) *certs = NULL; | 
| @@ -615,25 +615,25 @@ pkcs12_main(int argc, char **argv) | |||
| 615 | unsigned char *catmp = NULL; | 615 | unsigned char *catmp = NULL; | 
| 616 | int i; | 616 | int i; | 
| 617 | 617 | ||
| 618 | if ((pkcs12_config.options & (NOCERTS | NOKEYS)) == | 618 | if ((cfg.options & (NOCERTS | NOKEYS)) == | 
| 619 | (NOCERTS | NOKEYS)) { | 619 | (NOCERTS | NOKEYS)) { | 
| 620 | BIO_printf(bio_err, "Nothing to do!\n"); | 620 | BIO_printf(bio_err, "Nothing to do!\n"); | 
| 621 | goto export_end; | 621 | goto export_end; | 
| 622 | } | 622 | } | 
| 623 | if (pkcs12_config.options & NOCERTS) | 623 | if (cfg.options & NOCERTS) | 
| 624 | pkcs12_config.chain = 0; | 624 | cfg.chain = 0; | 
| 625 | 625 | ||
| 626 | if (!(pkcs12_config.options & NOKEYS)) { | 626 | if (!(cfg.options & NOKEYS)) { | 
| 627 | key = load_key(bio_err, pkcs12_config.keyname ? | 627 | key = load_key(bio_err, cfg.keyname ? | 
| 628 | pkcs12_config.keyname : pkcs12_config.infile, | 628 | cfg.keyname : cfg.infile, | 
| 629 | FORMAT_PEM, 1, passin, "private key"); | 629 | FORMAT_PEM, 1, passin, "private key"); | 
| 630 | if (!key) | 630 | if (!key) | 
| 631 | goto export_end; | 631 | goto export_end; | 
| 632 | } | 632 | } | 
| 633 | 633 | ||
| 634 | /* Load in all certs in input file */ | 634 | /* Load in all certs in input file */ | 
| 635 | if (!(pkcs12_config.options & NOCERTS)) { | 635 | if (!(cfg.options & NOCERTS)) { | 
| 636 | certs = load_certs(bio_err, pkcs12_config.infile, | 636 | certs = load_certs(bio_err, cfg.infile, | 
| 637 | FORMAT_PEM, NULL, "certificates"); | 637 | FORMAT_PEM, NULL, "certificates"); | 
| 638 | if (certs == NULL) | 638 | if (certs == NULL) | 
| 639 | goto export_end; | 639 | goto export_end; | 
| @@ -661,10 +661,10 @@ pkcs12_main(int argc, char **argv) | |||
| 661 | } | 661 | } | 
| 662 | 662 | ||
| 663 | /* Add any more certificates asked for */ | 663 | /* Add any more certificates asked for */ | 
| 664 | if (pkcs12_config.certfile != NULL) { | 664 | if (cfg.certfile != NULL) { | 
| 665 | STACK_OF(X509) *morecerts = NULL; | 665 | STACK_OF(X509) *morecerts = NULL; | 
| 666 | if ((morecerts = load_certs(bio_err, | 666 | if ((morecerts = load_certs(bio_err, | 
| 667 | pkcs12_config.certfile, FORMAT_PEM, NULL, | 667 | cfg.certfile, FORMAT_PEM, NULL, | 
| 668 | "certificates from certfile")) == NULL) | 668 | "certificates from certfile")) == NULL) | 
| 669 | goto export_end; | 669 | goto export_end; | 
| 670 | while (sk_X509_num(morecerts) > 0) | 670 | while (sk_X509_num(morecerts) > 0) | 
| @@ -674,7 +674,7 @@ pkcs12_main(int argc, char **argv) | |||
| 674 | 674 | ||
| 675 | 675 | ||
| 676 | /* If chaining get chain from user cert */ | 676 | /* If chaining get chain from user cert */ | 
| 677 | if (pkcs12_config.chain) { | 677 | if (cfg.chain) { | 
| 678 | int vret; | 678 | int vret; | 
| 679 | STACK_OF(X509) *chain2; | 679 | STACK_OF(X509) *chain2; | 
| 680 | X509_STORE *store = X509_STORE_new(); | 680 | X509_STORE *store = X509_STORE_new(); | 
| @@ -684,7 +684,7 @@ pkcs12_main(int argc, char **argv) | |||
| 684 | goto export_end; | 684 | goto export_end; | 
| 685 | } | 685 | } | 
| 686 | if (!X509_STORE_load_locations(store, | 686 | if (!X509_STORE_load_locations(store, | 
| 687 | pkcs12_config.CAfile, pkcs12_config.CApath)) | 687 | cfg.CAfile, cfg.CApath)) | 
| 688 | X509_STORE_set_default_paths(store); | 688 | X509_STORE_set_default_paths(store); | 
| 689 | 689 | ||
| 690 | vret = get_cert_chain(ucert, store, &chain2); | 690 | vret = get_cert_chain(ucert, store, &chain2); | 
| @@ -711,51 +711,51 @@ pkcs12_main(int argc, char **argv) | |||
| 711 | } | 711 | } | 
| 712 | /* Add any CA names */ | 712 | /* Add any CA names */ | 
| 713 | 713 | ||
| 714 | for (i = 0; i < sk_OPENSSL_STRING_num(pkcs12_config.canames); | 714 | for (i = 0; i < sk_OPENSSL_STRING_num(cfg.canames); | 
| 715 | i++) { | 715 | i++) { | 
| 716 | catmp = (unsigned char *) sk_OPENSSL_STRING_value( | 716 | catmp = (unsigned char *) sk_OPENSSL_STRING_value( | 
| 717 | pkcs12_config.canames, i); | 717 | cfg.canames, i); | 
| 718 | X509_alias_set1(sk_X509_value(certs, i), catmp, -1); | 718 | X509_alias_set1(sk_X509_value(certs, i), catmp, -1); | 
| 719 | } | 719 | } | 
| 720 | 720 | ||
| 721 | if (pkcs12_config.csp_name != NULL && key != NULL) | 721 | if (cfg.csp_name != NULL && key != NULL) | 
| 722 | EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, | 722 | EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, | 
| 723 | MBSTRING_ASC, | 723 | MBSTRING_ASC, | 
| 724 | (unsigned char *) pkcs12_config.csp_name, -1); | 724 | (unsigned char *) cfg.csp_name, -1); | 
| 725 | 725 | ||
| 726 | if (pkcs12_config.add_lmk && key != NULL) | 726 | if (cfg.add_lmk && key != NULL) | 
| 727 | EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, | 727 | EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, | 
| 728 | -1); | 728 | -1); | 
| 729 | 729 | ||
| 730 | if (!pkcs12_config.noprompt && | 730 | if (!cfg.noprompt && | 
| 731 | EVP_read_pw_string(pass, sizeof pass, | 731 | EVP_read_pw_string(pass, sizeof pass, | 
| 732 | "Enter Export Password:", 1)) { | 732 | "Enter Export Password:", 1)) { | 
| 733 | BIO_printf(bio_err, "Can't read Password\n"); | 733 | BIO_printf(bio_err, "Can't read Password\n"); | 
| 734 | goto export_end; | 734 | goto export_end; | 
| 735 | } | 735 | } | 
| 736 | if (!pkcs12_config.twopass) | 736 | if (!cfg.twopass) | 
| 737 | strlcpy(macpass, pass, sizeof macpass); | 737 | strlcpy(macpass, pass, sizeof macpass); | 
| 738 | 738 | ||
| 739 | 739 | ||
| 740 | p12 = PKCS12_create(cpass, pkcs12_config.name, key, ucert, | 740 | p12 = PKCS12_create(cpass, cfg.name, key, ucert, | 
| 741 | certs, pkcs12_config.key_pbe, pkcs12_config.cert_pbe, | 741 | certs, cfg.key_pbe, cfg.cert_pbe, | 
| 742 | pkcs12_config.iter, -1, pkcs12_config.keytype); | 742 | cfg.iter, -1, cfg.keytype); | 
| 743 | 743 | ||
| 744 | if (p12 == NULL) { | 744 | if (p12 == NULL) { | 
| 745 | ERR_print_errors(bio_err); | 745 | ERR_print_errors(bio_err); | 
| 746 | goto export_end; | 746 | goto export_end; | 
| 747 | } | 747 | } | 
| 748 | if (pkcs12_config.macalg != NULL) { | 748 | if (cfg.macalg != NULL) { | 
| 749 | macmd = EVP_get_digestbyname(pkcs12_config.macalg); | 749 | macmd = EVP_get_digestbyname(cfg.macalg); | 
| 750 | if (macmd == NULL) { | 750 | if (macmd == NULL) { | 
| 751 | BIO_printf(bio_err, | 751 | BIO_printf(bio_err, | 
| 752 | "Unknown digest algorithm %s\n", | 752 | "Unknown digest algorithm %s\n", | 
| 753 | pkcs12_config.macalg); | 753 | cfg.macalg); | 
| 754 | } | 754 | } | 
| 755 | } | 755 | } | 
| 756 | if (pkcs12_config.maciter != -1) | 756 | if (cfg.maciter != -1) | 
| 757 | PKCS12_set_mac(p12, mpass, -1, NULL, 0, | 757 | PKCS12_set_mac(p12, mpass, -1, NULL, 0, | 
| 758 | pkcs12_config.maciter, macmd); | 758 | cfg.maciter, macmd); | 
| 759 | 759 | ||
| 760 | i2d_PKCS12_bio(out, p12); | 760 | i2d_PKCS12_bio(out, p12); | 
| 761 | 761 | ||
| @@ -773,27 +773,27 @@ pkcs12_main(int argc, char **argv) | |||
| 773 | ERR_print_errors(bio_err); | 773 | ERR_print_errors(bio_err); | 
| 774 | goto end; | 774 | goto end; | 
| 775 | } | 775 | } | 
| 776 | if (!pkcs12_config.noprompt && EVP_read_pw_string(pass, sizeof pass, | 776 | if (!cfg.noprompt && EVP_read_pw_string(pass, sizeof pass, | 
| 777 | "Enter Import Password:", 0)) { | 777 | "Enter Import Password:", 0)) { | 
| 778 | BIO_printf(bio_err, "Can't read Password\n"); | 778 | BIO_printf(bio_err, "Can't read Password\n"); | 
| 779 | goto end; | 779 | goto end; | 
| 780 | } | 780 | } | 
| 781 | 781 | ||
| 782 | if (!pkcs12_config.twopass) | 782 | if (!cfg.twopass) | 
| 783 | strlcpy(macpass, pass, sizeof macpass); | 783 | strlcpy(macpass, pass, sizeof macpass); | 
| 784 | 784 | ||
| 785 | if ((pkcs12_config.options & INFO) != 0 && PKCS12_mac_present(p12)) { | 785 | if ((cfg.options & INFO) != 0 && PKCS12_mac_present(p12)) { | 
| 786 | const ASN1_INTEGER *iter; | 786 | const ASN1_INTEGER *iter; | 
| 787 | 787 | ||
| 788 | PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12); | 788 | PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12); | 
| 789 | BIO_printf(bio_err, "MAC Iteration %ld\n", | 789 | BIO_printf(bio_err, "MAC Iteration %ld\n", | 
| 790 | iter != NULL ? ASN1_INTEGER_get(iter) : 1); | 790 | iter != NULL ? ASN1_INTEGER_get(iter) : 1); | 
| 791 | } | 791 | } | 
| 792 | if (pkcs12_config.macver) { | 792 | if (cfg.macver) { | 
| 793 | /* If we enter empty password try no password first */ | 793 | /* If we enter empty password try no password first */ | 
| 794 | if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { | 794 | if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { | 
| 795 | /* If mac and crypto pass the same set it to NULL too */ | 795 | /* If mac and crypto pass the same set it to NULL too */ | 
| 796 | if (!pkcs12_config.twopass) | 796 | if (!cfg.twopass) | 
| 797 | cpass = NULL; | 797 | cpass = NULL; | 
| 798 | } else if (!PKCS12_verify_mac(p12, mpass, -1)) { | 798 | } else if (!PKCS12_verify_mac(p12, mpass, -1)) { | 
| 799 | BIO_printf(bio_err, | 799 | BIO_printf(bio_err, | 
| @@ -803,7 +803,7 @@ pkcs12_main(int argc, char **argv) | |||
| 803 | } | 803 | } | 
| 804 | BIO_printf(bio_err, "MAC verified OK\n"); | 804 | BIO_printf(bio_err, "MAC verified OK\n"); | 
| 805 | } | 805 | } | 
| 806 | if (!dump_certs_keys_p12(out, p12, cpass, -1, pkcs12_config.options, | 806 | if (!dump_certs_keys_p12(out, p12, cpass, -1, cfg.options, | 
| 807 | passout)) { | 807 | passout)) { | 
| 808 | BIO_printf(bio_err, "Error outputting keys and certificates\n"); | 808 | BIO_printf(bio_err, "Error outputting keys and certificates\n"); | 
| 809 | ERR_print_errors(bio_err); | 809 | ERR_print_errors(bio_err); | 
| @@ -814,7 +814,7 @@ pkcs12_main(int argc, char **argv) | |||
| 814 | PKCS12_free(p12); | 814 | PKCS12_free(p12); | 
| 815 | BIO_free(in); | 815 | BIO_free(in); | 
| 816 | BIO_free_all(out); | 816 | BIO_free_all(out); | 
| 817 | sk_OPENSSL_STRING_free(pkcs12_config.canames); | 817 | sk_OPENSSL_STRING_free(cfg.canames); | 
| 818 | free(passin); | 818 | free(passin); | 
| 819 | free(passout); | 819 | free(passout); | 
| 820 | 820 | ||
| @@ -907,7 +907,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen, | |||
| 907 | if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) | 907 | if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) | 
| 908 | return 0; | 908 | return 0; | 
| 909 | print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); | 909 | print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); | 
| 910 | PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, | 910 | PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0, | 
| 911 | NULL, pempass); | 911 | NULL, pempass); | 
| 912 | EVP_PKEY_free(pkey); | 912 | EVP_PKEY_free(pkey); | 
| 913 | break; | 913 | break; | 
| @@ -938,7 +938,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen, | |||
| 938 | } | 938 | } | 
| 939 | print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); | 939 | print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); | 
| 940 | PKCS8_PRIV_KEY_INFO_free(p8); | 940 | PKCS8_PRIV_KEY_INFO_free(p8); | 
| 941 | PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, | 941 | PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0, | 
| 942 | NULL, pempass); | 942 | NULL, pempass); | 
| 943 | EVP_PKEY_free(pkey); | 943 | EVP_PKEY_free(pkey); | 
| 944 | break; | 944 | break; | 
| diff --git a/src/usr.bin/openssl/pkcs7.c b/src/usr.bin/openssl/pkcs7.c index b0acf3fd98..4e66855a8d 100644 --- a/src/usr.bin/openssl/pkcs7.c +++ b/src/usr.bin/openssl/pkcs7.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pkcs7.c,v 1.13 2023/02/08 07:59:24 tb Exp $ */ | 1 | /* $OpenBSD: pkcs7.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -79,7 +79,7 @@ static struct { | |||
| 79 | int p7_print; | 79 | int p7_print; | 
| 80 | int print_certs; | 80 | int print_certs; | 
| 81 | int text; | 81 | int text; | 
| 82 | } pkcs7_config; | 82 | } cfg; | 
| 83 | 83 | ||
| 84 | static const struct option pkcs7_options[] = { | 84 | static const struct option pkcs7_options[] = { | 
| 85 | { | 85 | { | 
| @@ -87,52 +87,52 @@ static const struct option pkcs7_options[] = { | |||
| 87 | .argname = "file", | 87 | .argname = "file", | 
| 88 | .desc = "Input file (default stdin)", | 88 | .desc = "Input file (default stdin)", | 
| 89 | .type = OPTION_ARG, | 89 | .type = OPTION_ARG, | 
| 90 | .opt.arg = &pkcs7_config.infile, | 90 | .opt.arg = &cfg.infile, | 
| 91 | }, | 91 | }, | 
| 92 | { | 92 | { | 
| 93 | .name = "inform", | 93 | .name = "inform", | 
| 94 | .argname = "format", | 94 | .argname = "format", | 
| 95 | .desc = "Input format (DER or PEM (default))", | 95 | .desc = "Input format (DER or PEM (default))", | 
| 96 | .type = OPTION_ARG_FORMAT, | 96 | .type = OPTION_ARG_FORMAT, | 
| 97 | .opt.value = &pkcs7_config.informat, | 97 | .opt.value = &cfg.informat, | 
| 98 | }, | 98 | }, | 
| 99 | { | 99 | { | 
| 100 | .name = "noout", | 100 | .name = "noout", | 
| 101 | .desc = "Do not output encoded version of PKCS#7 structure", | 101 | .desc = "Do not output encoded version of PKCS#7 structure", | 
| 102 | .type = OPTION_FLAG, | 102 | .type = OPTION_FLAG, | 
| 103 | .opt.flag = &pkcs7_config.noout, | 103 | .opt.flag = &cfg.noout, | 
| 104 | }, | 104 | }, | 
| 105 | { | 105 | { | 
| 106 | .name = "out", | 106 | .name = "out", | 
| 107 | .argname = "file", | 107 | .argname = "file", | 
| 108 | .desc = "Output file (default stdout)", | 108 | .desc = "Output file (default stdout)", | 
| 109 | .type = OPTION_ARG, | 109 | .type = OPTION_ARG, | 
| 110 | .opt.arg = &pkcs7_config.outfile, | 110 | .opt.arg = &cfg.outfile, | 
| 111 | }, | 111 | }, | 
| 112 | { | 112 | { | 
| 113 | .name = "outform", | 113 | .name = "outform", | 
| 114 | .argname = "format", | 114 | .argname = "format", | 
| 115 | .desc = "Output format (DER or PEM (default))", | 115 | .desc = "Output format (DER or PEM (default))", | 
| 116 | .type = OPTION_ARG_FORMAT, | 116 | .type = OPTION_ARG_FORMAT, | 
| 117 | .opt.value = &pkcs7_config.outformat, | 117 | .opt.value = &cfg.outformat, | 
| 118 | }, | 118 | }, | 
| 119 | { | 119 | { | 
| 120 | .name = "print", | 120 | .name = "print", | 
| 121 | .desc = "Output ASN.1 representation of PKCS#7 structure", | 121 | .desc = "Output ASN.1 representation of PKCS#7 structure", | 
| 122 | .type = OPTION_FLAG, | 122 | .type = OPTION_FLAG, | 
| 123 | .opt.flag = &pkcs7_config.p7_print, | 123 | .opt.flag = &cfg.p7_print, | 
| 124 | }, | 124 | }, | 
| 125 | { | 125 | { | 
| 126 | .name = "print_certs", | 126 | .name = "print_certs", | 
| 127 | .desc = "Print out any certificates or CRLs contained in file", | 127 | .desc = "Print out any certificates or CRLs contained in file", | 
| 128 | .type = OPTION_FLAG, | 128 | .type = OPTION_FLAG, | 
| 129 | .opt.flag = &pkcs7_config.print_certs, | 129 | .opt.flag = &cfg.print_certs, | 
| 130 | }, | 130 | }, | 
| 131 | { | 131 | { | 
| 132 | .name = "text", | 132 | .name = "text", | 
| 133 | .desc = "Print out full certificate details", | 133 | .desc = "Print out full certificate details", | 
| 134 | .type = OPTION_FLAG, | 134 | .type = OPTION_FLAG, | 
| 135 | .opt.flag = &pkcs7_config.text, | 135 | .opt.flag = &cfg.text, | 
| 136 | }, | 136 | }, | 
| 137 | { NULL }, | 137 | { NULL }, | 
| 138 | }; | 138 | }; | 
| @@ -159,10 +159,10 @@ pkcs7_main(int argc, char **argv) | |||
| 159 | exit(1); | 159 | exit(1); | 
| 160 | } | 160 | } | 
| 161 | 161 | ||
| 162 | memset(&pkcs7_config, 0, sizeof(pkcs7_config)); | 162 | memset(&cfg, 0, sizeof(cfg)); | 
| 163 | 163 | ||
| 164 | pkcs7_config.informat = FORMAT_PEM; | 164 | cfg.informat = FORMAT_PEM; | 
| 165 | pkcs7_config.outformat = FORMAT_PEM; | 165 | cfg.outformat = FORMAT_PEM; | 
| 166 | 166 | ||
| 167 | if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) { | 167 | if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) { | 
| 168 | pkcs7_usage(); | 168 | pkcs7_usage(); | 
| @@ -175,18 +175,18 @@ pkcs7_main(int argc, char **argv) | |||
| 175 | ERR_print_errors(bio_err); | 175 | ERR_print_errors(bio_err); | 
| 176 | goto end; | 176 | goto end; | 
| 177 | } | 177 | } | 
| 178 | if (pkcs7_config.infile == NULL) | 178 | if (cfg.infile == NULL) | 
| 179 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 179 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 180 | else { | 180 | else { | 
| 181 | if (BIO_read_filename(in, pkcs7_config.infile) <= 0) { | 181 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 182 | perror(pkcs7_config.infile); | 182 | perror(cfg.infile); | 
| 183 | goto end; | 183 | goto end; | 
| 184 | } | 184 | } | 
| 185 | } | 185 | } | 
| 186 | 186 | ||
| 187 | if (pkcs7_config.informat == FORMAT_ASN1) | 187 | if (cfg.informat == FORMAT_ASN1) | 
| 188 | p7 = d2i_PKCS7_bio(in, NULL); | 188 | p7 = d2i_PKCS7_bio(in, NULL); | 
| 189 | else if (pkcs7_config.informat == FORMAT_PEM) | 189 | else if (cfg.informat == FORMAT_PEM) | 
| 190 | p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); | 190 | p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); | 
| 191 | else { | 191 | else { | 
| 192 | BIO_printf(bio_err, "bad input format specified for pkcs7 object\n"); | 192 | BIO_printf(bio_err, "bad input format specified for pkcs7 object\n"); | 
| @@ -197,19 +197,19 @@ pkcs7_main(int argc, char **argv) | |||
| 197 | ERR_print_errors(bio_err); | 197 | ERR_print_errors(bio_err); | 
| 198 | goto end; | 198 | goto end; | 
| 199 | } | 199 | } | 
| 200 | if (pkcs7_config.outfile == NULL) { | 200 | if (cfg.outfile == NULL) { | 
| 201 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 201 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 202 | } else { | 202 | } else { | 
| 203 | if (BIO_write_filename(out, pkcs7_config.outfile) <= 0) { | 203 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 204 | perror(pkcs7_config.outfile); | 204 | perror(cfg.outfile); | 
| 205 | goto end; | 205 | goto end; | 
| 206 | } | 206 | } | 
| 207 | } | 207 | } | 
| 208 | 208 | ||
| 209 | if (pkcs7_config.p7_print) | 209 | if (cfg.p7_print) | 
| 210 | PKCS7_print_ctx(out, p7, 0, NULL); | 210 | PKCS7_print_ctx(out, p7, 0, NULL); | 
| 211 | 211 | ||
| 212 | if (pkcs7_config.print_certs) { | 212 | if (cfg.print_certs) { | 
| 213 | STACK_OF(X509) * certs = NULL; | 213 | STACK_OF(X509) * certs = NULL; | 
| 214 | STACK_OF(X509_CRL) * crls = NULL; | 214 | STACK_OF(X509_CRL) * crls = NULL; | 
| 215 | 215 | ||
| @@ -236,12 +236,12 @@ pkcs7_main(int argc, char **argv) | |||
| 236 | 236 | ||
| 237 | for (i = 0; i < sk_X509_num(certs); i++) { | 237 | for (i = 0; i < sk_X509_num(certs); i++) { | 
| 238 | x = sk_X509_value(certs, i); | 238 | x = sk_X509_value(certs, i); | 
| 239 | if (pkcs7_config.text) | 239 | if (cfg.text) | 
| 240 | X509_print(out, x); | 240 | X509_print(out, x); | 
| 241 | else | 241 | else | 
| 242 | dump_cert_text(out, x); | 242 | dump_cert_text(out, x); | 
| 243 | 243 | ||
| 244 | if (!pkcs7_config.noout) | 244 | if (!cfg.noout) | 
| 245 | PEM_write_bio_X509(out, x); | 245 | PEM_write_bio_X509(out, x); | 
| 246 | BIO_puts(out, "\n"); | 246 | BIO_puts(out, "\n"); | 
| 247 | } | 247 | } | 
| @@ -254,7 +254,7 @@ pkcs7_main(int argc, char **argv) | |||
| 254 | 254 | ||
| 255 | X509_CRL_print(out, crl); | 255 | X509_CRL_print(out, crl); | 
| 256 | 256 | ||
| 257 | if (!pkcs7_config.noout) | 257 | if (!cfg.noout) | 
| 258 | PEM_write_bio_X509_CRL(out, crl); | 258 | PEM_write_bio_X509_CRL(out, crl); | 
| 259 | BIO_puts(out, "\n"); | 259 | BIO_puts(out, "\n"); | 
| 260 | } | 260 | } | 
| @@ -262,10 +262,10 @@ pkcs7_main(int argc, char **argv) | |||
| 262 | ret = 0; | 262 | ret = 0; | 
| 263 | goto end; | 263 | goto end; | 
| 264 | } | 264 | } | 
| 265 | if (!pkcs7_config.noout) { | 265 | if (!cfg.noout) { | 
| 266 | if (pkcs7_config.outformat == FORMAT_ASN1) | 266 | if (cfg.outformat == FORMAT_ASN1) | 
| 267 | i = i2d_PKCS7_bio(out, p7); | 267 | i = i2d_PKCS7_bio(out, p7); | 
| 268 | else if (pkcs7_config.outformat == FORMAT_PEM) | 268 | else if (cfg.outformat == FORMAT_PEM) | 
| 269 | i = PEM_write_bio_PKCS7(out, p7); | 269 | i = PEM_write_bio_PKCS7(out, p7); | 
| 270 | else { | 270 | else { | 
| 271 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 271 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 
| diff --git a/src/usr.bin/openssl/pkcs8.c b/src/usr.bin/openssl/pkcs8.c index ea12230006..d78202e03f 100644 --- a/src/usr.bin/openssl/pkcs8.c +++ b/src/usr.bin/openssl/pkcs8.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pkcs8.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: pkcs8.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 1999-2004. | 3 | * project 1999-2004. | 
| 4 | */ | 4 | */ | 
| @@ -79,12 +79,12 @@ static struct { | |||
| 79 | char *passargout; | 79 | char *passargout; | 
| 80 | int pbe_nid; | 80 | int pbe_nid; | 
| 81 | int topk8; | 81 | int topk8; | 
| 82 | } pkcs8_config; | 82 | } cfg; | 
| 83 | 83 | ||
| 84 | static int | 84 | static int | 
| 85 | pkcs8_opt_v1(char *arg) | 85 | pkcs8_opt_v1(char *arg) | 
| 86 | { | 86 | { | 
| 87 | if ((pkcs8_config.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) { | 87 | if ((cfg.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) { | 
| 88 | fprintf(stderr, "Unknown PBE algorithm '%s'\n", arg); | 88 | fprintf(stderr, "Unknown PBE algorithm '%s'\n", arg); | 
| 89 | return (1); | 89 | return (1); | 
| 90 | } | 90 | } | 
| @@ -95,7 +95,7 @@ pkcs8_opt_v1(char *arg) | |||
| 95 | static int | 95 | static int | 
| 96 | pkcs8_opt_v2(char *arg) | 96 | pkcs8_opt_v2(char *arg) | 
| 97 | { | 97 | { | 
| 98 | if ((pkcs8_config.cipher = EVP_get_cipherbyname(arg)) == NULL) { | 98 | if ((cfg.cipher = EVP_get_cipherbyname(arg)) == NULL) { | 
| 99 | fprintf(stderr, "Unknown cipher '%s'\n", arg); | 99 | fprintf(stderr, "Unknown cipher '%s'\n", arg); | 
| 100 | return (1); | 100 | return (1); | 
| 101 | } | 101 | } | 
| @@ -109,62 +109,62 @@ static const struct option pkcs8_options[] = { | |||
| 109 | .argname = "file", | 109 | .argname = "file", | 
| 110 | .desc = "Input file (default stdin)", | 110 | .desc = "Input file (default stdin)", | 
| 111 | .type = OPTION_ARG, | 111 | .type = OPTION_ARG, | 
| 112 | .opt.arg = &pkcs8_config.infile, | 112 | .opt.arg = &cfg.infile, | 
| 113 | }, | 113 | }, | 
| 114 | { | 114 | { | 
| 115 | .name = "inform", | 115 | .name = "inform", | 
| 116 | .argname = "der | pem", | 116 | .argname = "der | pem", | 
| 117 | .desc = "Input format (default PEM)", | 117 | .desc = "Input format (default PEM)", | 
| 118 | .type = OPTION_ARG_FORMAT, | 118 | .type = OPTION_ARG_FORMAT, | 
| 119 | .opt.value = &pkcs8_config.informat, | 119 | .opt.value = &cfg.informat, | 
| 120 | }, | 120 | }, | 
| 121 | { | 121 | { | 
| 122 | .name = "nocrypt", | 122 | .name = "nocrypt", | 
| 123 | .desc = "Use or expect unencrypted private key", | 123 | .desc = "Use or expect unencrypted private key", | 
| 124 | .type = OPTION_FLAG, | 124 | .type = OPTION_FLAG, | 
| 125 | .opt.flag = &pkcs8_config.nocrypt, | 125 | .opt.flag = &cfg.nocrypt, | 
| 126 | }, | 126 | }, | 
| 127 | { | 127 | { | 
| 128 | .name = "noiter", | 128 | .name = "noiter", | 
| 129 | .desc = "Use 1 as iteration count", | 129 | .desc = "Use 1 as iteration count", | 
| 130 | .type = OPTION_VALUE, | 130 | .type = OPTION_VALUE, | 
| 131 | .value = 1, | 131 | .value = 1, | 
| 132 | .opt.value = &pkcs8_config.iter, | 132 | .opt.value = &cfg.iter, | 
| 133 | }, | 133 | }, | 
| 134 | { | 134 | { | 
| 135 | .name = "out", | 135 | .name = "out", | 
| 136 | .argname = "file", | 136 | .argname = "file", | 
| 137 | .desc = "Output file (default stdout)", | 137 | .desc = "Output file (default stdout)", | 
| 138 | .type = OPTION_ARG, | 138 | .type = OPTION_ARG, | 
| 139 | .opt.arg = &pkcs8_config.outfile, | 139 | .opt.arg = &cfg.outfile, | 
| 140 | }, | 140 | }, | 
| 141 | { | 141 | { | 
| 142 | .name = "outform", | 142 | .name = "outform", | 
| 143 | .argname = "der | pem", | 143 | .argname = "der | pem", | 
| 144 | .desc = "Output format (default PEM)", | 144 | .desc = "Output format (default PEM)", | 
| 145 | .type = OPTION_ARG_FORMAT, | 145 | .type = OPTION_ARG_FORMAT, | 
| 146 | .opt.value = &pkcs8_config.outformat, | 146 | .opt.value = &cfg.outformat, | 
| 147 | }, | 147 | }, | 
| 148 | { | 148 | { | 
| 149 | .name = "passin", | 149 | .name = "passin", | 
| 150 | .argname = "source", | 150 | .argname = "source", | 
| 151 | .desc = "Input file passphrase source", | 151 | .desc = "Input file passphrase source", | 
| 152 | .type = OPTION_ARG, | 152 | .type = OPTION_ARG, | 
| 153 | .opt.arg = &pkcs8_config.passargin, | 153 | .opt.arg = &cfg.passargin, | 
| 154 | }, | 154 | }, | 
| 155 | { | 155 | { | 
| 156 | .name = "passout", | 156 | .name = "passout", | 
| 157 | .argname = "source", | 157 | .argname = "source", | 
| 158 | .desc = "Output file passphrase source", | 158 | .desc = "Output file passphrase source", | 
| 159 | .type = OPTION_ARG, | 159 | .type = OPTION_ARG, | 
| 160 | .opt.arg = &pkcs8_config.passargout, | 160 | .opt.arg = &cfg.passargout, | 
| 161 | }, | 161 | }, | 
| 162 | { | 162 | { | 
| 163 | .name = "topk8", | 163 | .name = "topk8", | 
| 164 | .desc = "Read traditional format key and write PKCS#8 format" | 164 | .desc = "Read traditional format key and write PKCS#8 format" | 
| 165 | " key", | 165 | " key", | 
| 166 | .type = OPTION_FLAG, | 166 | .type = OPTION_FLAG, | 
| 167 | .opt.flag = &pkcs8_config.topk8, | 167 | .opt.flag = &cfg.topk8, | 
| 168 | }, | 168 | }, | 
| 169 | { | 169 | { | 
| 170 | .name = "v1", | 170 | .name = "v1", | 
| @@ -208,48 +208,48 @@ pkcs8_main(int argc, char **argv) | |||
| 208 | exit(1); | 208 | exit(1); | 
| 209 | } | 209 | } | 
| 210 | 210 | ||
| 211 | memset(&pkcs8_config, 0, sizeof(pkcs8_config)); | 211 | memset(&cfg, 0, sizeof(cfg)); | 
| 212 | 212 | ||
| 213 | pkcs8_config.iter = PKCS12_DEFAULT_ITER; | 213 | cfg.iter = PKCS12_DEFAULT_ITER; | 
| 214 | pkcs8_config.informat = FORMAT_PEM; | 214 | cfg.informat = FORMAT_PEM; | 
| 215 | pkcs8_config.outformat = FORMAT_PEM; | 215 | cfg.outformat = FORMAT_PEM; | 
| 216 | pkcs8_config.pbe_nid = -1; | 216 | cfg.pbe_nid = -1; | 
| 217 | 217 | ||
| 218 | if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) { | 218 | if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) { | 
| 219 | pkcs8_usage(); | 219 | pkcs8_usage(); | 
| 220 | return (1); | 220 | return (1); | 
| 221 | } | 221 | } | 
| 222 | 222 | ||
| 223 | if (!app_passwd(bio_err, pkcs8_config.passargin, | 223 | if (!app_passwd(bio_err, cfg.passargin, | 
| 224 | pkcs8_config.passargout, &passin, &passout)) { | 224 | cfg.passargout, &passin, &passout)) { | 
| 225 | BIO_printf(bio_err, "Error getting passwords\n"); | 225 | BIO_printf(bio_err, "Error getting passwords\n"); | 
| 226 | goto end; | 226 | goto end; | 
| 227 | } | 227 | } | 
| 228 | if ((pkcs8_config.pbe_nid == -1) && !pkcs8_config.cipher) | 228 | if ((cfg.pbe_nid == -1) && !cfg.cipher) | 
| 229 | pkcs8_config.pbe_nid = NID_pbeWithMD5AndDES_CBC; | 229 | cfg.pbe_nid = NID_pbeWithMD5AndDES_CBC; | 
| 230 | 230 | ||
| 231 | if (pkcs8_config.infile) { | 231 | if (cfg.infile) { | 
| 232 | if (!(in = BIO_new_file(pkcs8_config.infile, "rb"))) { | 232 | if (!(in = BIO_new_file(cfg.infile, "rb"))) { | 
| 233 | BIO_printf(bio_err, | 233 | BIO_printf(bio_err, | 
| 234 | "Can't open input file '%s'\n", | 234 | "Can't open input file '%s'\n", | 
| 235 | pkcs8_config.infile); | 235 | cfg.infile); | 
| 236 | goto end; | 236 | goto end; | 
| 237 | } | 237 | } | 
| 238 | } else | 238 | } else | 
| 239 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 239 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 
| 240 | 240 | ||
| 241 | if (pkcs8_config.outfile) { | 241 | if (cfg.outfile) { | 
| 242 | if (!(out = BIO_new_file(pkcs8_config.outfile, "wb"))) { | 242 | if (!(out = BIO_new_file(cfg.outfile, "wb"))) { | 
| 243 | BIO_printf(bio_err, "Can't open output file '%s'\n", | 243 | BIO_printf(bio_err, "Can't open output file '%s'\n", | 
| 244 | pkcs8_config.outfile); | 244 | cfg.outfile); | 
| 245 | goto end; | 245 | goto end; | 
| 246 | } | 246 | } | 
| 247 | } else { | 247 | } else { | 
| 248 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 248 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 249 | } | 249 | } | 
| 250 | if (pkcs8_config.topk8) { | 250 | if (cfg.topk8) { | 
| 251 | pkey = load_key(bio_err, pkcs8_config.infile, | 251 | pkey = load_key(bio_err, cfg.infile, | 
| 252 | pkcs8_config.informat, 1, passin, "key"); | 252 | cfg.informat, 1, passin, "key"); | 
| 253 | if (!pkey) | 253 | if (!pkey) | 
| 254 | goto end; | 254 | goto end; | 
| 255 | if (!(p8inf = EVP_PKEY2PKCS8(pkey))) { | 255 | if (!(p8inf = EVP_PKEY2PKCS8(pkey))) { | 
| @@ -257,10 +257,10 @@ pkcs8_main(int argc, char **argv) | |||
| 257 | ERR_print_errors(bio_err); | 257 | ERR_print_errors(bio_err); | 
| 258 | goto end; | 258 | goto end; | 
| 259 | } | 259 | } | 
| 260 | if (pkcs8_config.nocrypt) { | 260 | if (cfg.nocrypt) { | 
| 261 | if (pkcs8_config.outformat == FORMAT_PEM) | 261 | if (cfg.outformat == FORMAT_PEM) | 
| 262 | PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); | 262 | PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); | 
| 263 | else if (pkcs8_config.outformat == FORMAT_ASN1) | 263 | else if (cfg.outformat == FORMAT_ASN1) | 
| 264 | i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); | 264 | i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); | 
| 265 | else { | 265 | else { | 
| 266 | BIO_printf(bio_err, | 266 | BIO_printf(bio_err, | 
| @@ -276,16 +276,16 @@ pkcs8_main(int argc, char **argv) | |||
| 276 | "Enter Encryption Password:", 1)) | 276 | "Enter Encryption Password:", 1)) | 
| 277 | goto end; | 277 | goto end; | 
| 278 | } | 278 | } | 
| 279 | if (!(p8 = PKCS8_encrypt(pkcs8_config.pbe_nid, | 279 | if (!(p8 = PKCS8_encrypt(cfg.pbe_nid, | 
| 280 | pkcs8_config.cipher, p8pass, strlen(p8pass), | 280 | cfg.cipher, p8pass, strlen(p8pass), | 
| 281 | NULL, 0, pkcs8_config.iter, p8inf))) { | 281 | NULL, 0, cfg.iter, p8inf))) { | 
| 282 | BIO_printf(bio_err, "Error encrypting key\n"); | 282 | BIO_printf(bio_err, "Error encrypting key\n"); | 
| 283 | ERR_print_errors(bio_err); | 283 | ERR_print_errors(bio_err); | 
| 284 | goto end; | 284 | goto end; | 
| 285 | } | 285 | } | 
| 286 | if (pkcs8_config.outformat == FORMAT_PEM) | 286 | if (cfg.outformat == FORMAT_PEM) | 
| 287 | PEM_write_bio_PKCS8(out, p8); | 287 | PEM_write_bio_PKCS8(out, p8); | 
| 288 | else if (pkcs8_config.outformat == FORMAT_ASN1) | 288 | else if (cfg.outformat == FORMAT_ASN1) | 
| 289 | i2d_PKCS8_bio(out, p8); | 289 | i2d_PKCS8_bio(out, p8); | 
| 290 | else { | 290 | else { | 
| 291 | BIO_printf(bio_err, | 291 | BIO_printf(bio_err, | 
| @@ -297,20 +297,20 @@ pkcs8_main(int argc, char **argv) | |||
| 297 | ret = 0; | 297 | ret = 0; | 
| 298 | goto end; | 298 | goto end; | 
| 299 | } | 299 | } | 
| 300 | if (pkcs8_config.nocrypt) { | 300 | if (cfg.nocrypt) { | 
| 301 | if (pkcs8_config.informat == FORMAT_PEM) | 301 | if (cfg.informat == FORMAT_PEM) | 
| 302 | p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, | 302 | p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, | 
| 303 | NULL, NULL); | 303 | NULL, NULL); | 
| 304 | else if (pkcs8_config.informat == FORMAT_ASN1) | 304 | else if (cfg.informat == FORMAT_ASN1) | 
| 305 | p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); | 305 | p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); | 
| 306 | else { | 306 | else { | 
| 307 | BIO_printf(bio_err, "Bad format specified for key\n"); | 307 | BIO_printf(bio_err, "Bad format specified for key\n"); | 
| 308 | goto end; | 308 | goto end; | 
| 309 | } | 309 | } | 
| 310 | } else { | 310 | } else { | 
| 311 | if (pkcs8_config.informat == FORMAT_PEM) | 311 | if (cfg.informat == FORMAT_PEM) | 
| 312 | p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); | 312 | p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); | 
| 313 | else if (pkcs8_config.informat == FORMAT_ASN1) | 313 | else if (cfg.informat == FORMAT_ASN1) | 
| 314 | p8 = d2i_PKCS8_bio(in, NULL); | 314 | p8 = d2i_PKCS8_bio(in, NULL); | 
| 315 | else { | 315 | else { | 
| 316 | BIO_printf(bio_err, "Bad format specified for key\n"); | 316 | BIO_printf(bio_err, "Bad format specified for key\n"); | 
| @@ -342,10 +342,10 @@ pkcs8_main(int argc, char **argv) | |||
| 342 | ERR_print_errors(bio_err); | 342 | ERR_print_errors(bio_err); | 
| 343 | goto end; | 343 | goto end; | 
| 344 | } | 344 | } | 
| 345 | if (pkcs8_config.outformat == FORMAT_PEM) | 345 | if (cfg.outformat == FORMAT_PEM) | 
| 346 | PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, | 346 | PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, | 
| 347 | passout); | 347 | passout); | 
| 348 | else if (pkcs8_config.outformat == FORMAT_ASN1) | 348 | else if (cfg.outformat == FORMAT_ASN1) | 
| 349 | i2d_PrivateKey_bio(out, pkey); | 349 | i2d_PrivateKey_bio(out, pkey); | 
| 350 | else { | 350 | else { | 
| 351 | BIO_printf(bio_err, "Bad format specified for key\n"); | 351 | BIO_printf(bio_err, "Bad format specified for key\n"); | 
| diff --git a/src/usr.bin/openssl/pkey.c b/src/usr.bin/openssl/pkey.c index 2d9b69f5c3..cb558f5ac8 100644 --- a/src/usr.bin/openssl/pkey.c +++ b/src/usr.bin/openssl/pkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pkey.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: pkey.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 2006 | 3 | * project 2006 | 
| 4 | */ | 4 | */ | 
| @@ -80,7 +80,7 @@ static struct { | |||
| 80 | int pubout; | 80 | int pubout; | 
| 81 | int pubtext; | 81 | int pubtext; | 
| 82 | int text; | 82 | int text; | 
| 83 | } pkey_config; | 83 | } cfg; | 
| 84 | 84 | ||
| 85 | static int | 85 | static int | 
| 86 | pkey_opt_cipher(int argc, char **argv, int *argsused) | 86 | pkey_opt_cipher(int argc, char **argv, int *argsused) | 
| @@ -90,7 +90,7 @@ pkey_opt_cipher(int argc, char **argv, int *argsused) | |||
| 90 | if (*name++ != '-') | 90 | if (*name++ != '-') | 
| 91 | return (1); | 91 | return (1); | 
| 92 | 92 | ||
| 93 | if ((pkey_config.cipher = EVP_get_cipherbyname(name)) == NULL) { | 93 | if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) { | 
| 94 | BIO_printf(bio_err, "Unknown cipher %s\n", name); | 94 | BIO_printf(bio_err, "Unknown cipher %s\n", name); | 
| 95 | return (1); | 95 | return (1); | 
| 96 | } | 96 | } | 
| @@ -104,87 +104,87 @@ static const struct option pkey_options[] = { | |||
| 104 | .name = "check", | 104 | .name = "check", | 
| 105 | .desc = "Check validity of key", | 105 | .desc = "Check validity of key", | 
| 106 | .type = OPTION_FLAG, | 106 | .type = OPTION_FLAG, | 
| 107 | .opt.flag = &pkey_config.check, | 107 | .opt.flag = &cfg.check, | 
| 108 | }, | 108 | }, | 
| 109 | { | 109 | { | 
| 110 | .name = "in", | 110 | .name = "in", | 
| 111 | .argname = "file", | 111 | .argname = "file", | 
| 112 | .desc = "Input file (default stdin)", | 112 | .desc = "Input file (default stdin)", | 
| 113 | .type = OPTION_ARG, | 113 | .type = OPTION_ARG, | 
| 114 | .opt.arg = &pkey_config.infile, | 114 | .opt.arg = &cfg.infile, | 
| 115 | }, | 115 | }, | 
| 116 | { | 116 | { | 
| 117 | .name = "inform", | 117 | .name = "inform", | 
| 118 | .argname = "format", | 118 | .argname = "format", | 
| 119 | .desc = "Input format (DER or PEM (default))", | 119 | .desc = "Input format (DER or PEM (default))", | 
| 120 | .type = OPTION_ARG_FORMAT, | 120 | .type = OPTION_ARG_FORMAT, | 
| 121 | .opt.value = &pkey_config.informat, | 121 | .opt.value = &cfg.informat, | 
| 122 | }, | 122 | }, | 
| 123 | { | 123 | { | 
| 124 | .name = "noout", | 124 | .name = "noout", | 
| 125 | .desc = "Do not print encoded version of the key", | 125 | .desc = "Do not print encoded version of the key", | 
| 126 | .type = OPTION_FLAG, | 126 | .type = OPTION_FLAG, | 
| 127 | .opt.flag = &pkey_config.noout, | 127 | .opt.flag = &cfg.noout, | 
| 128 | }, | 128 | }, | 
| 129 | { | 129 | { | 
| 130 | .name = "out", | 130 | .name = "out", | 
| 131 | .argname = "file", | 131 | .argname = "file", | 
| 132 | .desc = "Output file (default stdout)", | 132 | .desc = "Output file (default stdout)", | 
| 133 | .type = OPTION_ARG, | 133 | .type = OPTION_ARG, | 
| 134 | .opt.arg = &pkey_config.outfile, | 134 | .opt.arg = &cfg.outfile, | 
| 135 | }, | 135 | }, | 
| 136 | { | 136 | { | 
| 137 | .name = "outform", | 137 | .name = "outform", | 
| 138 | .argname = "format", | 138 | .argname = "format", | 
| 139 | .desc = "Output format (DER or PEM (default))", | 139 | .desc = "Output format (DER or PEM (default))", | 
| 140 | .type = OPTION_ARG_FORMAT, | 140 | .type = OPTION_ARG_FORMAT, | 
| 141 | .opt.value = &pkey_config.outformat, | 141 | .opt.value = &cfg.outformat, | 
| 142 | }, | 142 | }, | 
| 143 | { | 143 | { | 
| 144 | .name = "passin", | 144 | .name = "passin", | 
| 145 | .argname = "src", | 145 | .argname = "src", | 
| 146 | .desc = "Input file passphrase source", | 146 | .desc = "Input file passphrase source", | 
| 147 | .type = OPTION_ARG, | 147 | .type = OPTION_ARG, | 
| 148 | .opt.arg = &pkey_config.passargin, | 148 | .opt.arg = &cfg.passargin, | 
| 149 | }, | 149 | }, | 
| 150 | { | 150 | { | 
| 151 | .name = "passout", | 151 | .name = "passout", | 
| 152 | .argname = "src", | 152 | .argname = "src", | 
| 153 | .desc = "Output file passphrase source", | 153 | .desc = "Output file passphrase source", | 
| 154 | .type = OPTION_ARG, | 154 | .type = OPTION_ARG, | 
| 155 | .opt.arg = &pkey_config.passargout, | 155 | .opt.arg = &cfg.passargout, | 
| 156 | }, | 156 | }, | 
| 157 | { | 157 | { | 
| 158 | .name = "pubcheck", | 158 | .name = "pubcheck", | 
| 159 | .desc = "Check validity of public key", | 159 | .desc = "Check validity of public key", | 
| 160 | .type = OPTION_FLAG, | 160 | .type = OPTION_FLAG, | 
| 161 | .opt.flag = &pkey_config.pubcheck, | 161 | .opt.flag = &cfg.pubcheck, | 
| 162 | }, | 162 | }, | 
| 163 | { | 163 | { | 
| 164 | .name = "pubin", | 164 | .name = "pubin", | 
| 165 | .desc = "Expect a public key (default private key)", | 165 | .desc = "Expect a public key (default private key)", | 
| 166 | .type = OPTION_VALUE, | 166 | .type = OPTION_VALUE, | 
| 167 | .value = 1, | 167 | .value = 1, | 
| 168 | .opt.value = &pkey_config.pubin, | 168 | .opt.value = &cfg.pubin, | 
| 169 | }, | 169 | }, | 
| 170 | { | 170 | { | 
| 171 | .name = "pubout", | 171 | .name = "pubout", | 
| 172 | .desc = "Output a public key (default private key)", | 172 | .desc = "Output a public key (default private key)", | 
| 173 | .type = OPTION_VALUE, | 173 | .type = OPTION_VALUE, | 
| 174 | .value = 1, | 174 | .value = 1, | 
| 175 | .opt.value = &pkey_config.pubout, | 175 | .opt.value = &cfg.pubout, | 
| 176 | }, | 176 | }, | 
| 177 | { | 177 | { | 
| 178 | .name = "text", | 178 | .name = "text", | 
| 179 | .desc = "Print the public/private key in plain text", | 179 | .desc = "Print the public/private key in plain text", | 
| 180 | .type = OPTION_FLAG, | 180 | .type = OPTION_FLAG, | 
| 181 | .opt.flag = &pkey_config.text, | 181 | .opt.flag = &cfg.text, | 
| 182 | }, | 182 | }, | 
| 183 | { | 183 | { | 
| 184 | .name = "text_pub", | 184 | .name = "text_pub", | 
| 185 | .desc = "Print out only public key in plain text", | 185 | .desc = "Print out only public key in plain text", | 
| 186 | .type = OPTION_FLAG, | 186 | .type = OPTION_FLAG, | 
| 187 | .opt.flag = &pkey_config.pubtext, | 187 | .opt.flag = &cfg.pubtext, | 
| 188 | }, | 188 | }, | 
| 189 | { | 189 | { | 
| 190 | .name = NULL, | 190 | .name = NULL, | 
| @@ -226,61 +226,61 @@ pkey_main(int argc, char **argv) | |||
| 226 | exit(1); | 226 | exit(1); | 
| 227 | } | 227 | } | 
| 228 | 228 | ||
| 229 | memset(&pkey_config, 0, sizeof(pkey_config)); | 229 | memset(&cfg, 0, sizeof(cfg)); | 
| 230 | pkey_config.informat = FORMAT_PEM; | 230 | cfg.informat = FORMAT_PEM; | 
| 231 | pkey_config.outformat = FORMAT_PEM; | 231 | cfg.outformat = FORMAT_PEM; | 
| 232 | 232 | ||
| 233 | if (options_parse(argc, argv, pkey_options, NULL, NULL) != 0) { | 233 | if (options_parse(argc, argv, pkey_options, NULL, NULL) != 0) { | 
| 234 | pkey_usage(); | 234 | pkey_usage(); | 
| 235 | goto end; | 235 | goto end; | 
| 236 | } | 236 | } | 
| 237 | 237 | ||
| 238 | if (pkey_config.pubtext) | 238 | if (cfg.pubtext) | 
| 239 | pkey_config.text = 1; | 239 | cfg.text = 1; | 
| 240 | if (pkey_config.pubin) | 240 | if (cfg.pubin) | 
| 241 | pkey_config.pubout = pkey_config.pubtext = 1; | 241 | cfg.pubout = cfg.pubtext = 1; | 
| 242 | 242 | ||
| 243 | if (!app_passwd(bio_err, pkey_config.passargin, pkey_config.passargout, | 243 | if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, | 
| 244 | &passin, &passout)) { | 244 | &passin, &passout)) { | 
| 245 | BIO_printf(bio_err, "Error getting passwords\n"); | 245 | BIO_printf(bio_err, "Error getting passwords\n"); | 
| 246 | goto end; | 246 | goto end; | 
| 247 | } | 247 | } | 
| 248 | if (pkey_config.outfile) { | 248 | if (cfg.outfile) { | 
| 249 | if (!(out = BIO_new_file(pkey_config.outfile, "wb"))) { | 249 | if (!(out = BIO_new_file(cfg.outfile, "wb"))) { | 
| 250 | BIO_printf(bio_err, | 250 | BIO_printf(bio_err, | 
| 251 | "Can't open output file %s\n", pkey_config.outfile); | 251 | "Can't open output file %s\n", cfg.outfile); | 
| 252 | goto end; | 252 | goto end; | 
| 253 | } | 253 | } | 
| 254 | } else { | 254 | } else { | 
| 255 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 255 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 256 | } | 256 | } | 
| 257 | 257 | ||
| 258 | if (pkey_config.pubin) | 258 | if (cfg.pubin) | 
| 259 | pkey = load_pubkey(bio_err, pkey_config.infile, | 259 | pkey = load_pubkey(bio_err, cfg.infile, | 
| 260 | pkey_config.informat, 1, passin, "Public Key"); | 260 | cfg.informat, 1, passin, "Public Key"); | 
| 261 | else | 261 | else | 
| 262 | pkey = load_key(bio_err, pkey_config.infile, | 262 | pkey = load_key(bio_err, cfg.infile, | 
| 263 | pkey_config.informat, 1, passin, "key"); | 263 | cfg.informat, 1, passin, "key"); | 
| 264 | if (!pkey) | 264 | if (!pkey) | 
| 265 | goto end; | 265 | goto end; | 
| 266 | 266 | ||
| 267 | if (pkey_config.check) { | 267 | if (cfg.check) { | 
| 268 | if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair")) | 268 | if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair")) | 
| 269 | goto end; | 269 | goto end; | 
| 270 | } else if (pkey_config.pubcheck) { | 270 | } else if (cfg.pubcheck) { | 
| 271 | if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key")) | 271 | if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key")) | 
| 272 | goto end; | 272 | goto end; | 
| 273 | } | 273 | } | 
| 274 | 274 | ||
| 275 | if (!pkey_config.noout) { | 275 | if (!cfg.noout) { | 
| 276 | if (pkey_config.outformat == FORMAT_PEM) { | 276 | if (cfg.outformat == FORMAT_PEM) { | 
| 277 | if (pkey_config.pubout) | 277 | if (cfg.pubout) | 
| 278 | PEM_write_bio_PUBKEY(out, pkey); | 278 | PEM_write_bio_PUBKEY(out, pkey); | 
| 279 | else | 279 | else | 
| 280 | PEM_write_bio_PrivateKey(out, pkey, | 280 | PEM_write_bio_PrivateKey(out, pkey, | 
| 281 | pkey_config.cipher, NULL, 0, NULL, passout); | 281 | cfg.cipher, NULL, 0, NULL, passout); | 
| 282 | } else if (pkey_config.outformat == FORMAT_ASN1) { | 282 | } else if (cfg.outformat == FORMAT_ASN1) { | 
| 283 | if (pkey_config.pubout) | 283 | if (cfg.pubout) | 
| 284 | i2d_PUBKEY_bio(out, pkey); | 284 | i2d_PUBKEY_bio(out, pkey); | 
| 285 | else | 285 | else | 
| 286 | i2d_PrivateKey_bio(out, pkey); | 286 | i2d_PrivateKey_bio(out, pkey); | 
| @@ -290,8 +290,8 @@ pkey_main(int argc, char **argv) | |||
| 290 | } | 290 | } | 
| 291 | 291 | ||
| 292 | } | 292 | } | 
| 293 | if (pkey_config.text) { | 293 | if (cfg.text) { | 
| 294 | if (pkey_config.pubtext) | 294 | if (cfg.pubtext) | 
| 295 | EVP_PKEY_print_public(out, pkey, 0, NULL); | 295 | EVP_PKEY_print_public(out, pkey, 0, NULL); | 
| 296 | else | 296 | else | 
| 297 | EVP_PKEY_print_private(out, pkey, 0, NULL); | 297 | EVP_PKEY_print_private(out, pkey, 0, NULL); | 
| diff --git a/src/usr.bin/openssl/pkeyparam.c b/src/usr.bin/openssl/pkeyparam.c index 57b5ad8042..946195640e 100644 --- a/src/usr.bin/openssl/pkeyparam.c +++ b/src/usr.bin/openssl/pkeyparam.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pkeyparam.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: pkeyparam.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 2006 | 3 | * project 2006 | 
| 4 | */ | 4 | */ | 
| @@ -71,40 +71,40 @@ static struct { | |||
| 71 | int noout; | 71 | int noout; | 
| 72 | char *outfile; | 72 | char *outfile; | 
| 73 | int text; | 73 | int text; | 
| 74 | } pkeyparam_config; | 74 | } cfg; | 
| 75 | 75 | ||
| 76 | static const struct option pkeyparam_options[] = { | 76 | static const struct option pkeyparam_options[] = { | 
| 77 | { | 77 | { | 
| 78 | .name = "check", | 78 | .name = "check", | 
| 79 | .desc = "Check validity of key parameters", | 79 | .desc = "Check validity of key parameters", | 
| 80 | .type = OPTION_FLAG, | 80 | .type = OPTION_FLAG, | 
| 81 | .opt.flag = &pkeyparam_config.check, | 81 | .opt.flag = &cfg.check, | 
| 82 | }, | 82 | }, | 
| 83 | { | 83 | { | 
| 84 | .name = "in", | 84 | .name = "in", | 
| 85 | .argname = "file", | 85 | .argname = "file", | 
| 86 | .desc = "Input file (default stdin)", | 86 | .desc = "Input file (default stdin)", | 
| 87 | .type = OPTION_ARG, | 87 | .type = OPTION_ARG, | 
| 88 | .opt.arg = &pkeyparam_config.infile, | 88 | .opt.arg = &cfg.infile, | 
| 89 | }, | 89 | }, | 
| 90 | { | 90 | { | 
| 91 | .name = "noout", | 91 | .name = "noout", | 
| 92 | .desc = "Do not print encoded version of the parameters", | 92 | .desc = "Do not print encoded version of the parameters", | 
| 93 | .type = OPTION_FLAG, | 93 | .type = OPTION_FLAG, | 
| 94 | .opt.flag = &pkeyparam_config.noout, | 94 | .opt.flag = &cfg.noout, | 
| 95 | }, | 95 | }, | 
| 96 | { | 96 | { | 
| 97 | .name = "out", | 97 | .name = "out", | 
| 98 | .argname = "file", | 98 | .argname = "file", | 
| 99 | .desc = "Output file (default stdout)", | 99 | .desc = "Output file (default stdout)", | 
| 100 | .type = OPTION_ARG, | 100 | .type = OPTION_ARG, | 
| 101 | .opt.arg = &pkeyparam_config.outfile, | 101 | .opt.arg = &cfg.outfile, | 
| 102 | }, | 102 | }, | 
| 103 | { | 103 | { | 
| 104 | .name = "text", | 104 | .name = "text", | 
| 105 | .desc = "Print out the parameters in plain text", | 105 | .desc = "Print out the parameters in plain text", | 
| 106 | .type = OPTION_FLAG, | 106 | .type = OPTION_FLAG, | 
| 107 | .opt.flag = &pkeyparam_config.text, | 107 | .opt.flag = &cfg.text, | 
| 108 | }, | 108 | }, | 
| 109 | { NULL }, | 109 | { NULL }, | 
| 110 | }; | 110 | }; | 
| @@ -130,26 +130,26 @@ pkeyparam_main(int argc, char **argv) | |||
| 130 | exit(1); | 130 | exit(1); | 
| 131 | } | 131 | } | 
| 132 | 132 | ||
| 133 | memset(&pkeyparam_config, 0, sizeof(pkeyparam_config)); | 133 | memset(&cfg, 0, sizeof(cfg)); | 
| 134 | 134 | ||
| 135 | if (options_parse(argc, argv, pkeyparam_options, NULL, NULL) != 0) { | 135 | if (options_parse(argc, argv, pkeyparam_options, NULL, NULL) != 0) { | 
| 136 | pkeyparam_usage(); | 136 | pkeyparam_usage(); | 
| 137 | return (1); | 137 | return (1); | 
| 138 | } | 138 | } | 
| 139 | 139 | ||
| 140 | if (pkeyparam_config.infile) { | 140 | if (cfg.infile) { | 
| 141 | if (!(in = BIO_new_file(pkeyparam_config.infile, "r"))) { | 141 | if (!(in = BIO_new_file(cfg.infile, "r"))) { | 
| 142 | BIO_printf(bio_err, "Can't open input file %s\n", | 142 | BIO_printf(bio_err, "Can't open input file %s\n", | 
| 143 | pkeyparam_config.infile); | 143 | cfg.infile); | 
| 144 | goto end; | 144 | goto end; | 
| 145 | } | 145 | } | 
| 146 | } else | 146 | } else | 
| 147 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 147 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 
| 148 | 148 | ||
| 149 | if (pkeyparam_config.outfile) { | 149 | if (cfg.outfile) { | 
| 150 | if (!(out = BIO_new_file(pkeyparam_config.outfile, "w"))) { | 150 | if (!(out = BIO_new_file(cfg.outfile, "w"))) { | 
| 151 | BIO_printf(bio_err, "Can't open output file %s\n", | 151 | BIO_printf(bio_err, "Can't open output file %s\n", | 
| 152 | pkeyparam_config.outfile); | 152 | cfg.outfile); | 
| 153 | goto end; | 153 | goto end; | 
| 154 | } | 154 | } | 
| 155 | } else { | 155 | } else { | 
| @@ -163,15 +163,15 @@ pkeyparam_main(int argc, char **argv) | |||
| 163 | goto end; | 163 | goto end; | 
| 164 | } | 164 | } | 
| 165 | 165 | ||
| 166 | if (pkeyparam_config.check) { | 166 | if (cfg.check) { | 
| 167 | if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters")) | 167 | if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters")) | 
| 168 | goto end; | 168 | goto end; | 
| 169 | } | 169 | } | 
| 170 | 170 | ||
| 171 | if (!pkeyparam_config.noout) | 171 | if (!cfg.noout) | 
| 172 | PEM_write_bio_Parameters(out, pkey); | 172 | PEM_write_bio_Parameters(out, pkey); | 
| 173 | 173 | ||
| 174 | if (pkeyparam_config.text) | 174 | if (cfg.text) | 
| 175 | EVP_PKEY_print_params(out, pkey, 0, NULL); | 175 | EVP_PKEY_print_params(out, pkey, 0, NULL); | 
| 176 | 176 | ||
| 177 | ret = 0; | 177 | ret = 0; | 
| diff --git a/src/usr.bin/openssl/pkeyutl.c b/src/usr.bin/openssl/pkeyutl.c index 8c0fd28b29..efd0896c02 100644 --- a/src/usr.bin/openssl/pkeyutl.c +++ b/src/usr.bin/openssl/pkeyutl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pkeyutl.c,v 1.18 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: pkeyutl.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 2006. | 3 | * project 2006. | 
| 4 | */ | 4 | */ | 
| @@ -82,7 +82,7 @@ static struct { | |||
| 82 | int pkey_op; | 82 | int pkey_op; | 
| 83 | int rev; | 83 | int rev; | 
| 84 | char *sigfile; | 84 | char *sigfile; | 
| 85 | } pkeyutl_config; | 85 | } cfg; | 
| 86 | 86 | ||
| 87 | static void pkeyutl_usage(void); | 87 | static void pkeyutl_usage(void); | 
| 88 | 88 | ||
| @@ -101,48 +101,48 @@ static const struct option pkeyutl_options[] = { | |||
| 101 | .name = "asn1parse", | 101 | .name = "asn1parse", | 
| 102 | .desc = "ASN.1 parse the output data", | 102 | .desc = "ASN.1 parse the output data", | 
| 103 | .type = OPTION_FLAG, | 103 | .type = OPTION_FLAG, | 
| 104 | .opt.flag = &pkeyutl_config.asn1parse, | 104 | .opt.flag = &cfg.asn1parse, | 
| 105 | }, | 105 | }, | 
| 106 | { | 106 | { | 
| 107 | .name = "certin", | 107 | .name = "certin", | 
| 108 | .desc = "Input is a certificate containing a public key", | 108 | .desc = "Input is a certificate containing a public key", | 
| 109 | .type = OPTION_VALUE, | 109 | .type = OPTION_VALUE, | 
| 110 | .value = KEY_CERT, | 110 | .value = KEY_CERT, | 
| 111 | .opt.value = &pkeyutl_config.key_type, | 111 | .opt.value = &cfg.key_type, | 
| 112 | }, | 112 | }, | 
| 113 | { | 113 | { | 
| 114 | .name = "decrypt", | 114 | .name = "decrypt", | 
| 115 | .desc = "Decrypt the input data using a private key", | 115 | .desc = "Decrypt the input data using a private key", | 
| 116 | .type = OPTION_VALUE, | 116 | .type = OPTION_VALUE, | 
| 117 | .value = EVP_PKEY_OP_DECRYPT, | 117 | .value = EVP_PKEY_OP_DECRYPT, | 
| 118 | .opt.value = &pkeyutl_config.pkey_op, | 118 | .opt.value = &cfg.pkey_op, | 
| 119 | }, | 119 | }, | 
| 120 | { | 120 | { | 
| 121 | .name = "derive", | 121 | .name = "derive", | 
| 122 | .desc = "Derive a shared secret using the peer key", | 122 | .desc = "Derive a shared secret using the peer key", | 
| 123 | .type = OPTION_VALUE, | 123 | .type = OPTION_VALUE, | 
| 124 | .value = EVP_PKEY_OP_DERIVE, | 124 | .value = EVP_PKEY_OP_DERIVE, | 
| 125 | .opt.value = &pkeyutl_config.pkey_op, | 125 | .opt.value = &cfg.pkey_op, | 
| 126 | }, | 126 | }, | 
| 127 | { | 127 | { | 
| 128 | .name = "encrypt", | 128 | .name = "encrypt", | 
| 129 | .desc = "Encrypt the input data using a public key", | 129 | .desc = "Encrypt the input data using a public key", | 
| 130 | .type = OPTION_VALUE, | 130 | .type = OPTION_VALUE, | 
| 131 | .value = EVP_PKEY_OP_ENCRYPT, | 131 | .value = EVP_PKEY_OP_ENCRYPT, | 
| 132 | .opt.value = &pkeyutl_config.pkey_op, | 132 | .opt.value = &cfg.pkey_op, | 
| 133 | }, | 133 | }, | 
| 134 | { | 134 | { | 
| 135 | .name = "hexdump", | 135 | .name = "hexdump", | 
| 136 | .desc = "Hex dump the output data", | 136 | .desc = "Hex dump the output data", | 
| 137 | .type = OPTION_FLAG, | 137 | .type = OPTION_FLAG, | 
| 138 | .opt.flag = &pkeyutl_config.hexdump, | 138 | .opt.flag = &cfg.hexdump, | 
| 139 | }, | 139 | }, | 
| 140 | { | 140 | { | 
| 141 | .name = "in", | 141 | .name = "in", | 
| 142 | .argname = "file", | 142 | .argname = "file", | 
| 143 | .desc = "Input file (default stdin)", | 143 | .desc = "Input file (default stdin)", | 
| 144 | .type = OPTION_ARG, | 144 | .type = OPTION_ARG, | 
| 145 | .opt.arg = &pkeyutl_config.infile, | 145 | .opt.arg = &cfg.infile, | 
| 146 | }, | 146 | }, | 
| 147 | { | 147 | { | 
| 148 | .name = "inkey", | 148 | .name = "inkey", | 
| @@ -156,28 +156,28 @@ static const struct option pkeyutl_options[] = { | |||
| 156 | .argname = "fmt", | 156 | .argname = "fmt", | 
| 157 | .desc = "Input key format (DER or PEM (default))", | 157 | .desc = "Input key format (DER or PEM (default))", | 
| 158 | .type = OPTION_ARG_FORMAT, | 158 | .type = OPTION_ARG_FORMAT, | 
| 159 | .opt.value = &pkeyutl_config.keyform, | 159 | .opt.value = &cfg.keyform, | 
| 160 | }, | 160 | }, | 
| 161 | { | 161 | { | 
| 162 | .name = "out", | 162 | .name = "out", | 
| 163 | .argname = "file", | 163 | .argname = "file", | 
| 164 | .desc = "Output file (default stdout)", | 164 | .desc = "Output file (default stdout)", | 
| 165 | .type = OPTION_ARG, | 165 | .type = OPTION_ARG, | 
| 166 | .opt.arg = &pkeyutl_config.outfile, | 166 | .opt.arg = &cfg.outfile, | 
| 167 | }, | 167 | }, | 
| 168 | { | 168 | { | 
| 169 | .name = "passin", | 169 | .name = "passin", | 
| 170 | .argname = "arg", | 170 | .argname = "arg", | 
| 171 | .desc = "Key password source", | 171 | .desc = "Key password source", | 
| 172 | .type = OPTION_ARG, | 172 | .type = OPTION_ARG, | 
| 173 | .opt.arg = &pkeyutl_config.passargin, | 173 | .opt.arg = &cfg.passargin, | 
| 174 | }, | 174 | }, | 
| 175 | { | 175 | { | 
| 176 | .name = "peerform", | 176 | .name = "peerform", | 
| 177 | .argname = "fmt", | 177 | .argname = "fmt", | 
| 178 | .desc = "Input key format (DER or PEM (default))", | 178 | .desc = "Input key format (DER or PEM (default))", | 
| 179 | .type = OPTION_ARG_FORMAT, | 179 | .type = OPTION_ARG_FORMAT, | 
| 180 | .opt.value = &pkeyutl_config.peerform, | 180 | .opt.value = &cfg.peerform, | 
| 181 | }, | 181 | }, | 
| 182 | { | 182 | { | 
| 183 | .name = "peerkey", | 183 | .name = "peerkey", | 
| @@ -198,41 +198,41 @@ static const struct option pkeyutl_options[] = { | |||
| 198 | .desc = "Input is a public key", | 198 | .desc = "Input is a public key", | 
| 199 | .type = OPTION_VALUE, | 199 | .type = OPTION_VALUE, | 
| 200 | .value = KEY_PUBKEY, | 200 | .value = KEY_PUBKEY, | 
| 201 | .opt.value = &pkeyutl_config.key_type, | 201 | .opt.value = &cfg.key_type, | 
| 202 | }, | 202 | }, | 
| 203 | { | 203 | { | 
| 204 | .name = "rev", | 204 | .name = "rev", | 
| 205 | .desc = "Reverse the input data", | 205 | .desc = "Reverse the input data", | 
| 206 | .type = OPTION_FLAG, | 206 | .type = OPTION_FLAG, | 
| 207 | .opt.flag = &pkeyutl_config.rev, | 207 | .opt.flag = &cfg.rev, | 
| 208 | }, | 208 | }, | 
| 209 | { | 209 | { | 
| 210 | .name = "sigfile", | 210 | .name = "sigfile", | 
| 211 | .argname = "file", | 211 | .argname = "file", | 
| 212 | .desc = "Signature file (verify operation only)", | 212 | .desc = "Signature file (verify operation only)", | 
| 213 | .type = OPTION_ARG, | 213 | .type = OPTION_ARG, | 
| 214 | .opt.arg = &pkeyutl_config.sigfile, | 214 | .opt.arg = &cfg.sigfile, | 
| 215 | }, | 215 | }, | 
| 216 | { | 216 | { | 
| 217 | .name = "sign", | 217 | .name = "sign", | 
| 218 | .desc = "Sign the input data using private key", | 218 | .desc = "Sign the input data using private key", | 
| 219 | .type = OPTION_VALUE, | 219 | .type = OPTION_VALUE, | 
| 220 | .value = EVP_PKEY_OP_SIGN, | 220 | .value = EVP_PKEY_OP_SIGN, | 
| 221 | .opt.value = &pkeyutl_config.pkey_op, | 221 | .opt.value = &cfg.pkey_op, | 
| 222 | }, | 222 | }, | 
| 223 | { | 223 | { | 
| 224 | .name = "verify", | 224 | .name = "verify", | 
| 225 | .desc = "Verify the input data using public key", | 225 | .desc = "Verify the input data using public key", | 
| 226 | .type = OPTION_VALUE, | 226 | .type = OPTION_VALUE, | 
| 227 | .value = EVP_PKEY_OP_VERIFY, | 227 | .value = EVP_PKEY_OP_VERIFY, | 
| 228 | .opt.value = &pkeyutl_config.pkey_op, | 228 | .opt.value = &cfg.pkey_op, | 
| 229 | }, | 229 | }, | 
| 230 | { | 230 | { | 
| 231 | .name = "verifyrecover", | 231 | .name = "verifyrecover", | 
| 232 | .desc = "Verify with public key, recover original data", | 232 | .desc = "Verify with public key, recover original data", | 
| 233 | .type = OPTION_VALUE, | 233 | .type = OPTION_VALUE, | 
| 234 | .value = EVP_PKEY_OP_VERIFYRECOVER, | 234 | .value = EVP_PKEY_OP_VERIFYRECOVER, | 
| 235 | .opt.value = &pkeyutl_config.pkey_op, | 235 | .opt.value = &cfg.pkey_op, | 
| 236 | }, | 236 | }, | 
| 237 | 237 | ||
| 238 | {NULL}, | 238 | {NULL}, | 
| @@ -268,36 +268,36 @@ pkeyutl_main(int argc, char **argv) | |||
| 268 | exit(1); | 268 | exit(1); | 
| 269 | } | 269 | } | 
| 270 | 270 | ||
| 271 | memset(&pkeyutl_config, 0, sizeof(pkeyutl_config)); | 271 | memset(&cfg, 0, sizeof(cfg)); | 
| 272 | pkeyutl_config.pkey_op = EVP_PKEY_OP_SIGN; | 272 | cfg.pkey_op = EVP_PKEY_OP_SIGN; | 
| 273 | pkeyutl_config.key_type = KEY_PRIVKEY; | 273 | cfg.key_type = KEY_PRIVKEY; | 
| 274 | pkeyutl_config.keyform = FORMAT_PEM; | 274 | cfg.keyform = FORMAT_PEM; | 
| 275 | pkeyutl_config.peerform = FORMAT_PEM; | 275 | cfg.peerform = FORMAT_PEM; | 
| 276 | pkeyutl_config.keysize = -1; | 276 | cfg.keysize = -1; | 
| 277 | 277 | ||
| 278 | if (options_parse(argc, argv, pkeyutl_options, NULL, NULL) != 0) { | 278 | if (options_parse(argc, argv, pkeyutl_options, NULL, NULL) != 0) { | 
| 279 | pkeyutl_usage(); | 279 | pkeyutl_usage(); | 
| 280 | goto end; | 280 | goto end; | 
| 281 | } | 281 | } | 
| 282 | 282 | ||
| 283 | if (!pkeyutl_config.ctx) { | 283 | if (!cfg.ctx) { | 
| 284 | pkeyutl_usage(); | 284 | pkeyutl_usage(); | 
| 285 | goto end; | 285 | goto end; | 
| 286 | } | 286 | } | 
| 287 | if (pkeyutl_config.sigfile && | 287 | if (cfg.sigfile && | 
| 288 | (pkeyutl_config.pkey_op != EVP_PKEY_OP_VERIFY)) { | 288 | (cfg.pkey_op != EVP_PKEY_OP_VERIFY)) { | 
| 289 | BIO_puts(bio_err, "Signature file specified for non verify\n"); | 289 | BIO_puts(bio_err, "Signature file specified for non verify\n"); | 
| 290 | goto end; | 290 | goto end; | 
| 291 | } | 291 | } | 
| 292 | if (!pkeyutl_config.sigfile && | 292 | if (!cfg.sigfile && | 
| 293 | (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY)) { | 293 | (cfg.pkey_op == EVP_PKEY_OP_VERIFY)) { | 
| 294 | BIO_puts(bio_err, "No signature file specified for verify\n"); | 294 | BIO_puts(bio_err, "No signature file specified for verify\n"); | 
| 295 | goto end; | 295 | goto end; | 
| 296 | } | 296 | } | 
| 297 | 297 | ||
| 298 | if (pkeyutl_config.pkey_op != EVP_PKEY_OP_DERIVE) { | 298 | if (cfg.pkey_op != EVP_PKEY_OP_DERIVE) { | 
| 299 | if (pkeyutl_config.infile) { | 299 | if (cfg.infile) { | 
| 300 | if (!(in = BIO_new_file(pkeyutl_config.infile, "rb"))) { | 300 | if (!(in = BIO_new_file(cfg.infile, "rb"))) { | 
| 301 | BIO_puts(bio_err, | 301 | BIO_puts(bio_err, | 
| 302 | "Error Opening Input File\n"); | 302 | "Error Opening Input File\n"); | 
| 303 | ERR_print_errors(bio_err); | 303 | ERR_print_errors(bio_err); | 
| @@ -306,8 +306,8 @@ pkeyutl_main(int argc, char **argv) | |||
| 306 | } else | 306 | } else | 
| 307 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 307 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 
| 308 | } | 308 | } | 
| 309 | if (pkeyutl_config.outfile) { | 309 | if (cfg.outfile) { | 
| 310 | if (!(out = BIO_new_file(pkeyutl_config.outfile, "wb"))) { | 310 | if (!(out = BIO_new_file(cfg.outfile, "wb"))) { | 
| 311 | BIO_printf(bio_err, "Error Creating Output File\n"); | 311 | BIO_printf(bio_err, "Error Creating Output File\n"); | 
| 312 | ERR_print_errors(bio_err); | 312 | ERR_print_errors(bio_err); | 
| 313 | goto end; | 313 | goto end; | 
| @@ -316,14 +316,14 @@ pkeyutl_main(int argc, char **argv) | |||
| 316 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 316 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 317 | } | 317 | } | 
| 318 | 318 | ||
| 319 | if (pkeyutl_config.sigfile) { | 319 | if (cfg.sigfile) { | 
| 320 | BIO *sigbio = BIO_new_file(pkeyutl_config.sigfile, "rb"); | 320 | BIO *sigbio = BIO_new_file(cfg.sigfile, "rb"); | 
| 321 | if (!sigbio) { | 321 | if (!sigbio) { | 
| 322 | BIO_printf(bio_err, "Can't open signature file %s\n", | 322 | BIO_printf(bio_err, "Can't open signature file %s\n", | 
| 323 | pkeyutl_config.sigfile); | 323 | cfg.sigfile); | 
| 324 | goto end; | 324 | goto end; | 
| 325 | } | 325 | } | 
| 326 | siglen = bio_to_mem(&sig, pkeyutl_config.keysize * 10, sigbio); | 326 | siglen = bio_to_mem(&sig, cfg.keysize * 10, sigbio); | 
| 327 | BIO_free(sigbio); | 327 | BIO_free(sigbio); | 
| 328 | if (siglen <= 0) { | 328 | if (siglen <= 0) { | 
| 329 | BIO_printf(bio_err, "Error reading signature data\n"); | 329 | BIO_printf(bio_err, "Error reading signature data\n"); | 
| @@ -332,12 +332,12 @@ pkeyutl_main(int argc, char **argv) | |||
| 332 | } | 332 | } | 
| 333 | if (in) { | 333 | if (in) { | 
| 334 | /* Read the input data */ | 334 | /* Read the input data */ | 
| 335 | buf_inlen = bio_to_mem(&buf_in, pkeyutl_config.keysize * 10, in); | 335 | buf_inlen = bio_to_mem(&buf_in, cfg.keysize * 10, in); | 
| 336 | if (buf_inlen <= 0) { | 336 | if (buf_inlen <= 0) { | 
| 337 | BIO_printf(bio_err, "Error reading input Data\n"); | 337 | BIO_printf(bio_err, "Error reading input Data\n"); | 
| 338 | exit(1); | 338 | exit(1); | 
| 339 | } | 339 | } | 
| 340 | if (pkeyutl_config.rev) { | 340 | if (cfg.rev) { | 
| 341 | size_t i; | 341 | size_t i; | 
| 342 | unsigned char ctmp; | 342 | unsigned char ctmp; | 
| 343 | size_t l = (size_t) buf_inlen; | 343 | size_t l = (size_t) buf_inlen; | 
| @@ -348,8 +348,8 @@ pkeyutl_main(int argc, char **argv) | |||
| 348 | } | 348 | } | 
| 349 | } | 349 | } | 
| 350 | } | 350 | } | 
| 351 | if (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY) { | 351 | if (cfg.pkey_op == EVP_PKEY_OP_VERIFY) { | 
| 352 | rv = EVP_PKEY_verify(pkeyutl_config.ctx, sig, (size_t) siglen, | 352 | rv = EVP_PKEY_verify(cfg.ctx, sig, (size_t) siglen, | 
| 353 | buf_in, (size_t) buf_inlen); | 353 | buf_in, (size_t) buf_inlen); | 
| 354 | if (rv == 1) { | 354 | if (rv == 1) { | 
| 355 | BIO_puts(out, "Signature Verified Successfully\n"); | 355 | BIO_puts(out, "Signature Verified Successfully\n"); | 
| @@ -359,15 +359,15 @@ pkeyutl_main(int argc, char **argv) | |||
| 359 | if (rv >= 0) | 359 | if (rv >= 0) | 
| 360 | goto end; | 360 | goto end; | 
| 361 | } else { | 361 | } else { | 
| 362 | rv = do_keyop(pkeyutl_config.ctx, pkeyutl_config.pkey_op, NULL, | 362 | rv = do_keyop(cfg.ctx, cfg.pkey_op, NULL, | 
| 363 | (size_t *)&buf_outlen, buf_in, (size_t) buf_inlen); | 363 | (size_t *)&buf_outlen, buf_in, (size_t) buf_inlen); | 
| 364 | if (rv > 0) { | 364 | if (rv > 0) { | 
| 365 | buf_out = malloc(buf_outlen); | 365 | buf_out = malloc(buf_outlen); | 
| 366 | if (!buf_out) | 366 | if (!buf_out) | 
| 367 | rv = -1; | 367 | rv = -1; | 
| 368 | else | 368 | else | 
| 369 | rv = do_keyop(pkeyutl_config.ctx, | 369 | rv = do_keyop(cfg.ctx, | 
| 370 | pkeyutl_config.pkey_op, | 370 | cfg.pkey_op, | 
| 371 | buf_out, (size_t *) & buf_outlen, | 371 | buf_out, (size_t *) & buf_outlen, | 
| 372 | buf_in, (size_t) buf_inlen); | 372 | buf_in, (size_t) buf_inlen); | 
| 373 | } | 373 | } | 
| @@ -379,16 +379,16 @@ pkeyutl_main(int argc, char **argv) | |||
| 379 | goto end; | 379 | goto end; | 
| 380 | } | 380 | } | 
| 381 | ret = 0; | 381 | ret = 0; | 
| 382 | if (pkeyutl_config.asn1parse) { | 382 | if (cfg.asn1parse) { | 
| 383 | if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) | 383 | if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) | 
| 384 | ERR_print_errors(bio_err); | 384 | ERR_print_errors(bio_err); | 
| 385 | } else if (pkeyutl_config.hexdump) | 385 | } else if (cfg.hexdump) | 
| 386 | BIO_dump(out, (char *) buf_out, buf_outlen); | 386 | BIO_dump(out, (char *) buf_out, buf_outlen); | 
| 387 | else | 387 | else | 
| 388 | BIO_write(out, buf_out, buf_outlen); | 388 | BIO_write(out, buf_out, buf_outlen); | 
| 389 | 389 | ||
| 390 | end: | 390 | end: | 
| 391 | EVP_PKEY_CTX_free(pkeyutl_config.ctx); | 391 | EVP_PKEY_CTX_free(cfg.ctx); | 
| 392 | BIO_free(in); | 392 | BIO_free(in); | 
| 393 | BIO_free_all(out); | 393 | BIO_free_all(out); | 
| 394 | free(buf_in); | 394 | free(buf_in); | 
| @@ -406,32 +406,32 @@ init_ctx(char *keyfile) | |||
| 406 | int rv = -1; | 406 | int rv = -1; | 
| 407 | X509 *x; | 407 | X509 *x; | 
| 408 | 408 | ||
| 409 | if (((pkeyutl_config.pkey_op == EVP_PKEY_OP_SIGN) | 409 | if (((cfg.pkey_op == EVP_PKEY_OP_SIGN) | 
| 410 | || (pkeyutl_config.pkey_op == EVP_PKEY_OP_DECRYPT) | 410 | || (cfg.pkey_op == EVP_PKEY_OP_DECRYPT) | 
| 411 | || (pkeyutl_config.pkey_op == EVP_PKEY_OP_DERIVE)) | 411 | || (cfg.pkey_op == EVP_PKEY_OP_DERIVE)) | 
| 412 | && (pkeyutl_config.key_type != KEY_PRIVKEY)) { | 412 | && (cfg.key_type != KEY_PRIVKEY)) { | 
| 413 | BIO_printf(bio_err, | 413 | BIO_printf(bio_err, | 
| 414 | "A private key is needed for this operation\n"); | 414 | "A private key is needed for this operation\n"); | 
| 415 | goto end; | 415 | goto end; | 
| 416 | } | 416 | } | 
| 417 | if (!app_passwd(bio_err, pkeyutl_config.passargin, NULL, &passin, | 417 | if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, | 
| 418 | NULL)) { | 418 | NULL)) { | 
| 419 | BIO_printf(bio_err, "Error getting password\n"); | 419 | BIO_printf(bio_err, "Error getting password\n"); | 
| 420 | goto end; | 420 | goto end; | 
| 421 | } | 421 | } | 
| 422 | switch (pkeyutl_config.key_type) { | 422 | switch (cfg.key_type) { | 
| 423 | case KEY_PRIVKEY: | 423 | case KEY_PRIVKEY: | 
| 424 | pkey = load_key(bio_err, keyfile, pkeyutl_config.keyform, 0, | 424 | pkey = load_key(bio_err, keyfile, cfg.keyform, 0, | 
| 425 | passin, "Private Key"); | 425 | passin, "Private Key"); | 
| 426 | break; | 426 | break; | 
| 427 | 427 | ||
| 428 | case KEY_PUBKEY: | 428 | case KEY_PUBKEY: | 
| 429 | pkey = load_pubkey(bio_err, keyfile, pkeyutl_config.keyform, 0, | 429 | pkey = load_pubkey(bio_err, keyfile, cfg.keyform, 0, | 
| 430 | NULL, "Public Key"); | 430 | NULL, "Public Key"); | 
| 431 | break; | 431 | break; | 
| 432 | 432 | ||
| 433 | case KEY_CERT: | 433 | case KEY_CERT: | 
| 434 | x = load_cert(bio_err, keyfile, pkeyutl_config.keyform, | 434 | x = load_cert(bio_err, keyfile, cfg.keyform, | 
| 435 | NULL, "Certificate"); | 435 | NULL, "Certificate"); | 
| 436 | if (x) { | 436 | if (x) { | 
| 437 | pkey = X509_get_pubkey(x); | 437 | pkey = X509_get_pubkey(x); | 
| @@ -440,53 +440,53 @@ init_ctx(char *keyfile) | |||
| 440 | break; | 440 | break; | 
| 441 | } | 441 | } | 
| 442 | 442 | ||
| 443 | pkeyutl_config.keysize = EVP_PKEY_size(pkey); | 443 | cfg.keysize = EVP_PKEY_size(pkey); | 
| 444 | 444 | ||
| 445 | if (!pkey) | 445 | if (!pkey) | 
| 446 | goto end; | 446 | goto end; | 
| 447 | 447 | ||
| 448 | pkeyutl_config.ctx = EVP_PKEY_CTX_new(pkey, NULL); | 448 | cfg.ctx = EVP_PKEY_CTX_new(pkey, NULL); | 
| 449 | 449 | ||
| 450 | EVP_PKEY_free(pkey); | 450 | EVP_PKEY_free(pkey); | 
| 451 | 451 | ||
| 452 | if (!pkeyutl_config.ctx) | 452 | if (!cfg.ctx) | 
| 453 | goto end; | 453 | goto end; | 
| 454 | 454 | ||
| 455 | switch (pkeyutl_config.pkey_op) { | 455 | switch (cfg.pkey_op) { | 
| 456 | case EVP_PKEY_OP_SIGN: | 456 | case EVP_PKEY_OP_SIGN: | 
| 457 | rv = EVP_PKEY_sign_init(pkeyutl_config.ctx); | 457 | rv = EVP_PKEY_sign_init(cfg.ctx); | 
| 458 | break; | 458 | break; | 
| 459 | 459 | ||
| 460 | case EVP_PKEY_OP_VERIFY: | 460 | case EVP_PKEY_OP_VERIFY: | 
| 461 | rv = EVP_PKEY_verify_init(pkeyutl_config.ctx); | 461 | rv = EVP_PKEY_verify_init(cfg.ctx); | 
| 462 | break; | 462 | break; | 
| 463 | 463 | ||
| 464 | case EVP_PKEY_OP_VERIFYRECOVER: | 464 | case EVP_PKEY_OP_VERIFYRECOVER: | 
| 465 | rv = EVP_PKEY_verify_recover_init(pkeyutl_config.ctx); | 465 | rv = EVP_PKEY_verify_recover_init(cfg.ctx); | 
| 466 | break; | 466 | break; | 
| 467 | 467 | ||
| 468 | case EVP_PKEY_OP_ENCRYPT: | 468 | case EVP_PKEY_OP_ENCRYPT: | 
| 469 | rv = EVP_PKEY_encrypt_init(pkeyutl_config.ctx); | 469 | rv = EVP_PKEY_encrypt_init(cfg.ctx); | 
| 470 | break; | 470 | break; | 
| 471 | 471 | ||
| 472 | case EVP_PKEY_OP_DECRYPT: | 472 | case EVP_PKEY_OP_DECRYPT: | 
| 473 | rv = EVP_PKEY_decrypt_init(pkeyutl_config.ctx); | 473 | rv = EVP_PKEY_decrypt_init(cfg.ctx); | 
| 474 | break; | 474 | break; | 
| 475 | 475 | ||
| 476 | case EVP_PKEY_OP_DERIVE: | 476 | case EVP_PKEY_OP_DERIVE: | 
| 477 | rv = EVP_PKEY_derive_init(pkeyutl_config.ctx); | 477 | rv = EVP_PKEY_derive_init(cfg.ctx); | 
| 478 | break; | 478 | break; | 
| 479 | } | 479 | } | 
| 480 | 480 | ||
| 481 | if (rv <= 0) { | 481 | if (rv <= 0) { | 
| 482 | EVP_PKEY_CTX_free(pkeyutl_config.ctx); | 482 | EVP_PKEY_CTX_free(cfg.ctx); | 
| 483 | pkeyutl_config.ctx = NULL; | 483 | cfg.ctx = NULL; | 
| 484 | } | 484 | } | 
| 485 | 485 | ||
| 486 | end: | 486 | end: | 
| 487 | free(passin); | 487 | free(passin); | 
| 488 | 488 | ||
| 489 | if (!pkeyutl_config.ctx) { | 489 | if (!cfg.ctx) { | 
| 490 | BIO_puts(bio_err, "Error initializing context\n"); | 490 | BIO_puts(bio_err, "Error initializing context\n"); | 
| 491 | ERR_print_errors(bio_err); | 491 | ERR_print_errors(bio_err); | 
| 492 | return (1); | 492 | return (1); | 
| @@ -501,11 +501,11 @@ setup_peer(char *file) | |||
| 501 | EVP_PKEY *peer = NULL; | 501 | EVP_PKEY *peer = NULL; | 
| 502 | int ret; | 502 | int ret; | 
| 503 | 503 | ||
| 504 | if (!pkeyutl_config.ctx) { | 504 | if (!cfg.ctx) { | 
| 505 | BIO_puts(bio_err, "-peerkey command before -inkey\n"); | 505 | BIO_puts(bio_err, "-peerkey command before -inkey\n"); | 
| 506 | return (1); | 506 | return (1); | 
| 507 | } | 507 | } | 
| 508 | peer = load_pubkey(bio_err, file, pkeyutl_config.peerform, 0, NULL, | 508 | peer = load_pubkey(bio_err, file, cfg.peerform, 0, NULL, | 
| 509 | "Peer Key"); | 509 | "Peer Key"); | 
| 510 | 510 | ||
| 511 | if (!peer) { | 511 | if (!peer) { | 
| @@ -513,7 +513,7 @@ setup_peer(char *file) | |||
| 513 | ERR_print_errors(bio_err); | 513 | ERR_print_errors(bio_err); | 
| 514 | return (1); | 514 | return (1); | 
| 515 | } | 515 | } | 
| 516 | ret = EVP_PKEY_derive_set_peer(pkeyutl_config.ctx, peer); | 516 | ret = EVP_PKEY_derive_set_peer(cfg.ctx, peer); | 
| 517 | 517 | ||
| 518 | EVP_PKEY_free(peer); | 518 | EVP_PKEY_free(peer); | 
| 519 | if (ret <= 0) { | 519 | if (ret <= 0) { | 
| @@ -527,10 +527,10 @@ setup_peer(char *file) | |||
| 527 | static int | 527 | static int | 
| 528 | pkeyutl_pkeyopt(char *pkeyopt) | 528 | pkeyutl_pkeyopt(char *pkeyopt) | 
| 529 | { | 529 | { | 
| 530 | if (!pkeyutl_config.ctx) { | 530 | if (!cfg.ctx) { | 
| 531 | BIO_puts(bio_err, "-pkeyopt command before -inkey\n"); | 531 | BIO_puts(bio_err, "-pkeyopt command before -inkey\n"); | 
| 532 | return (1); | 532 | return (1); | 
| 533 | } else if (pkey_ctrl_string(pkeyutl_config.ctx, pkeyopt) <= 0) { | 533 | } else if (pkey_ctrl_string(cfg.ctx, pkeyopt) <= 0) { | 
| 534 | BIO_puts(bio_err, "parameter setting error\n"); | 534 | BIO_puts(bio_err, "parameter setting error\n"); | 
| 535 | ERR_print_errors(bio_err); | 535 | ERR_print_errors(bio_err); | 
| 536 | return (1); | 536 | return (1); | 
| diff --git a/src/usr.bin/openssl/prime.c b/src/usr.bin/openssl/prime.c index 64b1953e33..d704d882fc 100644 --- a/src/usr.bin/openssl/prime.c +++ b/src/usr.bin/openssl/prime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: prime.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: prime.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* ==================================================================== | 2 | /* ==================================================================== | 
| 3 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -62,7 +62,7 @@ static struct { | |||
| 62 | int generate; | 62 | int generate; | 
| 63 | int hex; | 63 | int hex; | 
| 64 | int safe; | 64 | int safe; | 
| 65 | } prime_config; | 65 | } cfg; | 
| 66 | 66 | ||
| 67 | static const struct option prime_options[] = { | 67 | static const struct option prime_options[] = { | 
| 68 | { | 68 | { | 
| @@ -70,32 +70,32 @@ static const struct option prime_options[] = { | |||
| 70 | .argname = "n", | 70 | .argname = "n", | 
| 71 | .desc = "Number of bits in the generated prime number", | 71 | .desc = "Number of bits in the generated prime number", | 
| 72 | .type = OPTION_ARG_INT, | 72 | .type = OPTION_ARG_INT, | 
| 73 | .opt.value = &prime_config.bits, | 73 | .opt.value = &cfg.bits, | 
| 74 | }, | 74 | }, | 
| 75 | { | 75 | { | 
| 76 | .name = "checks", | 76 | .name = "checks", | 
| 77 | .argname = "n", | 77 | .argname = "n", | 
| 78 | .desc = "Miller-Rabin probabilistic primality test iterations", | 78 | .desc = "Miller-Rabin probabilistic primality test iterations", | 
| 79 | .type = OPTION_ARG_INT, | 79 | .type = OPTION_ARG_INT, | 
| 80 | .opt.value = &prime_config.checks, | 80 | .opt.value = &cfg.checks, | 
| 81 | }, | 81 | }, | 
| 82 | { | 82 | { | 
| 83 | .name = "generate", | 83 | .name = "generate", | 
| 84 | .desc = "Generate a pseudo-random prime number", | 84 | .desc = "Generate a pseudo-random prime number", | 
| 85 | .type = OPTION_FLAG, | 85 | .type = OPTION_FLAG, | 
| 86 | .opt.flag = &prime_config.generate, | 86 | .opt.flag = &cfg.generate, | 
| 87 | }, | 87 | }, | 
| 88 | { | 88 | { | 
| 89 | .name = "hex", | 89 | .name = "hex", | 
| 90 | .desc = "Hexadecimal prime numbers", | 90 | .desc = "Hexadecimal prime numbers", | 
| 91 | .type = OPTION_FLAG, | 91 | .type = OPTION_FLAG, | 
| 92 | .opt.flag = &prime_config.hex, | 92 | .opt.flag = &cfg.hex, | 
| 93 | }, | 93 | }, | 
| 94 | { | 94 | { | 
| 95 | .name = "safe", | 95 | .name = "safe", | 
| 96 | .desc = "Generate only \"safe\" prime numbers", | 96 | .desc = "Generate only \"safe\" prime numbers", | 
| 97 | .type = OPTION_FLAG, | 97 | .type = OPTION_FLAG, | 
| 98 | .opt.flag = &prime_config.safe, | 98 | .opt.flag = &cfg.safe, | 
| 99 | }, | 99 | }, | 
| 100 | {NULL}, | 100 | {NULL}, | 
| 101 | }; | 101 | }; | 
| @@ -123,17 +123,17 @@ prime_main(int argc, char **argv) | |||
| 123 | exit(1); | 123 | exit(1); | 
| 124 | } | 124 | } | 
| 125 | 125 | ||
| 126 | memset(&prime_config, 0, sizeof(prime_config)); | 126 | memset(&cfg, 0, sizeof(cfg)); | 
| 127 | 127 | ||
| 128 | /* Default iterations for Miller-Rabin probabilistic primality test. */ | 128 | /* Default iterations for Miller-Rabin probabilistic primality test. */ | 
| 129 | prime_config.checks = 20; | 129 | cfg.checks = 20; | 
| 130 | 130 | ||
| 131 | if (options_parse(argc, argv, prime_options, &prime, NULL) != 0) { | 131 | if (options_parse(argc, argv, prime_options, &prime, NULL) != 0) { | 
| 132 | prime_usage(); | 132 | prime_usage(); | 
| 133 | return (1); | 133 | return (1); | 
| 134 | } | 134 | } | 
| 135 | 135 | ||
| 136 | if (prime == NULL && prime_config.generate == 0) { | 136 | if (prime == NULL && cfg.generate == 0) { | 
| 137 | BIO_printf(bio_err, "No prime specified.\n"); | 137 | BIO_printf(bio_err, "No prime specified.\n"); | 
| 138 | prime_usage(); | 138 | prime_usage(); | 
| 139 | return (1); | 139 | return (1); | 
| @@ -145,8 +145,8 @@ prime_main(int argc, char **argv) | |||
| 145 | } | 145 | } | 
| 146 | BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); | 146 | BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); | 
| 147 | 147 | ||
| 148 | if (prime_config.generate != 0) { | 148 | if (cfg.generate != 0) { | 
| 149 | if (prime_config.bits == 0) { | 149 | if (cfg.bits == 0) { | 
| 150 | BIO_printf(bio_err, "Specify the number of bits.\n"); | 150 | BIO_printf(bio_err, "Specify the number of bits.\n"); | 
| 151 | goto end; | 151 | goto end; | 
| 152 | } | 152 | } | 
| @@ -155,12 +155,12 @@ prime_main(int argc, char **argv) | |||
| 155 | BIO_printf(bio_err, "Out of memory.\n"); | 155 | BIO_printf(bio_err, "Out of memory.\n"); | 
| 156 | goto end; | 156 | goto end; | 
| 157 | } | 157 | } | 
| 158 | if (!BN_generate_prime_ex(bn, prime_config.bits, | 158 | if (!BN_generate_prime_ex(bn, cfg.bits, | 
| 159 | prime_config.safe, NULL, NULL, NULL)) { | 159 | cfg.safe, NULL, NULL, NULL)) { | 
| 160 | BIO_printf(bio_err, "Prime generation error.\n"); | 160 | BIO_printf(bio_err, "Prime generation error.\n"); | 
| 161 | goto end; | 161 | goto end; | 
| 162 | } | 162 | } | 
| 163 | s = prime_config.hex ? BN_bn2hex(bn) : BN_bn2dec(bn); | 163 | s = cfg.hex ? BN_bn2hex(bn) : BN_bn2dec(bn); | 
| 164 | if (s == NULL) { | 164 | if (s == NULL) { | 
| 165 | BIO_printf(bio_err, "Out of memory.\n"); | 165 | BIO_printf(bio_err, "Out of memory.\n"); | 
| 166 | goto end; | 166 | goto end; | 
| @@ -168,7 +168,7 @@ prime_main(int argc, char **argv) | |||
| 168 | BIO_printf(bio_out, "%s\n", s); | 168 | BIO_printf(bio_out, "%s\n", s); | 
| 169 | free(s); | 169 | free(s); | 
| 170 | } else { | 170 | } else { | 
| 171 | if (prime_config.hex) { | 171 | if (cfg.hex) { | 
| 172 | if (!BN_hex2bn(&bn, prime)) { | 172 | if (!BN_hex2bn(&bn, prime)) { | 
| 173 | BIO_printf(bio_err, "%s is an invalid hex " | 173 | BIO_printf(bio_err, "%s is an invalid hex " | 
| 174 | "value.\n", prime); | 174 | "value.\n", prime); | 
| @@ -182,7 +182,7 @@ prime_main(int argc, char **argv) | |||
| 182 | } | 182 | } | 
| 183 | } | 183 | } | 
| 184 | 184 | ||
| 185 | is_prime = BN_is_prime_ex(bn, prime_config.checks, NULL, NULL); | 185 | is_prime = BN_is_prime_ex(bn, cfg.checks, NULL, NULL); | 
| 186 | if (is_prime < 0) { | 186 | if (is_prime < 0) { | 
| 187 | BIO_printf(bio_err, "BN_is_prime_ex failed.\n"); | 187 | BIO_printf(bio_err, "BN_is_prime_ex failed.\n"); | 
| 188 | goto end; | 188 | goto end; | 
| diff --git a/src/usr.bin/openssl/rand.c b/src/usr.bin/openssl/rand.c index 6ae6a8d8ee..a0f3b44664 100644 --- a/src/usr.bin/openssl/rand.c +++ b/src/usr.bin/openssl/rand.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rand.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: rand.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* ==================================================================== | 2 | /* ==================================================================== | 
| 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -66,27 +66,27 @@ static struct { | |||
| 66 | int base64; | 66 | int base64; | 
| 67 | int hex; | 67 | int hex; | 
| 68 | char *outfile; | 68 | char *outfile; | 
| 69 | } rand_config; | 69 | } cfg; | 
| 70 | 70 | ||
| 71 | static const struct option rand_options[] = { | 71 | static const struct option rand_options[] = { | 
| 72 | { | 72 | { | 
| 73 | .name = "base64", | 73 | .name = "base64", | 
| 74 | .desc = "Perform base64 encoding on output", | 74 | .desc = "Perform base64 encoding on output", | 
| 75 | .type = OPTION_FLAG, | 75 | .type = OPTION_FLAG, | 
| 76 | .opt.flag = &rand_config.base64, | 76 | .opt.flag = &cfg.base64, | 
| 77 | }, | 77 | }, | 
| 78 | { | 78 | { | 
| 79 | .name = "hex", | 79 | .name = "hex", | 
| 80 | .desc = "Hexadecimal output", | 80 | .desc = "Hexadecimal output", | 
| 81 | .type = OPTION_FLAG, | 81 | .type = OPTION_FLAG, | 
| 82 | .opt.flag = &rand_config.hex, | 82 | .opt.flag = &cfg.hex, | 
| 83 | }, | 83 | }, | 
| 84 | { | 84 | { | 
| 85 | .name = "out", | 85 | .name = "out", | 
| 86 | .argname = "file", | 86 | .argname = "file", | 
| 87 | .desc = "Write to the given file instead of standard output", | 87 | .desc = "Write to the given file instead of standard output", | 
| 88 | .type = OPTION_ARG, | 88 | .type = OPTION_ARG, | 
| 89 | .opt.arg = &rand_config.outfile, | 89 | .opt.arg = &cfg.outfile, | 
| 90 | }, | 90 | }, | 
| 91 | {NULL}, | 91 | {NULL}, | 
| 92 | }; | 92 | }; | 
| @@ -114,7 +114,7 @@ rand_main(int argc, char **argv) | |||
| 114 | exit(1); | 114 | exit(1); | 
| 115 | } | 115 | } | 
| 116 | 116 | ||
| 117 | memset(&rand_config, 0, sizeof(rand_config)); | 117 | memset(&cfg, 0, sizeof(cfg)); | 
| 118 | 118 | ||
| 119 | if (options_parse(argc, argv, rand_options, &num_bytes, NULL) != 0) { | 119 | if (options_parse(argc, argv, rand_options, &num_bytes, NULL) != 0) { | 
| 120 | rand_usage(); | 120 | rand_usage(); | 
| @@ -128,7 +128,7 @@ rand_main(int argc, char **argv) | |||
| 128 | } else | 128 | } else | 
| 129 | badopt = 1; | 129 | badopt = 1; | 
| 130 | 130 | ||
| 131 | if (rand_config.hex && rand_config.base64) | 131 | if (cfg.hex && cfg.base64) | 
| 132 | badopt = 1; | 132 | badopt = 1; | 
| 133 | 133 | ||
| 134 | if (badopt) { | 134 | if (badopt) { | 
| @@ -139,13 +139,13 @@ rand_main(int argc, char **argv) | |||
| 139 | out = BIO_new(BIO_s_file()); | 139 | out = BIO_new(BIO_s_file()); | 
| 140 | if (out == NULL) | 140 | if (out == NULL) | 
| 141 | goto err; | 141 | goto err; | 
| 142 | if (rand_config.outfile != NULL) | 142 | if (cfg.outfile != NULL) | 
| 143 | r = BIO_write_filename(out, rand_config.outfile); | 143 | r = BIO_write_filename(out, cfg.outfile); | 
| 144 | else | 144 | else | 
| 145 | r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 145 | r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); | 
| 146 | if (r <= 0) | 146 | if (r <= 0) | 
| 147 | goto err; | 147 | goto err; | 
| 148 | if (rand_config.base64) { | 148 | if (cfg.base64) { | 
| 149 | BIO *b64 = BIO_new(BIO_f_base64()); | 149 | BIO *b64 = BIO_new(BIO_f_base64()); | 
| 150 | if (b64 == NULL) | 150 | if (b64 == NULL) | 
| 151 | goto err; | 151 | goto err; | 
| @@ -160,7 +160,7 @@ rand_main(int argc, char **argv) | |||
| 160 | if (chunk > (int) sizeof(buf)) | 160 | if (chunk > (int) sizeof(buf)) | 
| 161 | chunk = sizeof(buf); | 161 | chunk = sizeof(buf); | 
| 162 | arc4random_buf(buf, chunk); | 162 | arc4random_buf(buf, chunk); | 
| 163 | if (rand_config.hex) { | 163 | if (cfg.hex) { | 
| 164 | for (i = 0; i < chunk; i++) | 164 | for (i = 0; i < chunk; i++) | 
| 165 | BIO_printf(out, "%02x", buf[i]); | 165 | BIO_printf(out, "%02x", buf[i]); | 
| 166 | } else | 166 | } else | 
| @@ -168,7 +168,7 @@ rand_main(int argc, char **argv) | |||
| 168 | num -= chunk; | 168 | num -= chunk; | 
| 169 | } | 169 | } | 
| 170 | 170 | ||
| 171 | if (rand_config.hex) | 171 | if (cfg.hex) | 
| 172 | BIO_puts(out, "\n"); | 172 | BIO_puts(out, "\n"); | 
| 173 | (void) BIO_flush(out); | 173 | (void) BIO_flush(out); | 
| 174 | 174 | ||
| diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c index 797cbfa718..0994d0b288 100644 --- a/src/usr.bin/openssl/req.c +++ b/src/usr.bin/openssl/req.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: req.c,v 1.26 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: req.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -168,26 +168,26 @@ static struct { | |||
| 168 | int verbose; | 168 | int verbose; | 
| 169 | int verify; | 169 | int verify; | 
| 170 | int x509; | 170 | int x509; | 
| 171 | } req_config; | 171 | } cfg; | 
| 172 | 172 | ||
| 173 | static int | 173 | static int | 
| 174 | req_opt_addext(char *arg) | 174 | req_opt_addext(char *arg) | 
| 175 | { | 175 | { | 
| 176 | int i; | 176 | int i; | 
| 177 | 177 | ||
| 178 | if (req_config.addexts == NULL) { | 178 | if (cfg.addexts == NULL) { | 
| 179 | req_config.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new( | 179 | cfg.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new( | 
| 180 | (LHASH_HASH_FN_TYPE)ext_name_hash, | 180 | (LHASH_HASH_FN_TYPE)ext_name_hash, | 
| 181 | (LHASH_COMP_FN_TYPE)ext_name_cmp); | 181 | (LHASH_COMP_FN_TYPE)ext_name_cmp); | 
| 182 | req_config.addext_bio = BIO_new(BIO_s_mem()); | 182 | cfg.addext_bio = BIO_new(BIO_s_mem()); | 
| 183 | if (req_config.addexts == NULL || | 183 | if (cfg.addexts == NULL || | 
| 184 | req_config.addext_bio == NULL) | 184 | cfg.addext_bio == NULL) | 
| 185 | return (1); | 185 | return (1); | 
| 186 | } | 186 | } | 
| 187 | i = duplicated(req_config.addexts, arg); | 187 | i = duplicated(cfg.addexts, arg); | 
| 188 | if (i == 1) | 188 | if (i == 1) | 
| 189 | return (1); | 189 | return (1); | 
| 190 | if (i < 0 || BIO_printf(req_config.addext_bio, "%s\n", arg) < 0) | 190 | if (i < 0 || BIO_printf(cfg.addext_bio, "%s\n", arg) < 0) | 
| 191 | return (1); | 191 | return (1); | 
| 192 | 192 | ||
| 193 | return (0); | 193 | return (0); | 
| @@ -198,11 +198,11 @@ req_opt_days(char *arg) | |||
| 198 | { | 198 | { | 
| 199 | const char *errstr; | 199 | const char *errstr; | 
| 200 | 200 | ||
| 201 | req_config.days = strtonum(arg, 1, INT_MAX, &errstr); | 201 | cfg.days = strtonum(arg, 1, INT_MAX, &errstr); | 
| 202 | if (errstr != NULL) { | 202 | if (errstr != NULL) { | 
| 203 | BIO_printf(bio_err, "bad -days %s, using 0: %s\n", | 203 | BIO_printf(bio_err, "bad -days %s, using 0: %s\n", | 
| 204 | arg, errstr); | 204 | arg, errstr); | 
| 205 | req_config.days = 30; | 205 | cfg.days = 30; | 
| 206 | } | 206 | } | 
| 207 | return (0); | 207 | return (0); | 
| 208 | } | 208 | } | 
| @@ -215,7 +215,7 @@ req_opt_digest(int argc, char **argv, int *argsused) | |||
| 215 | if (*name++ != '-') | 215 | if (*name++ != '-') | 
| 216 | return (1); | 216 | return (1); | 
| 217 | 217 | ||
| 218 | if ((req_config.digest = EVP_get_digestbyname(name)) == NULL) | 218 | if ((cfg.digest = EVP_get_digestbyname(name)) == NULL) | 
| 219 | return (1); | 219 | return (1); | 
| 220 | 220 | ||
| 221 | *argsused = 1; | 221 | *argsused = 1; | 
| @@ -225,15 +225,15 @@ req_opt_digest(int argc, char **argv, int *argsused) | |||
| 225 | static int | 225 | static int | 
| 226 | req_opt_newkey(char *arg) | 226 | req_opt_newkey(char *arg) | 
| 227 | { | 227 | { | 
| 228 | req_config.keyalg = arg; | 228 | cfg.keyalg = arg; | 
| 229 | req_config.newreq = 1; | 229 | cfg.newreq = 1; | 
| 230 | return (0); | 230 | return (0); | 
| 231 | } | 231 | } | 
| 232 | 232 | ||
| 233 | static int | 233 | static int | 
| 234 | req_opt_nameopt(char *arg) | 234 | req_opt_nameopt(char *arg) | 
| 235 | { | 235 | { | 
| 236 | if (!set_name_ex(&req_config.nmflag, arg)) | 236 | if (!set_name_ex(&cfg.nmflag, arg)) | 
| 237 | return (1); | 237 | return (1); | 
| 238 | return (0); | 238 | return (0); | 
| 239 | } | 239 | } | 
| @@ -241,11 +241,11 @@ req_opt_nameopt(char *arg) | |||
| 241 | static int | 241 | static int | 
| 242 | req_opt_pkeyopt(char *arg) | 242 | req_opt_pkeyopt(char *arg) | 
| 243 | { | 243 | { | 
| 244 | if (req_config.pkeyopts == NULL) | 244 | if (cfg.pkeyopts == NULL) | 
| 245 | req_config.pkeyopts = sk_OPENSSL_STRING_new_null(); | 245 | cfg.pkeyopts = sk_OPENSSL_STRING_new_null(); | 
| 246 | if (req_config.pkeyopts == NULL) | 246 | if (cfg.pkeyopts == NULL) | 
| 247 | return (1); | 247 | return (1); | 
| 248 | if (!sk_OPENSSL_STRING_push(req_config.pkeyopts, arg)) | 248 | if (!sk_OPENSSL_STRING_push(cfg.pkeyopts, arg)) | 
| 249 | return (1); | 249 | return (1); | 
| 250 | return (0); | 250 | return (0); | 
| 251 | } | 251 | } | 
| @@ -253,7 +253,7 @@ req_opt_pkeyopt(char *arg) | |||
| 253 | static int | 253 | static int | 
| 254 | req_opt_reqopt(char *arg) | 254 | req_opt_reqopt(char *arg) | 
| 255 | { | 255 | { | 
| 256 | if (!set_cert_ex(&req_config.reqflag, arg)) | 256 | if (!set_cert_ex(&cfg.reqflag, arg)) | 
| 257 | return (1); | 257 | return (1); | 
| 258 | return (0); | 258 | return (0); | 
| 259 | } | 259 | } | 
| @@ -261,8 +261,8 @@ req_opt_reqopt(char *arg) | |||
| 261 | static int | 261 | static int | 
| 262 | req_opt_set_serial(char *arg) | 262 | req_opt_set_serial(char *arg) | 
| 263 | { | 263 | { | 
| 264 | req_config.serial = s2i_ASN1_INTEGER(NULL, arg); | 264 | cfg.serial = s2i_ASN1_INTEGER(NULL, arg); | 
| 265 | if (req_config.serial == NULL) | 265 | if (cfg.serial == NULL) | 
| 266 | return (1); | 266 | return (1); | 
| 267 | return (0); | 267 | return (0); | 
| 268 | } | 268 | } | 
| @@ -270,11 +270,11 @@ req_opt_set_serial(char *arg) | |||
| 270 | static int | 270 | static int | 
| 271 | req_opt_sigopt(char *arg) | 271 | req_opt_sigopt(char *arg) | 
| 272 | { | 272 | { | 
| 273 | if (req_config.sigopts == NULL) | 273 | if (cfg.sigopts == NULL) | 
| 274 | req_config.sigopts = sk_OPENSSL_STRING_new_null(); | 274 | cfg.sigopts = sk_OPENSSL_STRING_new_null(); | 
| 275 | if (req_config.sigopts == NULL) | 275 | if (cfg.sigopts == NULL) | 
| 276 | return (1); | 276 | return (1); | 
| 277 | if (!sk_OPENSSL_STRING_push(req_config.sigopts, arg)) | 277 | if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) | 
| 278 | return (1); | 278 | return (1); | 
| 279 | return (0); | 279 | return (0); | 
| 280 | } | 280 | } | 
| @@ -282,7 +282,7 @@ req_opt_sigopt(char *arg) | |||
| 282 | static int | 282 | static int | 
| 283 | req_opt_utf8(void) | 283 | req_opt_utf8(void) | 
| 284 | { | 284 | { | 
| 285 | req_config.chtype = MBSTRING_UTF8; | 285 | cfg.chtype = MBSTRING_UTF8; | 
| 286 | return (0); | 286 | return (0); | 
| 287 | } | 287 | } | 
| 288 | 288 | ||
| @@ -298,14 +298,14 @@ static const struct option req_options[] = { | |||
| 298 | .name = "batch", | 298 | .name = "batch", | 
| 299 | .desc = "Operate in batch mode", | 299 | .desc = "Operate in batch mode", | 
| 300 | .type = OPTION_FLAG, | 300 | .type = OPTION_FLAG, | 
| 301 | .opt.flag = &req_config.batch, | 301 | .opt.flag = &cfg.batch, | 
| 302 | }, | 302 | }, | 
| 303 | { | 303 | { | 
| 304 | .name = "config", | 304 | .name = "config", | 
| 305 | .argname = "file", | 305 | .argname = "file", | 
| 306 | .desc = "Configuration file to use as request template", | 306 | .desc = "Configuration file to use as request template", | 
| 307 | .type = OPTION_ARG, | 307 | .type = OPTION_ARG, | 
| 308 | .opt.arg = &req_config.template, | 308 | .opt.arg = &cfg.template, | 
| 309 | }, | 309 | }, | 
| 310 | { | 310 | { | 
| 311 | .name = "days", | 311 | .name = "days", | 
| @@ -319,54 +319,54 @@ static const struct option req_options[] = { | |||
| 319 | .argname = "section", | 319 | .argname = "section", | 
| 320 | .desc = "Config section to use for certificate extensions", | 320 | .desc = "Config section to use for certificate extensions", | 
| 321 | .type = OPTION_ARG, | 321 | .type = OPTION_ARG, | 
| 322 | .opt.arg = &req_config.extensions, | 322 | .opt.arg = &cfg.extensions, | 
| 323 | }, | 323 | }, | 
| 324 | { | 324 | { | 
| 325 | .name = "in", | 325 | .name = "in", | 
| 326 | .argname = "file", | 326 | .argname = "file", | 
| 327 | .desc = "Input file (default stdin)", | 327 | .desc = "Input file (default stdin)", | 
| 328 | .type = OPTION_ARG, | 328 | .type = OPTION_ARG, | 
| 329 | .opt.arg = &req_config.infile, | 329 | .opt.arg = &cfg.infile, | 
| 330 | }, | 330 | }, | 
| 331 | { | 331 | { | 
| 332 | .name = "inform", | 332 | .name = "inform", | 
| 333 | .argname = "format", | 333 | .argname = "format", | 
| 334 | .desc = "Input format (DER or PEM (default))", | 334 | .desc = "Input format (DER or PEM (default))", | 
| 335 | .type = OPTION_ARG_FORMAT, | 335 | .type = OPTION_ARG_FORMAT, | 
| 336 | .opt.value = &req_config.informat, | 336 | .opt.value = &cfg.informat, | 
| 337 | }, | 337 | }, | 
| 338 | { | 338 | { | 
| 339 | .name = "key", | 339 | .name = "key", | 
| 340 | .argname = "file", | 340 | .argname = "file", | 
| 341 | .desc = "Private key file", | 341 | .desc = "Private key file", | 
| 342 | .type = OPTION_ARG, | 342 | .type = OPTION_ARG, | 
| 343 | .opt.arg = &req_config.keyfile, | 343 | .opt.arg = &cfg.keyfile, | 
| 344 | }, | 344 | }, | 
| 345 | { | 345 | { | 
| 346 | .name = "keyform", | 346 | .name = "keyform", | 
| 347 | .argname = "format", | 347 | .argname = "format", | 
| 348 | .desc = "Private key format (DER or PEM (default))", | 348 | .desc = "Private key format (DER or PEM (default))", | 
| 349 | .type = OPTION_ARG_FORMAT, | 349 | .type = OPTION_ARG_FORMAT, | 
| 350 | .opt.value = &req_config.keyform, | 350 | .opt.value = &cfg.keyform, | 
| 351 | }, | 351 | }, | 
| 352 | { | 352 | { | 
| 353 | .name = "keyout", | 353 | .name = "keyout", | 
| 354 | .argname = "file", | 354 | .argname = "file", | 
| 355 | .desc = "Private key output file", | 355 | .desc = "Private key output file", | 
| 356 | .type = OPTION_ARG, | 356 | .type = OPTION_ARG, | 
| 357 | .opt.arg = &req_config.keyout, | 357 | .opt.arg = &cfg.keyout, | 
| 358 | }, | 358 | }, | 
| 359 | { | 359 | { | 
| 360 | .name = "modulus", | 360 | .name = "modulus", | 
| 361 | .desc = "Print RSA modulus", | 361 | .desc = "Print RSA modulus", | 
| 362 | .type = OPTION_FLAG, | 362 | .type = OPTION_FLAG, | 
| 363 | .opt.flag = &req_config.modulus, | 363 | .opt.flag = &cfg.modulus, | 
| 364 | }, | 364 | }, | 
| 365 | { | 365 | { | 
| 366 | .name = "multivalue-rdn", | 366 | .name = "multivalue-rdn", | 
| 367 | .desc = "Enable support for multivalued RDNs", | 367 | .desc = "Enable support for multivalued RDNs", | 
| 368 | .type = OPTION_FLAG, | 368 | .type = OPTION_FLAG, | 
| 369 | .opt.flag = &req_config.multirdn, | 369 | .opt.flag = &cfg.multirdn, | 
| 370 | }, | 370 | }, | 
| 371 | { | 371 | { | 
| 372 | .name = "nameopt", | 372 | .name = "nameopt", | 
| @@ -379,13 +379,13 @@ static const struct option req_options[] = { | |||
| 379 | .name = "new", | 379 | .name = "new", | 
| 380 | .desc = "New request", | 380 | .desc = "New request", | 
| 381 | .type = OPTION_FLAG, | 381 | .type = OPTION_FLAG, | 
| 382 | .opt.flag = &req_config.newreq, | 382 | .opt.flag = &cfg.newreq, | 
| 383 | }, | 383 | }, | 
| 384 | { | 384 | { | 
| 385 | .name = "newhdr", | 385 | .name = "newhdr", | 
| 386 | .desc = "Include 'NEW' in header lines", | 386 | .desc = "Include 'NEW' in header lines", | 
| 387 | .type = OPTION_FLAG, | 387 | .type = OPTION_FLAG, | 
| 388 | .opt.flag = &req_config.newhdr, | 388 | .opt.flag = &cfg.newhdr, | 
| 389 | }, | 389 | }, | 
| 390 | { | 390 | { | 
| 391 | .name = "newkey", | 391 | .name = "newkey", | 
| @@ -398,41 +398,41 @@ static const struct option req_options[] = { | |||
| 398 | .name = "nodes", | 398 | .name = "nodes", | 
| 399 | .desc = "Do not encrypt output private key", | 399 | .desc = "Do not encrypt output private key", | 
| 400 | .type = OPTION_FLAG, | 400 | .type = OPTION_FLAG, | 
| 401 | .opt.flag = &req_config.nodes, | 401 | .opt.flag = &cfg.nodes, | 
| 402 | }, | 402 | }, | 
| 403 | { | 403 | { | 
| 404 | .name = "noout", | 404 | .name = "noout", | 
| 405 | .desc = "Do not output request", | 405 | .desc = "Do not output request", | 
| 406 | .type = OPTION_FLAG, | 406 | .type = OPTION_FLAG, | 
| 407 | .opt.flag = &req_config.noout, | 407 | .opt.flag = &cfg.noout, | 
| 408 | }, | 408 | }, | 
| 409 | { | 409 | { | 
| 410 | .name = "out", | 410 | .name = "out", | 
| 411 | .argname = "file", | 411 | .argname = "file", | 
| 412 | .desc = "Output file (default stdout)", | 412 | .desc = "Output file (default stdout)", | 
| 413 | .type = OPTION_ARG, | 413 | .type = OPTION_ARG, | 
| 414 | .opt.arg = &req_config.outfile, | 414 | .opt.arg = &cfg.outfile, | 
| 415 | }, | 415 | }, | 
| 416 | { | 416 | { | 
| 417 | .name = "outform", | 417 | .name = "outform", | 
| 418 | .argname = "format", | 418 | .argname = "format", | 
| 419 | .desc = "Output format (DER or PEM (default))", | 419 | .desc = "Output format (DER or PEM (default))", | 
| 420 | .type = OPTION_ARG_FORMAT, | 420 | .type = OPTION_ARG_FORMAT, | 
| 421 | .opt.value = &req_config.outformat, | 421 | .opt.value = &cfg.outformat, | 
| 422 | }, | 422 | }, | 
| 423 | { | 423 | { | 
| 424 | .name = "passin", | 424 | .name = "passin", | 
| 425 | .argname = "source", | 425 | .argname = "source", | 
| 426 | .desc = "Private key input password source", | 426 | .desc = "Private key input password source", | 
| 427 | .type = OPTION_ARG, | 427 | .type = OPTION_ARG, | 
| 428 | .opt.arg = &req_config.passargin, | 428 | .opt.arg = &cfg.passargin, | 
| 429 | }, | 429 | }, | 
| 430 | { | 430 | { | 
| 431 | .name = "passout", | 431 | .name = "passout", | 
| 432 | .argname = "source", | 432 | .argname = "source", | 
| 433 | .desc = "Private key output password source", | 433 | .desc = "Private key output password source", | 
| 434 | .type = OPTION_ARG, | 434 | .type = OPTION_ARG, | 
| 435 | .opt.arg = &req_config.passargout, | 435 | .opt.arg = &cfg.passargout, | 
| 436 | }, | 436 | }, | 
| 437 | { | 437 | { | 
| 438 | .name = "pkeyopt", | 438 | .name = "pkeyopt", | 
| @@ -445,14 +445,14 @@ static const struct option req_options[] = { | |||
| 445 | .name = "pubkey", | 445 | .name = "pubkey", | 
| 446 | .desc = "Output the public key", | 446 | .desc = "Output the public key", | 
| 447 | .type = OPTION_FLAG, | 447 | .type = OPTION_FLAG, | 
| 448 | .opt.flag = &req_config.pubkey, | 448 | .opt.flag = &cfg.pubkey, | 
| 449 | }, | 449 | }, | 
| 450 | { | 450 | { | 
| 451 | .name = "reqexts", | 451 | .name = "reqexts", | 
| 452 | .argname = "section", | 452 | .argname = "section", | 
| 453 | .desc = "Config section to use for request extensions", | 453 | .desc = "Config section to use for request extensions", | 
| 454 | .type = OPTION_ARG, | 454 | .type = OPTION_ARG, | 
| 455 | .opt.arg = &req_config.req_exts, | 455 | .opt.arg = &cfg.req_exts, | 
| 456 | }, | 456 | }, | 
| 457 | { | 457 | { | 
| 458 | .name = "reqopt", | 458 | .name = "reqopt", | 
| @@ -480,19 +480,19 @@ static const struct option req_options[] = { | |||
| 480 | .argname = "name", | 480 | .argname = "name", | 
| 481 | .desc = "Set or modify the request subject", | 481 | .desc = "Set or modify the request subject", | 
| 482 | .type = OPTION_ARG, | 482 | .type = OPTION_ARG, | 
| 483 | .opt.arg = &req_config.subj, | 483 | .opt.arg = &cfg.subj, | 
| 484 | }, | 484 | }, | 
| 485 | { | 485 | { | 
| 486 | .name = "subject", | 486 | .name = "subject", | 
| 487 | .desc = "Output the subject of the request", | 487 | .desc = "Output the subject of the request", | 
| 488 | .type = OPTION_FLAG, | 488 | .type = OPTION_FLAG, | 
| 489 | .opt.flag = &req_config.subject, | 489 | .opt.flag = &cfg.subject, | 
| 490 | }, | 490 | }, | 
| 491 | { | 491 | { | 
| 492 | .name = "text", | 492 | .name = "text", | 
| 493 | .desc = "Print request in text form", | 493 | .desc = "Print request in text form", | 
| 494 | .type = OPTION_FLAG, | 494 | .type = OPTION_FLAG, | 
| 495 | .opt.flag = &req_config.text, | 495 | .opt.flag = &cfg.text, | 
| 496 | }, | 496 | }, | 
| 497 | { | 497 | { | 
| 498 | .name = "utf8", | 498 | .name = "utf8", | 
| @@ -504,19 +504,19 @@ static const struct option req_options[] = { | |||
| 504 | .name = "verbose", | 504 | .name = "verbose", | 
| 505 | .desc = "Verbose", | 505 | .desc = "Verbose", | 
| 506 | .type = OPTION_FLAG, | 506 | .type = OPTION_FLAG, | 
| 507 | .opt.flag = &req_config.verbose, | 507 | .opt.flag = &cfg.verbose, | 
| 508 | }, | 508 | }, | 
| 509 | { | 509 | { | 
| 510 | .name = "verify", | 510 | .name = "verify", | 
| 511 | .desc = "Verify signature on request", | 511 | .desc = "Verify signature on request", | 
| 512 | .type = OPTION_FLAG, | 512 | .type = OPTION_FLAG, | 
| 513 | .opt.flag = &req_config.verify, | 513 | .opt.flag = &cfg.verify, | 
| 514 | }, | 514 | }, | 
| 515 | { | 515 | { | 
| 516 | .name = "x509", | 516 | .name = "x509", | 
| 517 | .desc = "Output an X.509 structure instead of a certificate request", | 517 | .desc = "Output an X.509 structure instead of a certificate request", | 
| 518 | .type = OPTION_FLAG, | 518 | .type = OPTION_FLAG, | 
| 519 | .opt.flag = &req_config.x509, | 519 | .opt.flag = &cfg.x509, | 
| 520 | }, | 520 | }, | 
| 521 | { | 521 | { | 
| 522 | .name = NULL, | 522 | .name = NULL, | 
| @@ -568,15 +568,15 @@ req_main(int argc, char **argv) | |||
| 568 | exit(1); | 568 | exit(1); | 
| 569 | } | 569 | } | 
| 570 | 570 | ||
| 571 | memset(&req_config, 0, sizeof(req_config)); | 571 | memset(&cfg, 0, sizeof(cfg)); | 
| 572 | 572 | ||
| 573 | req_config.chtype = MBSTRING_ASC; | 573 | cfg.chtype = MBSTRING_ASC; | 
| 574 | req_config.days = 30; | 574 | cfg.days = 30; | 
| 575 | req_config.digest = EVP_sha256(); | 575 | cfg.digest = EVP_sha256(); | 
| 576 | req_config.newkey = -1; | 576 | cfg.newkey = -1; | 
| 577 | req_config.informat = FORMAT_PEM; | 577 | cfg.informat = FORMAT_PEM; | 
| 578 | req_config.keyform = FORMAT_PEM; | 578 | cfg.keyform = FORMAT_PEM; | 
| 579 | req_config.outformat = FORMAT_PEM; | 579 | cfg.outformat = FORMAT_PEM; | 
| 580 | 580 | ||
| 581 | if (options_parse(argc, argv, req_options, NULL, NULL) != 0) { | 581 | if (options_parse(argc, argv, req_options, NULL, NULL) != 0) { | 
| 582 | req_usage(); | 582 | req_usage(); | 
| @@ -586,19 +586,19 @@ req_main(int argc, char **argv) | |||
| 586 | req_conf = NULL; | 586 | req_conf = NULL; | 
| 587 | cipher = EVP_aes_256_cbc(); | 587 | cipher = EVP_aes_256_cbc(); | 
| 588 | 588 | ||
| 589 | if (!app_passwd(bio_err, req_config.passargin, req_config.passargout, &passin, &passout)) { | 589 | if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, &passin, &passout)) { | 
| 590 | BIO_printf(bio_err, "Error getting passwords\n"); | 590 | BIO_printf(bio_err, "Error getting passwords\n"); | 
| 591 | goto end; | 591 | goto end; | 
| 592 | } | 592 | } | 
| 593 | if (req_config.template != NULL) { | 593 | if (cfg.template != NULL) { | 
| 594 | long errline = -1; | 594 | long errline = -1; | 
| 595 | 595 | ||
| 596 | if (req_config.verbose) | 596 | if (cfg.verbose) | 
| 597 | BIO_printf(bio_err, "Using configuration from %s\n", req_config.template); | 597 | BIO_printf(bio_err, "Using configuration from %s\n", cfg.template); | 
| 598 | if ((req_conf = NCONF_new(NULL)) == NULL) | 598 | if ((req_conf = NCONF_new(NULL)) == NULL) | 
| 599 | goto end; | 599 | goto end; | 
| 600 | if(!NCONF_load(req_conf, req_config.template, &errline)) { | 600 | if(!NCONF_load(req_conf, cfg.template, &errline)) { | 
| 601 | BIO_printf(bio_err, "error on line %ld of %s\n", errline, req_config.template); | 601 | BIO_printf(bio_err, "error on line %ld of %s\n", errline, cfg.template); | 
| 602 | goto end; | 602 | goto end; | 
| 603 | } | 603 | } | 
| 604 | } else { | 604 | } else { | 
| @@ -606,21 +606,21 @@ req_main(int argc, char **argv) | |||
| 606 | 606 | ||
| 607 | if (req_conf == NULL) { | 607 | if (req_conf == NULL) { | 
| 608 | BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file); | 608 | BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file); | 
| 609 | if (req_config.newreq) | 609 | if (cfg.newreq) | 
| 610 | goto end; | 610 | goto end; | 
| 611 | } else if (req_config.verbose) | 611 | } else if (cfg.verbose) | 
| 612 | BIO_printf(bio_err, "Using configuration from %s\n", | 612 | BIO_printf(bio_err, "Using configuration from %s\n", | 
| 613 | default_config_file); | 613 | default_config_file); | 
| 614 | } | 614 | } | 
| 615 | 615 | ||
| 616 | if (req_config.addext_bio != NULL) { | 616 | if (cfg.addext_bio != NULL) { | 
| 617 | long errline = -1; | 617 | long errline = -1; | 
| 618 | if (req_config.verbose) | 618 | if (cfg.verbose) | 
| 619 | BIO_printf(bio_err, | 619 | BIO_printf(bio_err, | 
| 620 | "Using additional configuration from command line\n"); | 620 | "Using additional configuration from command line\n"); | 
| 621 | if ((addext_conf = NCONF_new(NULL)) == NULL) | 621 | if ((addext_conf = NCONF_new(NULL)) == NULL) | 
| 622 | goto end; | 622 | goto end; | 
| 623 | if (!NCONF_load_bio(addext_conf, req_config.addext_bio, &errline)) { | 623 | if (!NCONF_load_bio(addext_conf, cfg.addext_bio, &errline)) { | 
| 624 | BIO_printf(bio_err, | 624 | BIO_printf(bio_err, | 
| 625 | "req: Error on line %ld of config input\n", | 625 | "req: Error on line %ld of config input\n", | 
| 626 | errline); | 626 | errline); | 
| @@ -658,22 +658,22 @@ req_main(int argc, char **argv) | |||
| 658 | ERR_clear_error(); | 658 | ERR_clear_error(); | 
| 659 | if (p != NULL) { | 659 | if (p != NULL) { | 
| 660 | if ((md_alg = EVP_get_digestbyname(p)) != NULL) | 660 | if ((md_alg = EVP_get_digestbyname(p)) != NULL) | 
| 661 | req_config.digest = md_alg; | 661 | cfg.digest = md_alg; | 
| 662 | } | 662 | } | 
| 663 | } | 663 | } | 
| 664 | if (!req_config.extensions) { | 664 | if (!cfg.extensions) { | 
| 665 | req_config.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); | 665 | cfg.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); | 
| 666 | if (!req_config.extensions) | 666 | if (!cfg.extensions) | 
| 667 | ERR_clear_error(); | 667 | ERR_clear_error(); | 
| 668 | } | 668 | } | 
| 669 | if (req_config.extensions) { | 669 | if (cfg.extensions) { | 
| 670 | /* Check syntax of file */ | 670 | /* Check syntax of file */ | 
| 671 | X509V3_CTX ctx; | 671 | X509V3_CTX ctx; | 
| 672 | X509V3_set_ctx_test(&ctx); | 672 | X509V3_set_ctx_test(&ctx); | 
| 673 | X509V3_set_nconf(&ctx, req_conf); | 673 | X509V3_set_nconf(&ctx, req_conf); | 
| 674 | if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.extensions, NULL)) { | 674 | if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.extensions, NULL)) { | 
| 675 | BIO_printf(bio_err, | 675 | BIO_printf(bio_err, | 
| 676 | "Error Loading extension section %s\n", req_config.extensions); | 676 | "Error Loading extension section %s\n", cfg.extensions); | 
| 677 | goto end; | 677 | goto end; | 
| 678 | } | 678 | } | 
| 679 | } | 679 | } | 
| @@ -706,27 +706,27 @@ req_main(int argc, char **argv) | |||
| 706 | BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); | 706 | BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); | 
| 707 | goto end; | 707 | goto end; | 
| 708 | } | 708 | } | 
| 709 | if (req_config.chtype != MBSTRING_UTF8) { | 709 | if (cfg.chtype != MBSTRING_UTF8) { | 
| 710 | p = NCONF_get_string(req_conf, SECTION, UTF8_IN); | 710 | p = NCONF_get_string(req_conf, SECTION, UTF8_IN); | 
| 711 | if (!p) | 711 | if (!p) | 
| 712 | ERR_clear_error(); | 712 | ERR_clear_error(); | 
| 713 | else if (!strcmp(p, "yes")) | 713 | else if (!strcmp(p, "yes")) | 
| 714 | req_config.chtype = MBSTRING_UTF8; | 714 | cfg.chtype = MBSTRING_UTF8; | 
| 715 | } | 715 | } | 
| 716 | if (!req_config.req_exts) { | 716 | if (!cfg.req_exts) { | 
| 717 | req_config.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); | 717 | cfg.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); | 
| 718 | if (!req_config.req_exts) | 718 | if (!cfg.req_exts) | 
| 719 | ERR_clear_error(); | 719 | ERR_clear_error(); | 
| 720 | } | 720 | } | 
| 721 | if (req_config.req_exts) { | 721 | if (cfg.req_exts) { | 
| 722 | /* Check syntax of file */ | 722 | /* Check syntax of file */ | 
| 723 | X509V3_CTX ctx; | 723 | X509V3_CTX ctx; | 
| 724 | X509V3_set_ctx_test(&ctx); | 724 | X509V3_set_ctx_test(&ctx); | 
| 725 | X509V3_set_nconf(&ctx, req_conf); | 725 | X509V3_set_nconf(&ctx, req_conf); | 
| 726 | if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.req_exts, NULL)) { | 726 | if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.req_exts, NULL)) { | 
| 727 | BIO_printf(bio_err, | 727 | BIO_printf(bio_err, | 
| 728 | "Error Loading request extension section %s\n", | 728 | "Error Loading request extension section %s\n", | 
| 729 | req_config.req_exts); | 729 | cfg.req_exts); | 
| 730 | goto end; | 730 | goto end; | 
| 731 | } | 731 | } | 
| 732 | } | 732 | } | 
| @@ -735,8 +735,8 @@ req_main(int argc, char **argv) | |||
| 735 | if ((in == NULL) || (out == NULL)) | 735 | if ((in == NULL) || (out == NULL)) | 
| 736 | goto end; | 736 | goto end; | 
| 737 | 737 | ||
| 738 | if (req_config.keyfile != NULL) { | 738 | if (cfg.keyfile != NULL) { | 
| 739 | pkey = load_key(bio_err, req_config.keyfile, req_config.keyform, 0, passin, | 739 | pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0, passin, | 
| 740 | "Private Key"); | 740 | "Private Key"); | 
| 741 | if (!pkey) { | 741 | if (!pkey) { | 
| 742 | /* | 742 | /* | 
| @@ -746,31 +746,31 @@ req_main(int argc, char **argv) | |||
| 746 | goto end; | 746 | goto end; | 
| 747 | } | 747 | } | 
| 748 | } | 748 | } | 
| 749 | if (req_config.newreq && (pkey == NULL)) { | 749 | if (cfg.newreq && (pkey == NULL)) { | 
| 750 | if (!NCONF_get_number(req_conf, SECTION, BITS, &req_config.newkey)) { | 750 | if (!NCONF_get_number(req_conf, SECTION, BITS, &cfg.newkey)) { | 
| 751 | req_config.newkey = DEFAULT_KEY_LENGTH; | 751 | cfg.newkey = DEFAULT_KEY_LENGTH; | 
| 752 | } | 752 | } | 
| 753 | if (req_config.keyalg) { | 753 | if (cfg.keyalg) { | 
| 754 | genctx = set_keygen_ctx(bio_err, req_config.keyalg, &pkey_type, &req_config.newkey, | 754 | genctx = set_keygen_ctx(bio_err, cfg.keyalg, &pkey_type, &cfg.newkey, | 
| 755 | &keyalgstr); | 755 | &keyalgstr); | 
| 756 | if (!genctx) | 756 | if (!genctx) | 
| 757 | goto end; | 757 | goto end; | 
| 758 | } | 758 | } | 
| 759 | if (req_config.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { | 759 | if (cfg.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { | 
| 760 | BIO_printf(bio_err, "private key length is too short,\n"); | 760 | BIO_printf(bio_err, "private key length is too short,\n"); | 
| 761 | BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, req_config.newkey); | 761 | BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, cfg.newkey); | 
| 762 | goto end; | 762 | goto end; | 
| 763 | } | 763 | } | 
| 764 | if (!genctx) { | 764 | if (!genctx) { | 
| 765 | genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &req_config.newkey, | 765 | genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &cfg.newkey, | 
| 766 | &keyalgstr); | 766 | &keyalgstr); | 
| 767 | if (!genctx) | 767 | if (!genctx) | 
| 768 | goto end; | 768 | goto end; | 
| 769 | } | 769 | } | 
| 770 | if (req_config.pkeyopts) { | 770 | if (cfg.pkeyopts) { | 
| 771 | char *genopt; | 771 | char *genopt; | 
| 772 | for (i = 0; i < sk_OPENSSL_STRING_num(req_config.pkeyopts); i++) { | 772 | for (i = 0; i < sk_OPENSSL_STRING_num(cfg.pkeyopts); i++) { | 
| 773 | genopt = sk_OPENSSL_STRING_value(req_config.pkeyopts, i); | 773 | genopt = sk_OPENSSL_STRING_value(cfg.pkeyopts, i); | 
| 774 | if (pkey_ctrl_string(genctx, genopt) <= 0) { | 774 | if (pkey_ctrl_string(genctx, genopt) <= 0) { | 
| 775 | BIO_printf(bio_err, | 775 | BIO_printf(bio_err, | 
| 776 | "parameter error \"%s\"\n", | 776 | "parameter error \"%s\"\n", | 
| @@ -781,7 +781,7 @@ req_main(int argc, char **argv) | |||
| 781 | } | 781 | } | 
| 782 | } | 782 | } | 
| 783 | BIO_printf(bio_err, "Generating a %ld bit %s private key\n", | 783 | BIO_printf(bio_err, "Generating a %ld bit %s private key\n", | 
| 784 | req_config.newkey, keyalgstr); | 784 | cfg.newkey, keyalgstr); | 
| 785 | 785 | ||
| 786 | EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); | 786 | EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); | 
| 787 | EVP_PKEY_CTX_set_app_data(genctx, bio_err); | 787 | EVP_PKEY_CTX_set_app_data(genctx, bio_err); | 
| @@ -793,18 +793,18 @@ req_main(int argc, char **argv) | |||
| 793 | EVP_PKEY_CTX_free(genctx); | 793 | EVP_PKEY_CTX_free(genctx); | 
| 794 | genctx = NULL; | 794 | genctx = NULL; | 
| 795 | 795 | ||
| 796 | if (req_config.keyout == NULL) { | 796 | if (cfg.keyout == NULL) { | 
| 797 | req_config.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); | 797 | cfg.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); | 
| 798 | if (req_config.keyout == NULL) | 798 | if (cfg.keyout == NULL) | 
| 799 | ERR_clear_error(); | 799 | ERR_clear_error(); | 
| 800 | } | 800 | } | 
| 801 | if (req_config.keyout == NULL) { | 801 | if (cfg.keyout == NULL) { | 
| 802 | BIO_printf(bio_err, "writing new private key to stdout\n"); | 802 | BIO_printf(bio_err, "writing new private key to stdout\n"); | 
| 803 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 803 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 804 | } else { | 804 | } else { | 
| 805 | BIO_printf(bio_err, "writing new private key to '%s'\n", req_config.keyout); | 805 | BIO_printf(bio_err, "writing new private key to '%s'\n", cfg.keyout); | 
| 806 | if (BIO_write_filename(out, req_config.keyout) <= 0) { | 806 | if (BIO_write_filename(out, cfg.keyout) <= 0) { | 
| 807 | perror(req_config.keyout); | 807 | perror(cfg.keyout); | 
| 808 | goto end; | 808 | goto end; | 
| 809 | } | 809 | } | 
| 810 | } | 810 | } | 
| @@ -818,7 +818,7 @@ req_main(int argc, char **argv) | |||
| 818 | } | 818 | } | 
| 819 | if ((p != NULL) && (strcmp(p, "no") == 0)) | 819 | if ((p != NULL) && (strcmp(p, "no") == 0)) | 
| 820 | cipher = NULL; | 820 | cipher = NULL; | 
| 821 | if (req_config.nodes) | 821 | if (cfg.nodes) | 
| 822 | cipher = NULL; | 822 | cipher = NULL; | 
| 823 | 823 | ||
| 824 | i = 0; | 824 | i = 0; | 
| @@ -835,19 +835,19 @@ req_main(int argc, char **argv) | |||
| 835 | } | 835 | } | 
| 836 | BIO_printf(bio_err, "-----\n"); | 836 | BIO_printf(bio_err, "-----\n"); | 
| 837 | } | 837 | } | 
| 838 | if (!req_config.newreq) { | 838 | if (!cfg.newreq) { | 
| 839 | if (req_config.infile == NULL) | 839 | if (cfg.infile == NULL) | 
| 840 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 840 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 
| 841 | else { | 841 | else { | 
| 842 | if (BIO_read_filename(in, req_config.infile) <= 0) { | 842 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 843 | perror(req_config.infile); | 843 | perror(cfg.infile); | 
| 844 | goto end; | 844 | goto end; | 
| 845 | } | 845 | } | 
| 846 | } | 846 | } | 
| 847 | 847 | ||
| 848 | if (req_config.informat == FORMAT_ASN1) | 848 | if (cfg.informat == FORMAT_ASN1) | 
| 849 | req = d2i_X509_REQ_bio(in, NULL); | 849 | req = d2i_X509_REQ_bio(in, NULL); | 
| 850 | else if (req_config.informat == FORMAT_PEM) | 850 | else if (cfg.informat == FORMAT_PEM) | 
| 851 | req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); | 851 | req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); | 
| 852 | else { | 852 | else { | 
| 853 | BIO_printf(bio_err, "bad input format specified for X509 request\n"); | 853 | BIO_printf(bio_err, "bad input format specified for X509 request\n"); | 
| @@ -858,7 +858,7 @@ req_main(int argc, char **argv) | |||
| 858 | goto end; | 858 | goto end; | 
| 859 | } | 859 | } | 
| 860 | } | 860 | } | 
| 861 | if (req_config.newreq || req_config.x509) { | 861 | if (cfg.newreq || cfg.x509) { | 
| 862 | if (pkey == NULL) { | 862 | if (pkey == NULL) { | 
| 863 | BIO_printf(bio_err, "you need to specify a private key\n"); | 863 | BIO_printf(bio_err, "you need to specify a private key\n"); | 
| 864 | goto end; | 864 | goto end; | 
| @@ -868,14 +868,14 @@ req_main(int argc, char **argv) | |||
| 868 | if (req == NULL) { | 868 | if (req == NULL) { | 
| 869 | goto end; | 869 | goto end; | 
| 870 | } | 870 | } | 
| 871 | i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype); | 871 | i = make_REQ(req, pkey, cfg.subj, cfg.multirdn, !cfg.x509, cfg.chtype); | 
| 872 | req_config.subj = NULL; /* done processing '-subj' option */ | 872 | cfg.subj = NULL; /* done processing '-subj' option */ | 
| 873 | if (!i) { | 873 | if (!i) { | 
| 874 | BIO_printf(bio_err, "problems making Certificate Request\n"); | 874 | BIO_printf(bio_err, "problems making Certificate Request\n"); | 
| 875 | goto end; | 875 | goto end; | 
| 876 | } | 876 | } | 
| 877 | } | 877 | } | 
| 878 | if (req_config.x509) { | 878 | if (cfg.x509) { | 
| 879 | EVP_PKEY *tmppkey; | 879 | EVP_PKEY *tmppkey; | 
| 880 | 880 | ||
| 881 | X509V3_CTX ext_ctx; | 881 | X509V3_CTX ext_ctx; | 
| @@ -883,11 +883,11 @@ req_main(int argc, char **argv) | |||
| 883 | goto end; | 883 | goto end; | 
| 884 | 884 | ||
| 885 | /* Set version to V3 */ | 885 | /* Set version to V3 */ | 
| 886 | if ((req_config.extensions != NULL || addext_conf != NULL) && | 886 | if ((cfg.extensions != NULL || addext_conf != NULL) && | 
| 887 | !X509_set_version(x509ss, 2)) | 887 | !X509_set_version(x509ss, 2)) | 
| 888 | goto end; | 888 | goto end; | 
| 889 | if (req_config.serial) { | 889 | if (cfg.serial) { | 
| 890 | if (!X509_set_serialNumber(x509ss, req_config.serial)) | 890 | if (!X509_set_serialNumber(x509ss, cfg.serial)) | 
| 891 | goto end; | 891 | goto end; | 
| 892 | } else { | 892 | } else { | 
| 893 | if (!rand_serial(NULL, | 893 | if (!rand_serial(NULL, | 
| @@ -899,7 +899,7 @@ req_main(int argc, char **argv) | |||
| 899 | goto end; | 899 | goto end; | 
| 900 | if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0)) | 900 | if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0)) | 
| 901 | goto end; | 901 | goto end; | 
| 902 | if (!X509_time_adj_ex(X509_get_notAfter(x509ss), req_config.days, 0, NULL)) | 902 | if (!X509_time_adj_ex(X509_get_notAfter(x509ss), cfg.days, 0, NULL)) | 
| 903 | goto end; | 903 | goto end; | 
| 904 | if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) | 904 | if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) | 
| 905 | goto end; | 905 | goto end; | 
| @@ -914,11 +914,11 @@ req_main(int argc, char **argv) | |||
| 914 | X509V3_set_nconf(&ext_ctx, req_conf); | 914 | X509V3_set_nconf(&ext_ctx, req_conf); | 
| 915 | 915 | ||
| 916 | /* Add extensions */ | 916 | /* Add extensions */ | 
| 917 | if (req_config.extensions && !X509V3_EXT_add_nconf(req_conf, | 917 | if (cfg.extensions && !X509V3_EXT_add_nconf(req_conf, | 
| 918 | &ext_ctx, req_config.extensions, x509ss)) { | 918 | &ext_ctx, cfg.extensions, x509ss)) { | 
| 919 | BIO_printf(bio_err, | 919 | BIO_printf(bio_err, | 
| 920 | "Error Loading extension section %s\n", | 920 | "Error Loading extension section %s\n", | 
| 921 | req_config.extensions); | 921 | cfg.extensions); | 
| 922 | goto end; | 922 | goto end; | 
| 923 | } | 923 | } | 
| 924 | if (addext_conf != NULL && | 924 | if (addext_conf != NULL && | 
| @@ -928,7 +928,7 @@ req_main(int argc, char **argv) | |||
| 928 | "Error Loading command line extensions\n"); | 928 | "Error Loading command line extensions\n"); | 
| 929 | goto end; | 929 | goto end; | 
| 930 | } | 930 | } | 
| 931 | i = do_X509_sign(bio_err, x509ss, pkey, req_config.digest, req_config.sigopts); | 931 | i = do_X509_sign(bio_err, x509ss, pkey, cfg.digest, cfg.sigopts); | 
| 932 | if (!i) { | 932 | if (!i) { | 
| 933 | ERR_print_errors(bio_err); | 933 | ERR_print_errors(bio_err); | 
| 934 | goto end; | 934 | goto end; | 
| @@ -942,11 +942,11 @@ req_main(int argc, char **argv) | |||
| 942 | X509V3_set_nconf(&ext_ctx, req_conf); | 942 | X509V3_set_nconf(&ext_ctx, req_conf); | 
| 943 | 943 | ||
| 944 | /* Add extensions */ | 944 | /* Add extensions */ | 
| 945 | if (req_config.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, | 945 | if (cfg.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, | 
| 946 | &ext_ctx, req_config.req_exts, req)) { | 946 | &ext_ctx, cfg.req_exts, req)) { | 
| 947 | BIO_printf(bio_err, | 947 | BIO_printf(bio_err, | 
| 948 | "Error Loading extension section %s\n", | 948 | "Error Loading extension section %s\n", | 
| 949 | req_config.req_exts); | 949 | cfg.req_exts); | 
| 950 | goto end; | 950 | goto end; | 
| 951 | } | 951 | } | 
| 952 | if (addext_conf != NULL && | 952 | if (addext_conf != NULL && | 
| @@ -956,33 +956,33 @@ req_main(int argc, char **argv) | |||
| 956 | "Error Loading command line extensions\n"); | 956 | "Error Loading command line extensions\n"); | 
| 957 | goto end; | 957 | goto end; | 
| 958 | } | 958 | } | 
| 959 | i = do_X509_REQ_sign(bio_err, req, pkey, req_config.digest, req_config.sigopts); | 959 | i = do_X509_REQ_sign(bio_err, req, pkey, cfg.digest, cfg.sigopts); | 
| 960 | if (!i) { | 960 | if (!i) { | 
| 961 | ERR_print_errors(bio_err); | 961 | ERR_print_errors(bio_err); | 
| 962 | goto end; | 962 | goto end; | 
| 963 | } | 963 | } | 
| 964 | } | 964 | } | 
| 965 | } | 965 | } | 
| 966 | if (req_config.subj && req_config.x509) { | 966 | if (cfg.subj && cfg.x509) { | 
| 967 | BIO_printf(bio_err, "Cannot modify certificate subject\n"); | 967 | BIO_printf(bio_err, "Cannot modify certificate subject\n"); | 
| 968 | goto end; | 968 | goto end; | 
| 969 | } | 969 | } | 
| 970 | if (req_config.subj && !req_config.x509) { | 970 | if (cfg.subj && !cfg.x509) { | 
| 971 | if (req_config.verbose) { | 971 | if (cfg.verbose) { | 
| 972 | BIO_printf(bio_err, "Modifying Request's Subject\n"); | 972 | BIO_printf(bio_err, "Modifying Request's Subject\n"); | 
| 973 | print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), req_config.nmflag); | 973 | print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), cfg.nmflag); | 
| 974 | } | 974 | } | 
| 975 | if (build_subject(req, req_config.subj, req_config.chtype, req_config.multirdn) == 0) { | 975 | if (build_subject(req, cfg.subj, cfg.chtype, cfg.multirdn) == 0) { | 
| 976 | BIO_printf(bio_err, "ERROR: cannot modify subject\n"); | 976 | BIO_printf(bio_err, "ERROR: cannot modify subject\n"); | 
| 977 | ex = 1; | 977 | ex = 1; | 
| 978 | goto end; | 978 | goto end; | 
| 979 | } | 979 | } | 
| 980 | 980 | ||
| 981 | if (req_config.verbose) { | 981 | if (cfg.verbose) { | 
| 982 | print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), req_config.nmflag); | 982 | print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), cfg.nmflag); | 
| 983 | } | 983 | } | 
| 984 | } | 984 | } | 
| 985 | if (req_config.verify && !req_config.x509) { | 985 | if (cfg.verify && !cfg.x509) { | 
| 986 | EVP_PKEY *pubkey = pkey; | 986 | EVP_PKEY *pubkey = pkey; | 
| 987 | 987 | ||
| 988 | if (pubkey == NULL) | 988 | if (pubkey == NULL) | 
| @@ -998,24 +998,24 @@ req_main(int argc, char **argv) | |||
| 998 | } else /* if (i > 0) */ | 998 | } else /* if (i > 0) */ | 
| 999 | BIO_printf(bio_err, "verify OK\n"); | 999 | BIO_printf(bio_err, "verify OK\n"); | 
| 1000 | } | 1000 | } | 
| 1001 | if (req_config.noout && !req_config.text && !req_config.modulus && !req_config.subject && !req_config.pubkey) { | 1001 | if (cfg.noout && !cfg.text && !cfg.modulus && !cfg.subject && !cfg.pubkey) { | 
| 1002 | ex = 0; | 1002 | ex = 0; | 
| 1003 | goto end; | 1003 | goto end; | 
| 1004 | } | 1004 | } | 
| 1005 | if (req_config.outfile == NULL) { | 1005 | if (cfg.outfile == NULL) { | 
| 1006 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 1006 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 1007 | } else { | 1007 | } else { | 
| 1008 | if ((req_config.keyout != NULL) && (strcmp(req_config.outfile, req_config.keyout) == 0)) | 1008 | if ((cfg.keyout != NULL) && (strcmp(cfg.outfile, cfg.keyout) == 0)) | 
| 1009 | i = (int) BIO_append_filename(out, req_config.outfile); | 1009 | i = (int) BIO_append_filename(out, cfg.outfile); | 
| 1010 | else | 1010 | else | 
| 1011 | i = (int) BIO_write_filename(out, req_config.outfile); | 1011 | i = (int) BIO_write_filename(out, cfg.outfile); | 
| 1012 | if (!i) { | 1012 | if (!i) { | 
| 1013 | perror(req_config.outfile); | 1013 | perror(cfg.outfile); | 
| 1014 | goto end; | 1014 | goto end; | 
| 1015 | } | 1015 | } | 
| 1016 | } | 1016 | } | 
| 1017 | 1017 | ||
| 1018 | if (req_config.pubkey) { | 1018 | if (cfg.pubkey) { | 
| 1019 | EVP_PKEY *tpubkey; | 1019 | EVP_PKEY *tpubkey; | 
| 1020 | 1020 | ||
| 1021 | if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) { | 1021 | if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) { | 
| @@ -1025,22 +1025,22 @@ req_main(int argc, char **argv) | |||
| 1025 | } | 1025 | } | 
| 1026 | PEM_write_bio_PUBKEY(out, tpubkey); | 1026 | PEM_write_bio_PUBKEY(out, tpubkey); | 
| 1027 | } | 1027 | } | 
| 1028 | if (req_config.text) { | 1028 | if (cfg.text) { | 
| 1029 | if (req_config.x509) | 1029 | if (cfg.x509) | 
| 1030 | X509_print_ex(out, x509ss, req_config.nmflag, req_config.reqflag); | 1030 | X509_print_ex(out, x509ss, cfg.nmflag, cfg.reqflag); | 
| 1031 | else | 1031 | else | 
| 1032 | X509_REQ_print_ex(out, req, req_config.nmflag, req_config.reqflag); | 1032 | X509_REQ_print_ex(out, req, cfg.nmflag, cfg.reqflag); | 
| 1033 | } | 1033 | } | 
| 1034 | if (req_config.subject) { | 1034 | if (cfg.subject) { | 
| 1035 | if (req_config.x509) | 1035 | if (cfg.x509) | 
| 1036 | print_name(out, "subject=", X509_get_subject_name(x509ss), req_config.nmflag); | 1036 | print_name(out, "subject=", X509_get_subject_name(x509ss), cfg.nmflag); | 
| 1037 | else | 1037 | else | 
| 1038 | print_name(out, "subject=", X509_REQ_get_subject_name(req), req_config.nmflag); | 1038 | print_name(out, "subject=", X509_REQ_get_subject_name(req), cfg.nmflag); | 
| 1039 | } | 1039 | } | 
| 1040 | if (req_config.modulus) { | 1040 | if (cfg.modulus) { | 
| 1041 | EVP_PKEY *tpubkey; | 1041 | EVP_PKEY *tpubkey; | 
| 1042 | 1042 | ||
| 1043 | if (req_config.x509) | 1043 | if (cfg.x509) | 
| 1044 | tpubkey = X509_get0_pubkey(x509ss); | 1044 | tpubkey = X509_get0_pubkey(x509ss); | 
| 1045 | else | 1045 | else | 
| 1046 | tpubkey = X509_REQ_get0_pubkey(req); | 1046 | tpubkey = X509_REQ_get0_pubkey(req); | 
| @@ -1059,11 +1059,11 @@ req_main(int argc, char **argv) | |||
| 1059 | fprintf(stdout, "Wrong Algorithm type"); | 1059 | fprintf(stdout, "Wrong Algorithm type"); | 
| 1060 | fprintf(stdout, "\n"); | 1060 | fprintf(stdout, "\n"); | 
| 1061 | } | 1061 | } | 
| 1062 | if (!req_config.noout && !req_config.x509) { | 1062 | if (!cfg.noout && !cfg.x509) { | 
| 1063 | if (req_config.outformat == FORMAT_ASN1) | 1063 | if (cfg.outformat == FORMAT_ASN1) | 
| 1064 | i = i2d_X509_REQ_bio(out, req); | 1064 | i = i2d_X509_REQ_bio(out, req); | 
| 1065 | else if (req_config.outformat == FORMAT_PEM) { | 1065 | else if (cfg.outformat == FORMAT_PEM) { | 
| 1066 | if (req_config.newhdr) | 1066 | if (cfg.newhdr) | 
| 1067 | i = PEM_write_bio_X509_REQ_NEW(out, req); | 1067 | i = PEM_write_bio_X509_REQ_NEW(out, req); | 
| 1068 | else | 1068 | else | 
| 1069 | i = PEM_write_bio_X509_REQ(out, req); | 1069 | i = PEM_write_bio_X509_REQ(out, req); | 
| @@ -1076,10 +1076,10 @@ req_main(int argc, char **argv) | |||
| 1076 | goto end; | 1076 | goto end; | 
| 1077 | } | 1077 | } | 
| 1078 | } | 1078 | } | 
| 1079 | if (!req_config.noout && req_config.x509 && (x509ss != NULL)) { | 1079 | if (!cfg.noout && cfg.x509 && (x509ss != NULL)) { | 
| 1080 | if (req_config.outformat == FORMAT_ASN1) | 1080 | if (cfg.outformat == FORMAT_ASN1) | 
| 1081 | i = i2d_X509_bio(out, x509ss); | 1081 | i = i2d_X509_bio(out, x509ss); | 
| 1082 | else if (req_config.outformat == FORMAT_PEM) | 1082 | else if (cfg.outformat == FORMAT_PEM) | 
| 1083 | i = PEM_write_bio_X509(out, x509ss); | 1083 | i = PEM_write_bio_X509(out, x509ss); | 
| 1084 | else { | 1084 | else { | 
| 1085 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 1085 | BIO_printf(bio_err, "bad output format specified for outfile\n"); | 
| @@ -1098,25 +1098,25 @@ req_main(int argc, char **argv) | |||
| 1098 | if ((req_conf != NULL) && (req_conf != config)) | 1098 | if ((req_conf != NULL) && (req_conf != config)) | 
| 1099 | NCONF_free(req_conf); | 1099 | NCONF_free(req_conf); | 
| 1100 | NCONF_free(addext_conf); | 1100 | NCONF_free(addext_conf); | 
| 1101 | BIO_free(req_config.addext_bio); | 1101 | BIO_free(cfg.addext_bio); | 
| 1102 | BIO_free(in); | 1102 | BIO_free(in); | 
| 1103 | BIO_free_all(out); | 1103 | BIO_free_all(out); | 
| 1104 | EVP_PKEY_free(pkey); | 1104 | EVP_PKEY_free(pkey); | 
| 1105 | if (genctx) | 1105 | if (genctx) | 
| 1106 | EVP_PKEY_CTX_free(genctx); | 1106 | EVP_PKEY_CTX_free(genctx); | 
| 1107 | if (req_config.pkeyopts) | 1107 | if (cfg.pkeyopts) | 
| 1108 | sk_OPENSSL_STRING_free(req_config.pkeyopts); | 1108 | sk_OPENSSL_STRING_free(cfg.pkeyopts); | 
| 1109 | if (req_config.sigopts) | 1109 | if (cfg.sigopts) | 
| 1110 | sk_OPENSSL_STRING_free(req_config.sigopts); | 1110 | sk_OPENSSL_STRING_free(cfg.sigopts); | 
| 1111 | lh_OPENSSL_STRING_doall(req_config.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup); | 1111 | lh_OPENSSL_STRING_doall(cfg.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup); | 
| 1112 | lh_OPENSSL_STRING_free(req_config.addexts); | 1112 | lh_OPENSSL_STRING_free(cfg.addexts); | 
| 1113 | free(keyalgstr); | 1113 | free(keyalgstr); | 
| 1114 | X509_REQ_free(req); | 1114 | X509_REQ_free(req); | 
| 1115 | X509_free(x509ss); | 1115 | X509_free(x509ss); | 
| 1116 | ASN1_INTEGER_free(req_config.serial); | 1116 | ASN1_INTEGER_free(cfg.serial); | 
| 1117 | if (req_config.passargin && passin) | 1117 | if (cfg.passargin && passin) | 
| 1118 | free(passin); | 1118 | free(passin); | 
| 1119 | if (req_config.passargout && passout) | 1119 | if (cfg.passargout && passout) | 
| 1120 | free(passout); | 1120 | free(passout); | 
| 1121 | OBJ_cleanup(); | 1121 | OBJ_cleanup(); | 
| 1122 | 1122 | ||
| @@ -1222,7 +1222,7 @@ prompt_info(X509_REQ * req, | |||
| 1222 | X509_NAME *subj; | 1222 | X509_NAME *subj; | 
| 1223 | subj = X509_REQ_get_subject_name(req); | 1223 | subj = X509_REQ_get_subject_name(req); | 
| 1224 | 1224 | ||
| 1225 | if (!req_config.batch) { | 1225 | if (!cfg.batch) { | 
| 1226 | BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n"); | 1226 | BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n"); | 
| 1227 | BIO_printf(bio_err, "into your certificate request.\n"); | 1227 | BIO_printf(bio_err, "into your certificate request.\n"); | 
| 1228 | BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n"); | 1228 | BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n"); | 
| @@ -1316,7 +1316,7 @@ prompt_info(X509_REQ * req, | |||
| 1316 | } | 1316 | } | 
| 1317 | if (attribs) { | 1317 | if (attribs) { | 
| 1318 | if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && | 1318 | if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && | 
| 1319 | (!req_config.batch)) { | 1319 | (!cfg.batch)) { | 
| 1320 | BIO_printf(bio_err, | 1320 | BIO_printf(bio_err, | 
| 1321 | "\nPlease enter the following 'extra' attributes\n"); | 1321 | "\nPlease enter the following 'extra' attributes\n"); | 
| 1322 | BIO_printf(bio_err, | 1322 | BIO_printf(bio_err, | 
| @@ -1452,7 +1452,7 @@ add_DN_object(X509_NAME * n, char *text, const char *def, char *value, | |||
| 1452 | int i, ret = 0; | 1452 | int i, ret = 0; | 
| 1453 | char buf[1024]; | 1453 | char buf[1024]; | 
| 1454 | start: | 1454 | start: | 
| 1455 | if (!req_config.batch) | 1455 | if (!cfg.batch) | 
| 1456 | BIO_printf(bio_err, "%s [%s]:", text, def); | 1456 | BIO_printf(bio_err, "%s [%s]:", text, def); | 
| 1457 | (void) BIO_flush(bio_err); | 1457 | (void) BIO_flush(bio_err); | 
| 1458 | if (value != NULL) { | 1458 | if (value != NULL) { | 
| @@ -1461,7 +1461,7 @@ add_DN_object(X509_NAME * n, char *text, const char *def, char *value, | |||
| 1461 | BIO_printf(bio_err, "%s\n", value); | 1461 | BIO_printf(bio_err, "%s\n", value); | 
| 1462 | } else { | 1462 | } else { | 
| 1463 | buf[0] = '\0'; | 1463 | buf[0] = '\0'; | 
| 1464 | if (!req_config.batch) { | 1464 | if (!cfg.batch) { | 
| 1465 | if (!fgets(buf, sizeof buf, stdin)) | 1465 | if (!fgets(buf, sizeof buf, stdin)) | 
| 1466 | return 0; | 1466 | return 0; | 
| 1467 | } else { | 1467 | } else { | 
| @@ -1505,7 +1505,7 @@ add_attribute_object(X509_REQ * req, char *text, const char *def, | |||
| 1505 | static char buf[1024]; | 1505 | static char buf[1024]; | 
| 1506 | 1506 | ||
| 1507 | start: | 1507 | start: | 
| 1508 | if (!req_config.batch) | 1508 | if (!cfg.batch) | 
| 1509 | BIO_printf(bio_err, "%s [%s]:", text, def); | 1509 | BIO_printf(bio_err, "%s [%s]:", text, def); | 
| 1510 | (void) BIO_flush(bio_err); | 1510 | (void) BIO_flush(bio_err); | 
| 1511 | if (value != NULL) { | 1511 | if (value != NULL) { | 
| @@ -1514,7 +1514,7 @@ add_attribute_object(X509_REQ * req, char *text, const char *def, | |||
| 1514 | BIO_printf(bio_err, "%s\n", value); | 1514 | BIO_printf(bio_err, "%s\n", value); | 
| 1515 | } else { | 1515 | } else { | 
| 1516 | buf[0] = '\0'; | 1516 | buf[0] = '\0'; | 
| 1517 | if (!req_config.batch) { | 1517 | if (!cfg.batch) { | 
| 1518 | if (!fgets(buf, sizeof buf, stdin)) | 1518 | if (!fgets(buf, sizeof buf, stdin)) | 
| 1519 | return 0; | 1519 | return 0; | 
| 1520 | } else { | 1520 | } else { | 
| diff --git a/src/usr.bin/openssl/rsa.c b/src/usr.bin/openssl/rsa.c index bdd263ce7c..953daaacf7 100644 --- a/src/usr.bin/openssl/rsa.c +++ b/src/usr.bin/openssl/rsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa.c,v 1.17 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: rsa.c,v 1.18 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -89,7 +89,7 @@ static struct { | |||
| 89 | int pubout; | 89 | int pubout; | 
| 90 | int pvk_encr; | 90 | int pvk_encr; | 
| 91 | int text; | 91 | int text; | 
| 92 | } rsa_config; | 92 | } cfg; | 
| 93 | 93 | ||
| 94 | static int | 94 | static int | 
| 95 | rsa_opt_cipher(int argc, char **argv, int *argsused) | 95 | rsa_opt_cipher(int argc, char **argv, int *argsused) | 
| @@ -99,7 +99,7 @@ rsa_opt_cipher(int argc, char **argv, int *argsused) | |||
| 99 | if (*name++ != '-') | 99 | if (*name++ != '-') | 
| 100 | return (1); | 100 | return (1); | 
| 101 | 101 | ||
| 102 | if ((rsa_config.enc = EVP_get_cipherbyname(name)) == NULL) { | 102 | if ((cfg.enc = EVP_get_cipherbyname(name)) == NULL) { | 
| 103 | fprintf(stderr, "Invalid cipher '%s'\n", name); | 103 | fprintf(stderr, "Invalid cipher '%s'\n", name); | 
| 104 | return (1); | 104 | return (1); | 
| 105 | } | 105 | } | 
| @@ -113,111 +113,111 @@ static const struct option rsa_options[] = { | |||
| 113 | .name = "check", | 113 | .name = "check", | 
| 114 | .desc = "Check consistency of RSA private key", | 114 | .desc = "Check consistency of RSA private key", | 
| 115 | .type = OPTION_FLAG, | 115 | .type = OPTION_FLAG, | 
| 116 | .opt.flag = &rsa_config.check, | 116 | .opt.flag = &cfg.check, | 
| 117 | }, | 117 | }, | 
| 118 | { | 118 | { | 
| 119 | .name = "in", | 119 | .name = "in", | 
| 120 | .argname = "file", | 120 | .argname = "file", | 
| 121 | .desc = "Input file (default stdin)", | 121 | .desc = "Input file (default stdin)", | 
| 122 | .type = OPTION_ARG, | 122 | .type = OPTION_ARG, | 
| 123 | .opt.arg = &rsa_config.infile, | 123 | .opt.arg = &cfg.infile, | 
| 124 | }, | 124 | }, | 
| 125 | { | 125 | { | 
| 126 | .name = "inform", | 126 | .name = "inform", | 
| 127 | .argname = "format", | 127 | .argname = "format", | 
| 128 | .desc = "Input format (DER, NET or PEM (default))", | 128 | .desc = "Input format (DER, NET or PEM (default))", | 
| 129 | .type = OPTION_ARG_FORMAT, | 129 | .type = OPTION_ARG_FORMAT, | 
| 130 | .opt.value = &rsa_config.informat, | 130 | .opt.value = &cfg.informat, | 
| 131 | }, | 131 | }, | 
| 132 | { | 132 | { | 
| 133 | .name = "modulus", | 133 | .name = "modulus", | 
| 134 | .desc = "Print the RSA key modulus", | 134 | .desc = "Print the RSA key modulus", | 
| 135 | .type = OPTION_FLAG, | 135 | .type = OPTION_FLAG, | 
| 136 | .opt.flag = &rsa_config.modulus, | 136 | .opt.flag = &cfg.modulus, | 
| 137 | }, | 137 | }, | 
| 138 | { | 138 | { | 
| 139 | .name = "noout", | 139 | .name = "noout", | 
| 140 | .desc = "Do not print encoded version of the key", | 140 | .desc = "Do not print encoded version of the key", | 
| 141 | .type = OPTION_FLAG, | 141 | .type = OPTION_FLAG, | 
| 142 | .opt.flag = &rsa_config.noout, | 142 | .opt.flag = &cfg.noout, | 
| 143 | }, | 143 | }, | 
| 144 | { | 144 | { | 
| 145 | .name = "out", | 145 | .name = "out", | 
| 146 | .argname = "file", | 146 | .argname = "file", | 
| 147 | .desc = "Output file (default stdout)", | 147 | .desc = "Output file (default stdout)", | 
| 148 | .type = OPTION_ARG, | 148 | .type = OPTION_ARG, | 
| 149 | .opt.arg = &rsa_config.outfile, | 149 | .opt.arg = &cfg.outfile, | 
| 150 | }, | 150 | }, | 
| 151 | { | 151 | { | 
| 152 | .name = "outform", | 152 | .name = "outform", | 
| 153 | .argname = "format", | 153 | .argname = "format", | 
| 154 | .desc = "Output format (DER, NET or PEM (default PEM))", | 154 | .desc = "Output format (DER, NET or PEM (default PEM))", | 
| 155 | .type = OPTION_ARG_FORMAT, | 155 | .type = OPTION_ARG_FORMAT, | 
| 156 | .opt.value = &rsa_config.outformat, | 156 | .opt.value = &cfg.outformat, | 
| 157 | }, | 157 | }, | 
| 158 | { | 158 | { | 
| 159 | .name = "passin", | 159 | .name = "passin", | 
| 160 | .argname = "src", | 160 | .argname = "src", | 
| 161 | .desc = "Input file passphrase source", | 161 | .desc = "Input file passphrase source", | 
| 162 | .type = OPTION_ARG, | 162 | .type = OPTION_ARG, | 
| 163 | .opt.arg = &rsa_config.passargin, | 163 | .opt.arg = &cfg.passargin, | 
| 164 | }, | 164 | }, | 
| 165 | { | 165 | { | 
| 166 | .name = "passout", | 166 | .name = "passout", | 
| 167 | .argname = "src", | 167 | .argname = "src", | 
| 168 | .desc = "Output file passphrase source", | 168 | .desc = "Output file passphrase source", | 
| 169 | .type = OPTION_ARG, | 169 | .type = OPTION_ARG, | 
| 170 | .opt.arg = &rsa_config.passargout, | 170 | .opt.arg = &cfg.passargout, | 
| 171 | }, | 171 | }, | 
| 172 | { | 172 | { | 
| 173 | .name = "pubin", | 173 | .name = "pubin", | 
| 174 | .desc = "Expect a public key (default private key)", | 174 | .desc = "Expect a public key (default private key)", | 
| 175 | .type = OPTION_VALUE, | 175 | .type = OPTION_VALUE, | 
| 176 | .value = 1, | 176 | .value = 1, | 
| 177 | .opt.value = &rsa_config.pubin, | 177 | .opt.value = &cfg.pubin, | 
| 178 | }, | 178 | }, | 
| 179 | { | 179 | { | 
| 180 | .name = "pubout", | 180 | .name = "pubout", | 
| 181 | .desc = "Output a public key (default private key)", | 181 | .desc = "Output a public key (default private key)", | 
| 182 | .type = OPTION_VALUE, | 182 | .type = OPTION_VALUE, | 
| 183 | .value = 1, | 183 | .value = 1, | 
| 184 | .opt.value = &rsa_config.pubout, | 184 | .opt.value = &cfg.pubout, | 
| 185 | }, | 185 | }, | 
| 186 | { | 186 | { | 
| 187 | .name = "pvk-none", | 187 | .name = "pvk-none", | 
| 188 | .type = OPTION_VALUE, | 188 | .type = OPTION_VALUE, | 
| 189 | .value = 0, | 189 | .value = 0, | 
| 190 | .opt.value = &rsa_config.pvk_encr, | 190 | .opt.value = &cfg.pvk_encr, | 
| 191 | }, | 191 | }, | 
| 192 | { | 192 | { | 
| 193 | .name = "pvk-strong", | 193 | .name = "pvk-strong", | 
| 194 | .type = OPTION_VALUE, | 194 | .type = OPTION_VALUE, | 
| 195 | .value = 2, | 195 | .value = 2, | 
| 196 | .opt.value = &rsa_config.pvk_encr, | 196 | .opt.value = &cfg.pvk_encr, | 
| 197 | }, | 197 | }, | 
| 198 | { | 198 | { | 
| 199 | .name = "pvk-weak", | 199 | .name = "pvk-weak", | 
| 200 | .type = OPTION_VALUE, | 200 | .type = OPTION_VALUE, | 
| 201 | .value = 1, | 201 | .value = 1, | 
| 202 | .opt.value = &rsa_config.pvk_encr, | 202 | .opt.value = &cfg.pvk_encr, | 
| 203 | }, | 203 | }, | 
| 204 | { | 204 | { | 
| 205 | .name = "RSAPublicKey_in", | 205 | .name = "RSAPublicKey_in", | 
| 206 | .type = OPTION_VALUE, | 206 | .type = OPTION_VALUE, | 
| 207 | .value = 2, | 207 | .value = 2, | 
| 208 | .opt.value = &rsa_config.pubin, | 208 | .opt.value = &cfg.pubin, | 
| 209 | }, | 209 | }, | 
| 210 | { | 210 | { | 
| 211 | .name = "RSAPublicKey_out", | 211 | .name = "RSAPublicKey_out", | 
| 212 | .type = OPTION_VALUE, | 212 | .type = OPTION_VALUE, | 
| 213 | .value = 2, | 213 | .value = 2, | 
| 214 | .opt.value = &rsa_config.pubout, | 214 | .opt.value = &cfg.pubout, | 
| 215 | }, | 215 | }, | 
| 216 | { | 216 | { | 
| 217 | .name = "text", | 217 | .name = "text", | 
| 218 | .desc = "Print in plain text in addition to encoded", | 218 | .desc = "Print in plain text in addition to encoded", | 
| 219 | .type = OPTION_FLAG, | 219 | .type = OPTION_FLAG, | 
| 220 | .opt.flag = &rsa_config.text, | 220 | .opt.flag = &cfg.text, | 
| 221 | }, | 221 | }, | 
| 222 | { | 222 | { | 
| 223 | .name = NULL, | 223 | .name = NULL, | 
| @@ -260,22 +260,22 @@ rsa_main(int argc, char **argv) | |||
| 260 | exit(1); | 260 | exit(1); | 
| 261 | } | 261 | } | 
| 262 | 262 | ||
| 263 | memset(&rsa_config, 0, sizeof(rsa_config)); | 263 | memset(&cfg, 0, sizeof(cfg)); | 
| 264 | rsa_config.pvk_encr = 2; | 264 | cfg.pvk_encr = 2; | 
| 265 | rsa_config.informat = FORMAT_PEM; | 265 | cfg.informat = FORMAT_PEM; | 
| 266 | rsa_config.outformat = FORMAT_PEM; | 266 | cfg.outformat = FORMAT_PEM; | 
| 267 | 267 | ||
| 268 | if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) { | 268 | if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) { | 
| 269 | rsa_usage(); | 269 | rsa_usage(); | 
| 270 | goto end; | 270 | goto end; | 
| 271 | } | 271 | } | 
| 272 | 272 | ||
| 273 | if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout, | 273 | if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, | 
| 274 | &passin, &passout)) { | 274 | &passin, &passout)) { | 
| 275 | BIO_printf(bio_err, "Error getting passwords\n"); | 275 | BIO_printf(bio_err, "Error getting passwords\n"); | 
| 276 | goto end; | 276 | goto end; | 
| 277 | } | 277 | } | 
| 278 | if (rsa_config.check && rsa_config.pubin) { | 278 | if (cfg.check && cfg.pubin) { | 
| 279 | BIO_printf(bio_err, "Only private keys can be checked\n"); | 279 | BIO_printf(bio_err, "Only private keys can be checked\n"); | 
| 280 | goto end; | 280 | goto end; | 
| 281 | } | 281 | } | 
| @@ -284,21 +284,21 @@ rsa_main(int argc, char **argv) | |||
| 284 | { | 284 | { | 
| 285 | EVP_PKEY *pkey; | 285 | EVP_PKEY *pkey; | 
| 286 | 286 | ||
| 287 | if (rsa_config.pubin) { | 287 | if (cfg.pubin) { | 
| 288 | int tmpformat = -1; | 288 | int tmpformat = -1; | 
| 289 | if (rsa_config.pubin == 2) { | 289 | if (cfg.pubin == 2) { | 
| 290 | if (rsa_config.informat == FORMAT_PEM) | 290 | if (cfg.informat == FORMAT_PEM) | 
| 291 | tmpformat = FORMAT_PEMRSA; | 291 | tmpformat = FORMAT_PEMRSA; | 
| 292 | else if (rsa_config.informat == FORMAT_ASN1) | 292 | else if (cfg.informat == FORMAT_ASN1) | 
| 293 | tmpformat = FORMAT_ASN1RSA; | 293 | tmpformat = FORMAT_ASN1RSA; | 
| 294 | } else | 294 | } else | 
| 295 | tmpformat = rsa_config.informat; | 295 | tmpformat = cfg.informat; | 
| 296 | 296 | ||
| 297 | pkey = load_pubkey(bio_err, rsa_config.infile, | 297 | pkey = load_pubkey(bio_err, cfg.infile, | 
| 298 | tmpformat, 1, passin, "Public Key"); | 298 | tmpformat, 1, passin, "Public Key"); | 
| 299 | } else | 299 | } else | 
| 300 | pkey = load_key(bio_err, rsa_config.infile, | 300 | pkey = load_key(bio_err, cfg.infile, | 
| 301 | rsa_config.informat, 1, passin, "Private Key"); | 301 | cfg.informat, 1, passin, "Private Key"); | 
| 302 | 302 | ||
| 303 | if (pkey != NULL) | 303 | if (pkey != NULL) | 
| 304 | rsa = EVP_PKEY_get1_RSA(pkey); | 304 | rsa = EVP_PKEY_get1_RSA(pkey); | 
| @@ -309,27 +309,27 @@ rsa_main(int argc, char **argv) | |||
| 309 | ERR_print_errors(bio_err); | 309 | ERR_print_errors(bio_err); | 
| 310 | goto end; | 310 | goto end; | 
| 311 | } | 311 | } | 
| 312 | if (rsa_config.outfile == NULL) { | 312 | if (cfg.outfile == NULL) { | 
| 313 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 313 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 314 | } else { | 314 | } else { | 
| 315 | if (BIO_write_filename(out, rsa_config.outfile) <= 0) { | 315 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 316 | perror(rsa_config.outfile); | 316 | perror(cfg.outfile); | 
| 317 | goto end; | 317 | goto end; | 
| 318 | } | 318 | } | 
| 319 | } | 319 | } | 
| 320 | 320 | ||
| 321 | if (rsa_config.text) | 321 | if (cfg.text) | 
| 322 | if (!RSA_print(out, rsa, 0)) { | 322 | if (!RSA_print(out, rsa, 0)) { | 
| 323 | perror(rsa_config.outfile); | 323 | perror(cfg.outfile); | 
| 324 | ERR_print_errors(bio_err); | 324 | ERR_print_errors(bio_err); | 
| 325 | goto end; | 325 | goto end; | 
| 326 | } | 326 | } | 
| 327 | if (rsa_config.modulus) { | 327 | if (cfg.modulus) { | 
| 328 | BIO_printf(out, "Modulus="); | 328 | BIO_printf(out, "Modulus="); | 
| 329 | BN_print(out, RSA_get0_n(rsa)); | 329 | BN_print(out, RSA_get0_n(rsa)); | 
| 330 | BIO_printf(out, "\n"); | 330 | BIO_printf(out, "\n"); | 
| 331 | } | 331 | } | 
| 332 | if (rsa_config.check) { | 332 | if (cfg.check) { | 
| 333 | int r = RSA_check_key(rsa); | 333 | int r = RSA_check_key(rsa); | 
| 334 | 334 | ||
| 335 | if (r == 1) | 335 | if (r == 1) | 
| @@ -353,38 +353,38 @@ rsa_main(int argc, char **argv) | |||
| 353 | goto end; | 353 | goto end; | 
| 354 | } | 354 | } | 
| 355 | } | 355 | } | 
| 356 | if (rsa_config.noout) { | 356 | if (cfg.noout) { | 
| 357 | ret = 0; | 357 | ret = 0; | 
| 358 | goto end; | 358 | goto end; | 
| 359 | } | 359 | } | 
| 360 | BIO_printf(bio_err, "writing RSA key\n"); | 360 | BIO_printf(bio_err, "writing RSA key\n"); | 
| 361 | if (rsa_config.outformat == FORMAT_ASN1) { | 361 | if (cfg.outformat == FORMAT_ASN1) { | 
| 362 | if (rsa_config.pubout || rsa_config.pubin) { | 362 | if (cfg.pubout || cfg.pubin) { | 
| 363 | if (rsa_config.pubout == 2) | 363 | if (cfg.pubout == 2) | 
| 364 | i = i2d_RSAPublicKey_bio(out, rsa); | 364 | i = i2d_RSAPublicKey_bio(out, rsa); | 
| 365 | else | 365 | else | 
| 366 | i = i2d_RSA_PUBKEY_bio(out, rsa); | 366 | i = i2d_RSA_PUBKEY_bio(out, rsa); | 
| 367 | } else | 367 | } else | 
| 368 | i = i2d_RSAPrivateKey_bio(out, rsa); | 368 | i = i2d_RSAPrivateKey_bio(out, rsa); | 
| 369 | } else if (rsa_config.outformat == FORMAT_PEM) { | 369 | } else if (cfg.outformat == FORMAT_PEM) { | 
| 370 | if (rsa_config.pubout || rsa_config.pubin) { | 370 | if (cfg.pubout || cfg.pubin) { | 
| 371 | if (rsa_config.pubout == 2) | 371 | if (cfg.pubout == 2) | 
| 372 | i = PEM_write_bio_RSAPublicKey(out, rsa); | 372 | i = PEM_write_bio_RSAPublicKey(out, rsa); | 
| 373 | else | 373 | else | 
| 374 | i = PEM_write_bio_RSA_PUBKEY(out, rsa); | 374 | i = PEM_write_bio_RSA_PUBKEY(out, rsa); | 
| 375 | } else | 375 | } else | 
| 376 | i = PEM_write_bio_RSAPrivateKey(out, rsa, | 376 | i = PEM_write_bio_RSAPrivateKey(out, rsa, | 
| 377 | rsa_config.enc, NULL, 0, NULL, passout); | 377 | cfg.enc, NULL, 0, NULL, passout); | 
| 378 | #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) | 378 | #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) | 
| 379 | } else if (rsa_config.outformat == FORMAT_MSBLOB || | 379 | } else if (cfg.outformat == FORMAT_MSBLOB || | 
| 380 | rsa_config.outformat == FORMAT_PVK) { | 380 | cfg.outformat == FORMAT_PVK) { | 
| 381 | EVP_PKEY *pk; | 381 | EVP_PKEY *pk; | 
| 382 | pk = EVP_PKEY_new(); | 382 | pk = EVP_PKEY_new(); | 
| 383 | EVP_PKEY_set1_RSA(pk, rsa); | 383 | EVP_PKEY_set1_RSA(pk, rsa); | 
| 384 | if (rsa_config.outformat == FORMAT_PVK) | 384 | if (cfg.outformat == FORMAT_PVK) | 
| 385 | i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0, | 385 | i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0, | 
| 386 | passout); | 386 | passout); | 
| 387 | else if (rsa_config.pubin || rsa_config.pubout) | 387 | else if (cfg.pubin || cfg.pubout) | 
| 388 | i = i2b_PublicKey_bio(out, pk); | 388 | i = i2b_PublicKey_bio(out, pk); | 
| 389 | else | 389 | else | 
| 390 | i = i2b_PrivateKey_bio(out, pk); | 390 | i = i2b_PrivateKey_bio(out, pk); | 
| diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c index 2916b2d9a0..9327223123 100644 --- a/src/usr.bin/openssl/rsautl.c +++ b/src/usr.bin/openssl/rsautl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsautl.c,v 1.20 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: rsautl.c,v 1.21 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 2000. | 3 | * project 2000. | 
| 4 | */ | 4 | */ | 
| @@ -87,131 +87,131 @@ static struct { | |||
| 87 | char *passargin; | 87 | char *passargin; | 
| 88 | int rev; | 88 | int rev; | 
| 89 | int rsa_mode; | 89 | int rsa_mode; | 
| 90 | } rsautl_config; | 90 | } cfg; | 
| 91 | 91 | ||
| 92 | static const struct option rsautl_options[] = { | 92 | static const struct option rsautl_options[] = { | 
| 93 | { | 93 | { | 
| 94 | .name = "asn1parse", | 94 | .name = "asn1parse", | 
| 95 | .desc = "ASN.1 parse the output data", | 95 | .desc = "ASN.1 parse the output data", | 
| 96 | .type = OPTION_FLAG, | 96 | .type = OPTION_FLAG, | 
| 97 | .opt.flag = &rsautl_config.asn1parse, | 97 | .opt.flag = &cfg.asn1parse, | 
| 98 | }, | 98 | }, | 
| 99 | { | 99 | { | 
| 100 | .name = "certin", | 100 | .name = "certin", | 
| 101 | .desc = "Input is a certificate containing an RSA public key", | 101 | .desc = "Input is a certificate containing an RSA public key", | 
| 102 | .type = OPTION_VALUE, | 102 | .type = OPTION_VALUE, | 
| 103 | .value = KEY_CERT, | 103 | .value = KEY_CERT, | 
| 104 | .opt.value = &rsautl_config.key_type, | 104 | .opt.value = &cfg.key_type, | 
| 105 | }, | 105 | }, | 
| 106 | { | 106 | { | 
| 107 | .name = "decrypt", | 107 | .name = "decrypt", | 
| 108 | .desc = "Decrypt the input data using RSA private key", | 108 | .desc = "Decrypt the input data using RSA private key", | 
| 109 | .type = OPTION_VALUE, | 109 | .type = OPTION_VALUE, | 
| 110 | .value = RSA_DECRYPT, | 110 | .value = RSA_DECRYPT, | 
| 111 | .opt.value = &rsautl_config.rsa_mode, | 111 | .opt.value = &cfg.rsa_mode, | 
| 112 | }, | 112 | }, | 
| 113 | { | 113 | { | 
| 114 | .name = "encrypt", | 114 | .name = "encrypt", | 
| 115 | .desc = "Encrypt the input data using RSA public key", | 115 | .desc = "Encrypt the input data using RSA public key", | 
| 116 | .type = OPTION_VALUE, | 116 | .type = OPTION_VALUE, | 
| 117 | .value = RSA_ENCRYPT, | 117 | .value = RSA_ENCRYPT, | 
| 118 | .opt.value = &rsautl_config.rsa_mode, | 118 | .opt.value = &cfg.rsa_mode, | 
| 119 | }, | 119 | }, | 
| 120 | { | 120 | { | 
| 121 | .name = "hexdump", | 121 | .name = "hexdump", | 
| 122 | .desc = "Hex dump the output data", | 122 | .desc = "Hex dump the output data", | 
| 123 | .type = OPTION_FLAG, | 123 | .type = OPTION_FLAG, | 
| 124 | .opt.flag = &rsautl_config.hexdump, | 124 | .opt.flag = &cfg.hexdump, | 
| 125 | }, | 125 | }, | 
| 126 | { | 126 | { | 
| 127 | .name = "in", | 127 | .name = "in", | 
| 128 | .argname = "file", | 128 | .argname = "file", | 
| 129 | .desc = "Input file (default stdin)", | 129 | .desc = "Input file (default stdin)", | 
| 130 | .type = OPTION_ARG, | 130 | .type = OPTION_ARG, | 
| 131 | .opt.arg = &rsautl_config.infile, | 131 | .opt.arg = &cfg.infile, | 
| 132 | }, | 132 | }, | 
| 133 | { | 133 | { | 
| 134 | .name = "inkey", | 134 | .name = "inkey", | 
| 135 | .argname = "file", | 135 | .argname = "file", | 
| 136 | .desc = "Input key file", | 136 | .desc = "Input key file", | 
| 137 | .type = OPTION_ARG, | 137 | .type = OPTION_ARG, | 
| 138 | .opt.arg = &rsautl_config.keyfile, | 138 | .opt.arg = &cfg.keyfile, | 
| 139 | }, | 139 | }, | 
| 140 | { | 140 | { | 
| 141 | .name = "keyform", | 141 | .name = "keyform", | 
| 142 | .argname = "fmt", | 142 | .argname = "fmt", | 
| 143 | .desc = "Input key format (DER, TXT or PEM (default))", | 143 | .desc = "Input key format (DER, TXT or PEM (default))", | 
| 144 | .type = OPTION_ARG_FORMAT, | 144 | .type = OPTION_ARG_FORMAT, | 
| 145 | .opt.value = &rsautl_config.keyform, | 145 | .opt.value = &cfg.keyform, | 
| 146 | }, | 146 | }, | 
| 147 | { | 147 | { | 
| 148 | .name = "oaep", | 148 | .name = "oaep", | 
| 149 | .desc = "Use PKCS#1 OAEP padding", | 149 | .desc = "Use PKCS#1 OAEP padding", | 
| 150 | .type = OPTION_VALUE, | 150 | .type = OPTION_VALUE, | 
| 151 | .value = RSA_PKCS1_OAEP_PADDING, | 151 | .value = RSA_PKCS1_OAEP_PADDING, | 
| 152 | .opt.value = &rsautl_config.pad, | 152 | .opt.value = &cfg.pad, | 
| 153 | }, | 153 | }, | 
| 154 | { | 154 | { | 
| 155 | .name = "out", | 155 | .name = "out", | 
| 156 | .argname = "file", | 156 | .argname = "file", | 
| 157 | .desc = "Output file (default stdout)", | 157 | .desc = "Output file (default stdout)", | 
| 158 | .type = OPTION_ARG, | 158 | .type = OPTION_ARG, | 
| 159 | .opt.arg = &rsautl_config.outfile, | 159 | .opt.arg = &cfg.outfile, | 
| 160 | }, | 160 | }, | 
| 161 | { | 161 | { | 
| 162 | .name = "passin", | 162 | .name = "passin", | 
| 163 | .argname = "arg", | 163 | .argname = "arg", | 
| 164 | .desc = "Key password source", | 164 | .desc = "Key password source", | 
| 165 | .type = OPTION_ARG, | 165 | .type = OPTION_ARG, | 
| 166 | .opt.arg = &rsautl_config.passargin, | 166 | .opt.arg = &cfg.passargin, | 
| 167 | }, | 167 | }, | 
| 168 | { | 168 | { | 
| 169 | .name = "pkcs", | 169 | .name = "pkcs", | 
| 170 | .desc = "Use PKCS#1 v1.5 padding (default)", | 170 | .desc = "Use PKCS#1 v1.5 padding (default)", | 
| 171 | .type = OPTION_VALUE, | 171 | .type = OPTION_VALUE, | 
| 172 | .value = RSA_PKCS1_PADDING, | 172 | .value = RSA_PKCS1_PADDING, | 
| 173 | .opt.value = &rsautl_config.pad, | 173 | .opt.value = &cfg.pad, | 
| 174 | }, | 174 | }, | 
| 175 | { | 175 | { | 
| 176 | .name = "pubin", | 176 | .name = "pubin", | 
| 177 | .desc = "Input is an RSA public key", | 177 | .desc = "Input is an RSA public key", | 
| 178 | .type = OPTION_VALUE, | 178 | .type = OPTION_VALUE, | 
| 179 | .value = KEY_PUBKEY, | 179 | .value = KEY_PUBKEY, | 
| 180 | .opt.value = &rsautl_config.key_type, | 180 | .opt.value = &cfg.key_type, | 
| 181 | }, | 181 | }, | 
| 182 | { | 182 | { | 
| 183 | .name = "raw", | 183 | .name = "raw", | 
| 184 | .desc = "Use no padding", | 184 | .desc = "Use no padding", | 
| 185 | .type = OPTION_VALUE, | 185 | .type = OPTION_VALUE, | 
| 186 | .value = RSA_NO_PADDING, | 186 | .value = RSA_NO_PADDING, | 
| 187 | .opt.value = &rsautl_config.pad, | 187 | .opt.value = &cfg.pad, | 
| 188 | }, | 188 | }, | 
| 189 | { | 189 | { | 
| 190 | .name = "rev", | 190 | .name = "rev", | 
| 191 | .desc = "Reverse the input data", | 191 | .desc = "Reverse the input data", | 
| 192 | .type = OPTION_FLAG, | 192 | .type = OPTION_FLAG, | 
| 193 | .opt.flag = &rsautl_config.rev, | 193 | .opt.flag = &cfg.rev, | 
| 194 | }, | 194 | }, | 
| 195 | { | 195 | { | 
| 196 | .name = "sign", | 196 | .name = "sign", | 
| 197 | .desc = "Sign the input data using RSA private key", | 197 | .desc = "Sign the input data using RSA private key", | 
| 198 | .type = OPTION_VALUE, | 198 | .type = OPTION_VALUE, | 
| 199 | .value = RSA_SIGN, | 199 | .value = RSA_SIGN, | 
| 200 | .opt.value = &rsautl_config.rsa_mode, | 200 | .opt.value = &cfg.rsa_mode, | 
| 201 | }, | 201 | }, | 
| 202 | { | 202 | { | 
| 203 | .name = "verify", | 203 | .name = "verify", | 
| 204 | .desc = "Verify the input data using RSA public key", | 204 | .desc = "Verify the input data using RSA public key", | 
| 205 | .type = OPTION_VALUE, | 205 | .type = OPTION_VALUE, | 
| 206 | .value = RSA_VERIFY, | 206 | .value = RSA_VERIFY, | 
| 207 | .opt.value = &rsautl_config.rsa_mode, | 207 | .opt.value = &cfg.rsa_mode, | 
| 208 | }, | 208 | }, | 
| 209 | { | 209 | { | 
| 210 | .name = "x931", | 210 | .name = "x931", | 
| 211 | .desc = "Use ANSI X9.31 padding", | 211 | .desc = "Use ANSI X9.31 padding", | 
| 212 | .type = OPTION_VALUE, | 212 | .type = OPTION_VALUE, | 
| 213 | .value = RSA_X931_PADDING, | 213 | .value = RSA_X931_PADDING, | 
| 214 | .opt.value = &rsautl_config.pad, | 214 | .opt.value = &cfg.pad, | 
| 215 | }, | 215 | }, | 
| 216 | 216 | ||
| 217 | {NULL}, | 217 | {NULL}, | 
| @@ -249,44 +249,44 @@ rsautl_main(int argc, char **argv) | |||
| 249 | exit(1); | 249 | exit(1); | 
| 250 | } | 250 | } | 
| 251 | 251 | ||
| 252 | memset(&rsautl_config, 0, sizeof(rsautl_config)); | 252 | memset(&cfg, 0, sizeof(cfg)); | 
| 253 | rsautl_config.keyform = FORMAT_PEM; | 253 | cfg.keyform = FORMAT_PEM; | 
| 254 | rsautl_config.key_type = KEY_PRIVKEY; | 254 | cfg.key_type = KEY_PRIVKEY; | 
| 255 | rsautl_config.pad = RSA_PKCS1_PADDING; | 255 | cfg.pad = RSA_PKCS1_PADDING; | 
| 256 | rsautl_config.rsa_mode = RSA_VERIFY; | 256 | cfg.rsa_mode = RSA_VERIFY; | 
| 257 | 257 | ||
| 258 | if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) { | 258 | if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) { | 
| 259 | rsautl_usage(); | 259 | rsautl_usage(); | 
| 260 | return (1); | 260 | return (1); | 
| 261 | } | 261 | } | 
| 262 | 262 | ||
| 263 | if (rsautl_config.rsa_mode == RSA_SIGN || | 263 | if (cfg.rsa_mode == RSA_SIGN || | 
| 264 | rsautl_config.rsa_mode == RSA_DECRYPT) | 264 | cfg.rsa_mode == RSA_DECRYPT) | 
| 265 | need_priv = 1; | 265 | need_priv = 1; | 
| 266 | 266 | ||
| 267 | if (need_priv && rsautl_config.key_type != KEY_PRIVKEY) { | 267 | if (need_priv && cfg.key_type != KEY_PRIVKEY) { | 
| 268 | BIO_printf(bio_err, "A private key is needed for this operation\n"); | 268 | BIO_printf(bio_err, "A private key is needed for this operation\n"); | 
| 269 | goto end; | 269 | goto end; | 
| 270 | } | 270 | } | 
| 271 | if (!app_passwd(bio_err, rsautl_config.passargin, NULL, &passin, NULL)) { | 271 | if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { | 
| 272 | BIO_printf(bio_err, "Error getting password\n"); | 272 | BIO_printf(bio_err, "Error getting password\n"); | 
| 273 | goto end; | 273 | goto end; | 
| 274 | } | 274 | } | 
| 275 | 275 | ||
| 276 | switch (rsautl_config.key_type) { | 276 | switch (cfg.key_type) { | 
| 277 | case KEY_PRIVKEY: | 277 | case KEY_PRIVKEY: | 
| 278 | pkey = load_key(bio_err, rsautl_config.keyfile, | 278 | pkey = load_key(bio_err, cfg.keyfile, | 
| 279 | rsautl_config.keyform, 0, passin, "Private Key"); | 279 | cfg.keyform, 0, passin, "Private Key"); | 
| 280 | break; | 280 | break; | 
| 281 | 281 | ||
| 282 | case KEY_PUBKEY: | 282 | case KEY_PUBKEY: | 
| 283 | pkey = load_pubkey(bio_err, rsautl_config.keyfile, | 283 | pkey = load_pubkey(bio_err, cfg.keyfile, | 
| 284 | rsautl_config.keyform, 0, NULL, "Public Key"); | 284 | cfg.keyform, 0, NULL, "Public Key"); | 
| 285 | break; | 285 | break; | 
| 286 | 286 | ||
| 287 | case KEY_CERT: | 287 | case KEY_CERT: | 
| 288 | x = load_cert(bio_err, rsautl_config.keyfile, | 288 | x = load_cert(bio_err, cfg.keyfile, | 
| 289 | rsautl_config.keyform, NULL, "Certificate"); | 289 | cfg.keyform, NULL, "Certificate"); | 
| 290 | if (x) { | 290 | if (x) { | 
| 291 | pkey = X509_get_pubkey(x); | 291 | pkey = X509_get_pubkey(x); | 
| 292 | X509_free(x); | 292 | X509_free(x); | 
| @@ -305,8 +305,8 @@ rsautl_main(int argc, char **argv) | |||
| 305 | ERR_print_errors(bio_err); | 305 | ERR_print_errors(bio_err); | 
| 306 | goto end; | 306 | goto end; | 
| 307 | } | 307 | } | 
| 308 | if (rsautl_config.infile) { | 308 | if (cfg.infile) { | 
| 309 | if (!(in = BIO_new_file(rsautl_config.infile, "rb"))) { | 309 | if (!(in = BIO_new_file(cfg.infile, "rb"))) { | 
| 310 | BIO_printf(bio_err, "Error Reading Input File\n"); | 310 | BIO_printf(bio_err, "Error Reading Input File\n"); | 
| 311 | ERR_print_errors(bio_err); | 311 | ERR_print_errors(bio_err); | 
| 312 | goto end; | 312 | goto end; | 
| @@ -314,8 +314,8 @@ rsautl_main(int argc, char **argv) | |||
| 314 | } else | 314 | } else | 
| 315 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 315 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 
| 316 | 316 | ||
| 317 | if (rsautl_config.outfile) { | 317 | if (cfg.outfile) { | 
| 318 | if (!(out = BIO_new_file(rsautl_config.outfile, "wb"))) { | 318 | if (!(out = BIO_new_file(cfg.outfile, "wb"))) { | 
| 319 | BIO_printf(bio_err, "Error Reading Output File\n"); | 319 | BIO_printf(bio_err, "Error Reading Output File\n"); | 
| 320 | ERR_print_errors(bio_err); | 320 | ERR_print_errors(bio_err); | 
| 321 | goto end; | 321 | goto end; | 
| @@ -343,7 +343,7 @@ rsautl_main(int argc, char **argv) | |||
| 343 | BIO_printf(bio_err, "Error reading input Data\n"); | 343 | BIO_printf(bio_err, "Error reading input Data\n"); | 
| 344 | exit(1); | 344 | exit(1); | 
| 345 | } | 345 | } | 
| 346 | if (rsautl_config.rev) { | 346 | if (cfg.rev) { | 
| 347 | int i; | 347 | int i; | 
| 348 | unsigned char ctmp; | 348 | unsigned char ctmp; | 
| 349 | for (i = 0; i < rsa_inlen / 2; i++) { | 349 | for (i = 0; i < rsa_inlen / 2; i++) { | 
| @@ -353,25 +353,25 @@ rsautl_main(int argc, char **argv) | |||
| 353 | } | 353 | } | 
| 354 | } | 354 | } | 
| 355 | 355 | ||
| 356 | switch (rsautl_config.rsa_mode) { | 356 | switch (cfg.rsa_mode) { | 
| 357 | case RSA_VERIFY: | 357 | case RSA_VERIFY: | 
| 358 | rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, | 358 | rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, | 
| 359 | rsa, rsautl_config.pad); | 359 | rsa, cfg.pad); | 
| 360 | break; | 360 | break; | 
| 361 | 361 | ||
| 362 | case RSA_SIGN: | 362 | case RSA_SIGN: | 
| 363 | rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, | 363 | rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, | 
| 364 | rsa, rsautl_config.pad); | 364 | rsa, cfg.pad); | 
| 365 | break; | 365 | break; | 
| 366 | 366 | ||
| 367 | case RSA_ENCRYPT: | 367 | case RSA_ENCRYPT: | 
| 368 | rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, | 368 | rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, | 
| 369 | rsa, rsautl_config.pad); | 369 | rsa, cfg.pad); | 
| 370 | break; | 370 | break; | 
| 371 | 371 | ||
| 372 | case RSA_DECRYPT: | 372 | case RSA_DECRYPT: | 
| 373 | rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, | 373 | rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, | 
| 374 | rsa, rsautl_config.pad); | 374 | rsa, cfg.pad); | 
| 375 | break; | 375 | break; | 
| 376 | } | 376 | } | 
| 377 | 377 | ||
| @@ -381,11 +381,11 @@ rsautl_main(int argc, char **argv) | |||
| 381 | goto end; | 381 | goto end; | 
| 382 | } | 382 | } | 
| 383 | ret = 0; | 383 | ret = 0; | 
| 384 | if (rsautl_config.asn1parse) { | 384 | if (cfg.asn1parse) { | 
| 385 | if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { | 385 | if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { | 
| 386 | ERR_print_errors(bio_err); | 386 | ERR_print_errors(bio_err); | 
| 387 | } | 387 | } | 
| 388 | } else if (rsautl_config.hexdump) | 388 | } else if (cfg.hexdump) | 
| 389 | BIO_dump(out, (char *) rsa_out, rsa_outlen); | 389 | BIO_dump(out, (char *) rsa_out, rsa_outlen); | 
| 390 | else | 390 | else | 
| 391 | BIO_write(out, rsa_out, rsa_outlen); | 391 | BIO_write(out, rsa_out, rsa_outlen); | 
| diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 41f6502325..82a8128243 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_client.c,v 1.59 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: s_client.c,v 1.60 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -246,16 +246,16 @@ static struct { | |||
| 246 | int verify; | 246 | int verify; | 
| 247 | X509_VERIFY_PARAM *vpm; | 247 | X509_VERIFY_PARAM *vpm; | 
| 248 | char *xmpphost; | 248 | char *xmpphost; | 
| 249 | } s_client_config; | 249 | } cfg; | 
| 250 | 250 | ||
| 251 | static int | 251 | static int | 
| 252 | s_client_opt_keymatexportlen(char *arg) | 252 | s_client_opt_keymatexportlen(char *arg) | 
| 253 | { | 253 | { | 
| 254 | s_client_config.keymatexportlen = strtonum(arg, 1, INT_MAX, | 254 | cfg.keymatexportlen = strtonum(arg, 1, INT_MAX, | 
| 255 | &s_client_config.errstr); | 255 | &cfg.errstr); | 
| 256 | if (s_client_config.errstr != NULL) { | 256 | if (cfg.errstr != NULL) { | 
| 257 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 257 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 
| 258 | arg, s_client_config.errstr); | 258 | arg, cfg.errstr); | 
| 259 | return (1); | 259 | return (1); | 
| 260 | } | 260 | } | 
| 261 | return (0); | 261 | return (0); | 
| @@ -265,11 +265,11 @@ s_client_opt_keymatexportlen(char *arg) | |||
| 265 | static int | 265 | static int | 
| 266 | s_client_opt_mtu(char *arg) | 266 | s_client_opt_mtu(char *arg) | 
| 267 | { | 267 | { | 
| 268 | s_client_config.socket_mtu = strtonum(arg, 0, LONG_MAX, | 268 | cfg.socket_mtu = strtonum(arg, 0, LONG_MAX, | 
| 269 | &s_client_config.errstr); | 269 | &cfg.errstr); | 
| 270 | if (s_client_config.errstr != NULL) { | 270 | if (cfg.errstr != NULL) { | 
| 271 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 271 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 
| 272 | arg, s_client_config.errstr); | 272 | arg, cfg.errstr); | 
| 273 | return (1); | 273 | return (1); | 
| 274 | } | 274 | } | 
| 275 | return (0); | 275 | return (0); | 
| @@ -282,7 +282,7 @@ s_client_opt_port(char *arg) | |||
| 282 | if (*arg == '\0') | 282 | if (*arg == '\0') | 
| 283 | return (1); | 283 | return (1); | 
| 284 | 284 | ||
| 285 | s_client_config.port = arg; | 285 | cfg.port = arg; | 
| 286 | return (0); | 286 | return (0); | 
| 287 | } | 287 | } | 
| 288 | 288 | ||
| @@ -290,8 +290,8 @@ s_client_opt_port(char *arg) | |||
| 290 | static int | 290 | static int | 
| 291 | s_client_opt_protocol_version_dtls(void) | 291 | s_client_opt_protocol_version_dtls(void) | 
| 292 | { | 292 | { | 
| 293 | s_client_config.meth = DTLS_client_method(); | 293 | cfg.meth = DTLS_client_method(); | 
| 294 | s_client_config.socket_type = SOCK_DGRAM; | 294 | cfg.socket_type = SOCK_DGRAM; | 
| 295 | return (0); | 295 | return (0); | 
| 296 | } | 296 | } | 
| 297 | #endif | 297 | #endif | 
| @@ -300,10 +300,10 @@ s_client_opt_protocol_version_dtls(void) | |||
| 300 | static int | 300 | static int | 
| 301 | s_client_opt_protocol_version_dtls1(void) | 301 | s_client_opt_protocol_version_dtls1(void) | 
| 302 | { | 302 | { | 
| 303 | s_client_config.meth = DTLS_client_method(); | 303 | cfg.meth = DTLS_client_method(); | 
| 304 | s_client_config.min_version = DTLS1_VERSION; | 304 | cfg.min_version = DTLS1_VERSION; | 
| 305 | s_client_config.max_version = DTLS1_VERSION; | 305 | cfg.max_version = DTLS1_VERSION; | 
| 306 | s_client_config.socket_type = SOCK_DGRAM; | 306 | cfg.socket_type = SOCK_DGRAM; | 
| 307 | return (0); | 307 | return (0); | 
| 308 | } | 308 | } | 
| 309 | #endif | 309 | #endif | 
| @@ -312,10 +312,10 @@ s_client_opt_protocol_version_dtls1(void) | |||
| 312 | static int | 312 | static int | 
| 313 | s_client_opt_protocol_version_dtls1_2(void) | 313 | s_client_opt_protocol_version_dtls1_2(void) | 
| 314 | { | 314 | { | 
| 315 | s_client_config.meth = DTLS_client_method(); | 315 | cfg.meth = DTLS_client_method(); | 
| 316 | s_client_config.min_version = DTLS1_2_VERSION; | 316 | cfg.min_version = DTLS1_2_VERSION; | 
| 317 | s_client_config.max_version = DTLS1_2_VERSION; | 317 | cfg.max_version = DTLS1_2_VERSION; | 
| 318 | s_client_config.socket_type = SOCK_DGRAM; | 318 | cfg.socket_type = SOCK_DGRAM; | 
| 319 | return (0); | 319 | return (0); | 
| 320 | } | 320 | } | 
| 321 | #endif | 321 | #endif | 
| @@ -323,40 +323,40 @@ s_client_opt_protocol_version_dtls1_2(void) | |||
| 323 | static int | 323 | static int | 
| 324 | s_client_opt_protocol_version_tls1(void) | 324 | s_client_opt_protocol_version_tls1(void) | 
| 325 | { | 325 | { | 
| 326 | s_client_config.min_version = TLS1_VERSION; | 326 | cfg.min_version = TLS1_VERSION; | 
| 327 | s_client_config.max_version = TLS1_VERSION; | 327 | cfg.max_version = TLS1_VERSION; | 
| 328 | return (0); | 328 | return (0); | 
| 329 | } | 329 | } | 
| 330 | 330 | ||
| 331 | static int | 331 | static int | 
| 332 | s_client_opt_protocol_version_tls1_1(void) | 332 | s_client_opt_protocol_version_tls1_1(void) | 
| 333 | { | 333 | { | 
| 334 | s_client_config.min_version = TLS1_1_VERSION; | 334 | cfg.min_version = TLS1_1_VERSION; | 
| 335 | s_client_config.max_version = TLS1_1_VERSION; | 335 | cfg.max_version = TLS1_1_VERSION; | 
| 336 | return (0); | 336 | return (0); | 
| 337 | } | 337 | } | 
| 338 | 338 | ||
| 339 | static int | 339 | static int | 
| 340 | s_client_opt_protocol_version_tls1_2(void) | 340 | s_client_opt_protocol_version_tls1_2(void) | 
| 341 | { | 341 | { | 
| 342 | s_client_config.min_version = TLS1_2_VERSION; | 342 | cfg.min_version = TLS1_2_VERSION; | 
| 343 | s_client_config.max_version = TLS1_2_VERSION; | 343 | cfg.max_version = TLS1_2_VERSION; | 
| 344 | return (0); | 344 | return (0); | 
| 345 | } | 345 | } | 
| 346 | 346 | ||
| 347 | static int | 347 | static int | 
| 348 | s_client_opt_protocol_version_tls1_3(void) | 348 | s_client_opt_protocol_version_tls1_3(void) | 
| 349 | { | 349 | { | 
| 350 | s_client_config.min_version = TLS1_3_VERSION; | 350 | cfg.min_version = TLS1_3_VERSION; | 
| 351 | s_client_config.max_version = TLS1_3_VERSION; | 351 | cfg.max_version = TLS1_3_VERSION; | 
| 352 | return (0); | 352 | return (0); | 
| 353 | } | 353 | } | 
| 354 | 354 | ||
| 355 | static int | 355 | static int | 
| 356 | s_client_opt_quiet(void) | 356 | s_client_opt_quiet(void) | 
| 357 | { | 357 | { | 
| 358 | s_client_config.quiet = 1; | 358 | cfg.quiet = 1; | 
| 359 | s_client_config.ign_eof = 1; | 359 | cfg.ign_eof = 1; | 
| 360 | return (0); | 360 | return (0); | 
| 361 | } | 361 | } | 
| 362 | 362 | ||
| @@ -364,17 +364,17 @@ static int | |||
| 364 | s_client_opt_starttls(char *arg) | 364 | s_client_opt_starttls(char *arg) | 
| 365 | { | 365 | { | 
| 366 | if (strcmp(arg, "smtp") == 0) | 366 | if (strcmp(arg, "smtp") == 0) | 
| 367 | s_client_config.starttls_proto = PROTO_SMTP; | 367 | cfg.starttls_proto = PROTO_SMTP; | 
| 368 | else if (strcmp(arg, "lmtp") == 0) | 368 | else if (strcmp(arg, "lmtp") == 0) | 
| 369 | s_client_config.starttls_proto = PROTO_LMTP; | 369 | cfg.starttls_proto = PROTO_LMTP; | 
| 370 | else if (strcmp(arg, "pop3") == 0) | 370 | else if (strcmp(arg, "pop3") == 0) | 
| 371 | s_client_config.starttls_proto = PROTO_POP3; | 371 | cfg.starttls_proto = PROTO_POP3; | 
| 372 | else if (strcmp(arg, "imap") == 0) | 372 | else if (strcmp(arg, "imap") == 0) | 
| 373 | s_client_config.starttls_proto = PROTO_IMAP; | 373 | cfg.starttls_proto = PROTO_IMAP; | 
| 374 | else if (strcmp(arg, "ftp") == 0) | 374 | else if (strcmp(arg, "ftp") == 0) | 
| 375 | s_client_config.starttls_proto = PROTO_FTP; | 375 | cfg.starttls_proto = PROTO_FTP; | 
| 376 | else if (strcmp(arg, "xmpp") == 0) | 376 | else if (strcmp(arg, "xmpp") == 0) | 
| 377 | s_client_config.starttls_proto = PROTO_XMPP; | 377 | cfg.starttls_proto = PROTO_XMPP; | 
| 378 | else | 378 | else | 
| 379 | return (1); | 379 | return (1); | 
| 380 | return (0); | 380 | return (0); | 
| @@ -383,12 +383,12 @@ s_client_opt_starttls(char *arg) | |||
| 383 | static int | 383 | static int | 
| 384 | s_client_opt_verify(char *arg) | 384 | s_client_opt_verify(char *arg) | 
| 385 | { | 385 | { | 
| 386 | s_client_config.verify = SSL_VERIFY_PEER; | 386 | cfg.verify = SSL_VERIFY_PEER; | 
| 387 | 387 | ||
| 388 | verify_depth = strtonum(arg, 0, INT_MAX, &s_client_config.errstr); | 388 | verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr); | 
| 389 | if (s_client_config.errstr != NULL) { | 389 | if (cfg.errstr != NULL) { | 
| 390 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 390 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 
| 391 | arg, s_client_config.errstr); | 391 | arg, cfg.errstr); | 
| 392 | return (1); | 392 | return (1); | 
| 393 | } | 393 | } | 
| 394 | BIO_printf(bio_err, "verify depth is %d\n", verify_depth); | 394 | BIO_printf(bio_err, "verify depth is %d\n", verify_depth); | 
| @@ -403,7 +403,7 @@ s_client_opt_verify_param(int argc, char **argv, int *argsused) | |||
| 403 | int badarg = 0; | 403 | int badarg = 0; | 
| 404 | 404 | ||
| 405 | if (!args_verify(&pargs, &pargc, &badarg, bio_err, | 405 | if (!args_verify(&pargs, &pargc, &badarg, bio_err, | 
| 406 | &s_client_config.vpm)) { | 406 | &cfg.vpm)) { | 
| 407 | BIO_printf(bio_err, "unknown option %s\n", *argv); | 407 | BIO_printf(bio_err, "unknown option %s\n", *argv); | 
| 408 | return (1); | 408 | return (1); | 
| 409 | } | 409 | } | 
| @@ -419,14 +419,14 @@ static const struct option s_client_options[] = { | |||
| 419 | .name = "4", | 419 | .name = "4", | 
| 420 | .desc = "Use IPv4 only", | 420 | .desc = "Use IPv4 only", | 
| 421 | .type = OPTION_VALUE, | 421 | .type = OPTION_VALUE, | 
| 422 | .opt.value = &s_client_config.af, | 422 | .opt.value = &cfg.af, | 
| 423 | .value = AF_INET, | 423 | .value = AF_INET, | 
| 424 | }, | 424 | }, | 
| 425 | { | 425 | { | 
| 426 | .name = "6", | 426 | .name = "6", | 
| 427 | .desc = "Use IPv6 only", | 427 | .desc = "Use IPv6 only", | 
| 428 | .type = OPTION_VALUE, | 428 | .type = OPTION_VALUE, | 
| 429 | .opt.value = &s_client_config.af, | 429 | .opt.value = &cfg.af, | 
| 430 | .value = AF_INET6, | 430 | .value = AF_INET6, | 
| 431 | }, | 431 | }, | 
| 432 | { | 432 | { | 
| @@ -435,67 +435,67 @@ static const struct option s_client_options[] = { | |||
| 435 | .desc = "Set the advertised protocols for ALPN" | 435 | .desc = "Set the advertised protocols for ALPN" | 
| 436 | " (comma-separated list)", | 436 | " (comma-separated list)", | 
| 437 | .type = OPTION_ARG, | 437 | .type = OPTION_ARG, | 
| 438 | .opt.arg = &s_client_config.alpn_in, | 438 | .opt.arg = &cfg.alpn_in, | 
| 439 | }, | 439 | }, | 
| 440 | { | 440 | { | 
| 441 | .name = "bugs", | 441 | .name = "bugs", | 
| 442 | .desc = "Enable various workarounds for buggy implementations", | 442 | .desc = "Enable various workarounds for buggy implementations", | 
| 443 | .type = OPTION_FLAG, | 443 | .type = OPTION_FLAG, | 
| 444 | .opt.flag = &s_client_config.bugs, | 444 | .opt.flag = &cfg.bugs, | 
| 445 | }, | 445 | }, | 
| 446 | { | 446 | { | 
| 447 | .name = "CAfile", | 447 | .name = "CAfile", | 
| 448 | .argname = "file", | 448 | .argname = "file", | 
| 449 | .desc = "PEM format file of CA certificates", | 449 | .desc = "PEM format file of CA certificates", | 
| 450 | .type = OPTION_ARG, | 450 | .type = OPTION_ARG, | 
| 451 | .opt.arg = &s_client_config.CAfile, | 451 | .opt.arg = &cfg.CAfile, | 
| 452 | }, | 452 | }, | 
| 453 | { | 453 | { | 
| 454 | .name = "CApath", | 454 | .name = "CApath", | 
| 455 | .argname = "directory", | 455 | .argname = "directory", | 
| 456 | .desc = "PEM format directory of CA certificates", | 456 | .desc = "PEM format directory of CA certificates", | 
| 457 | .type = OPTION_ARG, | 457 | .type = OPTION_ARG, | 
| 458 | .opt.arg = &s_client_config.CApath, | 458 | .opt.arg = &cfg.CApath, | 
| 459 | }, | 459 | }, | 
| 460 | { | 460 | { | 
| 461 | .name = "cert", | 461 | .name = "cert", | 
| 462 | .argname = "file", | 462 | .argname = "file", | 
| 463 | .desc = "Certificate file to use, PEM format assumed", | 463 | .desc = "Certificate file to use, PEM format assumed", | 
| 464 | .type = OPTION_ARG, | 464 | .type = OPTION_ARG, | 
| 465 | .opt.arg = &s_client_config.cert_file, | 465 | .opt.arg = &cfg.cert_file, | 
| 466 | }, | 466 | }, | 
| 467 | { | 467 | { | 
| 468 | .name = "certform", | 468 | .name = "certform", | 
| 469 | .argname = "fmt", | 469 | .argname = "fmt", | 
| 470 | .desc = "Certificate format (PEM or DER) PEM default", | 470 | .desc = "Certificate format (PEM or DER) PEM default", | 
| 471 | .type = OPTION_ARG_FORMAT, | 471 | .type = OPTION_ARG_FORMAT, | 
| 472 | .opt.value = &s_client_config.cert_format, | 472 | .opt.value = &cfg.cert_format, | 
| 473 | }, | 473 | }, | 
| 474 | { | 474 | { | 
| 475 | .name = "cipher", | 475 | .name = "cipher", | 
| 476 | .argname = "cipherlist", | 476 | .argname = "cipherlist", | 
| 477 | .desc = "Preferred cipher to use (see 'openssl ciphers')", | 477 | .desc = "Preferred cipher to use (see 'openssl ciphers')", | 
| 478 | .type = OPTION_ARG, | 478 | .type = OPTION_ARG, | 
| 479 | .opt.arg = &s_client_config.cipher, | 479 | .opt.arg = &cfg.cipher, | 
| 480 | }, | 480 | }, | 
| 481 | { | 481 | { | 
| 482 | .name = "connect", | 482 | .name = "connect", | 
| 483 | .argname = "host:port", | 483 | .argname = "host:port", | 
| 484 | .desc = "Who to connect to (default is localhost:4433)", | 484 | .desc = "Who to connect to (default is localhost:4433)", | 
| 485 | .type = OPTION_ARG, | 485 | .type = OPTION_ARG, | 
| 486 | .opt.arg = &s_client_config.connect, | 486 | .opt.arg = &cfg.connect, | 
| 487 | }, | 487 | }, | 
| 488 | { | 488 | { | 
| 489 | .name = "crlf", | 489 | .name = "crlf", | 
| 490 | .desc = "Convert LF from terminal into CRLF", | 490 | .desc = "Convert LF from terminal into CRLF", | 
| 491 | .type = OPTION_FLAG, | 491 | .type = OPTION_FLAG, | 
| 492 | .opt.flag = &s_client_config.crlf, | 492 | .opt.flag = &cfg.crlf, | 
| 493 | }, | 493 | }, | 
| 494 | { | 494 | { | 
| 495 | .name = "debug", | 495 | .name = "debug", | 
| 496 | .desc = "Print extensive debugging information", | 496 | .desc = "Print extensive debugging information", | 
| 497 | .type = OPTION_FLAG, | 497 | .type = OPTION_FLAG, | 
| 498 | .opt.flag = &s_client_config.debug, | 498 | .opt.flag = &cfg.debug, | 
| 499 | }, | 499 | }, | 
| 500 | #ifndef OPENSSL_NO_DTLS | 500 | #ifndef OPENSSL_NO_DTLS | 
| 501 | { | 501 | { | 
| @@ -526,20 +526,20 @@ static const struct option s_client_options[] = { | |||
| 526 | .argname = "list", | 526 | .argname = "list", | 
| 527 | .desc = "Specify EC groups (colon-separated list)", | 527 | .desc = "Specify EC groups (colon-separated list)", | 
| 528 | .type = OPTION_ARG, | 528 | .type = OPTION_ARG, | 
| 529 | .opt.arg = &s_client_config.groups_in, | 529 | .opt.arg = &cfg.groups_in, | 
| 530 | }, | 530 | }, | 
| 531 | { | 531 | { | 
| 532 | .name = "host", | 532 | .name = "host", | 
| 533 | .argname = "host", | 533 | .argname = "host", | 
| 534 | .desc = "Use -connect instead", | 534 | .desc = "Use -connect instead", | 
| 535 | .type = OPTION_ARG, | 535 | .type = OPTION_ARG, | 
| 536 | .opt.arg = &s_client_config.host, | 536 | .opt.arg = &cfg.host, | 
| 537 | }, | 537 | }, | 
| 538 | { | 538 | { | 
| 539 | .name = "ign_eof", | 539 | .name = "ign_eof", | 
| 540 | .desc = "Ignore input EOF (default when -quiet)", | 540 | .desc = "Ignore input EOF (default when -quiet)", | 
| 541 | .type = OPTION_VALUE, | 541 | .type = OPTION_VALUE, | 
| 542 | .opt.value = &s_client_config.ign_eof, | 542 | .opt.value = &cfg.ign_eof, | 
| 543 | .value = 1, | 543 | .value = 1, | 
| 544 | }, | 544 | }, | 
| 545 | { | 545 | { | 
| @@ -547,21 +547,21 @@ static const struct option s_client_options[] = { | |||
| 547 | .argname = "file", | 547 | .argname = "file", | 
| 548 | .desc = "Private key file to use, if not, -cert file is used", | 548 | .desc = "Private key file to use, if not, -cert file is used", | 
| 549 | .type = OPTION_ARG, | 549 | .type = OPTION_ARG, | 
| 550 | .opt.arg = &s_client_config.key_file, | 550 | .opt.arg = &cfg.key_file, | 
| 551 | }, | 551 | }, | 
| 552 | { | 552 | { | 
| 553 | .name = "keyform", | 553 | .name = "keyform", | 
| 554 | .argname = "fmt", | 554 | .argname = "fmt", | 
| 555 | .desc = "Key format (PEM or DER) PEM default", | 555 | .desc = "Key format (PEM or DER) PEM default", | 
| 556 | .type = OPTION_ARG_FORMAT, | 556 | .type = OPTION_ARG_FORMAT, | 
| 557 | .opt.value = &s_client_config.key_format, | 557 | .opt.value = &cfg.key_format, | 
| 558 | }, | 558 | }, | 
| 559 | { | 559 | { | 
| 560 | .name = "keymatexport", | 560 | .name = "keymatexport", | 
| 561 | .argname = "label", | 561 | .argname = "label", | 
| 562 | .desc = "Export keying material using label", | 562 | .desc = "Export keying material using label", | 
| 563 | .type = OPTION_ARG, | 563 | .type = OPTION_ARG, | 
| 564 | .opt.arg = &s_client_config.keymatexportlabel, | 564 | .opt.arg = &cfg.keymatexportlabel, | 
| 565 | }, | 565 | }, | 
| 566 | { | 566 | { | 
| 567 | .name = "keymatexportlen", | 567 | .name = "keymatexportlen", | 
| @@ -578,14 +578,14 @@ static const struct option s_client_options[] = { | |||
| 578 | .name = "legacy_server_connect", | 578 | .name = "legacy_server_connect", | 
| 579 | .desc = "Allow initial connection to servers that don't support RI", | 579 | .desc = "Allow initial connection to servers that don't support RI", | 
| 580 | .type = OPTION_VALUE_OR, | 580 | .type = OPTION_VALUE_OR, | 
| 581 | .opt.value = &s_client_config.off, | 581 | .opt.value = &cfg.off, | 
| 582 | .value = SSL_OP_LEGACY_SERVER_CONNECT, | 582 | .value = SSL_OP_LEGACY_SERVER_CONNECT, | 
| 583 | }, | 583 | }, | 
| 584 | { | 584 | { | 
| 585 | .name = "msg", | 585 | .name = "msg", | 
| 586 | .desc = "Show all protocol messages with hex dump", | 586 | .desc = "Show all protocol messages with hex dump", | 
| 587 | .type = OPTION_FLAG, | 587 | .type = OPTION_FLAG, | 
| 588 | .opt.flag = &s_client_config.msg, | 588 | .opt.flag = &cfg.msg, | 
| 589 | }, | 589 | }, | 
| 590 | #ifndef OPENSSL_NO_DTLS | 590 | #ifndef OPENSSL_NO_DTLS | 
| 591 | { | 591 | { | 
| @@ -600,115 +600,115 @@ static const struct option s_client_options[] = { | |||
| 600 | .name = "nbio", | 600 | .name = "nbio", | 
| 601 | .desc = "Turn on non-blocking I/O", | 601 | .desc = "Turn on non-blocking I/O", | 
| 602 | .type = OPTION_FLAG, | 602 | .type = OPTION_FLAG, | 
| 603 | .opt.flag = &s_client_config.nbio, | 603 | .opt.flag = &cfg.nbio, | 
| 604 | }, | 604 | }, | 
| 605 | { | 605 | { | 
| 606 | .name = "nbio_test", | 606 | .name = "nbio_test", | 
| 607 | .desc = "Test non-blocking I/O", | 607 | .desc = "Test non-blocking I/O", | 
| 608 | .type = OPTION_FLAG, | 608 | .type = OPTION_FLAG, | 
| 609 | .opt.flag = &s_client_config.nbio_test, | 609 | .opt.flag = &cfg.nbio_test, | 
| 610 | }, | 610 | }, | 
| 611 | { | 611 | { | 
| 612 | .name = "nextprotoneg", | 612 | .name = "nextprotoneg", | 
| 613 | .argname = "protocols", | 613 | .argname = "protocols", | 
| 614 | .type = OPTION_ARG, | 614 | .type = OPTION_ARG, | 
| 615 | .opt.arg = &s_client_config.npn_in, /* Ignored. */ | 615 | .opt.arg = &cfg.npn_in, /* Ignored. */ | 
| 616 | }, | 616 | }, | 
| 617 | { | 617 | { | 
| 618 | .name = "no_comp", | 618 | .name = "no_comp", | 
| 619 | .type = OPTION_VALUE_OR, | 619 | .type = OPTION_VALUE_OR, | 
| 620 | .opt.value = &s_client_config.off, | 620 | .opt.value = &cfg.off, | 
| 621 | .value = SSL_OP_NO_COMPRESSION, | 621 | .value = SSL_OP_NO_COMPRESSION, | 
| 622 | }, | 622 | }, | 
| 623 | { | 623 | { | 
| 624 | .name = "no_ign_eof", | 624 | .name = "no_ign_eof", | 
| 625 | .desc = "Don't ignore input EOF", | 625 | .desc = "Don't ignore input EOF", | 
| 626 | .type = OPTION_VALUE, | 626 | .type = OPTION_VALUE, | 
| 627 | .opt.value = &s_client_config.ign_eof, | 627 | .opt.value = &cfg.ign_eof, | 
| 628 | .value = 0, | 628 | .value = 0, | 
| 629 | }, | 629 | }, | 
| 630 | { | 630 | { | 
| 631 | .name = "no_legacy_server_connect", | 631 | .name = "no_legacy_server_connect", | 
| 632 | .desc = "Disallow initial connection to servers that don't support RI", | 632 | .desc = "Disallow initial connection to servers that don't support RI", | 
| 633 | .type = OPTION_VALUE_OR, | 633 | .type = OPTION_VALUE_OR, | 
| 634 | .opt.value = &s_client_config.clr, | 634 | .opt.value = &cfg.clr, | 
| 635 | .value = SSL_OP_LEGACY_SERVER_CONNECT, | 635 | .value = SSL_OP_LEGACY_SERVER_CONNECT, | 
| 636 | }, | 636 | }, | 
| 637 | { | 637 | { | 
| 638 | .name = "no_servername", | 638 | .name = "no_servername", | 
| 639 | .desc = "Do not send a Server Name Indication (SNI) extension", | 639 | .desc = "Do not send a Server Name Indication (SNI) extension", | 
| 640 | .type = OPTION_FLAG, | 640 | .type = OPTION_FLAG, | 
| 641 | .opt.value = &s_client_config.no_servername, | 641 | .opt.value = &cfg.no_servername, | 
| 642 | }, | 642 | }, | 
| 643 | { | 643 | { | 
| 644 | .name = "no_ssl2", | 644 | .name = "no_ssl2", | 
| 645 | .type = OPTION_VALUE_OR, | 645 | .type = OPTION_VALUE_OR, | 
| 646 | .opt.value = &s_client_config.off, | 646 | .opt.value = &cfg.off, | 
| 647 | .value = SSL_OP_NO_SSLv2, | 647 | .value = SSL_OP_NO_SSLv2, | 
| 648 | }, | 648 | }, | 
| 649 | { | 649 | { | 
| 650 | .name = "no_ssl3", | 650 | .name = "no_ssl3", | 
| 651 | .type = OPTION_VALUE_OR, | 651 | .type = OPTION_VALUE_OR, | 
| 652 | .opt.value = &s_client_config.off, | 652 | .opt.value = &cfg.off, | 
| 653 | .value = SSL_OP_NO_SSLv3, | 653 | .value = SSL_OP_NO_SSLv3, | 
| 654 | }, | 654 | }, | 
| 655 | { | 655 | { | 
| 656 | .name = "no_ticket", | 656 | .name = "no_ticket", | 
| 657 | .desc = "Disable use of RFC4507 session ticket support", | 657 | .desc = "Disable use of RFC4507 session ticket support", | 
| 658 | .type = OPTION_VALUE_OR, | 658 | .type = OPTION_VALUE_OR, | 
| 659 | .opt.value = &s_client_config.off, | 659 | .opt.value = &cfg.off, | 
| 660 | .value = SSL_OP_NO_TICKET, | 660 | .value = SSL_OP_NO_TICKET, | 
| 661 | }, | 661 | }, | 
| 662 | { | 662 | { | 
| 663 | .name = "no_tls1", | 663 | .name = "no_tls1", | 
| 664 | .desc = "Disable the use of TLSv1", | 664 | .desc = "Disable the use of TLSv1", | 
| 665 | .type = OPTION_VALUE_OR, | 665 | .type = OPTION_VALUE_OR, | 
| 666 | .opt.value = &s_client_config.off, | 666 | .opt.value = &cfg.off, | 
| 667 | .value = SSL_OP_NO_TLSv1, | 667 | .value = SSL_OP_NO_TLSv1, | 
| 668 | }, | 668 | }, | 
| 669 | { | 669 | { | 
| 670 | .name = "no_tls1_1", | 670 | .name = "no_tls1_1", | 
| 671 | .desc = "Disable the use of TLSv1.1", | 671 | .desc = "Disable the use of TLSv1.1", | 
| 672 | .type = OPTION_VALUE_OR, | 672 | .type = OPTION_VALUE_OR, | 
| 673 | .opt.value = &s_client_config.off, | 673 | .opt.value = &cfg.off, | 
| 674 | .value = SSL_OP_NO_TLSv1_1, | 674 | .value = SSL_OP_NO_TLSv1_1, | 
| 675 | }, | 675 | }, | 
| 676 | { | 676 | { | 
| 677 | .name = "no_tls1_2", | 677 | .name = "no_tls1_2", | 
| 678 | .desc = "Disable the use of TLSv1.2", | 678 | .desc = "Disable the use of TLSv1.2", | 
| 679 | .type = OPTION_VALUE_OR, | 679 | .type = OPTION_VALUE_OR, | 
| 680 | .opt.value = &s_client_config.off, | 680 | .opt.value = &cfg.off, | 
| 681 | .value = SSL_OP_NO_TLSv1_2, | 681 | .value = SSL_OP_NO_TLSv1_2, | 
| 682 | }, | 682 | }, | 
| 683 | { | 683 | { | 
| 684 | .name = "no_tls1_3", | 684 | .name = "no_tls1_3", | 
| 685 | .desc = "Disable the use of TLSv1.3", | 685 | .desc = "Disable the use of TLSv1.3", | 
| 686 | .type = OPTION_VALUE_OR, | 686 | .type = OPTION_VALUE_OR, | 
| 687 | .opt.value = &s_client_config.off, | 687 | .opt.value = &cfg.off, | 
| 688 | .value = SSL_OP_NO_TLSv1_3, | 688 | .value = SSL_OP_NO_TLSv1_3, | 
| 689 | }, | 689 | }, | 
| 690 | { | 690 | { | 
| 691 | .name = "noservername", | 691 | .name = "noservername", | 
| 692 | .type = OPTION_FLAG, | 692 | .type = OPTION_FLAG, | 
| 693 | .opt.value = &s_client_config.no_servername, | 693 | .opt.value = &cfg.no_servername, | 
| 694 | }, | 694 | }, | 
| 695 | { | 695 | { | 
| 696 | .name = "pass", | 696 | .name = "pass", | 
| 697 | .argname = "arg", | 697 | .argname = "arg", | 
| 698 | .desc = "Private key file pass phrase source", | 698 | .desc = "Private key file pass phrase source", | 
| 699 | .type = OPTION_ARG, | 699 | .type = OPTION_ARG, | 
| 700 | .opt.arg = &s_client_config.passarg, | 700 | .opt.arg = &cfg.passarg, | 
| 701 | }, | 701 | }, | 
| 702 | { | 702 | { | 
| 703 | .name = "pause", | 703 | .name = "pause", | 
| 704 | .desc = "Pause 1 second between each read and write call", | 704 | .desc = "Pause 1 second between each read and write call", | 
| 705 | .type = OPTION_FLAG, | 705 | .type = OPTION_FLAG, | 
| 706 | .opt.flag = &s_client_config.pause, | 706 | .opt.flag = &cfg.pause, | 
| 707 | }, | 707 | }, | 
| 708 | { | 708 | { | 
| 709 | .name = "peekaboo", | 709 | .name = "peekaboo", | 
| 710 | .type = OPTION_FLAG, | 710 | .type = OPTION_FLAG, | 
| 711 | .opt.flag = &s_client_config.peekaboo, | 711 | .opt.flag = &cfg.peekaboo, | 
| 712 | }, | 712 | }, | 
| 713 | { | 713 | { | 
| 714 | .name = "port", | 714 | .name = "port", | 
| @@ -721,14 +721,14 @@ static const struct option s_client_options[] = { | |||
| 721 | .name = "prexit", | 721 | .name = "prexit", | 
| 722 | .desc = "Print session information when the program exits", | 722 | .desc = "Print session information when the program exits", | 
| 723 | .type = OPTION_FLAG, | 723 | .type = OPTION_FLAG, | 
| 724 | .opt.flag = &s_client_config.prexit, | 724 | .opt.flag = &cfg.prexit, | 
| 725 | }, | 725 | }, | 
| 726 | { | 726 | { | 
| 727 | .name = "proxy", | 727 | .name = "proxy", | 
| 728 | .argname = "host:port", | 728 | .argname = "host:port", | 
| 729 | .desc = "Connect to http proxy", | 729 | .desc = "Connect to http proxy", | 
| 730 | .type = OPTION_ARG, | 730 | .type = OPTION_ARG, | 
| 731 | .opt.arg = &s_client_config.proxy, | 731 | .opt.arg = &cfg.proxy, | 
| 732 | }, | 732 | }, | 
| 733 | { | 733 | { | 
| 734 | .name = "quiet", | 734 | .name = "quiet", | 
| @@ -740,7 +740,7 @@ static const struct option s_client_options[] = { | |||
| 740 | .name = "reconnect", | 740 | .name = "reconnect", | 
| 741 | .desc = "Drop and re-make the connection with the same Session-ID", | 741 | .desc = "Drop and re-make the connection with the same Session-ID", | 
| 742 | .type = OPTION_VALUE, | 742 | .type = OPTION_VALUE, | 
| 743 | .opt.value = &s_client_config.reconnect, | 743 | .opt.value = &cfg.reconnect, | 
| 744 | .value = 5, | 744 | .value = 5, | 
| 745 | }, | 745 | }, | 
| 746 | { | 746 | { | 
| @@ -748,13 +748,13 @@ static const struct option s_client_options[] = { | |||
| 748 | .argname = "name", | 748 | .argname = "name", | 
| 749 | .desc = "Set TLS extension servername in ClientHello (SNI)", | 749 | .desc = "Set TLS extension servername in ClientHello (SNI)", | 
| 750 | .type = OPTION_ARG, | 750 | .type = OPTION_ARG, | 
| 751 | .opt.arg = &s_client_config.servername, | 751 | .opt.arg = &cfg.servername, | 
| 752 | }, | 752 | }, | 
| 753 | { | 753 | { | 
| 754 | .name = "serverpref", | 754 | .name = "serverpref", | 
| 755 | .desc = "Use server's cipher preferences", | 755 | .desc = "Use server's cipher preferences", | 
| 756 | .type = OPTION_VALUE_OR, | 756 | .type = OPTION_VALUE_OR, | 
| 757 | .opt.value = &s_client_config.off, | 757 | .opt.value = &cfg.off, | 
| 758 | .value = SSL_OP_CIPHER_SERVER_PREFERENCE, | 758 | .value = SSL_OP_CIPHER_SERVER_PREFERENCE, | 
| 759 | }, | 759 | }, | 
| 760 | { | 760 | { | 
| @@ -762,20 +762,20 @@ static const struct option s_client_options[] = { | |||
| 762 | .argname = "file", | 762 | .argname = "file", | 
| 763 | .desc = "File to read TLS session from", | 763 | .desc = "File to read TLS session from", | 
| 764 | .type = OPTION_ARG, | 764 | .type = OPTION_ARG, | 
| 765 | .opt.arg = &s_client_config.sess_in, | 765 | .opt.arg = &cfg.sess_in, | 
| 766 | }, | 766 | }, | 
| 767 | { | 767 | { | 
| 768 | .name = "sess_out", | 768 | .name = "sess_out", | 
| 769 | .argname = "file", | 769 | .argname = "file", | 
| 770 | .desc = "File to write TLS session to", | 770 | .desc = "File to write TLS session to", | 
| 771 | .type = OPTION_ARG, | 771 | .type = OPTION_ARG, | 
| 772 | .opt.arg = &s_client_config.sess_out, | 772 | .opt.arg = &cfg.sess_out, | 
| 773 | }, | 773 | }, | 
| 774 | { | 774 | { | 
| 775 | .name = "showcerts", | 775 | .name = "showcerts", | 
| 776 | .desc = "Show all server certificates in the chain", | 776 | .desc = "Show all server certificates in the chain", | 
| 777 | .type = OPTION_FLAG, | 777 | .type = OPTION_FLAG, | 
| 778 | .opt.flag = &s_client_config.showcerts, | 778 | .opt.flag = &cfg.showcerts, | 
| 779 | }, | 779 | }, | 
| 780 | { | 780 | { | 
| 781 | .name = "starttls", | 781 | .name = "starttls", | 
| @@ -789,20 +789,20 @@ static const struct option s_client_options[] = { | |||
| 789 | .name = "state", | 789 | .name = "state", | 
| 790 | .desc = "Print the TLS session states", | 790 | .desc = "Print the TLS session states", | 
| 791 | .type = OPTION_FLAG, | 791 | .type = OPTION_FLAG, | 
| 792 | .opt.flag = &s_client_config.state, | 792 | .opt.flag = &cfg.state, | 
| 793 | }, | 793 | }, | 
| 794 | { | 794 | { | 
| 795 | .name = "status", | 795 | .name = "status", | 
| 796 | .desc = "Send a certificate status request to the server (OCSP)", | 796 | .desc = "Send a certificate status request to the server (OCSP)", | 
| 797 | .type = OPTION_FLAG, | 797 | .type = OPTION_FLAG, | 
| 798 | .opt.flag = &s_client_config.status_req, | 798 | .opt.flag = &cfg.status_req, | 
| 799 | }, | 799 | }, | 
| 800 | #ifndef OPENSSL_NO_DTLS | 800 | #ifndef OPENSSL_NO_DTLS | 
| 801 | { | 801 | { | 
| 802 | .name = "timeout", | 802 | .name = "timeout", | 
| 803 | .desc = "Enable send/receive timeout on DTLS connections", | 803 | .desc = "Enable send/receive timeout on DTLS connections", | 
| 804 | .type = OPTION_FLAG, | 804 | .type = OPTION_FLAG, | 
| 805 | .opt.flag = &s_client_config.enable_timeouts, | 805 | .opt.flag = &cfg.enable_timeouts, | 
| 806 | }, | 806 | }, | 
| 807 | #endif | 807 | #endif | 
| 808 | { | 808 | { | 
| @@ -833,7 +833,7 @@ static const struct option s_client_options[] = { | |||
| 833 | .name = "tlsextdebug", | 833 | .name = "tlsextdebug", | 
| 834 | .desc = "Hex dump of all TLS extensions received", | 834 | .desc = "Hex dump of all TLS extensions received", | 
| 835 | .type = OPTION_FLAG, | 835 | .type = OPTION_FLAG, | 
| 836 | .opt.flag = &s_client_config.tlsextdebug, | 836 | .opt.flag = &cfg.tlsextdebug, | 
| 837 | }, | 837 | }, | 
| 838 | #ifndef OPENSSL_NO_SRTP | 838 | #ifndef OPENSSL_NO_SRTP | 
| 839 | { | 839 | { | 
| @@ -841,7 +841,7 @@ static const struct option s_client_options[] = { | |||
| 841 | .argname = "profiles", | 841 | .argname = "profiles", | 
| 842 | .desc = "Offer SRTP key management with a colon-separated profiles", | 842 | .desc = "Offer SRTP key management with a colon-separated profiles", | 
| 843 | .type = OPTION_ARG, | 843 | .type = OPTION_ARG, | 
| 844 | .opt.arg = &s_client_config.srtp_profiles, | 844 | .opt.arg = &cfg.srtp_profiles, | 
| 845 | }, | 845 | }, | 
| 846 | #endif | 846 | #endif | 
| 847 | { | 847 | { | 
| @@ -862,7 +862,7 @@ static const struct option s_client_options[] = { | |||
| 862 | .argname = "host", | 862 | .argname = "host", | 
| 863 | .desc = "Connect to this virtual host on the xmpp server", | 863 | .desc = "Connect to this virtual host on the xmpp server", | 
| 864 | .type = OPTION_ARG, | 864 | .type = OPTION_ARG, | 
| 865 | .opt.arg = &s_client_config.xmpphost, | 865 | .opt.arg = &cfg.xmpphost, | 
| 866 | }, | 866 | }, | 
| 867 | { | 867 | { | 
| 868 | .name = NULL, | 868 | .name = NULL, | 
| @@ -928,17 +928,17 @@ s_client_main(int argc, char **argv) | |||
| 928 | exit(1); | 928 | exit(1); | 
| 929 | } | 929 | } | 
| 930 | 930 | ||
| 931 | memset(&s_client_config, 0, sizeof(s_client_config)); | 931 | memset(&cfg, 0, sizeof(cfg)); | 
| 932 | s_client_config.af = AF_UNSPEC; | 932 | cfg.af = AF_UNSPEC; | 
| 933 | s_client_config.cert_format = FORMAT_PEM; | 933 | cfg.cert_format = FORMAT_PEM; | 
| 934 | s_client_config.host = SSL_HOST_NAME; | 934 | cfg.host = SSL_HOST_NAME; | 
| 935 | s_client_config.key_format = FORMAT_PEM; | 935 | cfg.key_format = FORMAT_PEM; | 
| 936 | s_client_config.keymatexportlen = 20; | 936 | cfg.keymatexportlen = 20; | 
| 937 | s_client_config.meth = TLS_client_method(); | 937 | cfg.meth = TLS_client_method(); | 
| 938 | s_client_config.port = PORT_STR; | 938 | cfg.port = PORT_STR; | 
| 939 | s_client_config.socket_type = SOCK_STREAM; | 939 | cfg.socket_type = SOCK_STREAM; | 
| 940 | s_client_config.starttls_proto = PROTO_OFF; | 940 | cfg.starttls_proto = PROTO_OFF; | 
| 941 | s_client_config.verify = SSL_VERIFY_NONE; | 941 | cfg.verify = SSL_VERIFY_NONE; | 
| 942 | 942 | ||
| 943 | if (((cbuf = malloc(BUFSIZZ)) == NULL) || | 943 | if (((cbuf = malloc(BUFSIZZ)) == NULL) || | 
| 944 | ((sbuf = malloc(BUFSIZZ)) == NULL) || | 944 | ((sbuf = malloc(BUFSIZZ)) == NULL) || | 
| @@ -953,45 +953,45 @@ s_client_main(int argc, char **argv) | |||
| 953 | badop = 1; | 953 | badop = 1; | 
| 954 | goto bad; | 954 | goto bad; | 
| 955 | } | 955 | } | 
| 956 | if (s_client_config.proxy != NULL) { | 956 | if (cfg.proxy != NULL) { | 
| 957 | if (!extract_host_port(s_client_config.proxy, | 957 | if (!extract_host_port(cfg.proxy, | 
| 958 | &s_client_config.host, NULL, &s_client_config.port)) | 958 | &cfg.host, NULL, &cfg.port)) | 
| 959 | goto bad; | 959 | goto bad; | 
| 960 | if (s_client_config.connect == NULL) | 960 | if (cfg.connect == NULL) | 
| 961 | s_client_config.connect = SSL_HOST_NAME; | 961 | cfg.connect = SSL_HOST_NAME; | 
| 962 | } else if (s_client_config.connect != NULL) { | 962 | } else if (cfg.connect != NULL) { | 
| 963 | if (!extract_host_port(s_client_config.connect, | 963 | if (!extract_host_port(cfg.connect, | 
| 964 | &s_client_config.host, NULL, &s_client_config.port)) | 964 | &cfg.host, NULL, &cfg.port)) | 
| 965 | goto bad; | 965 | goto bad; | 
| 966 | } | 966 | } | 
| 967 | if (badop) { | 967 | if (badop) { | 
| 968 | bad: | 968 | bad: | 
| 969 | if (s_client_config.errstr == NULL) | 969 | if (cfg.errstr == NULL) | 
| 970 | sc_usage(); | 970 | sc_usage(); | 
| 971 | goto end; | 971 | goto end; | 
| 972 | } | 972 | } | 
| 973 | 973 | ||
| 974 | if (!app_passwd(bio_err, s_client_config.passarg, NULL, &pass, NULL)) { | 974 | if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) { | 
| 975 | BIO_printf(bio_err, "Error getting password\n"); | 975 | BIO_printf(bio_err, "Error getting password\n"); | 
| 976 | goto end; | 976 | goto end; | 
| 977 | } | 977 | } | 
| 978 | if (s_client_config.key_file == NULL) | 978 | if (cfg.key_file == NULL) | 
| 979 | s_client_config.key_file = s_client_config.cert_file; | 979 | cfg.key_file = cfg.cert_file; | 
| 980 | 980 | ||
| 981 | 981 | ||
| 982 | if (s_client_config.key_file) { | 982 | if (cfg.key_file) { | 
| 983 | 983 | ||
| 984 | key = load_key(bio_err, s_client_config.key_file, | 984 | key = load_key(bio_err, cfg.key_file, | 
| 985 | s_client_config.key_format, 0, pass, | 985 | cfg.key_format, 0, pass, | 
| 986 | "client certificate private key file"); | 986 | "client certificate private key file"); | 
| 987 | if (!key) { | 987 | if (!key) { | 
| 988 | ERR_print_errors(bio_err); | 988 | ERR_print_errors(bio_err); | 
| 989 | goto end; | 989 | goto end; | 
| 990 | } | 990 | } | 
| 991 | } | 991 | } | 
| 992 | if (s_client_config.cert_file) { | 992 | if (cfg.cert_file) { | 
| 993 | cert = load_cert(bio_err, s_client_config.cert_file, | 993 | cert = load_cert(bio_err, cfg.cert_file, | 
| 994 | s_client_config.cert_format, | 994 | cfg.cert_format, | 
| 995 | NULL, "client certificate file"); | 995 | NULL, "client certificate file"); | 
| 996 | 996 | ||
| 997 | if (!cert) { | 997 | if (!cert) { | 
| @@ -999,8 +999,8 @@ s_client_main(int argc, char **argv) | |||
| 999 | goto end; | 999 | goto end; | 
| 1000 | } | 1000 | } | 
| 1001 | } | 1001 | } | 
| 1002 | if (s_client_config.quiet && !s_client_config.debug && | 1002 | if (cfg.quiet && !cfg.debug && | 
| 1003 | !s_client_config.msg) { | 1003 | !cfg.msg) { | 
| 1004 | if ((bio_c_out = BIO_new(BIO_s_null())) == NULL) | 1004 | if ((bio_c_out = BIO_new(BIO_s_null())) == NULL) | 
| 1005 | goto end; | 1005 | goto end; | 
| 1006 | } else { | 1006 | } else { | 
| @@ -1008,7 +1008,7 @@ s_client_main(int argc, char **argv) | |||
| 1008 | goto end; | 1008 | goto end; | 
| 1009 | } | 1009 | } | 
| 1010 | 1010 | ||
| 1011 | ctx = SSL_CTX_new(s_client_config.meth); | 1011 | ctx = SSL_CTX_new(cfg.meth); | 
| 1012 | if (ctx == NULL) { | 1012 | if (ctx == NULL) { | 
| 1013 | ERR_print_errors(bio_err); | 1013 | ERR_print_errors(bio_err); | 
| 1014 | goto end; | 1014 | goto end; | 
| @@ -1016,31 +1016,31 @@ s_client_main(int argc, char **argv) | |||
| 1016 | 1016 | ||
| 1017 | SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); | 1017 | SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); | 
| 1018 | 1018 | ||
| 1019 | if (s_client_config.vpm) | 1019 | if (cfg.vpm) | 
| 1020 | SSL_CTX_set1_param(ctx, s_client_config.vpm); | 1020 | SSL_CTX_set1_param(ctx, cfg.vpm); | 
| 1021 | 1021 | ||
| 1022 | if (!SSL_CTX_set_min_proto_version(ctx, s_client_config.min_version)) | 1022 | if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version)) | 
| 1023 | goto end; | 1023 | goto end; | 
| 1024 | if (!SSL_CTX_set_max_proto_version(ctx, s_client_config.max_version)) | 1024 | if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version)) | 
| 1025 | goto end; | 1025 | goto end; | 
| 1026 | 1026 | ||
| 1027 | #ifndef OPENSSL_NO_SRTP | 1027 | #ifndef OPENSSL_NO_SRTP | 
| 1028 | if (s_client_config.srtp_profiles != NULL) | 1028 | if (cfg.srtp_profiles != NULL) | 
| 1029 | SSL_CTX_set_tlsext_use_srtp(ctx, s_client_config.srtp_profiles); | 1029 | SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles); | 
| 1030 | #endif | 1030 | #endif | 
| 1031 | if (s_client_config.bugs) | 1031 | if (cfg.bugs) | 
| 1032 | SSL_CTX_set_options(ctx, SSL_OP_ALL | s_client_config.off); | 1032 | SSL_CTX_set_options(ctx, SSL_OP_ALL | cfg.off); | 
| 1033 | else | 1033 | else | 
| 1034 | SSL_CTX_set_options(ctx, s_client_config.off); | 1034 | SSL_CTX_set_options(ctx, cfg.off); | 
| 1035 | 1035 | ||
| 1036 | if (s_client_config.clr) | 1036 | if (cfg.clr) | 
| 1037 | SSL_CTX_clear_options(ctx, s_client_config.clr); | 1037 | SSL_CTX_clear_options(ctx, cfg.clr); | 
| 1038 | 1038 | ||
| 1039 | if (s_client_config.alpn_in) { | 1039 | if (cfg.alpn_in) { | 
| 1040 | unsigned short alpn_len; | 1040 | unsigned short alpn_len; | 
| 1041 | unsigned char *alpn; | 1041 | unsigned char *alpn; | 
| 1042 | 1042 | ||
| 1043 | alpn = next_protos_parse(&alpn_len, s_client_config.alpn_in); | 1043 | alpn = next_protos_parse(&alpn_len, cfg.alpn_in); | 
| 1044 | if (alpn == NULL) { | 1044 | if (alpn == NULL) { | 
| 1045 | BIO_printf(bio_err, "Error parsing -alpn argument\n"); | 1045 | BIO_printf(bio_err, "Error parsing -alpn argument\n"); | 
| 1046 | goto end; | 1046 | goto end; | 
| @@ -1048,42 +1048,42 @@ s_client_main(int argc, char **argv) | |||
| 1048 | SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); | 1048 | SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); | 
| 1049 | free(alpn); | 1049 | free(alpn); | 
| 1050 | } | 1050 | } | 
| 1051 | if (s_client_config.groups_in != NULL) { | 1051 | if (cfg.groups_in != NULL) { | 
| 1052 | if (SSL_CTX_set1_groups_list(ctx, s_client_config.groups_in) != 1) { | 1052 | if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) { | 
| 1053 | BIO_printf(bio_err, "Failed to set groups '%s'\n", | 1053 | BIO_printf(bio_err, "Failed to set groups '%s'\n", | 
| 1054 | s_client_config.groups_in); | 1054 | cfg.groups_in); | 
| 1055 | goto end; | 1055 | goto end; | 
| 1056 | } | 1056 | } | 
| 1057 | } | 1057 | } | 
| 1058 | 1058 | ||
| 1059 | if (s_client_config.state) | 1059 | if (cfg.state) | 
| 1060 | SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); | 1060 | SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); | 
| 1061 | if (s_client_config.cipher != NULL) | 1061 | if (cfg.cipher != NULL) | 
| 1062 | if (!SSL_CTX_set_cipher_list(ctx, s_client_config.cipher)) { | 1062 | if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) { | 
| 1063 | BIO_printf(bio_err, "error setting cipher list\n"); | 1063 | BIO_printf(bio_err, "error setting cipher list\n"); | 
| 1064 | ERR_print_errors(bio_err); | 1064 | ERR_print_errors(bio_err); | 
| 1065 | goto end; | 1065 | goto end; | 
| 1066 | } | 1066 | } | 
| 1067 | 1067 | ||
| 1068 | SSL_CTX_set_verify(ctx, s_client_config.verify, verify_callback); | 1068 | SSL_CTX_set_verify(ctx, cfg.verify, verify_callback); | 
| 1069 | if (!set_cert_key_stuff(ctx, cert, key)) | 1069 | if (!set_cert_key_stuff(ctx, cert, key)) | 
| 1070 | goto end; | 1070 | goto end; | 
| 1071 | 1071 | ||
| 1072 | if ((s_client_config.CAfile || s_client_config.CApath) | 1072 | if ((cfg.CAfile || cfg.CApath) | 
| 1073 | && !SSL_CTX_load_verify_locations(ctx, s_client_config.CAfile, | 1073 | && !SSL_CTX_load_verify_locations(ctx, cfg.CAfile, | 
| 1074 | s_client_config.CApath)) | 1074 | cfg.CApath)) | 
| 1075 | ERR_print_errors(bio_err); | 1075 | ERR_print_errors(bio_err); | 
| 1076 | 1076 | ||
| 1077 | if (!SSL_CTX_set_default_verify_paths(ctx)) | 1077 | if (!SSL_CTX_set_default_verify_paths(ctx)) | 
| 1078 | ERR_print_errors(bio_err); | 1078 | ERR_print_errors(bio_err); | 
| 1079 | 1079 | ||
| 1080 | con = SSL_new(ctx); | 1080 | con = SSL_new(ctx); | 
| 1081 | if (s_client_config.sess_in) { | 1081 | if (cfg.sess_in) { | 
| 1082 | SSL_SESSION *sess; | 1082 | SSL_SESSION *sess; | 
| 1083 | BIO *stmp = BIO_new_file(s_client_config.sess_in, "r"); | 1083 | BIO *stmp = BIO_new_file(cfg.sess_in, "r"); | 
| 1084 | if (!stmp) { | 1084 | if (!stmp) { | 
| 1085 | BIO_printf(bio_err, "Can't open session file %s\n", | 1085 | BIO_printf(bio_err, "Can't open session file %s\n", | 
| 1086 | s_client_config.sess_in); | 1086 | cfg.sess_in); | 
| 1087 | ERR_print_errors(bio_err); | 1087 | ERR_print_errors(bio_err); | 
| 1088 | goto end; | 1088 | goto end; | 
| 1089 | } | 1089 | } | 
| @@ -1091,7 +1091,7 @@ s_client_main(int argc, char **argv) | |||
| 1091 | BIO_free(stmp); | 1091 | BIO_free(stmp); | 
| 1092 | if (!sess) { | 1092 | if (!sess) { | 
| 1093 | BIO_printf(bio_err, "Can't open session file %s\n", | 1093 | BIO_printf(bio_err, "Can't open session file %s\n", | 
| 1094 | s_client_config.sess_in); | 1094 | cfg.sess_in); | 
| 1095 | ERR_print_errors(bio_err); | 1095 | ERR_print_errors(bio_err); | 
| 1096 | goto end; | 1096 | goto end; | 
| 1097 | } | 1097 | } | 
| @@ -1100,15 +1100,15 @@ s_client_main(int argc, char **argv) | |||
| 1100 | } | 1100 | } | 
| 1101 | 1101 | ||
| 1102 | /* Attempt to opportunistically use the host name for SNI. */ | 1102 | /* Attempt to opportunistically use the host name for SNI. */ | 
| 1103 | servername = s_client_config.servername; | 1103 | servername = cfg.servername; | 
| 1104 | if (servername == NULL) | 1104 | if (servername == NULL) | 
| 1105 | servername = s_client_config.host; | 1105 | servername = cfg.host; | 
| 1106 | 1106 | ||
| 1107 | if (!s_client_config.no_servername && servername != NULL && | 1107 | if (!cfg.no_servername && servername != NULL && | 
| 1108 | !SSL_set_tlsext_host_name(con, servername)) { | 1108 | !SSL_set_tlsext_host_name(con, servername)) { | 
| 1109 | long ssl_err = ERR_peek_error(); | 1109 | long ssl_err = ERR_peek_error(); | 
| 1110 | 1110 | ||
| 1111 | if (s_client_config.servername != NULL || | 1111 | if (cfg.servername != NULL || | 
| 1112 | ERR_GET_LIB(ssl_err) != ERR_LIB_SSL || | 1112 | ERR_GET_LIB(ssl_err) != ERR_LIB_SSL || | 
| 1113 | ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) { | 1113 | ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) { | 
| 1114 | BIO_printf(bio_err, | 1114 | BIO_printf(bio_err, | 
| @@ -1119,7 +1119,7 @@ s_client_main(int argc, char **argv) | |||
| 1119 | servername = NULL; | 1119 | servername = NULL; | 
| 1120 | ERR_clear_error(); | 1120 | ERR_clear_error(); | 
| 1121 | } | 1121 | } | 
| 1122 | if (!s_client_config.no_servername && servername != NULL) { | 1122 | if (!cfg.no_servername && servername != NULL) { | 
| 1123 | tlsextcbp.biodebug = bio_err; | 1123 | tlsextcbp.biodebug = bio_err; | 
| 1124 | SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | 1124 | SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | 
| 1125 | SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); | 1125 | SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); | 
| @@ -1127,22 +1127,22 @@ s_client_main(int argc, char **argv) | |||
| 1127 | 1127 | ||
| 1128 | re_start: | 1128 | re_start: | 
| 1129 | 1129 | ||
| 1130 | if (init_client(&s, s_client_config.host, s_client_config.port, | 1130 | if (init_client(&s, cfg.host, cfg.port, | 
| 1131 | s_client_config.socket_type, s_client_config.af) == 0) { | 1131 | cfg.socket_type, cfg.af) == 0) { | 
| 1132 | BIO_printf(bio_err, "connect:errno=%d\n", errno); | 1132 | BIO_printf(bio_err, "connect:errno=%d\n", errno); | 
| 1133 | goto end; | 1133 | goto end; | 
| 1134 | } | 1134 | } | 
| 1135 | BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); | 1135 | BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); | 
| 1136 | 1136 | ||
| 1137 | if (s_client_config.nbio) { | 1137 | if (cfg.nbio) { | 
| 1138 | if (!s_client_config.quiet) | 1138 | if (!cfg.quiet) | 
| 1139 | BIO_printf(bio_c_out, "turning on non blocking io\n"); | 1139 | BIO_printf(bio_c_out, "turning on non blocking io\n"); | 
| 1140 | if (!BIO_socket_nbio(s, 1)) { | 1140 | if (!BIO_socket_nbio(s, 1)) { | 
| 1141 | ERR_print_errors(bio_err); | 1141 | ERR_print_errors(bio_err); | 
| 1142 | goto end; | 1142 | goto end; | 
| 1143 | } | 1143 | } | 
| 1144 | } | 1144 | } | 
| 1145 | if (s_client_config.pause & 0x01) | 1145 | if (cfg.pause & 0x01) | 
| 1146 | SSL_set_debug(con, 1); | 1146 | SSL_set_debug(con, 1); | 
| 1147 | 1147 | ||
| 1148 | if (SSL_is_dtls(con)) { | 1148 | if (SSL_is_dtls(con)) { | 
| @@ -1157,7 +1157,7 @@ s_client_main(int argc, char **argv) | |||
| 1157 | } | 1157 | } | 
| 1158 | (void) BIO_ctrl_set_connected(sbio, 1, &peer); | 1158 | (void) BIO_ctrl_set_connected(sbio, 1, &peer); | 
| 1159 | 1159 | ||
| 1160 | if (s_client_config.enable_timeouts) { | 1160 | if (cfg.enable_timeouts) { | 
| 1161 | timeout.tv_sec = 0; | 1161 | timeout.tv_sec = 0; | 
| 1162 | timeout.tv_usec = DGRAM_RCV_TIMEOUT; | 1162 | timeout.tv_usec = DGRAM_RCV_TIMEOUT; | 
| 1163 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, | 1163 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, | 
| @@ -1168,35 +1168,35 @@ s_client_main(int argc, char **argv) | |||
| 1168 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, | 1168 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, | 
| 1169 | &timeout); | 1169 | &timeout); | 
| 1170 | } | 1170 | } | 
| 1171 | if (s_client_config.socket_mtu > 28) { | 1171 | if (cfg.socket_mtu > 28) { | 
| 1172 | SSL_set_options(con, SSL_OP_NO_QUERY_MTU); | 1172 | SSL_set_options(con, SSL_OP_NO_QUERY_MTU); | 
| 1173 | SSL_set_mtu(con, s_client_config.socket_mtu - 28); | 1173 | SSL_set_mtu(con, cfg.socket_mtu - 28); | 
| 1174 | } else | 1174 | } else | 
| 1175 | /* want to do MTU discovery */ | 1175 | /* want to do MTU discovery */ | 
| 1176 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); | 1176 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); | 
| 1177 | } else | 1177 | } else | 
| 1178 | sbio = BIO_new_socket(s, BIO_NOCLOSE); | 1178 | sbio = BIO_new_socket(s, BIO_NOCLOSE); | 
| 1179 | 1179 | ||
| 1180 | if (s_client_config.nbio_test) { | 1180 | if (cfg.nbio_test) { | 
| 1181 | BIO *test; | 1181 | BIO *test; | 
| 1182 | 1182 | ||
| 1183 | test = BIO_new(BIO_f_nbio_test()); | 1183 | test = BIO_new(BIO_f_nbio_test()); | 
| 1184 | sbio = BIO_push(test, sbio); | 1184 | sbio = BIO_push(test, sbio); | 
| 1185 | } | 1185 | } | 
| 1186 | if (s_client_config.debug) { | 1186 | if (cfg.debug) { | 
| 1187 | SSL_set_debug(con, 1); | 1187 | SSL_set_debug(con, 1); | 
| 1188 | BIO_set_callback(sbio, bio_dump_callback); | 1188 | BIO_set_callback(sbio, bio_dump_callback); | 
| 1189 | BIO_set_callback_arg(sbio, (char *) bio_c_out); | 1189 | BIO_set_callback_arg(sbio, (char *) bio_c_out); | 
| 1190 | } | 1190 | } | 
| 1191 | if (s_client_config.msg) { | 1191 | if (cfg.msg) { | 
| 1192 | SSL_set_msg_callback(con, msg_cb); | 1192 | SSL_set_msg_callback(con, msg_cb); | 
| 1193 | SSL_set_msg_callback_arg(con, bio_c_out); | 1193 | SSL_set_msg_callback_arg(con, bio_c_out); | 
| 1194 | } | 1194 | } | 
| 1195 | if (s_client_config.tlsextdebug) { | 1195 | if (cfg.tlsextdebug) { | 
| 1196 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | 1196 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | 
| 1197 | SSL_set_tlsext_debug_arg(con, bio_c_out); | 1197 | SSL_set_tlsext_debug_arg(con, bio_c_out); | 
| 1198 | } | 1198 | } | 
| 1199 | if (s_client_config.status_req) { | 1199 | if (cfg.status_req) { | 
| 1200 | SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); | 1200 | SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); | 
| 1201 | SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); | 1201 | SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); | 
| 1202 | SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); | 1202 | SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); | 
| @@ -1225,8 +1225,8 @@ s_client_main(int argc, char **argv) | |||
| 1225 | * push a buffering BIO into the chain that is removed again later on | 1225 | * push a buffering BIO into the chain that is removed again later on | 
| 1226 | * to not disturb the rest of the s_client operation. | 1226 | * to not disturb the rest of the s_client operation. | 
| 1227 | */ | 1227 | */ | 
| 1228 | if (s_client_config.starttls_proto == PROTO_SMTP || | 1228 | if (cfg.starttls_proto == PROTO_SMTP || | 
| 1229 | s_client_config.starttls_proto == PROTO_LMTP) { | 1229 | cfg.starttls_proto == PROTO_LMTP) { | 
| 1230 | int foundit = 0; | 1230 | int foundit = 0; | 
| 1231 | BIO *fbio = BIO_new(BIO_f_buffer()); | 1231 | BIO *fbio = BIO_new(BIO_f_buffer()); | 
| 1232 | BIO_push(fbio, sbio); | 1232 | BIO_push(fbio, sbio); | 
| @@ -1237,7 +1237,7 @@ s_client_main(int argc, char **argv) | |||
| 1237 | while (mbuf_len > 3 && mbuf[3] == '-'); | 1237 | while (mbuf_len > 3 && mbuf[3] == '-'); | 
| 1238 | /* STARTTLS command requires EHLO... */ | 1238 | /* STARTTLS command requires EHLO... */ | 
| 1239 | BIO_printf(fbio, "%cHLO openssl.client.net\r\n", | 1239 | BIO_printf(fbio, "%cHLO openssl.client.net\r\n", | 
| 1240 | s_client_config.starttls_proto == PROTO_SMTP ? 'E' : 'L'); | 1240 | cfg.starttls_proto == PROTO_SMTP ? 'E' : 'L'); | 
| 1241 | (void) BIO_flush(fbio); | 1241 | (void) BIO_flush(fbio); | 
| 1242 | /* wait for multi-line response to end EHLO SMTP response */ | 1242 | /* wait for multi-line response to end EHLO SMTP response */ | 
| 1243 | do { | 1243 | do { | 
| @@ -1255,7 +1255,7 @@ s_client_main(int argc, char **argv) | |||
| 1255 | " try anyway...\n"); | 1255 | " try anyway...\n"); | 
| 1256 | BIO_printf(sbio, "STARTTLS\r\n"); | 1256 | BIO_printf(sbio, "STARTTLS\r\n"); | 
| 1257 | BIO_read(sbio, sbuf, BUFSIZZ); | 1257 | BIO_read(sbio, sbuf, BUFSIZZ); | 
| 1258 | } else if (s_client_config.starttls_proto == PROTO_POP3) { | 1258 | } else if (cfg.starttls_proto == PROTO_POP3) { | 
| 1259 | mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); | 1259 | mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); | 
| 1260 | if (mbuf_len == -1) { | 1260 | if (mbuf_len == -1) { | 
| 1261 | BIO_printf(bio_err, "BIO_read failed\n"); | 1261 | BIO_printf(bio_err, "BIO_read failed\n"); | 
| @@ -1263,7 +1263,7 @@ s_client_main(int argc, char **argv) | |||
| 1263 | } | 1263 | } | 
| 1264 | BIO_printf(sbio, "STLS\r\n"); | 1264 | BIO_printf(sbio, "STLS\r\n"); | 
| 1265 | BIO_read(sbio, sbuf, BUFSIZZ); | 1265 | BIO_read(sbio, sbuf, BUFSIZZ); | 
| 1266 | } else if (s_client_config.starttls_proto == PROTO_IMAP) { | 1266 | } else if (cfg.starttls_proto == PROTO_IMAP) { | 
| 1267 | int foundit = 0; | 1267 | int foundit = 0; | 
| 1268 | BIO *fbio = BIO_new(BIO_f_buffer()); | 1268 | BIO *fbio = BIO_new(BIO_f_buffer()); | 
| 1269 | BIO_push(fbio, sbio); | 1269 | BIO_push(fbio, sbio); | 
| @@ -1287,7 +1287,7 @@ s_client_main(int argc, char **argv) | |||
| 1287 | " try anyway...\n"); | 1287 | " try anyway...\n"); | 
| 1288 | BIO_printf(sbio, ". STARTTLS\r\n"); | 1288 | BIO_printf(sbio, ". STARTTLS\r\n"); | 
| 1289 | BIO_read(sbio, sbuf, BUFSIZZ); | 1289 | BIO_read(sbio, sbuf, BUFSIZZ); | 
| 1290 | } else if (s_client_config.starttls_proto == PROTO_FTP) { | 1290 | } else if (cfg.starttls_proto == PROTO_FTP) { | 
| 1291 | BIO *fbio = BIO_new(BIO_f_buffer()); | 1291 | BIO *fbio = BIO_new(BIO_f_buffer()); | 
| 1292 | BIO_push(fbio, sbio); | 1292 | BIO_push(fbio, sbio); | 
| 1293 | /* wait for multi-line response to end from FTP */ | 1293 | /* wait for multi-line response to end from FTP */ | 
| @@ -1300,13 +1300,13 @@ s_client_main(int argc, char **argv) | |||
| 1300 | BIO_free(fbio); | 1300 | BIO_free(fbio); | 
| 1301 | BIO_printf(sbio, "AUTH TLS\r\n"); | 1301 | BIO_printf(sbio, "AUTH TLS\r\n"); | 
| 1302 | BIO_read(sbio, sbuf, BUFSIZZ); | 1302 | BIO_read(sbio, sbuf, BUFSIZZ); | 
| 1303 | } else if (s_client_config.starttls_proto == PROTO_XMPP) { | 1303 | } else if (cfg.starttls_proto == PROTO_XMPP) { | 
| 1304 | int seen = 0; | 1304 | int seen = 0; | 
| 1305 | BIO_printf(sbio, "<stream:stream " | 1305 | BIO_printf(sbio, "<stream:stream " | 
| 1306 | "xmlns:stream='http://etherx.jabber.org/streams' " | 1306 | "xmlns:stream='http://etherx.jabber.org/streams' " | 
| 1307 | "xmlns='jabber:client' to='%s' version='1.0'>", | 1307 | "xmlns='jabber:client' to='%s' version='1.0'>", | 
| 1308 | s_client_config.xmpphost ? | 1308 | cfg.xmpphost ? | 
| 1309 | s_client_config.xmpphost : s_client_config.host); | 1309 | cfg.xmpphost : cfg.host); | 
| 1310 | seen = BIO_read(sbio, mbuf, BUFSIZZ); | 1310 | seen = BIO_read(sbio, mbuf, BUFSIZZ); | 
| 1311 | 1311 | ||
| 1312 | if (seen <= 0) | 1312 | if (seen <= 0) | 
| @@ -1329,9 +1329,9 @@ s_client_main(int argc, char **argv) | |||
| 1329 | if (!strstr(sbuf, "<proceed")) | 1329 | if (!strstr(sbuf, "<proceed")) | 
| 1330 | goto shut; | 1330 | goto shut; | 
| 1331 | mbuf[0] = 0; | 1331 | mbuf[0] = 0; | 
| 1332 | } else if (s_client_config.proxy != NULL) { | 1332 | } else if (cfg.proxy != NULL) { | 
| 1333 | BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n", | 1333 | BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n", | 
| 1334 | s_client_config.connect); | 1334 | cfg.connect); | 
| 1335 | mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); | 1335 | mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); | 
| 1336 | if (mbuf_len == -1) { | 1336 | if (mbuf_len == -1) { | 
| 1337 | BIO_printf(bio_err, "BIO_read failed\n"); | 1337 | BIO_printf(bio_err, "BIO_read failed\n"); | 
| @@ -1353,9 +1353,9 @@ s_client_main(int argc, char **argv) | |||
| 1353 | tty_on = 1; | 1353 | tty_on = 1; | 
| 1354 | if (in_init) { | 1354 | if (in_init) { | 
| 1355 | in_init = 0; | 1355 | in_init = 0; | 
| 1356 | if (s_client_config.sess_out) { | 1356 | if (cfg.sess_out) { | 
| 1357 | BIO *stmp = BIO_new_file( | 1357 | BIO *stmp = BIO_new_file( | 
| 1358 | s_client_config.sess_out, "w"); | 1358 | cfg.sess_out, "w"); | 
| 1359 | if (stmp) { | 1359 | if (stmp) { | 
| 1360 | PEM_write_bio_SSL_SESSION(stmp, | 1360 | PEM_write_bio_SSL_SESSION(stmp, | 
| 1361 | SSL_get_session(con)); | 1361 | SSL_get_session(con)); | 
| @@ -1363,19 +1363,19 @@ s_client_main(int argc, char **argv) | |||
| 1363 | } else | 1363 | } else | 
| 1364 | BIO_printf(bio_err, | 1364 | BIO_printf(bio_err, | 
| 1365 | "Error writing session file %s\n", | 1365 | "Error writing session file %s\n", | 
| 1366 | s_client_config.sess_out); | 1366 | cfg.sess_out); | 
| 1367 | } | 1367 | } | 
| 1368 | print_stuff(bio_c_out, con, full_log); | 1368 | print_stuff(bio_c_out, con, full_log); | 
| 1369 | if (full_log > 0) | 1369 | if (full_log > 0) | 
| 1370 | full_log--; | 1370 | full_log--; | 
| 1371 | 1371 | ||
| 1372 | if (s_client_config.starttls_proto) { | 1372 | if (cfg.starttls_proto) { | 
| 1373 | BIO_write(bio_err, mbuf, mbuf_len); | 1373 | BIO_write(bio_err, mbuf, mbuf_len); | 
| 1374 | /* We don't need to know any more */ | 1374 | /* We don't need to know any more */ | 
| 1375 | s_client_config.starttls_proto = PROTO_OFF; | 1375 | cfg.starttls_proto = PROTO_OFF; | 
| 1376 | } | 1376 | } | 
| 1377 | if (s_client_config.reconnect) { | 1377 | if (cfg.reconnect) { | 
| 1378 | s_client_config.reconnect--; | 1378 | cfg.reconnect--; | 
| 1379 | BIO_printf(bio_c_out, | 1379 | BIO_printf(bio_c_out, | 
| 1380 | "drop connection and then reconnect\n"); | 1380 | "drop connection and then reconnect\n"); | 
| 1381 | SSL_shutdown(con); | 1381 | SSL_shutdown(con); | 
| @@ -1516,7 +1516,7 @@ s_client_main(int argc, char **argv) | |||
| 1516 | } | 1516 | } | 
| 1517 | } | 1517 | } | 
| 1518 | #endif | 1518 | #endif | 
| 1519 | if (s_client_config.peekaboo) { | 1519 | if (cfg.peekaboo) { | 
| 1520 | k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ ); | 1520 | k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ ); | 
| 1521 | pending = SSL_pending(con); | 1521 | pending = SSL_pending(con); | 
| 1522 | if (SSL_get_error(con, p) == SSL_ERROR_NONE) { | 1522 | if (SSL_get_error(con, p) == SSL_ERROR_NONE) { | 
| @@ -1535,7 +1535,7 @@ s_client_main(int argc, char **argv) | |||
| 1535 | goto end; | 1535 | goto end; | 
| 1536 | sbuf_off = 0; | 1536 | sbuf_off = 0; | 
| 1537 | sbuf_len = k; | 1537 | sbuf_len = k; | 
| 1538 | if (s_client_config.peekaboo) { | 1538 | if (cfg.peekaboo) { | 
| 1539 | if (p != pending) { | 1539 | if (p != pending) { | 
| 1540 | ret = -1; | 1540 | ret = -1; | 
| 1541 | BIO_printf(bio_err, | 1541 | BIO_printf(bio_err, | 
| @@ -1594,7 +1594,7 @@ s_client_main(int argc, char **argv) | |||
| 1594 | BIO_printf(bio_err, "poll error"); | 1594 | BIO_printf(bio_err, "poll error"); | 
| 1595 | goto shut; | 1595 | goto shut; | 
| 1596 | } | 1596 | } | 
| 1597 | if (s_client_config.crlf) { | 1597 | if (cfg.crlf) { | 
| 1598 | int j, lf_num; | 1598 | int j, lf_num; | 
| 1599 | 1599 | ||
| 1600 | i = read(fileno(stdin), cbuf, BUFSIZZ / 2); | 1600 | i = read(fileno(stdin), cbuf, BUFSIZZ / 2); | 
| @@ -1615,13 +1615,13 @@ s_client_main(int argc, char **argv) | |||
| 1615 | } else | 1615 | } else | 
| 1616 | i = read(fileno(stdin), cbuf, BUFSIZZ); | 1616 | i = read(fileno(stdin), cbuf, BUFSIZZ); | 
| 1617 | 1617 | ||
| 1618 | if ((!s_client_config.ign_eof) && | 1618 | if ((!cfg.ign_eof) && | 
| 1619 | ((i <= 0) || (cbuf[0] == 'Q'))) { | 1619 | ((i <= 0) || (cbuf[0] == 'Q'))) { | 
| 1620 | BIO_printf(bio_err, "DONE\n"); | 1620 | BIO_printf(bio_err, "DONE\n"); | 
| 1621 | ret = 0; | 1621 | ret = 0; | 
| 1622 | goto shut; | 1622 | goto shut; | 
| 1623 | } | 1623 | } | 
| 1624 | if ((!s_client_config.ign_eof) && (cbuf[0] == 'R')) { | 1624 | if ((!cfg.ign_eof) && (cbuf[0] == 'R')) { | 
| 1625 | BIO_printf(bio_err, "RENEGOTIATING\n"); | 1625 | BIO_printf(bio_err, "RENEGOTIATING\n"); | 
| 1626 | SSL_renegotiate(con); | 1626 | SSL_renegotiate(con); | 
| 1627 | cbuf_len = 0; | 1627 | cbuf_len = 0; | 
| @@ -1644,7 +1644,7 @@ s_client_main(int argc, char **argv) | |||
| 1644 | close(SSL_get_fd(con)); | 1644 | close(SSL_get_fd(con)); | 
| 1645 | end: | 1645 | end: | 
| 1646 | if (con != NULL) { | 1646 | if (con != NULL) { | 
| 1647 | if (s_client_config.prexit != 0) | 1647 | if (cfg.prexit != 0) | 
| 1648 | print_stuff(bio_c_out, con, 1); | 1648 | print_stuff(bio_c_out, con, 1); | 
| 1649 | SSL_free(con); | 1649 | SSL_free(con); | 
| 1650 | } | 1650 | } | 
| @@ -1652,7 +1652,7 @@ s_client_main(int argc, char **argv) | |||
| 1652 | X509_free(cert); | 1652 | X509_free(cert); | 
| 1653 | EVP_PKEY_free(key); | 1653 | EVP_PKEY_free(key); | 
| 1654 | free(pass); | 1654 | free(pass); | 
| 1655 | X509_VERIFY_PARAM_free(s_client_config.vpm); | 1655 | X509_VERIFY_PARAM_free(cfg.vpm); | 
| 1656 | freezero(cbuf, BUFSIZZ); | 1656 | freezero(cbuf, BUFSIZZ); | 
| 1657 | freezero(sbuf, BUFSIZZ); | 1657 | freezero(sbuf, BUFSIZZ); | 
| 1658 | freezero(pbuf, BUFSIZZ); | 1658 | freezero(pbuf, BUFSIZZ); | 
| @@ -1692,7 +1692,7 @@ print_stuff(BIO *bio, SSL *s, int full) | |||
| 1692 | X509_NAME_oneline(X509_get_issuer_name( | 1692 | X509_NAME_oneline(X509_get_issuer_name( | 
| 1693 | sk_X509_value(sk, i)), buf, sizeof buf); | 1693 | sk_X509_value(sk, i)), buf, sizeof buf); | 
| 1694 | BIO_printf(bio, " i:%s\n", buf); | 1694 | BIO_printf(bio, " i:%s\n", buf); | 
| 1695 | if (s_client_config.showcerts) | 1695 | if (cfg.showcerts) | 
| 1696 | PEM_write_bio_X509(bio, | 1696 | PEM_write_bio_X509(bio, | 
| 1697 | sk_X509_value(sk, i)); | 1697 | sk_X509_value(sk, i)); | 
| 1698 | } | 1698 | } | 
| @@ -1701,7 +1701,7 @@ print_stuff(BIO *bio, SSL *s, int full) | |||
| 1701 | peer = SSL_get_peer_certificate(s); | 1701 | peer = SSL_get_peer_certificate(s); | 
| 1702 | if (peer != NULL) { | 1702 | if (peer != NULL) { | 
| 1703 | BIO_printf(bio, "Server certificate\n"); | 1703 | BIO_printf(bio, "Server certificate\n"); | 
| 1704 | if (!(s_client_config.showcerts && got_a_chain)) { | 1704 | if (!(cfg.showcerts && got_a_chain)) { | 
| 1705 | /* Redundant if we showed the whole chain */ | 1705 | /* Redundant if we showed the whole chain */ | 
| 1706 | PEM_write_bio_X509(bio, peer); | 1706 | PEM_write_bio_X509(bio, peer); | 
| 1707 | } | 1707 | } | 
| @@ -1820,23 +1820,23 @@ print_stuff(BIO *bio, SSL *s, int full) | |||
| 1820 | #endif | 1820 | #endif | 
| 1821 | 1821 | ||
| 1822 | SSL_SESSION_print(bio, SSL_get_session(s)); | 1822 | SSL_SESSION_print(bio, SSL_get_session(s)); | 
| 1823 | if (s_client_config.keymatexportlabel != NULL) { | 1823 | if (cfg.keymatexportlabel != NULL) { | 
| 1824 | BIO_printf(bio, "Keying material exporter:\n"); | 1824 | BIO_printf(bio, "Keying material exporter:\n"); | 
| 1825 | BIO_printf(bio, " Label: '%s'\n", | 1825 | BIO_printf(bio, " Label: '%s'\n", | 
| 1826 | s_client_config.keymatexportlabel); | 1826 | cfg.keymatexportlabel); | 
| 1827 | BIO_printf(bio, " Length: %i bytes\n", | 1827 | BIO_printf(bio, " Length: %i bytes\n", | 
| 1828 | s_client_config.keymatexportlen); | 1828 | cfg.keymatexportlen); | 
| 1829 | exportedkeymat = malloc(s_client_config.keymatexportlen); | 1829 | exportedkeymat = malloc(cfg.keymatexportlen); | 
| 1830 | if (exportedkeymat != NULL) { | 1830 | if (exportedkeymat != NULL) { | 
| 1831 | if (!SSL_export_keying_material(s, exportedkeymat, | 1831 | if (!SSL_export_keying_material(s, exportedkeymat, | 
| 1832 | s_client_config.keymatexportlen, | 1832 | cfg.keymatexportlen, | 
| 1833 | s_client_config.keymatexportlabel, | 1833 | cfg.keymatexportlabel, | 
| 1834 | strlen(s_client_config.keymatexportlabel), | 1834 | strlen(cfg.keymatexportlabel), | 
| 1835 | NULL, 0, 0)) { | 1835 | NULL, 0, 0)) { | 
| 1836 | BIO_printf(bio, " Error\n"); | 1836 | BIO_printf(bio, " Error\n"); | 
| 1837 | } else { | 1837 | } else { | 
| 1838 | BIO_printf(bio, " Keying material: "); | 1838 | BIO_printf(bio, " Keying material: "); | 
| 1839 | for (i = 0; i < s_client_config.keymatexportlen; i++) | 1839 | for (i = 0; i < cfg.keymatexportlen; i++) | 
| 1840 | BIO_printf(bio, "%02X", | 1840 | BIO_printf(bio, "%02X", | 
| 1841 | exportedkeymat[i]); | 1841 | exportedkeymat[i]); | 
| 1842 | BIO_printf(bio, "\n"); | 1842 | BIO_printf(bio, "\n"); | 
| diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index adf98451ec..a7f6146c4c 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.55 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.56 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -294,23 +294,23 @@ static struct { | |||
| 294 | int tlsextstatus; | 294 | int tlsextstatus; | 
| 295 | X509_VERIFY_PARAM *vpm; | 295 | X509_VERIFY_PARAM *vpm; | 
| 296 | int www; | 296 | int www; | 
| 297 | } s_server_config; | 297 | } cfg; | 
| 298 | 298 | ||
| 299 | static int | 299 | static int | 
| 300 | s_server_opt_context(char *arg) | 300 | s_server_opt_context(char *arg) | 
| 301 | { | 301 | { | 
| 302 | s_server_config.context = (unsigned char *) arg; | 302 | cfg.context = (unsigned char *) arg; | 
| 303 | return (0); | 303 | return (0); | 
| 304 | } | 304 | } | 
| 305 | 305 | ||
| 306 | static int | 306 | static int | 
| 307 | s_server_opt_keymatexportlen(char *arg) | 307 | s_server_opt_keymatexportlen(char *arg) | 
| 308 | { | 308 | { | 
| 309 | s_server_config.keymatexportlen = strtonum(arg, 1, INT_MAX, | 309 | cfg.keymatexportlen = strtonum(arg, 1, INT_MAX, | 
| 310 | &s_server_config.errstr); | 310 | &cfg.errstr); | 
| 311 | if (s_server_config.errstr != NULL) { | 311 | if (cfg.errstr != NULL) { | 
| 312 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 312 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 
| 313 | arg, s_server_config.errstr); | 313 | arg, cfg.errstr); | 
| 314 | return (1); | 314 | return (1); | 
| 315 | } | 315 | } | 
| 316 | return (0); | 316 | return (0); | 
| @@ -320,11 +320,11 @@ s_server_opt_keymatexportlen(char *arg) | |||
| 320 | static int | 320 | static int | 
| 321 | s_server_opt_mtu(char *arg) | 321 | s_server_opt_mtu(char *arg) | 
| 322 | { | 322 | { | 
| 323 | s_server_config.socket_mtu = strtonum(arg, 0, LONG_MAX, | 323 | cfg.socket_mtu = strtonum(arg, 0, LONG_MAX, | 
| 324 | &s_server_config.errstr); | 324 | &cfg.errstr); | 
| 325 | if (s_server_config.errstr != NULL) { | 325 | if (cfg.errstr != NULL) { | 
| 326 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 326 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 
| 327 | arg, s_server_config.errstr); | 327 | arg, cfg.errstr); | 
| 328 | return (1); | 328 | return (1); | 
| 329 | } | 329 | } | 
| 330 | return (0); | 330 | return (0); | 
| @@ -335,8 +335,8 @@ s_server_opt_mtu(char *arg) | |||
| 335 | static int | 335 | static int | 
| 336 | s_server_opt_protocol_version_dtls(void) | 336 | s_server_opt_protocol_version_dtls(void) | 
| 337 | { | 337 | { | 
| 338 | s_server_config.meth = DTLS_server_method(); | 338 | cfg.meth = DTLS_server_method(); | 
| 339 | s_server_config.socket_type = SOCK_DGRAM; | 339 | cfg.socket_type = SOCK_DGRAM; | 
| 340 | return (0); | 340 | return (0); | 
| 341 | } | 341 | } | 
| 342 | #endif | 342 | #endif | 
| @@ -345,10 +345,10 @@ s_server_opt_protocol_version_dtls(void) | |||
| 345 | static int | 345 | static int | 
| 346 | s_server_opt_protocol_version_dtls1(void) | 346 | s_server_opt_protocol_version_dtls1(void) | 
| 347 | { | 347 | { | 
| 348 | s_server_config.meth = DTLS_server_method(); | 348 | cfg.meth = DTLS_server_method(); | 
| 349 | s_server_config.min_version = DTLS1_VERSION; | 349 | cfg.min_version = DTLS1_VERSION; | 
| 350 | s_server_config.max_version = DTLS1_VERSION; | 350 | cfg.max_version = DTLS1_VERSION; | 
| 351 | s_server_config.socket_type = SOCK_DGRAM; | 351 | cfg.socket_type = SOCK_DGRAM; | 
| 352 | return (0); | 352 | return (0); | 
| 353 | } | 353 | } | 
| 354 | #endif | 354 | #endif | 
| @@ -357,10 +357,10 @@ s_server_opt_protocol_version_dtls1(void) | |||
| 357 | static int | 357 | static int | 
| 358 | s_server_opt_protocol_version_dtls1_2(void) | 358 | s_server_opt_protocol_version_dtls1_2(void) | 
| 359 | { | 359 | { | 
| 360 | s_server_config.meth = DTLS_server_method(); | 360 | cfg.meth = DTLS_server_method(); | 
| 361 | s_server_config.min_version = DTLS1_2_VERSION; | 361 | cfg.min_version = DTLS1_2_VERSION; | 
| 362 | s_server_config.max_version = DTLS1_2_VERSION; | 362 | cfg.max_version = DTLS1_2_VERSION; | 
| 363 | s_server_config.socket_type = SOCK_DGRAM; | 363 | cfg.socket_type = SOCK_DGRAM; | 
| 364 | return (0); | 364 | return (0); | 
| 365 | } | 365 | } | 
| 366 | #endif | 366 | #endif | 
| @@ -368,47 +368,47 @@ s_server_opt_protocol_version_dtls1_2(void) | |||
| 368 | static int | 368 | static int | 
| 369 | s_server_opt_protocol_version_tls1(void) | 369 | s_server_opt_protocol_version_tls1(void) | 
| 370 | { | 370 | { | 
| 371 | s_server_config.min_version = TLS1_VERSION; | 371 | cfg.min_version = TLS1_VERSION; | 
| 372 | s_server_config.max_version = TLS1_VERSION; | 372 | cfg.max_version = TLS1_VERSION; | 
| 373 | return (0); | 373 | return (0); | 
| 374 | } | 374 | } | 
| 375 | 375 | ||
| 376 | static int | 376 | static int | 
| 377 | s_server_opt_protocol_version_tls1_1(void) | 377 | s_server_opt_protocol_version_tls1_1(void) | 
| 378 | { | 378 | { | 
| 379 | s_server_config.min_version = TLS1_1_VERSION; | 379 | cfg.min_version = TLS1_1_VERSION; | 
| 380 | s_server_config.max_version = TLS1_1_VERSION; | 380 | cfg.max_version = TLS1_1_VERSION; | 
| 381 | return (0); | 381 | return (0); | 
| 382 | } | 382 | } | 
| 383 | 383 | ||
| 384 | static int | 384 | static int | 
| 385 | s_server_opt_protocol_version_tls1_2(void) | 385 | s_server_opt_protocol_version_tls1_2(void) | 
| 386 | { | 386 | { | 
| 387 | s_server_config.min_version = TLS1_2_VERSION; | 387 | cfg.min_version = TLS1_2_VERSION; | 
| 388 | s_server_config.max_version = TLS1_2_VERSION; | 388 | cfg.max_version = TLS1_2_VERSION; | 
| 389 | return (0); | 389 | return (0); | 
| 390 | } | 390 | } | 
| 391 | 391 | ||
| 392 | static int | 392 | static int | 
| 393 | s_server_opt_protocol_version_tls1_3(void) | 393 | s_server_opt_protocol_version_tls1_3(void) | 
| 394 | { | 394 | { | 
| 395 | s_server_config.min_version = TLS1_3_VERSION; | 395 | cfg.min_version = TLS1_3_VERSION; | 
| 396 | s_server_config.max_version = TLS1_3_VERSION; | 396 | cfg.max_version = TLS1_3_VERSION; | 
| 397 | return (0); | 397 | return (0); | 
| 398 | } | 398 | } | 
| 399 | 399 | ||
| 400 | static int | 400 | static int | 
| 401 | s_server_opt_nbio_test(void) | 401 | s_server_opt_nbio_test(void) | 
| 402 | { | 402 | { | 
| 403 | s_server_config.nbio = 1; | 403 | cfg.nbio = 1; | 
| 404 | s_server_config.nbio_test = 1; | 404 | cfg.nbio_test = 1; | 
| 405 | return (0); | 405 | return (0); | 
| 406 | } | 406 | } | 
| 407 | 407 | ||
| 408 | static int | 408 | static int | 
| 409 | s_server_opt_port(char *arg) | 409 | s_server_opt_port(char *arg) | 
| 410 | { | 410 | { | 
| 411 | if (!extract_port(arg, &s_server_config.port)) | 411 | if (!extract_port(arg, &cfg.port)) | 
| 412 | return (1); | 412 | return (1); | 
| 413 | return (0); | 413 | return (0); | 
| 414 | } | 414 | } | 
| @@ -416,12 +416,12 @@ s_server_opt_port(char *arg) | |||
| 416 | static int | 416 | static int | 
| 417 | s_server_opt_status_timeout(char *arg) | 417 | s_server_opt_status_timeout(char *arg) | 
| 418 | { | 418 | { | 
| 419 | s_server_config.tlsextstatus = 1; | 419 | cfg.tlsextstatus = 1; | 
| 420 | s_server_config.tlscstatp.timeout = strtonum(arg, 0, INT_MAX, | 420 | cfg.tlscstatp.timeout = strtonum(arg, 0, INT_MAX, | 
| 421 | &s_server_config.errstr); | 421 | &cfg.errstr); | 
| 422 | if (s_server_config.errstr != NULL) { | 422 | if (cfg.errstr != NULL) { | 
| 423 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 423 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 
| 424 | arg, s_server_config.errstr); | 424 | arg, cfg.errstr); | 
| 425 | return (1); | 425 | return (1); | 
| 426 | } | 426 | } | 
| 427 | return (0); | 427 | return (0); | 
| @@ -430,10 +430,10 @@ s_server_opt_status_timeout(char *arg) | |||
| 430 | static int | 430 | static int | 
| 431 | s_server_opt_status_url(char *arg) | 431 | s_server_opt_status_url(char *arg) | 
| 432 | { | 432 | { | 
| 433 | s_server_config.tlsextstatus = 1; | 433 | cfg.tlsextstatus = 1; | 
| 434 | if (!OCSP_parse_url(arg, &s_server_config.tlscstatp.host, | 434 | if (!OCSP_parse_url(arg, &cfg.tlscstatp.host, | 
| 435 | &s_server_config.tlscstatp.port, &s_server_config.tlscstatp.path, | 435 | &cfg.tlscstatp.port, &cfg.tlscstatp.path, | 
| 436 | &s_server_config.tlscstatp.use_ssl)) { | 436 | &cfg.tlscstatp.use_ssl)) { | 
| 437 | BIO_printf(bio_err, "Error parsing URL\n"); | 437 | BIO_printf(bio_err, "Error parsing URL\n"); | 
| 438 | return (1); | 438 | return (1); | 
| 439 | } | 439 | } | 
| @@ -443,20 +443,20 @@ s_server_opt_status_url(char *arg) | |||
| 443 | static int | 443 | static int | 
| 444 | s_server_opt_status_verbose(void) | 444 | s_server_opt_status_verbose(void) | 
| 445 | { | 445 | { | 
| 446 | s_server_config.tlsextstatus = 1; | 446 | cfg.tlsextstatus = 1; | 
| 447 | s_server_config.tlscstatp.verbose = 1; | 447 | cfg.tlscstatp.verbose = 1; | 
| 448 | return (0); | 448 | return (0); | 
| 449 | } | 449 | } | 
| 450 | 450 | ||
| 451 | static int | 451 | static int | 
| 452 | s_server_opt_verify(char *arg) | 452 | s_server_opt_verify(char *arg) | 
| 453 | { | 453 | { | 
| 454 | s_server_config.server_verify = SSL_VERIFY_PEER | | 454 | cfg.server_verify = SSL_VERIFY_PEER | | 
| 455 | SSL_VERIFY_CLIENT_ONCE; | 455 | SSL_VERIFY_CLIENT_ONCE; | 
| 456 | verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); | 456 | verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr); | 
| 457 | if (s_server_config.errstr != NULL) { | 457 | if (cfg.errstr != NULL) { | 
| 458 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 458 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 
| 459 | arg, s_server_config.errstr); | 459 | arg, cfg.errstr); | 
| 460 | return (1); | 460 | return (1); | 
| 461 | } | 461 | } | 
| 462 | BIO_printf(bio_err, "verify depth is %d\n", verify_depth); | 462 | BIO_printf(bio_err, "verify depth is %d\n", verify_depth); | 
| @@ -466,12 +466,12 @@ s_server_opt_verify(char *arg) | |||
| 466 | static int | 466 | static int | 
| 467 | s_server_opt_verify_fail(char *arg) | 467 | s_server_opt_verify_fail(char *arg) | 
| 468 | { | 468 | { | 
| 469 | s_server_config.server_verify = SSL_VERIFY_PEER | | 469 | cfg.server_verify = SSL_VERIFY_PEER | | 
| 470 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; | 470 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; | 
| 471 | verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); | 471 | verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr); | 
| 472 | if (s_server_config.errstr != NULL) { | 472 | if (cfg.errstr != NULL) { | 
| 473 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 473 | BIO_printf(bio_err, "invalid argument %s: %s\n", | 
| 474 | arg, s_server_config.errstr); | 474 | arg, cfg.errstr); | 
| 475 | return (1); | 475 | return (1); | 
| 476 | } | 476 | } | 
| 477 | BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", | 477 | BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", | 
| @@ -487,7 +487,7 @@ s_server_opt_verify_param(int argc, char **argv, int *argsused) | |||
| 487 | int badarg = 0; | 487 | int badarg = 0; | 
| 488 | 488 | ||
| 489 | if (!args_verify(&pargs, &pargc, &badarg, bio_err, | 489 | if (!args_verify(&pargs, &pargc, &badarg, bio_err, | 
| 490 | &s_server_config.vpm)) { | 490 | &cfg.vpm)) { | 
| 491 | BIO_printf(bio_err, "unknown option %s\n", *argv); | 491 | BIO_printf(bio_err, "unknown option %s\n", *argv); | 
| 492 | return (1); | 492 | return (1); | 
| 493 | } | 493 | } | 
| @@ -520,27 +520,27 @@ static const struct option s_server_options[] = { | |||
| 520 | .desc = "Set the advertised protocols for the ALPN extension" | 520 | .desc = "Set the advertised protocols for the ALPN extension" | 
| 521 | " (comma-separated list)", | 521 | " (comma-separated list)", | 
| 522 | .type = OPTION_ARG, | 522 | .type = OPTION_ARG, | 
| 523 | .opt.arg = &s_server_config.alpn_in, | 523 | .opt.arg = &cfg.alpn_in, | 
| 524 | }, | 524 | }, | 
| 525 | { | 525 | { | 
| 526 | .name = "bugs", | 526 | .name = "bugs", | 
| 527 | .desc = "Turn on SSL bug compatibility", | 527 | .desc = "Turn on SSL bug compatibility", | 
| 528 | .type = OPTION_FLAG, | 528 | .type = OPTION_FLAG, | 
| 529 | .opt.flag = &s_server_config.bugs, | 529 | .opt.flag = &cfg.bugs, | 
| 530 | }, | 530 | }, | 
| 531 | { | 531 | { | 
| 532 | .name = "CAfile", | 532 | .name = "CAfile", | 
| 533 | .argname = "file", | 533 | .argname = "file", | 
| 534 | .desc = "PEM format file of CA certificates", | 534 | .desc = "PEM format file of CA certificates", | 
| 535 | .type = OPTION_ARG, | 535 | .type = OPTION_ARG, | 
| 536 | .opt.arg = &s_server_config.CAfile, | 536 | .opt.arg = &cfg.CAfile, | 
| 537 | }, | 537 | }, | 
| 538 | { | 538 | { | 
| 539 | .name = "CApath", | 539 | .name = "CApath", | 
| 540 | .argname = "directory", | 540 | .argname = "directory", | 
| 541 | .desc = "PEM format directory of CA certificates", | 541 | .desc = "PEM format directory of CA certificates", | 
| 542 | .type = OPTION_ARG, | 542 | .type = OPTION_ARG, | 
| 543 | .opt.arg = &s_server_config.CApath, | 543 | .opt.arg = &cfg.CApath, | 
| 544 | }, | 544 | }, | 
| 545 | { | 545 | { | 
| 546 | .name = "cert", | 546 | .name = "cert", | 
| @@ -548,7 +548,7 @@ static const struct option s_server_options[] = { | |||
| 548 | .desc = "Certificate file to use\n" | 548 | .desc = "Certificate file to use\n" | 
| 549 | "(default is " TEST_CERT ")", | 549 | "(default is " TEST_CERT ")", | 
| 550 | .type = OPTION_ARG, | 550 | .type = OPTION_ARG, | 
| 551 | .opt.arg = &s_server_config.cert_file, | 551 | .opt.arg = &cfg.cert_file, | 
| 552 | }, | 552 | }, | 
| 553 | { | 553 | { | 
| 554 | .name = "cert2", | 554 | .name = "cert2", | 
| @@ -556,20 +556,20 @@ static const struct option s_server_options[] = { | |||
| 556 | .desc = "Certificate file to use for servername\n" | 556 | .desc = "Certificate file to use for servername\n" | 
| 557 | "(default is " TEST_CERT2 ")", | 557 | "(default is " TEST_CERT2 ")", | 
| 558 | .type = OPTION_ARG, | 558 | .type = OPTION_ARG, | 
| 559 | .opt.arg = &s_server_config.cert_file2, | 559 | .opt.arg = &cfg.cert_file2, | 
| 560 | }, | 560 | }, | 
| 561 | { | 561 | { | 
| 562 | .name = "certform", | 562 | .name = "certform", | 
| 563 | .argname = "fmt", | 563 | .argname = "fmt", | 
| 564 | .desc = "Certificate format (PEM or DER) PEM default", | 564 | .desc = "Certificate format (PEM or DER) PEM default", | 
| 565 | .type = OPTION_ARG_FORMAT, | 565 | .type = OPTION_ARG_FORMAT, | 
| 566 | .opt.value = &s_server_config.cert_format, | 566 | .opt.value = &cfg.cert_format, | 
| 567 | }, | 567 | }, | 
| 568 | #ifndef OPENSSL_NO_DTLS | 568 | #ifndef OPENSSL_NO_DTLS | 
| 569 | { | 569 | { | 
| 570 | .name = "chain", | 570 | .name = "chain", | 
| 571 | .type = OPTION_FLAG, | 571 | .type = OPTION_FLAG, | 
| 572 | .opt.flag = &s_server_config.cert_chain, | 572 | .opt.flag = &cfg.cert_chain, | 
| 573 | }, | 573 | }, | 
| 574 | #endif | 574 | #endif | 
| 575 | { | 575 | { | 
| @@ -577,7 +577,7 @@ static const struct option s_server_options[] = { | |||
| 577 | .argname = "list", | 577 | .argname = "list", | 
| 578 | .desc = "List of ciphers to enable (see `openssl ciphers`)", | 578 | .desc = "List of ciphers to enable (see `openssl ciphers`)", | 
| 579 | .type = OPTION_ARG, | 579 | .type = OPTION_ARG, | 
| 580 | .opt.arg = &s_server_config.cipher, | 580 | .opt.arg = &cfg.cipher, | 
| 581 | }, | 581 | }, | 
| 582 | { | 582 | { | 
| 583 | .name = "context", | 583 | .name = "context", | 
| @@ -590,55 +590,55 @@ static const struct option s_server_options[] = { | |||
| 590 | .name = "crlf", | 590 | .name = "crlf", | 
| 591 | .desc = "Convert LF from terminal into CRLF", | 591 | .desc = "Convert LF from terminal into CRLF", | 
| 592 | .type = OPTION_FLAG, | 592 | .type = OPTION_FLAG, | 
| 593 | .opt.flag = &s_server_config.crlf, | 593 | .opt.flag = &cfg.crlf, | 
| 594 | }, | 594 | }, | 
| 595 | { | 595 | { | 
| 596 | .name = "dcert", | 596 | .name = "dcert", | 
| 597 | .argname = "file", | 597 | .argname = "file", | 
| 598 | .desc = "Second certificate file to use (usually for DSA)", | 598 | .desc = "Second certificate file to use (usually for DSA)", | 
| 599 | .type = OPTION_ARG, | 599 | .type = OPTION_ARG, | 
| 600 | .opt.arg = &s_server_config.dcert_file, | 600 | .opt.arg = &cfg.dcert_file, | 
| 601 | }, | 601 | }, | 
| 602 | { | 602 | { | 
| 603 | .name = "dcertform", | 603 | .name = "dcertform", | 
| 604 | .argname = "fmt", | 604 | .argname = "fmt", | 
| 605 | .desc = "Second certificate format (PEM or DER) PEM default", | 605 | .desc = "Second certificate format (PEM or DER) PEM default", | 
| 606 | .type = OPTION_ARG_FORMAT, | 606 | .type = OPTION_ARG_FORMAT, | 
| 607 | .opt.value = &s_server_config.dcert_format, | 607 | .opt.value = &cfg.dcert_format, | 
| 608 | }, | 608 | }, | 
| 609 | { | 609 | { | 
| 610 | .name = "debug", | 610 | .name = "debug", | 
| 611 | .desc = "Print more output", | 611 | .desc = "Print more output", | 
| 612 | .type = OPTION_FLAG, | 612 | .type = OPTION_FLAG, | 
| 613 | .opt.flag = &s_server_config.debug, | 613 | .opt.flag = &cfg.debug, | 
| 614 | }, | 614 | }, | 
| 615 | { | 615 | { | 
| 616 | .name = "dhparam", | 616 | .name = "dhparam", | 
| 617 | .argname = "file", | 617 | .argname = "file", | 
| 618 | .desc = "DH parameter file to use, in cert file if not specified", | 618 | .desc = "DH parameter file to use, in cert file if not specified", | 
| 619 | .type = OPTION_ARG, | 619 | .type = OPTION_ARG, | 
| 620 | .opt.arg = &s_server_config.dhfile, | 620 | .opt.arg = &cfg.dhfile, | 
| 621 | }, | 621 | }, | 
| 622 | { | 622 | { | 
| 623 | .name = "dkey", | 623 | .name = "dkey", | 
| 624 | .argname = "file", | 624 | .argname = "file", | 
| 625 | .desc = "Second private key file to use (usually for DSA)", | 625 | .desc = "Second private key file to use (usually for DSA)", | 
| 626 | .type = OPTION_ARG, | 626 | .type = OPTION_ARG, | 
| 627 | .opt.arg = &s_server_config.dkey_file, | 627 | .opt.arg = &cfg.dkey_file, | 
| 628 | }, | 628 | }, | 
| 629 | { | 629 | { | 
| 630 | .name = "dkeyform", | 630 | .name = "dkeyform", | 
| 631 | .argname = "fmt", | 631 | .argname = "fmt", | 
| 632 | .desc = "Second key format (PEM or DER) PEM default", | 632 | .desc = "Second key format (PEM or DER) PEM default", | 
| 633 | .type = OPTION_ARG_FORMAT, | 633 | .type = OPTION_ARG_FORMAT, | 
| 634 | .opt.value = &s_server_config.dkey_format, | 634 | .opt.value = &cfg.dkey_format, | 
| 635 | }, | 635 | }, | 
| 636 | { | 636 | { | 
| 637 | .name = "dpass", | 637 | .name = "dpass", | 
| 638 | .argname = "arg", | 638 | .argname = "arg", | 
| 639 | .desc = "Second private key file pass phrase source", | 639 | .desc = "Second private key file pass phrase source", | 
| 640 | .type = OPTION_ARG, | 640 | .type = OPTION_ARG, | 
| 641 | .opt.arg = &s_server_config.dpassarg, | 641 | .opt.arg = &cfg.dpassarg, | 
| 642 | }, | 642 | }, | 
| 643 | #ifndef OPENSSL_NO_DTLS | 643 | #ifndef OPENSSL_NO_DTLS | 
| 644 | { | 644 | { | 
| @@ -669,13 +669,13 @@ static const struct option s_server_options[] = { | |||
| 669 | .argname = "list", | 669 | .argname = "list", | 
| 670 | .desc = "Specify EC groups (colon-separated list)", | 670 | .desc = "Specify EC groups (colon-separated list)", | 
| 671 | .type = OPTION_ARG, | 671 | .type = OPTION_ARG, | 
| 672 | .opt.arg = &s_server_config.groups_in, | 672 | .opt.arg = &cfg.groups_in, | 
| 673 | }, | 673 | }, | 
| 674 | { | 674 | { | 
| 675 | .name = "HTTP", | 675 | .name = "HTTP", | 
| 676 | .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", | 676 | .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", | 
| 677 | .type = OPTION_VALUE, | 677 | .type = OPTION_VALUE, | 
| 678 | .opt.value = &s_server_config.www, | 678 | .opt.value = &cfg.www, | 
| 679 | .value = 3, | 679 | .value = 3, | 
| 680 | }, | 680 | }, | 
| 681 | { | 681 | { | 
| @@ -683,7 +683,7 @@ static const struct option s_server_options[] = { | |||
| 683 | .argname = "arg", | 683 | .argname = "arg", | 
| 684 | .desc = "Generate SSL/TLS session IDs prefixed by 'arg'", | 684 | .desc = "Generate SSL/TLS session IDs prefixed by 'arg'", | 
| 685 | .type = OPTION_ARG, | 685 | .type = OPTION_ARG, | 
| 686 | .opt.arg = &s_server_config.session_id_prefix, | 686 | .opt.arg = &cfg.session_id_prefix, | 
| 687 | }, | 687 | }, | 
| 688 | { | 688 | { | 
| 689 | .name = "key", | 689 | .name = "key", | 
| @@ -691,7 +691,7 @@ static const struct option s_server_options[] = { | |||
| 691 | .desc = "Private Key file to use, in cert file if\n" | 691 | .desc = "Private Key file to use, in cert file if\n" | 
| 692 | "not specified (default is " TEST_CERT ")", | 692 | "not specified (default is " TEST_CERT ")", | 
| 693 | .type = OPTION_ARG, | 693 | .type = OPTION_ARG, | 
| 694 | .opt.arg = &s_server_config.key_file, | 694 | .opt.arg = &cfg.key_file, | 
| 695 | }, | 695 | }, | 
| 696 | { | 696 | { | 
| 697 | .name = "key2", | 697 | .name = "key2", | 
| @@ -699,21 +699,21 @@ static const struct option s_server_options[] = { | |||
| 699 | .desc = "Private Key file to use for servername, in cert file if\n" | 699 | .desc = "Private Key file to use for servername, in cert file if\n" | 
| 700 | "not specified (default is " TEST_CERT2 ")", | 700 | "not specified (default is " TEST_CERT2 ")", | 
| 701 | .type = OPTION_ARG, | 701 | .type = OPTION_ARG, | 
| 702 | .opt.arg = &s_server_config.key_file2, | 702 | .opt.arg = &cfg.key_file2, | 
| 703 | }, | 703 | }, | 
| 704 | { | 704 | { | 
| 705 | .name = "keyform", | 705 | .name = "keyform", | 
| 706 | .argname = "fmt", | 706 | .argname = "fmt", | 
| 707 | .desc = "Key format (PEM or DER) PEM default", | 707 | .desc = "Key format (PEM or DER) PEM default", | 
| 708 | .type = OPTION_ARG_FORMAT, | 708 | .type = OPTION_ARG_FORMAT, | 
| 709 | .opt.value = &s_server_config.key_format, | 709 | .opt.value = &cfg.key_format, | 
| 710 | }, | 710 | }, | 
| 711 | { | 711 | { | 
| 712 | .name = "keymatexport", | 712 | .name = "keymatexport", | 
| 713 | .argname = "label", | 713 | .argname = "label", | 
| 714 | .desc = "Export keying material using label", | 714 | .desc = "Export keying material using label", | 
| 715 | .type = OPTION_ARG, | 715 | .type = OPTION_ARG, | 
| 716 | .opt.arg = &s_server_config.keymatexportlabel, | 716 | .opt.arg = &cfg.keymatexportlabel, | 
| 717 | }, | 717 | }, | 
| 718 | { | 718 | { | 
| 719 | .name = "keymatexportlen", | 719 | .name = "keymatexportlen", | 
| @@ -730,7 +730,7 @@ static const struct option s_server_options[] = { | |||
| 730 | .name = "msg", | 730 | .name = "msg", | 
| 731 | .desc = "Show protocol messages", | 731 | .desc = "Show protocol messages", | 
| 732 | .type = OPTION_FLAG, | 732 | .type = OPTION_FLAG, | 
| 733 | .opt.flag = &s_server_config.msg, | 733 | .opt.flag = &cfg.msg, | 
| 734 | }, | 734 | }, | 
| 735 | #ifndef OPENSSL_NO_DTLS | 735 | #ifndef OPENSSL_NO_DTLS | 
| 736 | { | 736 | { | 
| @@ -746,19 +746,19 @@ static const struct option s_server_options[] = { | |||
| 746 | .argname = "num", | 746 | .argname = "num", | 
| 747 | .desc = "Terminate after num connections", | 747 | .desc = "Terminate after num connections", | 
| 748 | .type = OPTION_ARG_INT, | 748 | .type = OPTION_ARG_INT, | 
| 749 | .opt.value = &s_server_config.naccept | 749 | .opt.value = &cfg.naccept | 
| 750 | }, | 750 | }, | 
| 751 | { | 751 | { | 
| 752 | .name = "named_curve", | 752 | .name = "named_curve", | 
| 753 | .argname = "arg", | 753 | .argname = "arg", | 
| 754 | .type = OPTION_ARG, | 754 | .type = OPTION_ARG, | 
| 755 | .opt.arg = &s_server_config.named_curve, | 755 | .opt.arg = &cfg.named_curve, | 
| 756 | }, | 756 | }, | 
| 757 | { | 757 | { | 
| 758 | .name = "nbio", | 758 | .name = "nbio", | 
| 759 | .desc = "Run with non-blocking I/O", | 759 | .desc = "Run with non-blocking I/O", | 
| 760 | .type = OPTION_FLAG, | 760 | .type = OPTION_FLAG, | 
| 761 | .opt.flag = &s_server_config.nbio, | 761 | .opt.flag = &cfg.nbio, | 
| 762 | }, | 762 | }, | 
| 763 | { | 763 | { | 
| 764 | .name = "nbio_test", | 764 | .name = "nbio_test", | 
| @@ -770,78 +770,78 @@ static const struct option s_server_options[] = { | |||
| 770 | .name = "nextprotoneg", | 770 | .name = "nextprotoneg", | 
| 771 | .argname = "arg", | 771 | .argname = "arg", | 
| 772 | .type = OPTION_ARG, | 772 | .type = OPTION_ARG, | 
| 773 | .opt.arg = &s_server_config.npn_in, /* Ignored. */ | 773 | .opt.arg = &cfg.npn_in, /* Ignored. */ | 
| 774 | }, | 774 | }, | 
| 775 | { | 775 | { | 
| 776 | .name = "no_cache", | 776 | .name = "no_cache", | 
| 777 | .desc = "Disable session cache", | 777 | .desc = "Disable session cache", | 
| 778 | .type = OPTION_FLAG, | 778 | .type = OPTION_FLAG, | 
| 779 | .opt.flag = &s_server_config.no_cache, | 779 | .opt.flag = &cfg.no_cache, | 
| 780 | }, | 780 | }, | 
| 781 | { | 781 | { | 
| 782 | .name = "no_comp", | 782 | .name = "no_comp", | 
| 783 | .desc = "Disable SSL/TLS compression", | 783 | .desc = "Disable SSL/TLS compression", | 
| 784 | .type = OPTION_VALUE_OR, | 784 | .type = OPTION_VALUE_OR, | 
| 785 | .opt.value = &s_server_config.off, | 785 | .opt.value = &cfg.off, | 
| 786 | .value = SSL_OP_NO_COMPRESSION, | 786 | .value = SSL_OP_NO_COMPRESSION, | 
| 787 | }, | 787 | }, | 
| 788 | { | 788 | { | 
| 789 | .name = "no_dhe", | 789 | .name = "no_dhe", | 
| 790 | .desc = "Disable ephemeral DH", | 790 | .desc = "Disable ephemeral DH", | 
| 791 | .type = OPTION_FLAG, | 791 | .type = OPTION_FLAG, | 
| 792 | .opt.flag = &s_server_config.no_dhe, | 792 | .opt.flag = &cfg.no_dhe, | 
| 793 | }, | 793 | }, | 
| 794 | { | 794 | { | 
| 795 | .name = "no_ecdhe", | 795 | .name = "no_ecdhe", | 
| 796 | .desc = "Disable ephemeral ECDH", | 796 | .desc = "Disable ephemeral ECDH", | 
| 797 | .type = OPTION_FLAG, | 797 | .type = OPTION_FLAG, | 
| 798 | .opt.flag = &s_server_config.no_ecdhe, | 798 | .opt.flag = &cfg.no_ecdhe, | 
| 799 | }, | 799 | }, | 
| 800 | { | 800 | { | 
| 801 | .name = "no_ticket", | 801 | .name = "no_ticket", | 
| 802 | .desc = "Disable use of RFC4507bis session tickets", | 802 | .desc = "Disable use of RFC4507bis session tickets", | 
| 803 | .type = OPTION_VALUE_OR, | 803 | .type = OPTION_VALUE_OR, | 
| 804 | .opt.value = &s_server_config.off, | 804 | .opt.value = &cfg.off, | 
| 805 | .value = SSL_OP_NO_TICKET, | 805 | .value = SSL_OP_NO_TICKET, | 
| 806 | }, | 806 | }, | 
| 807 | { | 807 | { | 
| 808 | .name = "no_ssl2", | 808 | .name = "no_ssl2", | 
| 809 | .type = OPTION_VALUE_OR, | 809 | .type = OPTION_VALUE_OR, | 
| 810 | .opt.value = &s_server_config.off, | 810 | .opt.value = &cfg.off, | 
| 811 | .value = SSL_OP_NO_SSLv2, | 811 | .value = SSL_OP_NO_SSLv2, | 
| 812 | }, | 812 | }, | 
| 813 | { | 813 | { | 
| 814 | .name = "no_ssl3", | 814 | .name = "no_ssl3", | 
| 815 | .type = OPTION_VALUE_OR, | 815 | .type = OPTION_VALUE_OR, | 
| 816 | .opt.value = &s_server_config.off, | 816 | .opt.value = &cfg.off, | 
| 817 | .value = SSL_OP_NO_SSLv3, | 817 | .value = SSL_OP_NO_SSLv3, | 
| 818 | }, | 818 | }, | 
| 819 | { | 819 | { | 
| 820 | .name = "no_tls1", | 820 | .name = "no_tls1", | 
| 821 | .desc = "Just disable TLSv1", | 821 | .desc = "Just disable TLSv1", | 
| 822 | .type = OPTION_VALUE_OR, | 822 | .type = OPTION_VALUE_OR, | 
| 823 | .opt.value = &s_server_config.off, | 823 | .opt.value = &cfg.off, | 
| 824 | .value = SSL_OP_NO_TLSv1, | 824 | .value = SSL_OP_NO_TLSv1, | 
| 825 | }, | 825 | }, | 
| 826 | { | 826 | { | 
| 827 | .name = "no_tls1_1", | 827 | .name = "no_tls1_1", | 
| 828 | .desc = "Just disable TLSv1.1", | 828 | .desc = "Just disable TLSv1.1", | 
| 829 | .type = OPTION_VALUE_OR, | 829 | .type = OPTION_VALUE_OR, | 
| 830 | .opt.value = &s_server_config.off, | 830 | .opt.value = &cfg.off, | 
| 831 | .value = SSL_OP_NO_TLSv1_1, | 831 | .value = SSL_OP_NO_TLSv1_1, | 
| 832 | }, | 832 | }, | 
| 833 | { | 833 | { | 
| 834 | .name = "no_tls1_2", | 834 | .name = "no_tls1_2", | 
| 835 | .desc = "Just disable TLSv1.2", | 835 | .desc = "Just disable TLSv1.2", | 
| 836 | .type = OPTION_VALUE_OR, | 836 | .type = OPTION_VALUE_OR, | 
| 837 | .opt.value = &s_server_config.off, | 837 | .opt.value = &cfg.off, | 
| 838 | .value = SSL_OP_NO_TLSv1_2, | 838 | .value = SSL_OP_NO_TLSv1_2, | 
| 839 | }, | 839 | }, | 
| 840 | { | 840 | { | 
| 841 | .name = "no_tls1_3", | 841 | .name = "no_tls1_3", | 
| 842 | .desc = "Just disable TLSv1.3", | 842 | .desc = "Just disable TLSv1.3", | 
| 843 | .type = OPTION_VALUE_OR, | 843 | .type = OPTION_VALUE_OR, | 
| 844 | .opt.value = &s_server_config.off, | 844 | .opt.value = &cfg.off, | 
| 845 | .value = SSL_OP_NO_TLSv1_3, | 845 | .value = SSL_OP_NO_TLSv1_3, | 
| 846 | }, | 846 | }, | 
| 847 | { | 847 | { | 
| @@ -852,14 +852,14 @@ static const struct option s_server_options[] = { | |||
| 852 | .name = "nocert", | 852 | .name = "nocert", | 
| 853 | .desc = "Don't use any certificates (Anon-DH)", | 853 | .desc = "Don't use any certificates (Anon-DH)", | 
| 854 | .type = OPTION_FLAG, | 854 | .type = OPTION_FLAG, | 
| 855 | .opt.flag = &s_server_config.nocert, | 855 | .opt.flag = &cfg.nocert, | 
| 856 | }, | 856 | }, | 
| 857 | { | 857 | { | 
| 858 | .name = "pass", | 858 | .name = "pass", | 
| 859 | .argname = "arg", | 859 | .argname = "arg", | 
| 860 | .desc = "Private key file pass phrase source", | 860 | .desc = "Private key file pass phrase source", | 
| 861 | .type = OPTION_ARG, | 861 | .type = OPTION_ARG, | 
| 862 | .opt.arg = &s_server_config.passarg, | 862 | .opt.arg = &cfg.passarg, | 
| 863 | }, | 863 | }, | 
| 864 | { | 864 | { | 
| 865 | .name = "port", | 865 | .name = "port", | 
| @@ -871,40 +871,40 @@ static const struct option s_server_options[] = { | |||
| 871 | .name = "quiet", | 871 | .name = "quiet", | 
| 872 | .desc = "Inhibit printing of session and certificate information", | 872 | .desc = "Inhibit printing of session and certificate information", | 
| 873 | .type = OPTION_FLAG, | 873 | .type = OPTION_FLAG, | 
| 874 | .opt.flag = &s_server_config.quiet, | 874 | .opt.flag = &cfg.quiet, | 
| 875 | }, | 875 | }, | 
| 876 | { | 876 | { | 
| 877 | .name = "servername", | 877 | .name = "servername", | 
| 878 | .argname = "name", | 878 | .argname = "name", | 
| 879 | .desc = "Servername for HostName TLS extension", | 879 | .desc = "Servername for HostName TLS extension", | 
| 880 | .type = OPTION_ARG, | 880 | .type = OPTION_ARG, | 
| 881 | .opt.arg = &s_server_config.tlsextcbp.servername, | 881 | .opt.arg = &cfg.tlsextcbp.servername, | 
| 882 | }, | 882 | }, | 
| 883 | { | 883 | { | 
| 884 | .name = "servername_fatal", | 884 | .name = "servername_fatal", | 
| 885 | .desc = "On mismatch send fatal alert (default warning alert)", | 885 | .desc = "On mismatch send fatal alert (default warning alert)", | 
| 886 | .type = OPTION_VALUE, | 886 | .type = OPTION_VALUE, | 
| 887 | .opt.value = &s_server_config.tlsextcbp.extension_error, | 887 | .opt.value = &cfg.tlsextcbp.extension_error, | 
| 888 | .value = SSL_TLSEXT_ERR_ALERT_FATAL, | 888 | .value = SSL_TLSEXT_ERR_ALERT_FATAL, | 
| 889 | }, | 889 | }, | 
| 890 | { | 890 | { | 
| 891 | .name = "serverpref", | 891 | .name = "serverpref", | 
| 892 | .desc = "Use server's cipher preferences", | 892 | .desc = "Use server's cipher preferences", | 
| 893 | .type = OPTION_VALUE_OR, | 893 | .type = OPTION_VALUE_OR, | 
| 894 | .opt.value = &s_server_config.off, | 894 | .opt.value = &cfg.off, | 
| 895 | .value = SSL_OP_CIPHER_SERVER_PREFERENCE, | 895 | .value = SSL_OP_CIPHER_SERVER_PREFERENCE, | 
| 896 | }, | 896 | }, | 
| 897 | { | 897 | { | 
| 898 | .name = "state", | 898 | .name = "state", | 
| 899 | .desc = "Print the SSL states", | 899 | .desc = "Print the SSL states", | 
| 900 | .type = OPTION_FLAG, | 900 | .type = OPTION_FLAG, | 
| 901 | .opt.flag = &s_server_config.state, | 901 | .opt.flag = &cfg.state, | 
| 902 | }, | 902 | }, | 
| 903 | { | 903 | { | 
| 904 | .name = "status", | 904 | .name = "status", | 
| 905 | .desc = "Respond to certificate status requests", | 905 | .desc = "Respond to certificate status requests", | 
| 906 | .type = OPTION_FLAG, | 906 | .type = OPTION_FLAG, | 
| 907 | .opt.flag = &s_server_config.tlsextstatus, | 907 | .opt.flag = &cfg.tlsextstatus, | 
| 908 | }, | 908 | }, | 
| 909 | { | 909 | { | 
| 910 | .name = "status_timeout", | 910 | .name = "status_timeout", | 
| @@ -931,7 +931,7 @@ static const struct option s_server_options[] = { | |||
| 931 | .name = "timeout", | 931 | .name = "timeout", | 
| 932 | .desc = "Enable timeouts", | 932 | .desc = "Enable timeouts", | 
| 933 | .type = OPTION_FLAG, | 933 | .type = OPTION_FLAG, | 
| 934 | .opt.flag = &s_server_config.enable_timeouts, | 934 | .opt.flag = &cfg.enable_timeouts, | 
| 935 | }, | 935 | }, | 
| 936 | #endif | 936 | #endif | 
| 937 | { | 937 | { | 
| @@ -962,7 +962,7 @@ static const struct option s_server_options[] = { | |||
| 962 | .name = "tlsextdebug", | 962 | .name = "tlsextdebug", | 
| 963 | .desc = "Hex dump of all TLS extensions received", | 963 | .desc = "Hex dump of all TLS extensions received", | 
| 964 | .type = OPTION_FLAG, | 964 | .type = OPTION_FLAG, | 
| 965 | .opt.flag = &s_server_config.tlsextdebug, | 965 | .opt.flag = &cfg.tlsextdebug, | 
| 966 | }, | 966 | }, | 
| 967 | #ifndef OPENSSL_NO_SRTP | 967 | #ifndef OPENSSL_NO_SRTP | 
| 968 | { | 968 | { | 
| @@ -970,7 +970,7 @@ static const struct option s_server_options[] = { | |||
| 970 | .argname = "profiles", | 970 | .argname = "profiles", | 
| 971 | .desc = "Offer SRTP key management with a colon-separated profile list", | 971 | .desc = "Offer SRTP key management with a colon-separated profile list", | 
| 972 | .type = OPTION_ARG, | 972 | .type = OPTION_ARG, | 
| 973 | .opt.arg = &s_server_config.srtp_profiles, | 973 | .opt.arg = &cfg.srtp_profiles, | 
| 974 | }, | 974 | }, | 
| 975 | #endif | 975 | #endif | 
| 976 | { | 976 | { | 
| @@ -997,14 +997,14 @@ static const struct option s_server_options[] = { | |||
| 997 | .name = "WWW", | 997 | .name = "WWW", | 
| 998 | .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", | 998 | .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", | 
| 999 | .type = OPTION_VALUE, | 999 | .type = OPTION_VALUE, | 
| 1000 | .opt.value = &s_server_config.www, | 1000 | .opt.value = &cfg.www, | 
| 1001 | .value = 2, | 1001 | .value = 2, | 
| 1002 | }, | 1002 | }, | 
| 1003 | { | 1003 | { | 
| 1004 | .name = "www", | 1004 | .name = "www", | 
| 1005 | .desc = "Respond to a 'GET /' with a status page", | 1005 | .desc = "Respond to a 'GET /' with a status page", | 
| 1006 | .type = OPTION_VALUE, | 1006 | .type = OPTION_VALUE, | 
| 1007 | .opt.value = &s_server_config.www, | 1007 | .opt.value = &cfg.www, | 
| 1008 | .value = 1, | 1008 | .value = 1, | 
| 1009 | }, | 1009 | }, | 
| 1010 | { | 1010 | { | 
| @@ -1020,24 +1020,24 @@ static void | |||
| 1020 | s_server_init(void) | 1020 | s_server_init(void) | 
| 1021 | { | 1021 | { | 
| 1022 | accept_socket = -1; | 1022 | accept_socket = -1; | 
| 1023 | s_server_config.cipher = NULL; | 1023 | cfg.cipher = NULL; | 
| 1024 | s_server_config.server_verify = SSL_VERIFY_NONE; | 1024 | cfg.server_verify = SSL_VERIFY_NONE; | 
| 1025 | s_server_config.dcert_file = NULL; | 1025 | cfg.dcert_file = NULL; | 
| 1026 | s_server_config.dkey_file = NULL; | 1026 | cfg.dkey_file = NULL; | 
| 1027 | s_server_config.cert_file = TEST_CERT; | 1027 | cfg.cert_file = TEST_CERT; | 
| 1028 | s_server_config.key_file = NULL; | 1028 | cfg.key_file = NULL; | 
| 1029 | s_server_config.cert_file2 = TEST_CERT2; | 1029 | cfg.cert_file2 = TEST_CERT2; | 
| 1030 | s_server_config.key_file2 = NULL; | 1030 | cfg.key_file2 = NULL; | 
| 1031 | ctx2 = NULL; | 1031 | ctx2 = NULL; | 
| 1032 | s_server_config.nbio = 0; | 1032 | cfg.nbio = 0; | 
| 1033 | s_server_config.nbio_test = 0; | 1033 | cfg.nbio_test = 0; | 
| 1034 | ctx = NULL; | 1034 | ctx = NULL; | 
| 1035 | s_server_config.www = 0; | 1035 | cfg.www = 0; | 
| 1036 | 1036 | ||
| 1037 | bio_s_out = NULL; | 1037 | bio_s_out = NULL; | 
| 1038 | s_server_config.debug = 0; | 1038 | cfg.debug = 0; | 
| 1039 | s_server_config.msg = 0; | 1039 | cfg.msg = 0; | 
| 1040 | s_server_config.quiet = 0; | 1040 | cfg.quiet = 0; | 
| 1041 | } | 1041 | } | 
| 1042 | 1042 | ||
| 1043 | static void | 1043 | static void | 
| @@ -1086,21 +1086,21 @@ s_server_main(int argc, char *argv[]) | |||
| 1086 | exit(1); | 1086 | exit(1); | 
| 1087 | } | 1087 | } | 
| 1088 | 1088 | ||
| 1089 | memset(&s_server_config, 0, sizeof(s_server_config)); | 1089 | memset(&cfg, 0, sizeof(cfg)); | 
| 1090 | s_server_config.keymatexportlen = 20; | 1090 | cfg.keymatexportlen = 20; | 
| 1091 | s_server_config.meth = TLS_server_method(); | 1091 | cfg.meth = TLS_server_method(); | 
| 1092 | s_server_config.naccept = -1; | 1092 | cfg.naccept = -1; | 
| 1093 | s_server_config.port = PORT; | 1093 | cfg.port = PORT; | 
| 1094 | s_server_config.cert_file = TEST_CERT; | 1094 | cfg.cert_file = TEST_CERT; | 
| 1095 | s_server_config.cert_file2 = TEST_CERT2; | 1095 | cfg.cert_file2 = TEST_CERT2; | 
| 1096 | s_server_config.cert_format = FORMAT_PEM; | 1096 | cfg.cert_format = FORMAT_PEM; | 
| 1097 | s_server_config.dcert_format = FORMAT_PEM; | 1097 | cfg.dcert_format = FORMAT_PEM; | 
| 1098 | s_server_config.dkey_format = FORMAT_PEM; | 1098 | cfg.dkey_format = FORMAT_PEM; | 
| 1099 | s_server_config.key_format = FORMAT_PEM; | 1099 | cfg.key_format = FORMAT_PEM; | 
| 1100 | s_server_config.server_verify = SSL_VERIFY_NONE; | 1100 | cfg.server_verify = SSL_VERIFY_NONE; | 
| 1101 | s_server_config.socket_type = SOCK_STREAM; | 1101 | cfg.socket_type = SOCK_STREAM; | 
| 1102 | s_server_config.tlscstatp.timeout = -1; | 1102 | cfg.tlscstatp.timeout = -1; | 
| 1103 | s_server_config.tlsextcbp.extension_error = | 1103 | cfg.tlsextcbp.extension_error = | 
| 1104 | SSL_TLSEXT_ERR_ALERT_WARNING; | 1104 | SSL_TLSEXT_ERR_ALERT_WARNING; | 
| 1105 | 1105 | ||
| 1106 | local_argc = argc; | 1106 | local_argc = argc; | 
| @@ -1111,47 +1111,47 @@ s_server_main(int argc, char *argv[]) | |||
| 1111 | verify_depth = 0; | 1111 | verify_depth = 0; | 
| 1112 | 1112 | ||
| 1113 | if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) { | 1113 | if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) { | 
| 1114 | if (s_server_config.errstr == NULL) | 1114 | if (cfg.errstr == NULL) | 
| 1115 | sv_usage(); | 1115 | sv_usage(); | 
| 1116 | goto end; | 1116 | goto end; | 
| 1117 | } | 1117 | } | 
| 1118 | 1118 | ||
| 1119 | if (!app_passwd(bio_err, s_server_config.passarg, | 1119 | if (!app_passwd(bio_err, cfg.passarg, | 
| 1120 | s_server_config.dpassarg, &pass, &dpass)) { | 1120 | cfg.dpassarg, &pass, &dpass)) { | 
| 1121 | BIO_printf(bio_err, "Error getting password\n"); | 1121 | BIO_printf(bio_err, "Error getting password\n"); | 
| 1122 | goto end; | 1122 | goto end; | 
| 1123 | } | 1123 | } | 
| 1124 | if (s_server_config.key_file == NULL) | 1124 | if (cfg.key_file == NULL) | 
| 1125 | s_server_config.key_file = s_server_config.cert_file; | 1125 | cfg.key_file = cfg.cert_file; | 
| 1126 | if (s_server_config.key_file2 == NULL) | 1126 | if (cfg.key_file2 == NULL) | 
| 1127 | s_server_config.key_file2 = s_server_config.cert_file2; | 1127 | cfg.key_file2 = cfg.cert_file2; | 
| 1128 | 1128 | ||
| 1129 | if (s_server_config.nocert == 0) { | 1129 | if (cfg.nocert == 0) { | 
| 1130 | s_key = load_key(bio_err, s_server_config.key_file, | 1130 | s_key = load_key(bio_err, cfg.key_file, | 
| 1131 | s_server_config.key_format, 0, pass, | 1131 | cfg.key_format, 0, pass, | 
| 1132 | "server certificate private key file"); | 1132 | "server certificate private key file"); | 
| 1133 | if (!s_key) { | 1133 | if (!s_key) { | 
| 1134 | ERR_print_errors(bio_err); | 1134 | ERR_print_errors(bio_err); | 
| 1135 | goto end; | 1135 | goto end; | 
| 1136 | } | 1136 | } | 
| 1137 | s_cert = load_cert(bio_err, s_server_config.cert_file, | 1137 | s_cert = load_cert(bio_err, cfg.cert_file, | 
| 1138 | s_server_config.cert_format, | 1138 | cfg.cert_format, | 
| 1139 | NULL, "server certificate file"); | 1139 | NULL, "server certificate file"); | 
| 1140 | 1140 | ||
| 1141 | if (!s_cert) { | 1141 | if (!s_cert) { | 
| 1142 | ERR_print_errors(bio_err); | 1142 | ERR_print_errors(bio_err); | 
| 1143 | goto end; | 1143 | goto end; | 
| 1144 | } | 1144 | } | 
| 1145 | if (s_server_config.tlsextcbp.servername) { | 1145 | if (cfg.tlsextcbp.servername) { | 
| 1146 | s_key2 = load_key(bio_err, s_server_config.key_file2, | 1146 | s_key2 = load_key(bio_err, cfg.key_file2, | 
| 1147 | s_server_config.key_format, 0, pass, | 1147 | cfg.key_format, 0, pass, | 
| 1148 | "second server certificate private key file"); | 1148 | "second server certificate private key file"); | 
| 1149 | if (!s_key2) { | 1149 | if (!s_key2) { | 
| 1150 | ERR_print_errors(bio_err); | 1150 | ERR_print_errors(bio_err); | 
| 1151 | goto end; | 1151 | goto end; | 
| 1152 | } | 1152 | } | 
| 1153 | s_cert2 = load_cert(bio_err, s_server_config.cert_file2, | 1153 | s_cert2 = load_cert(bio_err, cfg.cert_file2, | 
| 1154 | s_server_config.cert_format, | 1154 | cfg.cert_format, | 
| 1155 | NULL, "second server certificate file"); | 1155 | NULL, "second server certificate file"); | 
| 1156 | 1156 | ||
| 1157 | if (!s_cert2) { | 1157 | if (!s_cert2) { | 
| @@ -1161,29 +1161,29 @@ s_server_main(int argc, char *argv[]) | |||
| 1161 | } | 1161 | } | 
| 1162 | } | 1162 | } | 
| 1163 | alpn_ctx.data = NULL; | 1163 | alpn_ctx.data = NULL; | 
| 1164 | if (s_server_config.alpn_in) { | 1164 | if (cfg.alpn_in) { | 
| 1165 | unsigned short len; | 1165 | unsigned short len; | 
| 1166 | alpn_ctx.data = next_protos_parse(&len, | 1166 | alpn_ctx.data = next_protos_parse(&len, | 
| 1167 | s_server_config.alpn_in); | 1167 | cfg.alpn_in); | 
| 1168 | if (alpn_ctx.data == NULL) | 1168 | if (alpn_ctx.data == NULL) | 
| 1169 | goto end; | 1169 | goto end; | 
| 1170 | alpn_ctx.len = len; | 1170 | alpn_ctx.len = len; | 
| 1171 | } | 1171 | } | 
| 1172 | 1172 | ||
| 1173 | if (s_server_config.dcert_file) { | 1173 | if (cfg.dcert_file) { | 
| 1174 | 1174 | ||
| 1175 | if (s_server_config.dkey_file == NULL) | 1175 | if (cfg.dkey_file == NULL) | 
| 1176 | s_server_config.dkey_file = s_server_config.dcert_file; | 1176 | cfg.dkey_file = cfg.dcert_file; | 
| 1177 | 1177 | ||
| 1178 | s_dkey = load_key(bio_err, s_server_config.dkey_file, | 1178 | s_dkey = load_key(bio_err, cfg.dkey_file, | 
| 1179 | s_server_config.dkey_format, | 1179 | cfg.dkey_format, | 
| 1180 | 0, dpass, "second certificate private key file"); | 1180 | 0, dpass, "second certificate private key file"); | 
| 1181 | if (!s_dkey) { | 1181 | if (!s_dkey) { | 
| 1182 | ERR_print_errors(bio_err); | 1182 | ERR_print_errors(bio_err); | 
| 1183 | goto end; | 1183 | goto end; | 
| 1184 | } | 1184 | } | 
| 1185 | s_dcert = load_cert(bio_err, s_server_config.dcert_file, | 1185 | s_dcert = load_cert(bio_err, cfg.dcert_file, | 
| 1186 | s_server_config.dcert_format, | 1186 | cfg.dcert_format, | 
| 1187 | NULL, "second server certificate file"); | 1187 | NULL, "second server certificate file"); | 
| 1188 | 1188 | ||
| 1189 | if (!s_dcert) { | 1189 | if (!s_dcert) { | 
| @@ -1192,23 +1192,23 @@ s_server_main(int argc, char *argv[]) | |||
| 1192 | } | 1192 | } | 
| 1193 | } | 1193 | } | 
| 1194 | if (bio_s_out == NULL) { | 1194 | if (bio_s_out == NULL) { | 
| 1195 | if (s_server_config.quiet && !s_server_config.debug && | 1195 | if (cfg.quiet && !cfg.debug && | 
| 1196 | !s_server_config.msg) { | 1196 | !cfg.msg) { | 
| 1197 | bio_s_out = BIO_new(BIO_s_null()); | 1197 | bio_s_out = BIO_new(BIO_s_null()); | 
| 1198 | } else { | 1198 | } else { | 
| 1199 | if (bio_s_out == NULL) | 1199 | if (bio_s_out == NULL) | 
| 1200 | bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE); | 1200 | bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 1201 | } | 1201 | } | 
| 1202 | } | 1202 | } | 
| 1203 | if (s_server_config.nocert) { | 1203 | if (cfg.nocert) { | 
| 1204 | s_server_config.cert_file = NULL; | 1204 | cfg.cert_file = NULL; | 
| 1205 | s_server_config.key_file = NULL; | 1205 | cfg.key_file = NULL; | 
| 1206 | s_server_config.dcert_file = NULL; | 1206 | cfg.dcert_file = NULL; | 
| 1207 | s_server_config.dkey_file = NULL; | 1207 | cfg.dkey_file = NULL; | 
| 1208 | s_server_config.cert_file2 = NULL; | 1208 | cfg.cert_file2 = NULL; | 
| 1209 | s_server_config.key_file2 = NULL; | 1209 | cfg.key_file2 = NULL; | 
| 1210 | } | 1210 | } | 
| 1211 | ctx = SSL_CTX_new(s_server_config.meth); | 1211 | ctx = SSL_CTX_new(cfg.meth); | 
| 1212 | if (ctx == NULL) { | 1212 | if (ctx == NULL) { | 
| 1213 | ERR_print_errors(bio_err); | 1213 | ERR_print_errors(bio_err); | 
| 1214 | goto end; | 1214 | goto end; | 
| @@ -1216,16 +1216,16 @@ s_server_main(int argc, char *argv[]) | |||
| 1216 | 1216 | ||
| 1217 | SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); | 1217 | SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); | 
| 1218 | 1218 | ||
| 1219 | if (!SSL_CTX_set_min_proto_version(ctx, s_server_config.min_version)) | 1219 | if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version)) | 
| 1220 | goto end; | 1220 | goto end; | 
| 1221 | if (!SSL_CTX_set_max_proto_version(ctx, s_server_config.max_version)) | 1221 | if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version)) | 
| 1222 | goto end; | 1222 | goto end; | 
| 1223 | 1223 | ||
| 1224 | if (s_server_config.session_id_prefix) { | 1224 | if (cfg.session_id_prefix) { | 
| 1225 | if (strlen(s_server_config.session_id_prefix) >= 32) | 1225 | if (strlen(cfg.session_id_prefix) >= 32) | 
| 1226 | BIO_printf(bio_err, | 1226 | BIO_printf(bio_err, | 
| 1227 | "warning: id_prefix is too long, only one new session will be possible\n"); | 1227 | "warning: id_prefix is too long, only one new session will be possible\n"); | 
| 1228 | else if (strlen(s_server_config.session_id_prefix) >= 16) | 1228 | else if (strlen(cfg.session_id_prefix) >= 16) | 
| 1229 | BIO_printf(bio_err, | 1229 | BIO_printf(bio_err, | 
| 1230 | "warning: id_prefix is too long if you use SSLv2\n"); | 1230 | "warning: id_prefix is too long if you use SSLv2\n"); | 
| 1231 | if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { | 1231 | if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { | 
| @@ -1234,58 +1234,58 @@ s_server_main(int argc, char *argv[]) | |||
| 1234 | goto end; | 1234 | goto end; | 
| 1235 | } | 1235 | } | 
| 1236 | BIO_printf(bio_err, "id_prefix '%s' set.\n", | 1236 | BIO_printf(bio_err, "id_prefix '%s' set.\n", | 
| 1237 | s_server_config.session_id_prefix); | 1237 | cfg.session_id_prefix); | 
| 1238 | } | 1238 | } | 
| 1239 | SSL_CTX_set_quiet_shutdown(ctx, 1); | 1239 | SSL_CTX_set_quiet_shutdown(ctx, 1); | 
| 1240 | if (s_server_config.bugs) | 1240 | if (cfg.bugs) | 
| 1241 | SSL_CTX_set_options(ctx, SSL_OP_ALL); | 1241 | SSL_CTX_set_options(ctx, SSL_OP_ALL); | 
| 1242 | SSL_CTX_set_options(ctx, s_server_config.off); | 1242 | SSL_CTX_set_options(ctx, cfg.off); | 
| 1243 | 1243 | ||
| 1244 | if (s_server_config.state) | 1244 | if (cfg.state) | 
| 1245 | SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); | 1245 | SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); | 
| 1246 | if (s_server_config.no_cache) | 1246 | if (cfg.no_cache) | 
| 1247 | SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); | 1247 | SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); | 
| 1248 | else | 1248 | else | 
| 1249 | SSL_CTX_sess_set_cache_size(ctx, 128); | 1249 | SSL_CTX_sess_set_cache_size(ctx, 128); | 
| 1250 | 1250 | ||
| 1251 | #ifndef OPENSSL_NO_SRTP | 1251 | #ifndef OPENSSL_NO_SRTP | 
| 1252 | if (s_server_config.srtp_profiles != NULL) | 1252 | if (cfg.srtp_profiles != NULL) | 
| 1253 | SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); | 1253 | SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles); | 
| 1254 | #endif | 1254 | #endif | 
| 1255 | 1255 | ||
| 1256 | if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, | 1256 | if ((!SSL_CTX_load_verify_locations(ctx, cfg.CAfile, | 
| 1257 | s_server_config.CApath)) || | 1257 | cfg.CApath)) || | 
| 1258 | (!SSL_CTX_set_default_verify_paths(ctx))) { | 1258 | (!SSL_CTX_set_default_verify_paths(ctx))) { | 
| 1259 | /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ | 1259 | /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ | 
| 1260 | ERR_print_errors(bio_err); | 1260 | ERR_print_errors(bio_err); | 
| 1261 | /* goto end; */ | 1261 | /* goto end; */ | 
| 1262 | } | 1262 | } | 
| 1263 | if (s_server_config.vpm) | 1263 | if (cfg.vpm) | 
| 1264 | SSL_CTX_set1_param(ctx, s_server_config.vpm); | 1264 | SSL_CTX_set1_param(ctx, cfg.vpm); | 
| 1265 | 1265 | ||
| 1266 | if (s_cert2) { | 1266 | if (s_cert2) { | 
| 1267 | ctx2 = SSL_CTX_new(s_server_config.meth); | 1267 | ctx2 = SSL_CTX_new(cfg.meth); | 
| 1268 | if (ctx2 == NULL) { | 1268 | if (ctx2 == NULL) { | 
| 1269 | ERR_print_errors(bio_err); | 1269 | ERR_print_errors(bio_err); | 
| 1270 | goto end; | 1270 | goto end; | 
| 1271 | } | 1271 | } | 
| 1272 | 1272 | ||
| 1273 | if (!SSL_CTX_set_min_proto_version(ctx2, | 1273 | if (!SSL_CTX_set_min_proto_version(ctx2, | 
| 1274 | s_server_config.min_version)) | 1274 | cfg.min_version)) | 
| 1275 | goto end; | 1275 | goto end; | 
| 1276 | if (!SSL_CTX_set_max_proto_version(ctx2, | 1276 | if (!SSL_CTX_set_max_proto_version(ctx2, | 
| 1277 | s_server_config.max_version)) | 1277 | cfg.max_version)) | 
| 1278 | goto end; | 1278 | goto end; | 
| 1279 | SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); | 1279 | SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); | 
| 1280 | } | 1280 | } | 
| 1281 | if (ctx2) { | 1281 | if (ctx2) { | 
| 1282 | BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); | 1282 | BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); | 
| 1283 | 1283 | ||
| 1284 | if (s_server_config.session_id_prefix) { | 1284 | if (cfg.session_id_prefix) { | 
| 1285 | if (strlen(s_server_config.session_id_prefix) >= 32) | 1285 | if (strlen(cfg.session_id_prefix) >= 32) | 
| 1286 | BIO_printf(bio_err, | 1286 | BIO_printf(bio_err, | 
| 1287 | "warning: id_prefix is too long, only one new session will be possible\n"); | 1287 | "warning: id_prefix is too long, only one new session will be possible\n"); | 
| 1288 | else if (strlen(s_server_config.session_id_prefix) >= 16) | 1288 | else if (strlen(cfg.session_id_prefix) >= 16) | 
| 1289 | BIO_printf(bio_err, | 1289 | BIO_printf(bio_err, | 
| 1290 | "warning: id_prefix is too long if you use SSLv2\n"); | 1290 | "warning: id_prefix is too long if you use SSLv2\n"); | 
| 1291 | if (!SSL_CTX_set_generate_session_id(ctx2, | 1291 | if (!SSL_CTX_set_generate_session_id(ctx2, | 
| @@ -1296,48 +1296,48 @@ s_server_main(int argc, char *argv[]) | |||
| 1296 | goto end; | 1296 | goto end; | 
| 1297 | } | 1297 | } | 
| 1298 | BIO_printf(bio_err, "id_prefix '%s' set.\n", | 1298 | BIO_printf(bio_err, "id_prefix '%s' set.\n", | 
| 1299 | s_server_config.session_id_prefix); | 1299 | cfg.session_id_prefix); | 
| 1300 | } | 1300 | } | 
| 1301 | SSL_CTX_set_quiet_shutdown(ctx2, 1); | 1301 | SSL_CTX_set_quiet_shutdown(ctx2, 1); | 
| 1302 | if (s_server_config.bugs) | 1302 | if (cfg.bugs) | 
| 1303 | SSL_CTX_set_options(ctx2, SSL_OP_ALL); | 1303 | SSL_CTX_set_options(ctx2, SSL_OP_ALL); | 
| 1304 | SSL_CTX_set_options(ctx2, s_server_config.off); | 1304 | SSL_CTX_set_options(ctx2, cfg.off); | 
| 1305 | 1305 | ||
| 1306 | if (s_server_config.state) | 1306 | if (cfg.state) | 
| 1307 | SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); | 1307 | SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); | 
| 1308 | 1308 | ||
| 1309 | if (s_server_config.no_cache) | 1309 | if (cfg.no_cache) | 
| 1310 | SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); | 1310 | SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); | 
| 1311 | else | 1311 | else | 
| 1312 | SSL_CTX_sess_set_cache_size(ctx2, 128); | 1312 | SSL_CTX_sess_set_cache_size(ctx2, 128); | 
| 1313 | 1313 | ||
| 1314 | if ((!SSL_CTX_load_verify_locations(ctx2, | 1314 | if ((!SSL_CTX_load_verify_locations(ctx2, | 
| 1315 | s_server_config.CAfile, s_server_config.CApath)) || | 1315 | cfg.CAfile, cfg.CApath)) || | 
| 1316 | (!SSL_CTX_set_default_verify_paths(ctx2))) { | 1316 | (!SSL_CTX_set_default_verify_paths(ctx2))) { | 
| 1317 | ERR_print_errors(bio_err); | 1317 | ERR_print_errors(bio_err); | 
| 1318 | } | 1318 | } | 
| 1319 | if (s_server_config.vpm) | 1319 | if (cfg.vpm) | 
| 1320 | SSL_CTX_set1_param(ctx2, s_server_config.vpm); | 1320 | SSL_CTX_set1_param(ctx2, cfg.vpm); | 
| 1321 | } | 1321 | } | 
| 1322 | if (alpn_ctx.data) | 1322 | if (alpn_ctx.data) | 
| 1323 | SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); | 1323 | SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); | 
| 1324 | 1324 | ||
| 1325 | if (s_server_config.groups_in != NULL) { | 1325 | if (cfg.groups_in != NULL) { | 
| 1326 | if (SSL_CTX_set1_groups_list(ctx, s_server_config.groups_in) != 1) { | 1326 | if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) { | 
| 1327 | BIO_printf(bio_err, "Failed to set groups '%s'\n", | 1327 | BIO_printf(bio_err, "Failed to set groups '%s'\n", | 
| 1328 | s_server_config.groups_in); | 1328 | cfg.groups_in); | 
| 1329 | goto end; | 1329 | goto end; | 
| 1330 | } | 1330 | } | 
| 1331 | } | 1331 | } | 
| 1332 | 1332 | ||
| 1333 | #ifndef OPENSSL_NO_DH | 1333 | #ifndef OPENSSL_NO_DH | 
| 1334 | if (!s_server_config.no_dhe) { | 1334 | if (!cfg.no_dhe) { | 
| 1335 | DH *dh = NULL; | 1335 | DH *dh = NULL; | 
| 1336 | 1336 | ||
| 1337 | if (s_server_config.dhfile) | 1337 | if (cfg.dhfile) | 
| 1338 | dh = load_dh_param(s_server_config.dhfile); | 1338 | dh = load_dh_param(cfg.dhfile); | 
| 1339 | else if (s_server_config.cert_file) | 1339 | else if (cfg.cert_file) | 
| 1340 | dh = load_dh_param(s_server_config.cert_file); | 1340 | dh = load_dh_param(cfg.cert_file); | 
| 1341 | 1341 | ||
| 1342 | if (dh != NULL) | 1342 | if (dh != NULL) | 
| 1343 | BIO_printf(bio_s_out, "Setting temp DH parameters\n"); | 1343 | BIO_printf(bio_s_out, "Setting temp DH parameters\n"); | 
| @@ -1356,12 +1356,12 @@ s_server_main(int argc, char *argv[]) | |||
| 1356 | } | 1356 | } | 
| 1357 | 1357 | ||
| 1358 | if (ctx2) { | 1358 | if (ctx2) { | 
| 1359 | if (!s_server_config.dhfile) { | 1359 | if (!cfg.dhfile) { | 
| 1360 | DH *dh2 = NULL; | 1360 | DH *dh2 = NULL; | 
| 1361 | 1361 | ||
| 1362 | if (s_server_config.cert_file2 != NULL) | 1362 | if (cfg.cert_file2 != NULL) | 
| 1363 | dh2 = load_dh_param( | 1363 | dh2 = load_dh_param( | 
| 1364 | s_server_config.cert_file2); | 1364 | cfg.cert_file2); | 
| 1365 | if (dh2 != NULL) { | 1365 | if (dh2 != NULL) { | 
| 1366 | BIO_printf(bio_s_out, | 1366 | BIO_printf(bio_s_out, | 
| 1367 | "Setting temp DH parameters\n"); | 1367 | "Setting temp DH parameters\n"); | 
| @@ -1385,18 +1385,18 @@ s_server_main(int argc, char *argv[]) | |||
| 1385 | } | 1385 | } | 
| 1386 | #endif | 1386 | #endif | 
| 1387 | 1387 | ||
| 1388 | if (!s_server_config.no_ecdhe && s_server_config.named_curve != NULL) { | 1388 | if (!cfg.no_ecdhe && cfg.named_curve != NULL) { | 
| 1389 | EC_KEY *ecdh = NULL; | 1389 | EC_KEY *ecdh = NULL; | 
| 1390 | int nid; | 1390 | int nid; | 
| 1391 | 1391 | ||
| 1392 | if ((nid = OBJ_sn2nid(s_server_config.named_curve)) == 0) { | 1392 | if ((nid = OBJ_sn2nid(cfg.named_curve)) == 0) { | 
| 1393 | BIO_printf(bio_err, "unknown curve name (%s)\n", | 1393 | BIO_printf(bio_err, "unknown curve name (%s)\n", | 
| 1394 | s_server_config.named_curve); | 1394 | cfg.named_curve); | 
| 1395 | goto end; | 1395 | goto end; | 
| 1396 | } | 1396 | } | 
| 1397 | if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) { | 1397 | if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) { | 
| 1398 | BIO_printf(bio_err, "unable to create curve (%s)\n", | 1398 | BIO_printf(bio_err, "unable to create curve (%s)\n", | 
| 1399 | s_server_config.named_curve); | 1399 | cfg.named_curve); | 
| 1400 | goto end; | 1400 | goto end; | 
| 1401 | } | 1401 | } | 
| 1402 | BIO_printf(bio_s_out, "Setting temp ECDH parameters\n"); | 1402 | BIO_printf(bio_s_out, "Setting temp ECDH parameters\n"); | 
| @@ -1417,20 +1417,20 @@ s_server_main(int argc, char *argv[]) | |||
| 1417 | goto end; | 1417 | goto end; | 
| 1418 | } | 1418 | } | 
| 1419 | 1419 | ||
| 1420 | if (s_server_config.cipher != NULL) { | 1420 | if (cfg.cipher != NULL) { | 
| 1421 | if (!SSL_CTX_set_cipher_list(ctx, s_server_config.cipher)) { | 1421 | if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) { | 
| 1422 | BIO_printf(bio_err, "error setting cipher list\n"); | 1422 | BIO_printf(bio_err, "error setting cipher list\n"); | 
| 1423 | ERR_print_errors(bio_err); | 1423 | ERR_print_errors(bio_err); | 
| 1424 | goto end; | 1424 | goto end; | 
| 1425 | } | 1425 | } | 
| 1426 | if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, | 1426 | if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, | 
| 1427 | s_server_config.cipher)) { | 1427 | cfg.cipher)) { | 
| 1428 | BIO_printf(bio_err, "error setting cipher list\n"); | 1428 | BIO_printf(bio_err, "error setting cipher list\n"); | 
| 1429 | ERR_print_errors(bio_err); | 1429 | ERR_print_errors(bio_err); | 
| 1430 | goto end; | 1430 | goto end; | 
| 1431 | } | 1431 | } | 
| 1432 | } | 1432 | } | 
| 1433 | SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); | 1433 | SSL_CTX_set_verify(ctx, cfg.server_verify, verify_callback); | 
| 1434 | SSL_CTX_set_session_id_context(ctx, | 1434 | SSL_CTX_set_session_id_context(ctx, | 
| 1435 | (void *) &s_server_session_id_context, | 1435 | (void *) &s_server_session_id_context, | 
| 1436 | sizeof s_server_session_id_context); | 1436 | sizeof s_server_session_id_context); | 
| @@ -1440,38 +1440,38 @@ s_server_main(int argc, char *argv[]) | |||
| 1440 | SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); | 1440 | SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); | 
| 1441 | 1441 | ||
| 1442 | if (ctx2) { | 1442 | if (ctx2) { | 
| 1443 | SSL_CTX_set_verify(ctx2, s_server_config.server_verify, | 1443 | SSL_CTX_set_verify(ctx2, cfg.server_verify, | 
| 1444 | verify_callback); | 1444 | verify_callback); | 
| 1445 | SSL_CTX_set_session_id_context(ctx2, | 1445 | SSL_CTX_set_session_id_context(ctx2, | 
| 1446 | (void *) &s_server_session_id_context, | 1446 | (void *) &s_server_session_id_context, | 
| 1447 | sizeof s_server_session_id_context); | 1447 | sizeof s_server_session_id_context); | 
| 1448 | 1448 | ||
| 1449 | s_server_config.tlsextcbp.biodebug = bio_s_out; | 1449 | cfg.tlsextcbp.biodebug = bio_s_out; | 
| 1450 | SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); | 1450 | SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); | 
| 1451 | SSL_CTX_set_tlsext_servername_arg(ctx2, | 1451 | SSL_CTX_set_tlsext_servername_arg(ctx2, | 
| 1452 | &s_server_config.tlsextcbp); | 1452 | &cfg.tlsextcbp); | 
| 1453 | SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | 1453 | SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | 
| 1454 | SSL_CTX_set_tlsext_servername_arg(ctx, | 1454 | SSL_CTX_set_tlsext_servername_arg(ctx, | 
| 1455 | &s_server_config.tlsextcbp); | 1455 | &cfg.tlsextcbp); | 
| 1456 | } | 1456 | } | 
| 1457 | 1457 | ||
| 1458 | if (s_server_config.CAfile != NULL) { | 1458 | if (cfg.CAfile != NULL) { | 
| 1459 | SSL_CTX_set_client_CA_list(ctx, | 1459 | SSL_CTX_set_client_CA_list(ctx, | 
| 1460 | SSL_load_client_CA_file(s_server_config.CAfile)); | 1460 | SSL_load_client_CA_file(cfg.CAfile)); | 
| 1461 | if (ctx2) | 1461 | if (ctx2) | 
| 1462 | SSL_CTX_set_client_CA_list(ctx2, | 1462 | SSL_CTX_set_client_CA_list(ctx2, | 
| 1463 | SSL_load_client_CA_file(s_server_config.CAfile)); | 1463 | SSL_load_client_CA_file(cfg.CAfile)); | 
| 1464 | } | 1464 | } | 
| 1465 | BIO_printf(bio_s_out, "ACCEPT\n"); | 1465 | BIO_printf(bio_s_out, "ACCEPT\n"); | 
| 1466 | (void) BIO_flush(bio_s_out); | 1466 | (void) BIO_flush(bio_s_out); | 
| 1467 | if (s_server_config.www) | 1467 | if (cfg.www) | 
| 1468 | do_server(s_server_config.port, s_server_config.socket_type, | 1468 | do_server(cfg.port, cfg.socket_type, | 
| 1469 | &accept_socket, www_body, s_server_config.context, | 1469 | &accept_socket, www_body, cfg.context, | 
| 1470 | s_server_config.naccept); | 1470 | cfg.naccept); | 
| 1471 | else | 1471 | else | 
| 1472 | do_server(s_server_config.port, s_server_config.socket_type, | 1472 | do_server(cfg.port, cfg.socket_type, | 
| 1473 | &accept_socket, sv_body, s_server_config.context, | 1473 | &accept_socket, sv_body, cfg.context, | 
| 1474 | s_server_config.naccept); | 1474 | cfg.naccept); | 
| 1475 | print_stats(bio_s_out, ctx); | 1475 | print_stats(bio_s_out, ctx); | 
| 1476 | ret = 0; | 1476 | ret = 0; | 
| 1477 | end: | 1477 | end: | 
| @@ -1482,10 +1482,10 @@ s_server_main(int argc, char *argv[]) | |||
| 1482 | EVP_PKEY_free(s_dkey); | 1482 | EVP_PKEY_free(s_dkey); | 
| 1483 | free(pass); | 1483 | free(pass); | 
| 1484 | free(dpass); | 1484 | free(dpass); | 
| 1485 | X509_VERIFY_PARAM_free(s_server_config.vpm); | 1485 | X509_VERIFY_PARAM_free(cfg.vpm); | 
| 1486 | free(s_server_config.tlscstatp.host); | 1486 | free(cfg.tlscstatp.host); | 
| 1487 | free(s_server_config.tlscstatp.port); | 1487 | free(cfg.tlscstatp.port); | 
| 1488 | free(s_server_config.tlscstatp.path); | 1488 | free(cfg.tlscstatp.path); | 
| 1489 | SSL_CTX_free(ctx2); | 1489 | SSL_CTX_free(ctx2); | 
| 1490 | X509_free(s_cert2); | 1490 | X509_free(s_cert2); | 
| 1491 | EVP_PKEY_free(s_key2); | 1491 | EVP_PKEY_free(s_key2); | 
| @@ -1543,8 +1543,8 @@ sv_body(int s, unsigned char *context) | |||
| 1543 | BIO_printf(bio_err, "out of memory\n"); | 1543 | BIO_printf(bio_err, "out of memory\n"); | 
| 1544 | goto err; | 1544 | goto err; | 
| 1545 | } | 1545 | } | 
| 1546 | if (s_server_config.nbio) { | 1546 | if (cfg.nbio) { | 
| 1547 | if (!s_server_config.quiet) | 1547 | if (!cfg.quiet) | 
| 1548 | BIO_printf(bio_err, "turning on non blocking io\n"); | 1548 | BIO_printf(bio_err, "turning on non blocking io\n"); | 
| 1549 | if (!BIO_socket_nbio(s, 1)) | 1549 | if (!BIO_socket_nbio(s, 1)) | 
| 1550 | ERR_print_errors(bio_err); | 1550 | ERR_print_errors(bio_err); | 
| @@ -1552,15 +1552,15 @@ sv_body(int s, unsigned char *context) | |||
| 1552 | 1552 | ||
| 1553 | if (con == NULL) { | 1553 | if (con == NULL) { | 
| 1554 | con = SSL_new(ctx); | 1554 | con = SSL_new(ctx); | 
| 1555 | if (s_server_config.tlsextdebug) { | 1555 | if (cfg.tlsextdebug) { | 
| 1556 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | 1556 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | 
| 1557 | SSL_set_tlsext_debug_arg(con, bio_s_out); | 1557 | SSL_set_tlsext_debug_arg(con, bio_s_out); | 
| 1558 | } | 1558 | } | 
| 1559 | if (s_server_config.tlsextstatus) { | 1559 | if (cfg.tlsextstatus) { | 
| 1560 | SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); | 1560 | SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); | 
| 1561 | s_server_config.tlscstatp.err = bio_err; | 1561 | cfg.tlscstatp.err = bio_err; | 
| 1562 | SSL_CTX_set_tlsext_status_arg(ctx, | 1562 | SSL_CTX_set_tlsext_status_arg(ctx, | 
| 1563 | &s_server_config.tlscstatp); | 1563 | &cfg.tlscstatp); | 
| 1564 | } | 1564 | } | 
| 1565 | if (context) | 1565 | if (context) | 
| 1566 | SSL_set_session_id_context(con, context, | 1566 | SSL_set_session_id_context(con, context, | 
| @@ -1571,7 +1571,7 @@ sv_body(int s, unsigned char *context) | |||
| 1571 | if (SSL_is_dtls(con)) { | 1571 | if (SSL_is_dtls(con)) { | 
| 1572 | sbio = BIO_new_dgram(s, BIO_NOCLOSE); | 1572 | sbio = BIO_new_dgram(s, BIO_NOCLOSE); | 
| 1573 | 1573 | ||
| 1574 | if (s_server_config.enable_timeouts) { | 1574 | if (cfg.enable_timeouts) { | 
| 1575 | timeout.tv_sec = 0; | 1575 | timeout.tv_sec = 0; | 
| 1576 | timeout.tv_usec = DGRAM_RCV_TIMEOUT; | 1576 | timeout.tv_usec = DGRAM_RCV_TIMEOUT; | 
| 1577 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, | 1577 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, | 
| @@ -1582,9 +1582,9 @@ sv_body(int s, unsigned char *context) | |||
| 1582 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, | 1582 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, | 
| 1583 | &timeout); | 1583 | &timeout); | 
| 1584 | } | 1584 | } | 
| 1585 | if (s_server_config.socket_mtu > 28) { | 1585 | if (cfg.socket_mtu > 28) { | 
| 1586 | SSL_set_options(con, SSL_OP_NO_QUERY_MTU); | 1586 | SSL_set_options(con, SSL_OP_NO_QUERY_MTU); | 
| 1587 | SSL_set_mtu(con, s_server_config.socket_mtu - 28); | 1587 | SSL_set_mtu(con, cfg.socket_mtu - 28); | 
| 1588 | } else | 1588 | } else | 
| 1589 | /* want to do MTU discovery */ | 1589 | /* want to do MTU discovery */ | 
| 1590 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); | 1590 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); | 
| @@ -1594,7 +1594,7 @@ sv_body(int s, unsigned char *context) | |||
| 1594 | } else | 1594 | } else | 
| 1595 | sbio = BIO_new_socket(s, BIO_NOCLOSE); | 1595 | sbio = BIO_new_socket(s, BIO_NOCLOSE); | 
| 1596 | 1596 | ||
| 1597 | if (s_server_config.nbio_test) { | 1597 | if (cfg.nbio_test) { | 
| 1598 | BIO *test; | 1598 | BIO *test; | 
| 1599 | 1599 | ||
| 1600 | test = BIO_new(BIO_f_nbio_test()); | 1600 | test = BIO_new(BIO_f_nbio_test()); | 
| @@ -1605,16 +1605,16 @@ sv_body(int s, unsigned char *context) | |||
| 1605 | SSL_set_accept_state(con); | 1605 | SSL_set_accept_state(con); | 
| 1606 | /* SSL_set_fd(con,s); */ | 1606 | /* SSL_set_fd(con,s); */ | 
| 1607 | 1607 | ||
| 1608 | if (s_server_config.debug) { | 1608 | if (cfg.debug) { | 
| 1609 | SSL_set_debug(con, 1); | 1609 | SSL_set_debug(con, 1); | 
| 1610 | BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); | 1610 | BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); | 
| 1611 | BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); | 1611 | BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); | 
| 1612 | } | 1612 | } | 
| 1613 | if (s_server_config.msg) { | 1613 | if (cfg.msg) { | 
| 1614 | SSL_set_msg_callback(con, msg_cb); | 1614 | SSL_set_msg_callback(con, msg_cb); | 
| 1615 | SSL_set_msg_callback_arg(con, bio_s_out); | 1615 | SSL_set_msg_callback_arg(con, bio_s_out); | 
| 1616 | } | 1616 | } | 
| 1617 | if (s_server_config.tlsextdebug) { | 1617 | if (cfg.tlsextdebug) { | 
| 1618 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | 1618 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | 
| 1619 | SSL_set_tlsext_debug_arg(con, bio_s_out); | 1619 | SSL_set_tlsext_debug_arg(con, bio_s_out); | 
| 1620 | } | 1620 | } | 
| @@ -1660,7 +1660,7 @@ sv_body(int s, unsigned char *context) | |||
| 1660 | } | 1660 | } | 
| 1661 | } | 1661 | } | 
| 1662 | if (read_from_terminal) { | 1662 | if (read_from_terminal) { | 
| 1663 | if (s_server_config.crlf) { | 1663 | if (cfg.crlf) { | 
| 1664 | int j, lf_num; | 1664 | int j, lf_num; | 
| 1665 | 1665 | ||
| 1666 | i = read(fileno(stdin), buf, bufsize / 2); | 1666 | i = read(fileno(stdin), buf, bufsize / 2); | 
| @@ -1680,7 +1680,7 @@ sv_body(int s, unsigned char *context) | |||
| 1680 | assert(lf_num == 0); | 1680 | assert(lf_num == 0); | 
| 1681 | } else | 1681 | } else | 
| 1682 | i = read(fileno(stdin), buf, bufsize); | 1682 | i = read(fileno(stdin), buf, bufsize); | 
| 1683 | if (!s_server_config.quiet) { | 1683 | if (!cfg.quiet) { | 
| 1684 | if ((i <= 0) || (buf[0] == 'Q')) { | 1684 | if ((i <= 0) || (buf[0] == 'Q')) { | 
| 1685 | BIO_printf(bio_s_out, "DONE\n"); | 1685 | BIO_printf(bio_s_out, "DONE\n"); | 
| 1686 | shutdown(s, SHUT_RD); | 1686 | shutdown(s, SHUT_RD); | 
| @@ -1910,23 +1910,23 @@ init_ssl_connection(SSL *con) | |||
| 1910 | BIO_printf(bio_s_out, "Reused session-id\n"); | 1910 | BIO_printf(bio_s_out, "Reused session-id\n"); | 
| 1911 | BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", | 1911 | BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", | 
| 1912 | SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); | 1912 | SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); | 
| 1913 | if (s_server_config.keymatexportlabel != NULL) { | 1913 | if (cfg.keymatexportlabel != NULL) { | 
| 1914 | BIO_printf(bio_s_out, "Keying material exporter:\n"); | 1914 | BIO_printf(bio_s_out, "Keying material exporter:\n"); | 
| 1915 | BIO_printf(bio_s_out, " Label: '%s'\n", | 1915 | BIO_printf(bio_s_out, " Label: '%s'\n", | 
| 1916 | s_server_config.keymatexportlabel); | 1916 | cfg.keymatexportlabel); | 
| 1917 | BIO_printf(bio_s_out, " Length: %i bytes\n", | 1917 | BIO_printf(bio_s_out, " Length: %i bytes\n", | 
| 1918 | s_server_config.keymatexportlen); | 1918 | cfg.keymatexportlen); | 
| 1919 | exportedkeymat = malloc(s_server_config.keymatexportlen); | 1919 | exportedkeymat = malloc(cfg.keymatexportlen); | 
| 1920 | if (exportedkeymat != NULL) { | 1920 | if (exportedkeymat != NULL) { | 
| 1921 | if (!SSL_export_keying_material(con, exportedkeymat, | 1921 | if (!SSL_export_keying_material(con, exportedkeymat, | 
| 1922 | s_server_config.keymatexportlen, | 1922 | cfg.keymatexportlen, | 
| 1923 | s_server_config.keymatexportlabel, | 1923 | cfg.keymatexportlabel, | 
| 1924 | strlen(s_server_config.keymatexportlabel), | 1924 | strlen(cfg.keymatexportlabel), | 
| 1925 | NULL, 0, 0)) { | 1925 | NULL, 0, 0)) { | 
| 1926 | BIO_printf(bio_s_out, " Error\n"); | 1926 | BIO_printf(bio_s_out, " Error\n"); | 
| 1927 | } else { | 1927 | } else { | 
| 1928 | BIO_printf(bio_s_out, " Keying material: "); | 1928 | BIO_printf(bio_s_out, " Keying material: "); | 
| 1929 | for (i = 0; i < s_server_config.keymatexportlen; i++) | 1929 | for (i = 0; i < cfg.keymatexportlen; i++) | 
| 1930 | BIO_printf(bio_s_out, "%02X", | 1930 | BIO_printf(bio_s_out, "%02X", | 
| 1931 | exportedkeymat[i]); | 1931 | exportedkeymat[i]); | 
| 1932 | BIO_printf(bio_s_out, "\n"); | 1932 | BIO_printf(bio_s_out, "\n"); | 
| @@ -1971,8 +1971,8 @@ www_body(int s, unsigned char *context) | |||
| 1971 | if ((io == NULL) || (ssl_bio == NULL)) | 1971 | if ((io == NULL) || (ssl_bio == NULL)) | 
| 1972 | goto err; | 1972 | goto err; | 
| 1973 | 1973 | ||
| 1974 | if (s_server_config.nbio) { | 1974 | if (cfg.nbio) { | 
| 1975 | if (!s_server_config.quiet) | 1975 | if (!cfg.quiet) | 
| 1976 | BIO_printf(bio_err, "turning on non blocking io\n"); | 1976 | BIO_printf(bio_err, "turning on non blocking io\n"); | 
| 1977 | if (!BIO_socket_nbio(s, 1)) | 1977 | if (!BIO_socket_nbio(s, 1)) | 
| 1978 | ERR_print_errors(bio_err); | 1978 | ERR_print_errors(bio_err); | 
| @@ -1984,7 +1984,7 @@ www_body(int s, unsigned char *context) | |||
| 1984 | 1984 | ||
| 1985 | if ((con = SSL_new(ctx)) == NULL) | 1985 | if ((con = SSL_new(ctx)) == NULL) | 
| 1986 | goto err; | 1986 | goto err; | 
| 1987 | if (s_server_config.tlsextdebug) { | 1987 | if (cfg.tlsextdebug) { | 
| 1988 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | 1988 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | 
| 1989 | SSL_set_tlsext_debug_arg(con, bio_s_out); | 1989 | SSL_set_tlsext_debug_arg(con, bio_s_out); | 
| 1990 | } | 1990 | } | 
| @@ -1993,7 +1993,7 @@ www_body(int s, unsigned char *context) | |||
| 1993 | strlen((char *) context)); | 1993 | strlen((char *) context)); | 
| 1994 | 1994 | ||
| 1995 | sbio = BIO_new_socket(s, BIO_NOCLOSE); | 1995 | sbio = BIO_new_socket(s, BIO_NOCLOSE); | 
| 1996 | if (s_server_config.nbio_test) { | 1996 | if (cfg.nbio_test) { | 
| 1997 | BIO *test; | 1997 | BIO *test; | 
| 1998 | 1998 | ||
| 1999 | test = BIO_new(BIO_f_nbio_test()); | 1999 | test = BIO_new(BIO_f_nbio_test()); | 
| @@ -2006,12 +2006,12 @@ www_body(int s, unsigned char *context) | |||
| 2006 | BIO_set_ssl(ssl_bio, con, BIO_CLOSE); | 2006 | BIO_set_ssl(ssl_bio, con, BIO_CLOSE); | 
| 2007 | BIO_push(io, ssl_bio); | 2007 | BIO_push(io, ssl_bio); | 
| 2008 | 2008 | ||
| 2009 | if (s_server_config.debug) { | 2009 | if (cfg.debug) { | 
| 2010 | SSL_set_debug(con, 1); | 2010 | SSL_set_debug(con, 1); | 
| 2011 | BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); | 2011 | BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); | 
| 2012 | BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); | 2012 | BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); | 
| 2013 | } | 2013 | } | 
| 2014 | if (s_server_config.msg) { | 2014 | if (cfg.msg) { | 
| 2015 | SSL_set_msg_callback(con, msg_cb); | 2015 | SSL_set_msg_callback(con, msg_cb); | 
| 2016 | SSL_set_msg_callback_arg(con, bio_s_out); | 2016 | SSL_set_msg_callback_arg(con, bio_s_out); | 
| 2017 | } | 2017 | } | 
| @@ -2019,11 +2019,11 @@ www_body(int s, unsigned char *context) | |||
| 2019 | i = BIO_gets(io, buf, bufsize - 1); | 2019 | i = BIO_gets(io, buf, bufsize - 1); | 
| 2020 | if (i < 0) { /* error */ | 2020 | if (i < 0) { /* error */ | 
| 2021 | if (!BIO_should_retry(io)) { | 2021 | if (!BIO_should_retry(io)) { | 
| 2022 | if (!s_server_config.quiet) | 2022 | if (!cfg.quiet) | 
| 2023 | ERR_print_errors(bio_err); | 2023 | ERR_print_errors(bio_err); | 
| 2024 | goto err; | 2024 | goto err; | 
| 2025 | } else { | 2025 | } else { | 
| 2026 | if (s_server_config.debug) { | 2026 | if (cfg.debug) { | 
| 2027 | BIO_printf(bio_s_out, "read R BLOCK\n"); | 2027 | BIO_printf(bio_s_out, "read R BLOCK\n"); | 
| 2028 | sleep(1); | 2028 | sleep(1); | 
| 2029 | } | 2029 | } | 
| @@ -2034,9 +2034,9 @@ www_body(int s, unsigned char *context) | |||
| 2034 | goto end; | 2034 | goto end; | 
| 2035 | } | 2035 | } | 
| 2036 | /* else we have data */ | 2036 | /* else we have data */ | 
| 2037 | if (((s_server_config.www == 1) && | 2037 | if (((cfg.www == 1) && | 
| 2038 | (strncmp("GET ", buf, 4) == 0)) || | 2038 | (strncmp("GET ", buf, 4) == 0)) || | 
| 2039 | ((s_server_config.www == 2) && | 2039 | ((cfg.www == 2) && | 
| 2040 | (strncmp("GET /stats ", buf, 11) == 0))) { | 2040 | (strncmp("GET /stats ", buf, 11) == 0))) { | 
| 2041 | char *p; | 2041 | char *p; | 
| 2042 | X509 *peer; | 2042 | X509 *peer; | 
| @@ -2117,8 +2117,8 @@ www_body(int s, unsigned char *context) | |||
| 2117 | "no client certificate available\n"); | 2117 | "no client certificate available\n"); | 
| 2118 | BIO_puts(io, "</BODY></HTML>\r\n\r\n"); | 2118 | BIO_puts(io, "</BODY></HTML>\r\n\r\n"); | 
| 2119 | break; | 2119 | break; | 
| 2120 | } else if ((s_server_config.www == 2 || | 2120 | } else if ((cfg.www == 2 || | 
| 2121 | s_server_config.www == 3) && | 2121 | cfg.www == 3) && | 
| 2122 | (strncmp("GET /", buf, 5) == 0)) { | 2122 | (strncmp("GET /", buf, 5) == 0)) { | 
| 2123 | BIO *file; | 2123 | BIO *file; | 
| 2124 | char *p, *e; | 2124 | char *p, *e; | 
| @@ -2183,10 +2183,10 @@ www_body(int s, unsigned char *context) | |||
| 2183 | ERR_print_errors(io); | 2183 | ERR_print_errors(io); | 
| 2184 | break; | 2184 | break; | 
| 2185 | } | 2185 | } | 
| 2186 | if (!s_server_config.quiet) | 2186 | if (!cfg.quiet) | 
| 2187 | BIO_printf(bio_err, "FILE:%s\n", p); | 2187 | BIO_printf(bio_err, "FILE:%s\n", p); | 
| 2188 | 2188 | ||
| 2189 | if (s_server_config.www == 2) { | 2189 | if (cfg.www == 2) { | 
| 2190 | i = strlen(p); | 2190 | i = strlen(p); | 
| 2191 | if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || | 2191 | if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || | 
| 2192 | ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || | 2192 | ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || | 
| @@ -2276,9 +2276,9 @@ generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len) | |||
| 2276 | * 1 session ID (ie. the prefix!) so all future session | 2276 | * 1 session ID (ie. the prefix!) so all future session | 
| 2277 | * negotiations will fail due to conflicts. | 2277 | * negotiations will fail due to conflicts. | 
| 2278 | */ | 2278 | */ | 
| 2279 | memcpy(id, s_server_config.session_id_prefix, | 2279 | memcpy(id, cfg.session_id_prefix, | 
| 2280 | (strlen(s_server_config.session_id_prefix) < *id_len) ? | 2280 | (strlen(cfg.session_id_prefix) < *id_len) ? | 
| 2281 | strlen(s_server_config.session_id_prefix) : *id_len); | 2281 | strlen(cfg.session_id_prefix) : *id_len); | 
| 2282 | } | 2282 | } | 
| 2283 | while (SSL_has_matching_session_id(ssl, id, *id_len) && | 2283 | while (SSL_has_matching_session_id(ssl, id, *id_len) && | 
| 2284 | (++count < MAX_SESSION_ID_ATTEMPTS)); | 2284 | (++count < MAX_SESSION_ID_ATTEMPTS)); | 
| @@ -2449,7 +2449,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, | |||
| 2449 | { | 2449 | { | 
| 2450 | tlsextalpnctx *alpn_ctx = arg; | 2450 | tlsextalpnctx *alpn_ctx = arg; | 
| 2451 | 2451 | ||
| 2452 | if (!s_server_config.quiet) { | 2452 | if (!cfg.quiet) { | 
| 2453 | /* We can assume that in is syntactically valid. */ | 2453 | /* We can assume that in is syntactically valid. */ | 
| 2454 | unsigned i; | 2454 | unsigned i; | 
| 2455 | 2455 | ||
| @@ -2468,7 +2468,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, | |||
| 2468 | alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED) | 2468 | alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED) | 
| 2469 | return (SSL_TLSEXT_ERR_NOACK); | 2469 | return (SSL_TLSEXT_ERR_NOACK); | 
| 2470 | 2470 | ||
| 2471 | if (!s_server_config.quiet) { | 2471 | if (!cfg.quiet) { | 
| 2472 | BIO_printf(bio_s_out, "ALPN protocols selected: "); | 2472 | BIO_printf(bio_s_out, "ALPN protocols selected: "); | 
| 2473 | BIO_write(bio_s_out, *out, *outlen); | 2473 | BIO_write(bio_s_out, *out, *outlen); | 
| 2474 | BIO_write(bio_s_out, "\n", 1); | 2474 | BIO_write(bio_s_out, "\n", 1); | 
| diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c index d6f012fd41..7eed6d486e 100644 --- a/src/usr.bin/openssl/s_time.c +++ b/src/usr.bin/openssl/s_time.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_time.c,v 1.37 2023/03/05 13:12:53 tb Exp $ */ | 1 | /* $OpenBSD: s_time.c,v 1.38 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -113,42 +113,42 @@ static struct { | |||
| 113 | int verify; | 113 | int verify; | 
| 114 | int verify_depth; | 114 | int verify_depth; | 
| 115 | char *www_path; | 115 | char *www_path; | 
| 116 | } s_time_config; | 116 | } cfg; | 
| 117 | 117 | ||
| 118 | static const struct option s_time_options[] = { | 118 | static const struct option s_time_options[] = { | 
| 119 | { | 119 | { | 
| 120 | .name = "bugs", | 120 | .name = "bugs", | 
| 121 | .desc = "Enable workarounds for known SSL/TLS bugs", | 121 | .desc = "Enable workarounds for known SSL/TLS bugs", | 
| 122 | .type = OPTION_FLAG, | 122 | .type = OPTION_FLAG, | 
| 123 | .opt.flag = &s_time_config.bugs, | 123 | .opt.flag = &cfg.bugs, | 
| 124 | }, | 124 | }, | 
| 125 | { | 125 | { | 
| 126 | .name = "CAfile", | 126 | .name = "CAfile", | 
| 127 | .argname = "file", | 127 | .argname = "file", | 
| 128 | .desc = "File containing trusted certificates in PEM format", | 128 | .desc = "File containing trusted certificates in PEM format", | 
| 129 | .type = OPTION_ARG, | 129 | .type = OPTION_ARG, | 
| 130 | .opt.arg = &s_time_config.CAfile, | 130 | .opt.arg = &cfg.CAfile, | 
| 131 | }, | 131 | }, | 
| 132 | { | 132 | { | 
| 133 | .name = "CApath", | 133 | .name = "CApath", | 
| 134 | .argname = "path", | 134 | .argname = "path", | 
| 135 | .desc = "Directory containing trusted certificates", | 135 | .desc = "Directory containing trusted certificates", | 
| 136 | .type = OPTION_ARG, | 136 | .type = OPTION_ARG, | 
| 137 | .opt.arg = &s_time_config.CApath, | 137 | .opt.arg = &cfg.CApath, | 
| 138 | }, | 138 | }, | 
| 139 | { | 139 | { | 
| 140 | .name = "cert", | 140 | .name = "cert", | 
| 141 | .argname = "file", | 141 | .argname = "file", | 
| 142 | .desc = "Client certificate to use, if one is requested", | 142 | .desc = "Client certificate to use, if one is requested", | 
| 143 | .type = OPTION_ARG, | 143 | .type = OPTION_ARG, | 
| 144 | .opt.arg = &s_time_config.certfile, | 144 | .opt.arg = &cfg.certfile, | 
| 145 | }, | 145 | }, | 
| 146 | { | 146 | { | 
| 147 | .name = "cipher", | 147 | .name = "cipher", | 
| 148 | .argname = "list", | 148 | .argname = "list", | 
| 149 | .desc = "List of cipher suites to send to the server", | 149 | .desc = "List of cipher suites to send to the server", | 
| 150 | .type = OPTION_ARG, | 150 | .type = OPTION_ARG, | 
| 151 | .opt.arg = &s_time_config.cipher, | 151 | .opt.arg = &cfg.cipher, | 
| 152 | }, | 152 | }, | 
| 153 | { | 153 | { | 
| 154 | .name = "connect", | 154 | .name = "connect", | 
| @@ -156,39 +156,39 @@ static const struct option s_time_options[] = { | |||
| 156 | .desc = "Host and port to connect to (default " | 156 | .desc = "Host and port to connect to (default " | 
| 157 | SSL_CONNECT_NAME ")", | 157 | SSL_CONNECT_NAME ")", | 
| 158 | .type = OPTION_ARG, | 158 | .type = OPTION_ARG, | 
| 159 | .opt.arg = &s_time_config.host, | 159 | .opt.arg = &cfg.host, | 
| 160 | }, | 160 | }, | 
| 161 | { | 161 | { | 
| 162 | .name = "key", | 162 | .name = "key", | 
| 163 | .argname = "file", | 163 | .argname = "file", | 
| 164 | .desc = "Client private key to use, if one is required", | 164 | .desc = "Client private key to use, if one is required", | 
| 165 | .type = OPTION_ARG, | 165 | .type = OPTION_ARG, | 
| 166 | .opt.arg = &s_time_config.keyfile, | 166 | .opt.arg = &cfg.keyfile, | 
| 167 | }, | 167 | }, | 
| 168 | { | 168 | { | 
| 169 | .name = "nbio", | 169 | .name = "nbio", | 
| 170 | .desc = "Use non-blocking I/O", | 170 | .desc = "Use non-blocking I/O", | 
| 171 | .type = OPTION_FLAG, | 171 | .type = OPTION_FLAG, | 
| 172 | .opt.flag = &s_time_config.nbio, | 172 | .opt.flag = &cfg.nbio, | 
| 173 | }, | 173 | }, | 
| 174 | { | 174 | { | 
| 175 | .name = "new", | 175 | .name = "new", | 
| 176 | .desc = "Use a new session ID for each connection", | 176 | .desc = "Use a new session ID for each connection", | 
| 177 | .type = OPTION_VALUE, | 177 | .type = OPTION_VALUE, | 
| 178 | .opt.value = &s_time_config.perform, | 178 | .opt.value = &cfg.perform, | 
| 179 | .value = 1, | 179 | .value = 1, | 
| 180 | }, | 180 | }, | 
| 181 | { | 181 | { | 
| 182 | .name = "no_shutdown", | 182 | .name = "no_shutdown", | 
| 183 | .desc = "Shut down the connection without notifying the server", | 183 | .desc = "Shut down the connection without notifying the server", | 
| 184 | .type = OPTION_FLAG, | 184 | .type = OPTION_FLAG, | 
| 185 | .opt.flag = &s_time_config.no_shutdown, | 185 | .opt.flag = &cfg.no_shutdown, | 
| 186 | }, | 186 | }, | 
| 187 | { | 187 | { | 
| 188 | .name = "reuse", | 188 | .name = "reuse", | 
| 189 | .desc = "Reuse the same session ID for each connection", | 189 | .desc = "Reuse the same session ID for each connection", | 
| 190 | .type = OPTION_VALUE, | 190 | .type = OPTION_VALUE, | 
| 191 | .opt.value = &s_time_config.perform, | 191 | .opt.value = &cfg.perform, | 
| 192 | .value = 2, | 192 | .value = 2, | 
| 193 | }, | 193 | }, | 
| 194 | { | 194 | { | 
| @@ -196,21 +196,21 @@ static const struct option s_time_options[] = { | |||
| 196 | .argname = "seconds", | 196 | .argname = "seconds", | 
| 197 | .desc = "Duration to perform timing tests for (default 30)", | 197 | .desc = "Duration to perform timing tests for (default 30)", | 
| 198 | .type = OPTION_ARG_TIME, | 198 | .type = OPTION_ARG_TIME, | 
| 199 | .opt.tvalue = &s_time_config.maxtime, | 199 | .opt.tvalue = &cfg.maxtime, | 
| 200 | }, | 200 | }, | 
| 201 | { | 201 | { | 
| 202 | .name = "verify", | 202 | .name = "verify", | 
| 203 | .argname = "depth", | 203 | .argname = "depth", | 
| 204 | .desc = "Enable peer certificate verification with given depth", | 204 | .desc = "Enable peer certificate verification with given depth", | 
| 205 | .type = OPTION_ARG_INT, | 205 | .type = OPTION_ARG_INT, | 
| 206 | .opt.value = &s_time_config.verify_depth, | 206 | .opt.value = &cfg.verify_depth, | 
| 207 | }, | 207 | }, | 
| 208 | { | 208 | { | 
| 209 | .name = "www", | 209 | .name = "www", | 
| 210 | .argname = "page", | 210 | .argname = "page", | 
| 211 | .desc = "Page to GET from the server (default none)", | 211 | .desc = "Page to GET from the server (default none)", | 
| 212 | .type = OPTION_ARG, | 212 | .type = OPTION_ARG, | 
| 213 | .opt.arg = &s_time_config.www_path, | 213 | .opt.arg = &cfg.www_path, | 
| 214 | }, | 214 | }, | 
| 215 | { NULL }, | 215 | { NULL }, | 
| 216 | }; | 216 | }; | 
| @@ -245,27 +245,27 @@ s_time_main(int argc, char **argv) | |||
| 245 | 245 | ||
| 246 | verify_depth = 0; | 246 | verify_depth = 0; | 
| 247 | 247 | ||
| 248 | memset(&s_time_config, 0, sizeof(s_time_config)); | 248 | memset(&cfg, 0, sizeof(cfg)); | 
| 249 | 249 | ||
| 250 | s_time_config.host = SSL_CONNECT_NAME; | 250 | cfg.host = SSL_CONNECT_NAME; | 
| 251 | s_time_config.maxtime = SECONDS; | 251 | cfg.maxtime = SECONDS; | 
| 252 | s_time_config.perform = 3; | 252 | cfg.perform = 3; | 
| 253 | s_time_config.verify = SSL_VERIFY_NONE; | 253 | cfg.verify = SSL_VERIFY_NONE; | 
| 254 | s_time_config.verify_depth = -1; | 254 | cfg.verify_depth = -1; | 
| 255 | 255 | ||
| 256 | if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) { | 256 | if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) { | 
| 257 | s_time_usage(); | 257 | s_time_usage(); | 
| 258 | goto end; | 258 | goto end; | 
| 259 | } | 259 | } | 
| 260 | 260 | ||
| 261 | if (s_time_config.verify_depth >= 0) { | 261 | if (cfg.verify_depth >= 0) { | 
| 262 | s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; | 262 | cfg.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; | 
| 263 | verify_depth = s_time_config.verify_depth; | 263 | verify_depth = cfg.verify_depth; | 
| 264 | BIO_printf(bio_err, "verify depth is %d\n", verify_depth); | 264 | BIO_printf(bio_err, "verify depth is %d\n", verify_depth); | 
| 265 | } | 265 | } | 
| 266 | 266 | ||
| 267 | if (s_time_config.www_path != NULL && | 267 | if (cfg.www_path != NULL && | 
| 268 | strlen(s_time_config.www_path) > MYBUFSIZ - 100) { | 268 | strlen(cfg.www_path) > MYBUFSIZ - 100) { | 
| 269 | BIO_printf(bio_err, "-www option too long\n"); | 269 | BIO_printf(bio_err, "-www option too long\n"); | 
| 270 | goto end; | 270 | goto end; | 
| 271 | } | 271 | } | 
| @@ -275,25 +275,25 @@ s_time_main(int argc, char **argv) | |||
| 275 | 275 | ||
| 276 | SSL_CTX_set_quiet_shutdown(tm_ctx, 1); | 276 | SSL_CTX_set_quiet_shutdown(tm_ctx, 1); | 
| 277 | 277 | ||
| 278 | if (s_time_config.bugs) | 278 | if (cfg.bugs) | 
| 279 | SSL_CTX_set_options(tm_ctx, SSL_OP_ALL); | 279 | SSL_CTX_set_options(tm_ctx, SSL_OP_ALL); | 
| 280 | 280 | ||
| 281 | if (s_time_config.cipher != NULL) { | 281 | if (cfg.cipher != NULL) { | 
| 282 | if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) { | 282 | if (!SSL_CTX_set_cipher_list(tm_ctx, cfg.cipher)) { | 
| 283 | BIO_printf(bio_err, "error setting cipher list\n"); | 283 | BIO_printf(bio_err, "error setting cipher list\n"); | 
| 284 | ERR_print_errors(bio_err); | 284 | ERR_print_errors(bio_err); | 
| 285 | goto end; | 285 | goto end; | 
| 286 | } | 286 | } | 
| 287 | } | 287 | } | 
| 288 | 288 | ||
| 289 | SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL); | 289 | SSL_CTX_set_verify(tm_ctx, cfg.verify, NULL); | 
| 290 | 290 | ||
| 291 | if (!set_cert_stuff(tm_ctx, s_time_config.certfile, | 291 | if (!set_cert_stuff(tm_ctx, cfg.certfile, | 
| 292 | s_time_config.keyfile)) | 292 | cfg.keyfile)) | 
| 293 | goto end; | 293 | goto end; | 
| 294 | 294 | ||
| 295 | if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile, | 295 | if ((!SSL_CTX_load_verify_locations(tm_ctx, cfg.CAfile, | 
| 296 | s_time_config.CApath)) || | 296 | cfg.CApath)) || | 
| 297 | (!SSL_CTX_set_default_verify_paths(tm_ctx))) { | 297 | (!SSL_CTX_set_default_verify_paths(tm_ctx))) { | 
| 298 | /* | 298 | /* | 
| 299 | * BIO_printf(bio_err,"error setting default verify | 299 | * BIO_printf(bio_err,"error setting default verify | 
| @@ -304,9 +304,9 @@ s_time_main(int argc, char **argv) | |||
| 304 | } | 304 | } | 
| 305 | 305 | ||
| 306 | /* Loop and time how long it takes to make connections */ | 306 | /* Loop and time how long it takes to make connections */ | 
| 307 | if (s_time_config.perform & 1) { | 307 | if (cfg.perform & 1) { | 
| 308 | printf("Collecting connection statistics for %lld seconds\n", | 308 | printf("Collecting connection statistics for %lld seconds\n", | 
| 309 | (long long)s_time_config.maxtime); | 309 | (long long)cfg.maxtime); | 
| 310 | if (benchmark(0)) | 310 | if (benchmark(0)) | 
| 311 | goto end; | 311 | goto end; | 
| 312 | } | 312 | } | 
| @@ -314,7 +314,7 @@ s_time_main(int argc, char **argv) | |||
| 314 | * Now loop and time connections using the same session id over and | 314 | * Now loop and time connections using the same session id over and | 
| 315 | * over | 315 | * over | 
| 316 | */ | 316 | */ | 
| 317 | if (s_time_config.perform & 2) { | 317 | if (cfg.perform & 2) { | 
| 318 | printf("\n\nNow timing with session id reuse.\n"); | 318 | printf("\n\nNow timing with session id reuse.\n"); | 
| 319 | if (benchmark(1)) | 319 | if (benchmark(1)) | 
| 320 | goto end; | 320 | goto end; | 
| @@ -348,7 +348,7 @@ run_test(SSL *scon) | |||
| 348 | 348 | ||
| 349 | if ((conn = BIO_new(BIO_s_connect())) == NULL) | 349 | if ((conn = BIO_new(BIO_s_connect())) == NULL) | 
| 350 | return 0; | 350 | return 0; | 
| 351 | BIO_set_conn_hostname(conn, s_time_config.host); | 351 | BIO_set_conn_hostname(conn, cfg.host); | 
| 352 | SSL_set_connect_state(scon); | 352 | SSL_set_connect_state(scon); | 
| 353 | SSL_set_bio(scon, conn, conn); | 353 | SSL_set_bio(scon, conn, conn); | 
| 354 | for (;;) { | 354 | for (;;) { | 
| @@ -372,9 +372,9 @@ run_test(SSL *scon) | |||
| 372 | ERR_print_errors(bio_err); | 372 | ERR_print_errors(bio_err); | 
| 373 | return 0; | 373 | return 0; | 
| 374 | } | 374 | } | 
| 375 | if (s_time_config.www_path != NULL) { | 375 | if (cfg.www_path != NULL) { | 
| 376 | retval = snprintf(buf, sizeof buf, | 376 | retval = snprintf(buf, sizeof buf, | 
| 377 | "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path); | 377 | "GET %s HTTP/1.0\r\n\r\n", cfg.www_path); | 
| 378 | if (retval < 0 || retval >= sizeof buf) { | 378 | if (retval < 0 || retval >= sizeof buf) { | 
| 379 | fprintf(stderr, "URL too long\n"); | 379 | fprintf(stderr, "URL too long\n"); | 
| 380 | return 0; | 380 | return 0; | 
| @@ -384,7 +384,7 @@ run_test(SSL *scon) | |||
| 384 | while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) | 384 | while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) | 
| 385 | bytes_read += i; | 385 | bytes_read += i; | 
| 386 | } | 386 | } | 
| 387 | if (s_time_config.no_shutdown) | 387 | if (cfg.no_shutdown) | 
| 388 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | | 388 | SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | | 
| 389 | SSL_RECEIVED_SHUTDOWN); | 389 | SSL_RECEIVED_SHUTDOWN); | 
| 390 | else | 390 | else | 
| @@ -436,7 +436,7 @@ benchmark(int reuse_session) | |||
| 436 | app_timer_user(TM_RESET); | 436 | app_timer_user(TM_RESET); | 
| 437 | for (;;) { | 437 | for (;;) { | 
| 438 | elapsed = app_timer_real(TM_GET); | 438 | elapsed = app_timer_real(TM_GET); | 
| 439 | if (elapsed > s_time_config.maxtime) | 439 | if (elapsed > cfg.maxtime) | 
| 440 | break; | 440 | break; | 
| 441 | if (scon == NULL) { | 441 | if (scon == NULL) { | 
| 442 | if ((scon = SSL_new(tm_ctx)) == NULL) | 442 | if ((scon = SSL_new(tm_ctx)) == NULL) | 
| diff --git a/src/usr.bin/openssl/sess_id.c b/src/usr.bin/openssl/sess_id.c index 4533cf15ca..c46da54244 100644 --- a/src/usr.bin/openssl/sess_id.c +++ b/src/usr.bin/openssl/sess_id.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sess_id.c,v 1.11 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: sess_id.c,v 1.12 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -78,62 +78,62 @@ static struct { | |||
| 78 | char *outfile; | 78 | char *outfile; | 
| 79 | int outformat; | 79 | int outformat; | 
| 80 | int text; | 80 | int text; | 
| 81 | } sess_id_config; | 81 | } cfg; | 
| 82 | 82 | ||
| 83 | static const struct option sess_id_options[] = { | 83 | static const struct option sess_id_options[] = { | 
| 84 | { | 84 | { | 
| 85 | .name = "cert", | 85 | .name = "cert", | 
| 86 | .desc = "Output certificate if present in session", | 86 | .desc = "Output certificate if present in session", | 
| 87 | .type = OPTION_FLAG, | 87 | .type = OPTION_FLAG, | 
| 88 | .opt.flag = &sess_id_config.cert, | 88 | .opt.flag = &cfg.cert, | 
| 89 | }, | 89 | }, | 
| 90 | { | 90 | { | 
| 91 | .name = "context", | 91 | .name = "context", | 
| 92 | .argname = "id", | 92 | .argname = "id", | 
| 93 | .desc = "Set the session ID context for output", | 93 | .desc = "Set the session ID context for output", | 
| 94 | .type = OPTION_ARG, | 94 | .type = OPTION_ARG, | 
| 95 | .opt.arg = &sess_id_config.context, | 95 | .opt.arg = &cfg.context, | 
| 96 | }, | 96 | }, | 
| 97 | { | 97 | { | 
| 98 | .name = "in", | 98 | .name = "in", | 
| 99 | .argname = "file", | 99 | .argname = "file", | 
| 100 | .desc = "Input file (default stdin)", | 100 | .desc = "Input file (default stdin)", | 
| 101 | .type = OPTION_ARG, | 101 | .type = OPTION_ARG, | 
| 102 | .opt.arg = &sess_id_config.infile, | 102 | .opt.arg = &cfg.infile, | 
| 103 | }, | 103 | }, | 
| 104 | { | 104 | { | 
| 105 | .name = "inform", | 105 | .name = "inform", | 
| 106 | .argname = "format", | 106 | .argname = "format", | 
| 107 | .desc = "Input format (DER or PEM (default))", | 107 | .desc = "Input format (DER or PEM (default))", | 
| 108 | .type = OPTION_ARG_FORMAT, | 108 | .type = OPTION_ARG_FORMAT, | 
| 109 | .opt.value = &sess_id_config.informat, | 109 | .opt.value = &cfg.informat, | 
| 110 | }, | 110 | }, | 
| 111 | { | 111 | { | 
| 112 | .name = "noout", | 112 | .name = "noout", | 
| 113 | .desc = "Do not output the encoded session info", | 113 | .desc = "Do not output the encoded session info", | 
| 114 | .type = OPTION_FLAG, | 114 | .type = OPTION_FLAG, | 
| 115 | .opt.flag = &sess_id_config.noout, | 115 | .opt.flag = &cfg.noout, | 
| 116 | }, | 116 | }, | 
| 117 | { | 117 | { | 
| 118 | .name = "out", | 118 | .name = "out", | 
| 119 | .argname = "file", | 119 | .argname = "file", | 
| 120 | .desc = "Output file (default stdout)", | 120 | .desc = "Output file (default stdout)", | 
| 121 | .type = OPTION_ARG, | 121 | .type = OPTION_ARG, | 
| 122 | .opt.arg = &sess_id_config.outfile, | 122 | .opt.arg = &cfg.outfile, | 
| 123 | }, | 123 | }, | 
| 124 | { | 124 | { | 
| 125 | .name = "outform", | 125 | .name = "outform", | 
| 126 | .argname = "format", | 126 | .argname = "format", | 
| 127 | .desc = "Output format (DER or PEM (default))", | 127 | .desc = "Output format (DER or PEM (default))", | 
| 128 | .type = OPTION_ARG_FORMAT, | 128 | .type = OPTION_ARG_FORMAT, | 
| 129 | .opt.value = &sess_id_config.outformat, | 129 | .opt.value = &cfg.outformat, | 
| 130 | }, | 130 | }, | 
| 131 | { | 131 | { | 
| 132 | .name = "text", | 132 | .name = "text", | 
| 133 | .desc = "Print various public or private key components in" | 133 | .desc = "Print various public or private key components in" | 
| 134 | " plain text", | 134 | " plain text", | 
| 135 | .type = OPTION_FLAG, | 135 | .type = OPTION_FLAG, | 
| 136 | .opt.flag = &sess_id_config.text, | 136 | .opt.flag = &cfg.text, | 
| 137 | }, | 137 | }, | 
| 138 | { NULL } | 138 | { NULL } | 
| 139 | }; | 139 | }; | 
| @@ -163,62 +163,62 @@ sess_id_main(int argc, char **argv) | |||
| 163 | exit(1); | 163 | exit(1); | 
| 164 | } | 164 | } | 
| 165 | 165 | ||
| 166 | memset(&sess_id_config, 0, sizeof(sess_id_config)); | 166 | memset(&cfg, 0, sizeof(cfg)); | 
| 167 | 167 | ||
| 168 | sess_id_config.informat = FORMAT_PEM; | 168 | cfg.informat = FORMAT_PEM; | 
| 169 | sess_id_config.outformat = FORMAT_PEM; | 169 | cfg.outformat = FORMAT_PEM; | 
| 170 | 170 | ||
| 171 | if (options_parse(argc, argv, sess_id_options, NULL, NULL) != 0) { | 171 | if (options_parse(argc, argv, sess_id_options, NULL, NULL) != 0) { | 
| 172 | sess_id_usage(); | 172 | sess_id_usage(); | 
| 173 | return (1); | 173 | return (1); | 
| 174 | } | 174 | } | 
| 175 | 175 | ||
| 176 | x = load_sess_id(sess_id_config.infile, sess_id_config.informat); | 176 | x = load_sess_id(cfg.infile, cfg.informat); | 
| 177 | if (x == NULL) { | 177 | if (x == NULL) { | 
| 178 | goto end; | 178 | goto end; | 
| 179 | } | 179 | } | 
| 180 | peer = SSL_SESSION_get0_peer(x); | 180 | peer = SSL_SESSION_get0_peer(x); | 
| 181 | 181 | ||
| 182 | if (sess_id_config.context) { | 182 | if (cfg.context) { | 
| 183 | size_t ctx_len = strlen(sess_id_config.context); | 183 | size_t ctx_len = strlen(cfg.context); | 
| 184 | if (ctx_len > SSL_MAX_SID_CTX_LENGTH) { | 184 | if (ctx_len > SSL_MAX_SID_CTX_LENGTH) { | 
| 185 | BIO_printf(bio_err, "Context too long\n"); | 185 | BIO_printf(bio_err, "Context too long\n"); | 
| 186 | goto end; | 186 | goto end; | 
| 187 | } | 187 | } | 
| 188 | SSL_SESSION_set1_id_context(x, | 188 | SSL_SESSION_set1_id_context(x, | 
| 189 | (unsigned char *)sess_id_config.context, ctx_len); | 189 | (unsigned char *)cfg.context, ctx_len); | 
| 190 | } | 190 | } | 
| 191 | 191 | ||
| 192 | if (!sess_id_config.noout || sess_id_config.text) { | 192 | if (!cfg.noout || cfg.text) { | 
| 193 | out = BIO_new(BIO_s_file()); | 193 | out = BIO_new(BIO_s_file()); | 
| 194 | if (out == NULL) { | 194 | if (out == NULL) { | 
| 195 | ERR_print_errors(bio_err); | 195 | ERR_print_errors(bio_err); | 
| 196 | goto end; | 196 | goto end; | 
| 197 | } | 197 | } | 
| 198 | if (sess_id_config.outfile == NULL) { | 198 | if (cfg.outfile == NULL) { | 
| 199 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 199 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 200 | } else { | 200 | } else { | 
| 201 | if (BIO_write_filename(out, sess_id_config.outfile) | 201 | if (BIO_write_filename(out, cfg.outfile) | 
| 202 | <= 0) { | 202 | <= 0) { | 
| 203 | perror(sess_id_config.outfile); | 203 | perror(cfg.outfile); | 
| 204 | goto end; | 204 | goto end; | 
| 205 | } | 205 | } | 
| 206 | } | 206 | } | 
| 207 | } | 207 | } | 
| 208 | if (sess_id_config.text) { | 208 | if (cfg.text) { | 
| 209 | SSL_SESSION_print(out, x); | 209 | SSL_SESSION_print(out, x); | 
| 210 | 210 | ||
| 211 | if (sess_id_config.cert) { | 211 | if (cfg.cert) { | 
| 212 | if (peer == NULL) | 212 | if (peer == NULL) | 
| 213 | BIO_puts(out, "No certificate present\n"); | 213 | BIO_puts(out, "No certificate present\n"); | 
| 214 | else | 214 | else | 
| 215 | X509_print(out, peer); | 215 | X509_print(out, peer); | 
| 216 | } | 216 | } | 
| 217 | } | 217 | } | 
| 218 | if (!sess_id_config.noout && !sess_id_config.cert) { | 218 | if (!cfg.noout && !cfg.cert) { | 
| 219 | if (sess_id_config.outformat == FORMAT_ASN1) | 219 | if (cfg.outformat == FORMAT_ASN1) | 
| 220 | i = i2d_SSL_SESSION_bio(out, x); | 220 | i = i2d_SSL_SESSION_bio(out, x); | 
| 221 | else if (sess_id_config.outformat == FORMAT_PEM) | 221 | else if (cfg.outformat == FORMAT_PEM) | 
| 222 | i = PEM_write_bio_SSL_SESSION(out, x); | 222 | i = PEM_write_bio_SSL_SESSION(out, x); | 
| 223 | else { | 223 | else { | 
| 224 | BIO_printf(bio_err, | 224 | BIO_printf(bio_err, | 
| @@ -229,11 +229,11 @@ sess_id_main(int argc, char **argv) | |||
| 229 | BIO_printf(bio_err, "unable to write SSL_SESSION\n"); | 229 | BIO_printf(bio_err, "unable to write SSL_SESSION\n"); | 
| 230 | goto end; | 230 | goto end; | 
| 231 | } | 231 | } | 
| 232 | } else if (!sess_id_config.noout && (peer != NULL)) { | 232 | } else if (!cfg.noout && (peer != NULL)) { | 
| 233 | /* just print the certificate */ | 233 | /* just print the certificate */ | 
| 234 | if (sess_id_config.outformat == FORMAT_ASN1) | 234 | if (cfg.outformat == FORMAT_ASN1) | 
| 235 | i = (int) i2d_X509_bio(out, peer); | 235 | i = (int) i2d_X509_bio(out, peer); | 
| 236 | else if (sess_id_config.outformat == FORMAT_PEM) | 236 | else if (cfg.outformat == FORMAT_PEM) | 
| 237 | i = PEM_write_bio_X509(out, peer); | 237 | i = PEM_write_bio_X509(out, peer); | 
| 238 | else { | 238 | else { | 
| 239 | BIO_printf(bio_err, | 239 | BIO_printf(bio_err, | 
| diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c index 37375c1600..e54c8d0b84 100644 --- a/src/usr.bin/openssl/smime.c +++ b/src/usr.bin/openssl/smime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: smime.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: smime.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project. | 3 | * project. | 
| 4 | */ | 4 | */ | 
| @@ -107,7 +107,7 @@ static struct { | |||
| 107 | char *subject; | 107 | char *subject; | 
| 108 | char *to; | 108 | char *to; | 
| 109 | X509_VERIFY_PARAM *vpm; | 109 | X509_VERIFY_PARAM *vpm; | 
| 110 | } smime_config; | 110 | } cfg; | 
| 111 | 111 | ||
| 112 | static const EVP_CIPHER * | 112 | static const EVP_CIPHER * | 
| 113 | get_cipher_by_name(char *name) | 113 | get_cipher_by_name(char *name) | 
| @@ -156,8 +156,8 @@ smime_opt_cipher(int argc, char **argv, int *argsused) | |||
| 156 | if (*name++ != '-') | 156 | if (*name++ != '-') | 
| 157 | return (1); | 157 | return (1); | 
| 158 | 158 | ||
| 159 | if ((smime_config.cipher = get_cipher_by_name(name)) == NULL) | 159 | if ((cfg.cipher = get_cipher_by_name(name)) == NULL) | 
| 160 | if ((smime_config.cipher = EVP_get_cipherbyname(name)) == NULL) | 160 | if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) | 
| 161 | return (1); | 161 | return (1); | 
| 162 | 162 | ||
| 163 | *argsused = 1; | 163 | *argsused = 1; | 
| @@ -167,41 +167,41 @@ smime_opt_cipher(int argc, char **argv, int *argsused) | |||
| 167 | static int | 167 | static int | 
| 168 | smime_opt_inkey(char *arg) | 168 | smime_opt_inkey(char *arg) | 
| 169 | { | 169 | { | 
| 170 | if (smime_config.keyfile == NULL) { | 170 | if (cfg.keyfile == NULL) { | 
| 171 | smime_config.keyfile = arg; | 171 | cfg.keyfile = arg; | 
| 172 | return (0); | 172 | return (0); | 
| 173 | } | 173 | } | 
| 174 | 174 | ||
| 175 | if (smime_config.signerfile == NULL) { | 175 | if (cfg.signerfile == NULL) { | 
| 176 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | 176 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | 
| 177 | return (1); | 177 | return (1); | 
| 178 | } | 178 | } | 
| 179 | 179 | ||
| 180 | if (smime_config.sksigners == NULL) { | 180 | if (cfg.sksigners == NULL) { | 
| 181 | if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) | 181 | if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) | 
| 182 | return (1); | 182 | return (1); | 
| 183 | } | 183 | } | 
| 184 | if (!sk_OPENSSL_STRING_push(smime_config.sksigners, | 184 | if (!sk_OPENSSL_STRING_push(cfg.sksigners, | 
| 185 | smime_config.signerfile)) | 185 | cfg.signerfile)) | 
| 186 | return (1); | 186 | return (1); | 
| 187 | 187 | ||
| 188 | smime_config.signerfile = NULL; | 188 | cfg.signerfile = NULL; | 
| 189 | 189 | ||
| 190 | if (smime_config.skkeys == NULL) { | 190 | if (cfg.skkeys == NULL) { | 
| 191 | if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) | 191 | if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) | 
| 192 | return (1); | 192 | return (1); | 
| 193 | } | 193 | } | 
| 194 | if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) | 194 | if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) | 
| 195 | return (1); | 195 | return (1); | 
| 196 | 196 | ||
| 197 | smime_config.keyfile = arg; | 197 | cfg.keyfile = arg; | 
| 198 | return (0); | 198 | return (0); | 
| 199 | } | 199 | } | 
| 200 | 200 | ||
| 201 | static int | 201 | static int | 
| 202 | smime_opt_md(char *arg) | 202 | smime_opt_md(char *arg) | 
| 203 | { | 203 | { | 
| 204 | if ((smime_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { | 204 | if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) { | 
| 205 | BIO_printf(bio_err, "Unknown digest %s\n", arg); | 205 | BIO_printf(bio_err, "Unknown digest %s\n", arg); | 
| 206 | return (1); | 206 | return (1); | 
| 207 | } | 207 | } | 
| @@ -211,32 +211,32 @@ smime_opt_md(char *arg) | |||
| 211 | static int | 211 | static int | 
| 212 | smime_opt_signer(char *arg) | 212 | smime_opt_signer(char *arg) | 
| 213 | { | 213 | { | 
| 214 | if (smime_config.signerfile == NULL) { | 214 | if (cfg.signerfile == NULL) { | 
| 215 | smime_config.signerfile = arg; | 215 | cfg.signerfile = arg; | 
| 216 | return (0); | 216 | return (0); | 
| 217 | } | 217 | } | 
| 218 | 218 | ||
| 219 | if (smime_config.sksigners == NULL) { | 219 | if (cfg.sksigners == NULL) { | 
| 220 | if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) | 220 | if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) | 
| 221 | return (1); | 221 | return (1); | 
| 222 | } | 222 | } | 
| 223 | if (!sk_OPENSSL_STRING_push(smime_config.sksigners, | 223 | if (!sk_OPENSSL_STRING_push(cfg.sksigners, | 
| 224 | smime_config.signerfile)) | 224 | cfg.signerfile)) | 
| 225 | return (1); | 225 | return (1); | 
| 226 | 226 | ||
| 227 | if (smime_config.keyfile == NULL) | 227 | if (cfg.keyfile == NULL) | 
| 228 | smime_config.keyfile = smime_config.signerfile; | 228 | cfg.keyfile = cfg.signerfile; | 
| 229 | 229 | ||
| 230 | if (smime_config.skkeys == NULL) { | 230 | if (cfg.skkeys == NULL) { | 
| 231 | if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) | 231 | if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) | 
| 232 | return (1); | 232 | return (1); | 
| 233 | } | 233 | } | 
| 234 | if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) | 234 | if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) | 
| 235 | return (1); | 235 | return (1); | 
| 236 | 236 | ||
| 237 | smime_config.keyfile = NULL; | 237 | cfg.keyfile = NULL; | 
| 238 | 238 | ||
| 239 | smime_config.signerfile = arg; | 239 | cfg.signerfile = arg; | 
| 240 | return (0); | 240 | return (0); | 
| 241 | } | 241 | } | 
| 242 | 242 | ||
| @@ -246,7 +246,7 @@ smime_opt_verify_param(int argc, char **argv, int *argsused) | |||
| 246 | int oargc = argc; | 246 | int oargc = argc; | 
| 247 | int badarg = 0; | 247 | int badarg = 0; | 
| 248 | 248 | ||
| 249 | if (!args_verify(&argv, &argc, &badarg, bio_err, &smime_config.vpm)) | 249 | if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm)) | 
| 250 | return (1); | 250 | return (1); | 
| 251 | if (badarg) | 251 | if (badarg) | 
| 252 | return (1); | 252 | return (1); | 
| @@ -336,20 +336,20 @@ static const struct option smime_options[] = { | |||
| 336 | .argname = "file", | 336 | .argname = "file", | 
| 337 | .desc = "Certificate Authority file", | 337 | .desc = "Certificate Authority file", | 
| 338 | .type = OPTION_ARG, | 338 | .type = OPTION_ARG, | 
| 339 | .opt.arg = &smime_config.CAfile, | 339 | .opt.arg = &cfg.CAfile, | 
| 340 | }, | 340 | }, | 
| 341 | { | 341 | { | 
| 342 | .name = "CApath", | 342 | .name = "CApath", | 
| 343 | .argname = "path", | 343 | .argname = "path", | 
| 344 | .desc = "Certificate Authority path", | 344 | .desc = "Certificate Authority path", | 
| 345 | .type = OPTION_ARG, | 345 | .type = OPTION_ARG, | 
| 346 | .opt.arg = &smime_config.CApath, | 346 | .opt.arg = &cfg.CApath, | 
| 347 | }, | 347 | }, | 
| 348 | { | 348 | { | 
| 349 | .name = "binary", | 349 | .name = "binary", | 
| 350 | .desc = "Do not translate message to text", | 350 | .desc = "Do not translate message to text", | 
| 351 | .type = OPTION_VALUE_OR, | 351 | .type = OPTION_VALUE_OR, | 
| 352 | .opt.value = &smime_config.flags, | 352 | .opt.value = &cfg.flags, | 
| 353 | .value = PKCS7_BINARY, | 353 | .value = PKCS7_BINARY, | 
| 354 | }, | 354 | }, | 
| 355 | { | 355 | { | 
| @@ -357,34 +357,34 @@ static const struct option smime_options[] = { | |||
| 357 | .argname = "file", | 357 | .argname = "file", | 
| 358 | .desc = "Other certificates file", | 358 | .desc = "Other certificates file", | 
| 359 | .type = OPTION_ARG, | 359 | .type = OPTION_ARG, | 
| 360 | .opt.arg = &smime_config.certfile, | 360 | .opt.arg = &cfg.certfile, | 
| 361 | }, | 361 | }, | 
| 362 | { | 362 | { | 
| 363 | .name = "content", | 363 | .name = "content", | 
| 364 | .argname = "file", | 364 | .argname = "file", | 
| 365 | .desc = "Supply or override content for detached signature", | 365 | .desc = "Supply or override content for detached signature", | 
| 366 | .type = OPTION_ARG, | 366 | .type = OPTION_ARG, | 
| 367 | .opt.arg = &smime_config.contfile, | 367 | .opt.arg = &cfg.contfile, | 
| 368 | }, | 368 | }, | 
| 369 | { | 369 | { | 
| 370 | .name = "crlfeol", | 370 | .name = "crlfeol", | 
| 371 | .desc = "Use CRLF as EOL termination instead of CR only", | 371 | .desc = "Use CRLF as EOL termination instead of CR only", | 
| 372 | .type = OPTION_VALUE_OR, | 372 | .type = OPTION_VALUE_OR, | 
| 373 | .opt.value = &smime_config.flags, | 373 | .opt.value = &cfg.flags, | 
| 374 | .value = PKCS7_CRLFEOL, | 374 | .value = PKCS7_CRLFEOL, | 
| 375 | }, | 375 | }, | 
| 376 | { | 376 | { | 
| 377 | .name = "decrypt", | 377 | .name = "decrypt", | 
| 378 | .desc = "Decrypt encrypted message", | 378 | .desc = "Decrypt encrypted message", | 
| 379 | .type = OPTION_VALUE, | 379 | .type = OPTION_VALUE, | 
| 380 | .opt.value = &smime_config.operation, | 380 | .opt.value = &cfg.operation, | 
| 381 | .value = SMIME_DECRYPT, | 381 | .value = SMIME_DECRYPT, | 
| 382 | }, | 382 | }, | 
| 383 | { | 383 | { | 
| 384 | .name = "encrypt", | 384 | .name = "encrypt", | 
| 385 | .desc = "Encrypt message", | 385 | .desc = "Encrypt message", | 
| 386 | .type = OPTION_VALUE, | 386 | .type = OPTION_VALUE, | 
| 387 | .opt.value = &smime_config.operation, | 387 | .opt.value = &cfg.operation, | 
| 388 | .value = SMIME_ENCRYPT, | 388 | .value = SMIME_ENCRYPT, | 
| 389 | }, | 389 | }, | 
| 390 | { | 390 | { | 
| @@ -392,20 +392,20 @@ static const struct option smime_options[] = { | |||
| 392 | .argname = "addr", | 392 | .argname = "addr", | 
| 393 | .desc = "From address", | 393 | .desc = "From address", | 
| 394 | .type = OPTION_ARG, | 394 | .type = OPTION_ARG, | 
| 395 | .opt.arg = &smime_config.from, | 395 | .opt.arg = &cfg.from, | 
| 396 | }, | 396 | }, | 
| 397 | { | 397 | { | 
| 398 | .name = "in", | 398 | .name = "in", | 
| 399 | .argname = "file", | 399 | .argname = "file", | 
| 400 | .desc = "Input file", | 400 | .desc = "Input file", | 
| 401 | .type = OPTION_ARG, | 401 | .type = OPTION_ARG, | 
| 402 | .opt.arg = &smime_config.infile, | 402 | .opt.arg = &cfg.infile, | 
| 403 | }, | 403 | }, | 
| 404 | { | 404 | { | 
| 405 | .name = "indef", | 405 | .name = "indef", | 
| 406 | .desc = "Same as -stream", | 406 | .desc = "Same as -stream", | 
| 407 | .type = OPTION_VALUE, | 407 | .type = OPTION_VALUE, | 
| 408 | .opt.value = &smime_config.indef, | 408 | .opt.value = &cfg.indef, | 
| 409 | .value = 1, | 409 | .value = 1, | 
| 410 | }, | 410 | }, | 
| 411 | { | 411 | { | 
| @@ -413,7 +413,7 @@ static const struct option smime_options[] = { | |||
| 413 | .argname = "fmt", | 413 | .argname = "fmt", | 
| 414 | .desc = "Input format (DER, PEM or SMIME (default))", | 414 | .desc = "Input format (DER, PEM or SMIME (default))", | 
| 415 | .type = OPTION_ARG_FORMAT, | 415 | .type = OPTION_ARG_FORMAT, | 
| 416 | .opt.value = &smime_config.informat, | 416 | .opt.value = &cfg.informat, | 
| 417 | }, | 417 | }, | 
| 418 | { | 418 | { | 
| 419 | .name = "inkey", | 419 | .name = "inkey", | 
| @@ -427,7 +427,7 @@ static const struct option smime_options[] = { | |||
| 427 | .argname = "fmt", | 427 | .argname = "fmt", | 
| 428 | .desc = "Input key format (DER or PEM (default))", | 428 | .desc = "Input key format (DER or PEM (default))", | 
| 429 | .type = OPTION_ARG_FORMAT, | 429 | .type = OPTION_ARG_FORMAT, | 
| 430 | .opt.value = &smime_config.keyform, | 430 | .opt.value = &cfg.keyform, | 
| 431 | }, | 431 | }, | 
| 432 | { | 432 | { | 
| 433 | .name = "md", | 433 | .name = "md", | 
| @@ -440,70 +440,70 @@ static const struct option smime_options[] = { | |||
| 440 | .name = "noattr", | 440 | .name = "noattr", | 
| 441 | .desc = "Do not include any signed attributes", | 441 | .desc = "Do not include any signed attributes", | 
| 442 | .type = OPTION_VALUE_OR, | 442 | .type = OPTION_VALUE_OR, | 
| 443 | .opt.value = &smime_config.flags, | 443 | .opt.value = &cfg.flags, | 
| 444 | .value = PKCS7_NOATTR, | 444 | .value = PKCS7_NOATTR, | 
| 445 | }, | 445 | }, | 
| 446 | { | 446 | { | 
| 447 | .name = "nocerts", | 447 | .name = "nocerts", | 
| 448 | .desc = "Do not include signer's certificate when signing", | 448 | .desc = "Do not include signer's certificate when signing", | 
| 449 | .type = OPTION_VALUE_OR, | 449 | .type = OPTION_VALUE_OR, | 
| 450 | .opt.value = &smime_config.flags, | 450 | .opt.value = &cfg.flags, | 
| 451 | .value = PKCS7_NOCERTS, | 451 | .value = PKCS7_NOCERTS, | 
| 452 | }, | 452 | }, | 
| 453 | { | 453 | { | 
| 454 | .name = "nochain", | 454 | .name = "nochain", | 
| 455 | .desc = "Do not chain verification of signer's certificates", | 455 | .desc = "Do not chain verification of signer's certificates", | 
| 456 | .type = OPTION_VALUE_OR, | 456 | .type = OPTION_VALUE_OR, | 
| 457 | .opt.value = &smime_config.flags, | 457 | .opt.value = &cfg.flags, | 
| 458 | .value = PKCS7_NOCHAIN, | 458 | .value = PKCS7_NOCHAIN, | 
| 459 | }, | 459 | }, | 
| 460 | { | 460 | { | 
| 461 | .name = "nodetach", | 461 | .name = "nodetach", | 
| 462 | .desc = "Use opaque signing", | 462 | .desc = "Use opaque signing", | 
| 463 | .type = OPTION_VALUE_AND, | 463 | .type = OPTION_VALUE_AND, | 
| 464 | .opt.value = &smime_config.flags, | 464 | .opt.value = &cfg.flags, | 
| 465 | .value = ~PKCS7_DETACHED, | 465 | .value = ~PKCS7_DETACHED, | 
| 466 | }, | 466 | }, | 
| 467 | { | 467 | { | 
| 468 | .name = "noindef", | 468 | .name = "noindef", | 
| 469 | .desc = "Disable streaming I/O", | 469 | .desc = "Disable streaming I/O", | 
| 470 | .type = OPTION_VALUE, | 470 | .type = OPTION_VALUE, | 
| 471 | .opt.value = &smime_config.indef, | 471 | .opt.value = &cfg.indef, | 
| 472 | .value = 0, | 472 | .value = 0, | 
| 473 | }, | 473 | }, | 
| 474 | { | 474 | { | 
| 475 | .name = "nointern", | 475 | .name = "nointern", | 
| 476 | .desc = "Do not search certificates in message for signer", | 476 | .desc = "Do not search certificates in message for signer", | 
| 477 | .type = OPTION_VALUE_OR, | 477 | .type = OPTION_VALUE_OR, | 
| 478 | .opt.value = &smime_config.flags, | 478 | .opt.value = &cfg.flags, | 
| 479 | .value = PKCS7_NOINTERN, | 479 | .value = PKCS7_NOINTERN, | 
| 480 | }, | 480 | }, | 
| 481 | { | 481 | { | 
| 482 | .name = "nooldmime", | 482 | .name = "nooldmime", | 
| 483 | .desc = "Output old S/MIME content type", | 483 | .desc = "Output old S/MIME content type", | 
| 484 | .type = OPTION_VALUE_OR, | 484 | .type = OPTION_VALUE_OR, | 
| 485 | .opt.value = &smime_config.flags, | 485 | .opt.value = &cfg.flags, | 
| 486 | .value = PKCS7_NOOLDMIMETYPE, | 486 | .value = PKCS7_NOOLDMIMETYPE, | 
| 487 | }, | 487 | }, | 
| 488 | { | 488 | { | 
| 489 | .name = "nosigs", | 489 | .name = "nosigs", | 
| 490 | .desc = "Do not verify message signature", | 490 | .desc = "Do not verify message signature", | 
| 491 | .type = OPTION_VALUE_OR, | 491 | .type = OPTION_VALUE_OR, | 
| 492 | .opt.value = &smime_config.flags, | 492 | .opt.value = &cfg.flags, | 
| 493 | .value = PKCS7_NOSIGS, | 493 | .value = PKCS7_NOSIGS, | 
| 494 | }, | 494 | }, | 
| 495 | { | 495 | { | 
| 496 | .name = "nosmimecap", | 496 | .name = "nosmimecap", | 
| 497 | .desc = "Omit the SMIMECapabilities attribute", | 497 | .desc = "Omit the SMIMECapabilities attribute", | 
| 498 | .type = OPTION_VALUE_OR, | 498 | .type = OPTION_VALUE_OR, | 
| 499 | .opt.value = &smime_config.flags, | 499 | .opt.value = &cfg.flags, | 
| 500 | .value = PKCS7_NOSMIMECAP, | 500 | .value = PKCS7_NOSMIMECAP, | 
| 501 | }, | 501 | }, | 
| 502 | { | 502 | { | 
| 503 | .name = "noverify", | 503 | .name = "noverify", | 
| 504 | .desc = "Do not verify signer's certificate", | 504 | .desc = "Do not verify signer's certificate", | 
| 505 | .type = OPTION_VALUE_OR, | 505 | .type = OPTION_VALUE_OR, | 
| 506 | .opt.value = &smime_config.flags, | 506 | .opt.value = &cfg.flags, | 
| 507 | .value = PKCS7_NOVERIFY, | 507 | .value = PKCS7_NOVERIFY, | 
| 508 | }, | 508 | }, | 
| 509 | { | 509 | { | 
| @@ -511,27 +511,27 @@ static const struct option smime_options[] = { | |||
| 511 | .argname = "file", | 511 | .argname = "file", | 
| 512 | .desc = "Output file", | 512 | .desc = "Output file", | 
| 513 | .type = OPTION_ARG, | 513 | .type = OPTION_ARG, | 
| 514 | .opt.arg = &smime_config.outfile, | 514 | .opt.arg = &cfg.outfile, | 
| 515 | }, | 515 | }, | 
| 516 | { | 516 | { | 
| 517 | .name = "outform", | 517 | .name = "outform", | 
| 518 | .argname = "fmt", | 518 | .argname = "fmt", | 
| 519 | .desc = "Output format (DER, PEM or SMIME (default))", | 519 | .desc = "Output format (DER, PEM or SMIME (default))", | 
| 520 | .type = OPTION_ARG_FORMAT, | 520 | .type = OPTION_ARG_FORMAT, | 
| 521 | .opt.value = &smime_config.outformat, | 521 | .opt.value = &cfg.outformat, | 
| 522 | }, | 522 | }, | 
| 523 | { | 523 | { | 
| 524 | .name = "passin", | 524 | .name = "passin", | 
| 525 | .argname = "src", | 525 | .argname = "src", | 
| 526 | .desc = "Private key password source", | 526 | .desc = "Private key password source", | 
| 527 | .type = OPTION_ARG, | 527 | .type = OPTION_ARG, | 
| 528 | .opt.arg = &smime_config.passargin, | 528 | .opt.arg = &cfg.passargin, | 
| 529 | }, | 529 | }, | 
| 530 | { | 530 | { | 
| 531 | .name = "pk7out", | 531 | .name = "pk7out", | 
| 532 | .desc = "Output PKCS#7 structure", | 532 | .desc = "Output PKCS#7 structure", | 
| 533 | .type = OPTION_VALUE, | 533 | .type = OPTION_VALUE, | 
| 534 | .opt.value = &smime_config.operation, | 534 | .opt.value = &cfg.operation, | 
| 535 | .value = SMIME_PK7OUT, | 535 | .value = SMIME_PK7OUT, | 
| 536 | }, | 536 | }, | 
| 537 | { | 537 | { | 
| @@ -539,20 +539,20 @@ static const struct option smime_options[] = { | |||
| 539 | .argname = "file", | 539 | .argname = "file", | 
| 540 | .desc = "Recipient certificate file for decryption", | 540 | .desc = "Recipient certificate file for decryption", | 
| 541 | .type = OPTION_ARG, | 541 | .type = OPTION_ARG, | 
| 542 | .opt.arg = &smime_config.recipfile, | 542 | .opt.arg = &cfg.recipfile, | 
| 543 | }, | 543 | }, | 
| 544 | { | 544 | { | 
| 545 | .name = "resign", | 545 | .name = "resign", | 
| 546 | .desc = "Resign a signed message", | 546 | .desc = "Resign a signed message", | 
| 547 | .type = OPTION_VALUE, | 547 | .type = OPTION_VALUE, | 
| 548 | .opt.value = &smime_config.operation, | 548 | .opt.value = &cfg.operation, | 
| 549 | .value = SMIME_RESIGN, | 549 | .value = SMIME_RESIGN, | 
| 550 | }, | 550 | }, | 
| 551 | { | 551 | { | 
| 552 | .name = "sign", | 552 | .name = "sign", | 
| 553 | .desc = "Sign message", | 553 | .desc = "Sign message", | 
| 554 | .type = OPTION_VALUE, | 554 | .type = OPTION_VALUE, | 
| 555 | .opt.value = &smime_config.operation, | 555 | .opt.value = &cfg.operation, | 
| 556 | .value = SMIME_SIGN, | 556 | .value = SMIME_SIGN, | 
| 557 | }, | 557 | }, | 
| 558 | { | 558 | { | 
| @@ -566,7 +566,7 @@ static const struct option smime_options[] = { | |||
| 566 | .name = "stream", | 566 | .name = "stream", | 
| 567 | .desc = "Enable streaming I/O", | 567 | .desc = "Enable streaming I/O", | 
| 568 | .type = OPTION_VALUE, | 568 | .type = OPTION_VALUE, | 
| 569 | .opt.value = &smime_config.indef, | 569 | .opt.value = &cfg.indef, | 
| 570 | .value = 1, | 570 | .value = 1, | 
| 571 | }, | 571 | }, | 
| 572 | { | 572 | { | 
| @@ -574,13 +574,13 @@ static const struct option smime_options[] = { | |||
| 574 | .argname = "s", | 574 | .argname = "s", | 
| 575 | .desc = "Subject", | 575 | .desc = "Subject", | 
| 576 | .type = OPTION_ARG, | 576 | .type = OPTION_ARG, | 
| 577 | .opt.arg = &smime_config.subject, | 577 | .opt.arg = &cfg.subject, | 
| 578 | }, | 578 | }, | 
| 579 | { | 579 | { | 
| 580 | .name = "text", | 580 | .name = "text", | 
| 581 | .desc = "Include or delete text MIME headers", | 581 | .desc = "Include or delete text MIME headers", | 
| 582 | .type = OPTION_VALUE_OR, | 582 | .type = OPTION_VALUE_OR, | 
| 583 | .opt.value = &smime_config.flags, | 583 | .opt.value = &cfg.flags, | 
| 584 | .value = PKCS7_TEXT, | 584 | .value = PKCS7_TEXT, | 
| 585 | }, | 585 | }, | 
| 586 | { | 586 | { | 
| @@ -588,13 +588,13 @@ static const struct option smime_options[] = { | |||
| 588 | .argname = "addr", | 588 | .argname = "addr", | 
| 589 | .desc = "To address", | 589 | .desc = "To address", | 
| 590 | .type = OPTION_ARG, | 590 | .type = OPTION_ARG, | 
| 591 | .opt.arg = &smime_config.to, | 591 | .opt.arg = &cfg.to, | 
| 592 | }, | 592 | }, | 
| 593 | { | 593 | { | 
| 594 | .name = "verify", | 594 | .name = "verify", | 
| 595 | .desc = "Verify signed message", | 595 | .desc = "Verify signed message", | 
| 596 | .type = OPTION_VALUE, | 596 | .type = OPTION_VALUE, | 
| 597 | .opt.value = &smime_config.operation, | 597 | .opt.value = &cfg.operation, | 
| 598 | .value = SMIME_VERIFY, | 598 | .value = SMIME_VERIFY, | 
| 599 | }, | 599 | }, | 
| 600 | { | 600 | { | 
| @@ -727,70 +727,70 @@ smime_main(int argc, char **argv) | |||
| 727 | exit(1); | 727 | exit(1); | 
| 728 | } | 728 | } | 
| 729 | 729 | ||
| 730 | memset(&smime_config, 0, sizeof(smime_config)); | 730 | memset(&cfg, 0, sizeof(cfg)); | 
| 731 | smime_config.flags = PKCS7_DETACHED; | 731 | cfg.flags = PKCS7_DETACHED; | 
| 732 | smime_config.informat = FORMAT_SMIME; | 732 | cfg.informat = FORMAT_SMIME; | 
| 733 | smime_config.outformat = FORMAT_SMIME; | 733 | cfg.outformat = FORMAT_SMIME; | 
| 734 | smime_config.keyform = FORMAT_PEM; | 734 | cfg.keyform = FORMAT_PEM; | 
| 735 | if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) { | 735 | if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) { | 
| 736 | goto argerr; | 736 | goto argerr; | 
| 737 | } | 737 | } | 
| 738 | args = argv + argsused; | 738 | args = argv + argsused; | 
| 739 | ret = 1; | 739 | ret = 1; | 
| 740 | 740 | ||
| 741 | if (!(smime_config.operation & SMIME_SIGNERS) && | 741 | if (!(cfg.operation & SMIME_SIGNERS) && | 
| 742 | (smime_config.skkeys != NULL || smime_config.sksigners != NULL)) { | 742 | (cfg.skkeys != NULL || cfg.sksigners != NULL)) { | 
| 743 | BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); | 743 | BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); | 
| 744 | goto argerr; | 744 | goto argerr; | 
| 745 | } | 745 | } | 
| 746 | if (smime_config.operation & SMIME_SIGNERS) { | 746 | if (cfg.operation & SMIME_SIGNERS) { | 
| 747 | /* Check to see if any final signer needs to be appended */ | 747 | /* Check to see if any final signer needs to be appended */ | 
| 748 | if (smime_config.keyfile != NULL && | 748 | if (cfg.keyfile != NULL && | 
| 749 | smime_config.signerfile == NULL) { | 749 | cfg.signerfile == NULL) { | 
| 750 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | 750 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | 
| 751 | goto argerr; | 751 | goto argerr; | 
| 752 | } | 752 | } | 
| 753 | if (smime_config.signerfile != NULL) { | 753 | if (cfg.signerfile != NULL) { | 
| 754 | if (smime_config.sksigners == NULL) { | 754 | if (cfg.sksigners == NULL) { | 
| 755 | if ((smime_config.sksigners = | 755 | if ((cfg.sksigners = | 
| 756 | sk_OPENSSL_STRING_new_null()) == NULL) | 756 | sk_OPENSSL_STRING_new_null()) == NULL) | 
| 757 | goto end; | 757 | goto end; | 
| 758 | } | 758 | } | 
| 759 | if (!sk_OPENSSL_STRING_push(smime_config.sksigners, | 759 | if (!sk_OPENSSL_STRING_push(cfg.sksigners, | 
| 760 | smime_config.signerfile)) | 760 | cfg.signerfile)) | 
| 761 | goto end; | 761 | goto end; | 
| 762 | if (smime_config.skkeys == NULL) { | 762 | if (cfg.skkeys == NULL) { | 
| 763 | if ((smime_config.skkeys = | 763 | if ((cfg.skkeys = | 
| 764 | sk_OPENSSL_STRING_new_null()) == NULL) | 764 | sk_OPENSSL_STRING_new_null()) == NULL) | 
| 765 | goto end; | 765 | goto end; | 
| 766 | } | 766 | } | 
| 767 | if (smime_config.keyfile == NULL) | 767 | if (cfg.keyfile == NULL) | 
| 768 | smime_config.keyfile = smime_config.signerfile; | 768 | cfg.keyfile = cfg.signerfile; | 
| 769 | if (!sk_OPENSSL_STRING_push(smime_config.skkeys, | 769 | if (!sk_OPENSSL_STRING_push(cfg.skkeys, | 
| 770 | smime_config.keyfile)) | 770 | cfg.keyfile)) | 
| 771 | goto end; | 771 | goto end; | 
| 772 | } | 772 | } | 
| 773 | if (smime_config.sksigners == NULL) { | 773 | if (cfg.sksigners == NULL) { | 
| 774 | BIO_printf(bio_err, | 774 | BIO_printf(bio_err, | 
| 775 | "No signer certificate specified\n"); | 775 | "No signer certificate specified\n"); | 
| 776 | badarg = 1; | 776 | badarg = 1; | 
| 777 | } | 777 | } | 
| 778 | smime_config.signerfile = NULL; | 778 | cfg.signerfile = NULL; | 
| 779 | smime_config.keyfile = NULL; | 779 | cfg.keyfile = NULL; | 
| 780 | } else if (smime_config.operation == SMIME_DECRYPT) { | 780 | } else if (cfg.operation == SMIME_DECRYPT) { | 
| 781 | if (smime_config.recipfile == NULL && | 781 | if (cfg.recipfile == NULL && | 
| 782 | smime_config.keyfile == NULL) { | 782 | cfg.keyfile == NULL) { | 
| 783 | BIO_printf(bio_err, | 783 | BIO_printf(bio_err, | 
| 784 | "No recipient certificate or key specified\n"); | 784 | "No recipient certificate or key specified\n"); | 
| 785 | badarg = 1; | 785 | badarg = 1; | 
| 786 | } | 786 | } | 
| 787 | } else if (smime_config.operation == SMIME_ENCRYPT) { | 787 | } else if (cfg.operation == SMIME_ENCRYPT) { | 
| 788 | if (*args == NULL) { | 788 | if (*args == NULL) { | 
| 789 | BIO_printf(bio_err, | 789 | BIO_printf(bio_err, | 
| 790 | "No recipient(s) certificate(s) specified\n"); | 790 | "No recipient(s) certificate(s) specified\n"); | 
| 791 | badarg = 1; | 791 | badarg = 1; | 
| 792 | } | 792 | } | 
| 793 | } else if (!smime_config.operation) { | 793 | } else if (!cfg.operation) { | 
| 794 | badarg = 1; | 794 | badarg = 1; | 
| 795 | } | 795 | } | 
| 796 | 796 | ||
| @@ -800,35 +800,35 @@ smime_main(int argc, char **argv) | |||
| 800 | goto end; | 800 | goto end; | 
| 801 | } | 801 | } | 
| 802 | 802 | ||
| 803 | if (!app_passwd(bio_err, smime_config.passargin, NULL, &passin, NULL)) { | 803 | if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { | 
| 804 | BIO_printf(bio_err, "Error getting password\n"); | 804 | BIO_printf(bio_err, "Error getting password\n"); | 
| 805 | goto end; | 805 | goto end; | 
| 806 | } | 806 | } | 
| 807 | ret = 2; | 807 | ret = 2; | 
| 808 | 808 | ||
| 809 | if (!(smime_config.operation & SMIME_SIGNERS)) | 809 | if (!(cfg.operation & SMIME_SIGNERS)) | 
| 810 | smime_config.flags &= ~PKCS7_DETACHED; | 810 | cfg.flags &= ~PKCS7_DETACHED; | 
| 811 | 811 | ||
| 812 | if (smime_config.operation & SMIME_OP) { | 812 | if (cfg.operation & SMIME_OP) { | 
| 813 | if (smime_config.outformat == FORMAT_ASN1) | 813 | if (cfg.outformat == FORMAT_ASN1) | 
| 814 | outmode = "wb"; | 814 | outmode = "wb"; | 
| 815 | } else { | 815 | } else { | 
| 816 | if (smime_config.flags & PKCS7_BINARY) | 816 | if (cfg.flags & PKCS7_BINARY) | 
| 817 | outmode = "wb"; | 817 | outmode = "wb"; | 
| 818 | } | 818 | } | 
| 819 | 819 | ||
| 820 | if (smime_config.operation & SMIME_IP) { | 820 | if (cfg.operation & SMIME_IP) { | 
| 821 | if (smime_config.informat == FORMAT_ASN1) | 821 | if (cfg.informat == FORMAT_ASN1) | 
| 822 | inmode = "rb"; | 822 | inmode = "rb"; | 
| 823 | } else { | 823 | } else { | 
| 824 | if (smime_config.flags & PKCS7_BINARY) | 824 | if (cfg.flags & PKCS7_BINARY) | 
| 825 | inmode = "rb"; | 825 | inmode = "rb"; | 
| 826 | } | 826 | } | 
| 827 | 827 | ||
| 828 | if (smime_config.operation == SMIME_ENCRYPT) { | 828 | if (cfg.operation == SMIME_ENCRYPT) { | 
| 829 | if (smime_config.cipher == NULL) { | 829 | if (cfg.cipher == NULL) { | 
| 830 | #ifndef OPENSSL_NO_RC2 | 830 | #ifndef OPENSSL_NO_RC2 | 
| 831 | smime_config.cipher = EVP_rc2_40_cbc(); | 831 | cfg.cipher = EVP_rc2_40_cbc(); | 
| 832 | #else | 832 | #else | 
| 833 | BIO_printf(bio_err, "No cipher selected\n"); | 833 | BIO_printf(bio_err, "No cipher selected\n"); | 
| 834 | goto end; | 834 | goto end; | 
| @@ -847,41 +847,41 @@ smime_main(int argc, char **argv) | |||
| 847 | args++; | 847 | args++; | 
| 848 | } | 848 | } | 
| 849 | } | 849 | } | 
| 850 | if (smime_config.certfile != NULL) { | 850 | if (cfg.certfile != NULL) { | 
| 851 | if ((other = load_certs(bio_err, smime_config.certfile, | 851 | if ((other = load_certs(bio_err, cfg.certfile, | 
| 852 | FORMAT_PEM, NULL, "certificate file")) == NULL) { | 852 | FORMAT_PEM, NULL, "certificate file")) == NULL) { | 
| 853 | ERR_print_errors(bio_err); | 853 | ERR_print_errors(bio_err); | 
| 854 | goto end; | 854 | goto end; | 
| 855 | } | 855 | } | 
| 856 | } | 856 | } | 
| 857 | if (smime_config.recipfile != NULL && | 857 | if (cfg.recipfile != NULL && | 
| 858 | (smime_config.operation == SMIME_DECRYPT)) { | 858 | (cfg.operation == SMIME_DECRYPT)) { | 
| 859 | if ((recip = load_cert(bio_err, smime_config.recipfile, | 859 | if ((recip = load_cert(bio_err, cfg.recipfile, | 
| 860 | FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { | 860 | FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { | 
| 861 | ERR_print_errors(bio_err); | 861 | ERR_print_errors(bio_err); | 
| 862 | goto end; | 862 | goto end; | 
| 863 | } | 863 | } | 
| 864 | } | 864 | } | 
| 865 | if (smime_config.operation == SMIME_DECRYPT) { | 865 | if (cfg.operation == SMIME_DECRYPT) { | 
| 866 | if (smime_config.keyfile == NULL) | 866 | if (cfg.keyfile == NULL) | 
| 867 | smime_config.keyfile = smime_config.recipfile; | 867 | cfg.keyfile = cfg.recipfile; | 
| 868 | } else if (smime_config.operation == SMIME_SIGN) { | 868 | } else if (cfg.operation == SMIME_SIGN) { | 
| 869 | if (smime_config.keyfile == NULL) | 869 | if (cfg.keyfile == NULL) | 
| 870 | smime_config.keyfile = smime_config.signerfile; | 870 | cfg.keyfile = cfg.signerfile; | 
| 871 | } else { | 871 | } else { | 
| 872 | smime_config.keyfile = NULL; | 872 | cfg.keyfile = NULL; | 
| 873 | } | 873 | } | 
| 874 | 874 | ||
| 875 | if (smime_config.keyfile != NULL) { | 875 | if (cfg.keyfile != NULL) { | 
| 876 | key = load_key(bio_err, smime_config.keyfile, | 876 | key = load_key(bio_err, cfg.keyfile, | 
| 877 | smime_config.keyform, 0, passin, "signing key file"); | 877 | cfg.keyform, 0, passin, "signing key file"); | 
| 878 | if (key == NULL) | 878 | if (key == NULL) | 
| 879 | goto end; | 879 | goto end; | 
| 880 | } | 880 | } | 
| 881 | if (smime_config.infile != NULL) { | 881 | if (cfg.infile != NULL) { | 
| 882 | if ((in = BIO_new_file(smime_config.infile, inmode)) == NULL) { | 882 | if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) { | 
| 883 | BIO_printf(bio_err, | 883 | BIO_printf(bio_err, | 
| 884 | "Can't open input file %s\n", smime_config.infile); | 884 | "Can't open input file %s\n", cfg.infile); | 
| 885 | goto end; | 885 | goto end; | 
| 886 | } | 886 | } | 
| 887 | } else { | 887 | } else { | 
| @@ -889,12 +889,12 @@ smime_main(int argc, char **argv) | |||
| 889 | goto end; | 889 | goto end; | 
| 890 | } | 890 | } | 
| 891 | 891 | ||
| 892 | if (smime_config.operation & SMIME_IP) { | 892 | if (cfg.operation & SMIME_IP) { | 
| 893 | if (smime_config.informat == FORMAT_SMIME) | 893 | if (cfg.informat == FORMAT_SMIME) | 
| 894 | p7 = SMIME_read_PKCS7(in, &indata); | 894 | p7 = SMIME_read_PKCS7(in, &indata); | 
| 895 | else if (smime_config.informat == FORMAT_PEM) | 895 | else if (cfg.informat == FORMAT_PEM) | 
| 896 | p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); | 896 | p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); | 
| 897 | else if (smime_config.informat == FORMAT_ASN1) | 897 | else if (cfg.informat == FORMAT_ASN1) | 
| 898 | p7 = d2i_PKCS7_bio(in, NULL); | 898 | p7 = d2i_PKCS7_bio(in, NULL); | 
| 899 | else { | 899 | else { | 
| 900 | BIO_printf(bio_err, | 900 | BIO_printf(bio_err, | 
| @@ -906,22 +906,22 @@ smime_main(int argc, char **argv) | |||
| 906 | BIO_printf(bio_err, "Error reading S/MIME message\n"); | 906 | BIO_printf(bio_err, "Error reading S/MIME message\n"); | 
| 907 | goto end; | 907 | goto end; | 
| 908 | } | 908 | } | 
| 909 | if (smime_config.contfile != NULL) { | 909 | if (cfg.contfile != NULL) { | 
| 910 | BIO_free(indata); | 910 | BIO_free(indata); | 
| 911 | if ((indata = BIO_new_file(smime_config.contfile, | 911 | if ((indata = BIO_new_file(cfg.contfile, | 
| 912 | "rb")) == NULL) { | 912 | "rb")) == NULL) { | 
| 913 | BIO_printf(bio_err, | 913 | BIO_printf(bio_err, | 
| 914 | "Can't read content file %s\n", | 914 | "Can't read content file %s\n", | 
| 915 | smime_config.contfile); | 915 | cfg.contfile); | 
| 916 | goto end; | 916 | goto end; | 
| 917 | } | 917 | } | 
| 918 | } | 918 | } | 
| 919 | } | 919 | } | 
| 920 | if (smime_config.outfile != NULL) { | 920 | if (cfg.outfile != NULL) { | 
| 921 | if ((out = BIO_new_file(smime_config.outfile, outmode)) == NULL) { | 921 | if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) { | 
| 922 | BIO_printf(bio_err, | 922 | BIO_printf(bio_err, | 
| 923 | "Can't open output file %s\n", | 923 | "Can't open output file %s\n", | 
| 924 | smime_config.outfile); | 924 | cfg.outfile); | 
| 925 | goto end; | 925 | goto end; | 
| 926 | } | 926 | } | 
| 927 | } else { | 927 | } else { | 
| @@ -929,60 +929,60 @@ smime_main(int argc, char **argv) | |||
| 929 | goto end; | 929 | goto end; | 
| 930 | } | 930 | } | 
| 931 | 931 | ||
| 932 | if (smime_config.operation == SMIME_VERIFY) { | 932 | if (cfg.operation == SMIME_VERIFY) { | 
| 933 | if ((store = setup_verify(bio_err, smime_config.CAfile, | 933 | if ((store = setup_verify(bio_err, cfg.CAfile, | 
| 934 | smime_config.CApath)) == NULL) | 934 | cfg.CApath)) == NULL) | 
| 935 | goto end; | 935 | goto end; | 
| 936 | X509_STORE_set_verify_cb(store, smime_cb); | 936 | X509_STORE_set_verify_cb(store, smime_cb); | 
| 937 | if (smime_config.vpm != NULL) { | 937 | if (cfg.vpm != NULL) { | 
| 938 | if (!X509_STORE_set1_param(store, smime_config.vpm)) | 938 | if (!X509_STORE_set1_param(store, cfg.vpm)) | 
| 939 | goto end; | 939 | goto end; | 
| 940 | } | 940 | } | 
| 941 | } | 941 | } | 
| 942 | ret = 3; | 942 | ret = 3; | 
| 943 | 943 | ||
| 944 | if (smime_config.operation == SMIME_ENCRYPT) { | 944 | if (cfg.operation == SMIME_ENCRYPT) { | 
| 945 | if (smime_config.indef) | 945 | if (cfg.indef) | 
| 946 | smime_config.flags |= PKCS7_STREAM; | 946 | cfg.flags |= PKCS7_STREAM; | 
| 947 | p7 = PKCS7_encrypt(encerts, in, smime_config.cipher, | 947 | p7 = PKCS7_encrypt(encerts, in, cfg.cipher, | 
| 948 | smime_config.flags); | 948 | cfg.flags); | 
| 949 | } else if (smime_config.operation & SMIME_SIGNERS) { | 949 | } else if (cfg.operation & SMIME_SIGNERS) { | 
| 950 | int i; | 950 | int i; | 
| 951 | /* | 951 | /* | 
| 952 | * If detached data content we only enable streaming if | 952 | * If detached data content we only enable streaming if | 
| 953 | * S/MIME output format. | 953 | * S/MIME output format. | 
| 954 | */ | 954 | */ | 
| 955 | if (smime_config.operation == SMIME_SIGN) { | 955 | if (cfg.operation == SMIME_SIGN) { | 
| 956 | if (smime_config.flags & PKCS7_DETACHED) { | 956 | if (cfg.flags & PKCS7_DETACHED) { | 
| 957 | if (smime_config.outformat == FORMAT_SMIME) | 957 | if (cfg.outformat == FORMAT_SMIME) | 
| 958 | smime_config.flags |= PKCS7_STREAM; | 958 | cfg.flags |= PKCS7_STREAM; | 
| 959 | } else if (smime_config.indef) { | 959 | } else if (cfg.indef) { | 
| 960 | smime_config.flags |= PKCS7_STREAM; | 960 | cfg.flags |= PKCS7_STREAM; | 
| 961 | } | 961 | } | 
| 962 | smime_config.flags |= PKCS7_PARTIAL; | 962 | cfg.flags |= PKCS7_PARTIAL; | 
| 963 | p7 = PKCS7_sign(NULL, NULL, other, in, | 963 | p7 = PKCS7_sign(NULL, NULL, other, in, | 
| 964 | smime_config.flags); | 964 | cfg.flags); | 
| 965 | if (p7 == NULL) | 965 | if (p7 == NULL) | 
| 966 | goto end; | 966 | goto end; | 
| 967 | } else { | 967 | } else { | 
| 968 | smime_config.flags |= PKCS7_REUSE_DIGEST; | 968 | cfg.flags |= PKCS7_REUSE_DIGEST; | 
| 969 | } | 969 | } | 
| 970 | for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) { | 970 | for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) { | 
| 971 | smime_config.signerfile = | 971 | cfg.signerfile = | 
| 972 | sk_OPENSSL_STRING_value(smime_config.sksigners, i); | 972 | sk_OPENSSL_STRING_value(cfg.sksigners, i); | 
| 973 | smime_config.keyfile = | 973 | cfg.keyfile = | 
| 974 | sk_OPENSSL_STRING_value(smime_config.skkeys, i); | 974 | sk_OPENSSL_STRING_value(cfg.skkeys, i); | 
| 975 | signer = load_cert(bio_err, smime_config.signerfile, | 975 | signer = load_cert(bio_err, cfg.signerfile, | 
| 976 | FORMAT_PEM, NULL, "signer certificate"); | 976 | FORMAT_PEM, NULL, "signer certificate"); | 
| 977 | if (signer == NULL) | 977 | if (signer == NULL) | 
| 978 | goto end; | 978 | goto end; | 
| 979 | key = load_key(bio_err, smime_config.keyfile, | 979 | key = load_key(bio_err, cfg.keyfile, | 
| 980 | smime_config.keyform, 0, passin, | 980 | cfg.keyform, 0, passin, | 
| 981 | "signing key file"); | 981 | "signing key file"); | 
| 982 | if (key == NULL) | 982 | if (key == NULL) | 
| 983 | goto end; | 983 | goto end; | 
| 984 | if (PKCS7_sign_add_signer(p7, signer, key, | 984 | if (PKCS7_sign_add_signer(p7, signer, key, | 
| 985 | smime_config.sign_md, smime_config.flags) == NULL) | 985 | cfg.sign_md, cfg.flags) == NULL) | 
| 986 | goto end; | 986 | goto end; | 
| 987 | X509_free(signer); | 987 | X509_free(signer); | 
| 988 | signer = NULL; | 988 | signer = NULL; | 
| @@ -990,9 +990,9 @@ smime_main(int argc, char **argv) | |||
| 990 | key = NULL; | 990 | key = NULL; | 
| 991 | } | 991 | } | 
| 992 | /* If not streaming or resigning finalize structure */ | 992 | /* If not streaming or resigning finalize structure */ | 
| 993 | if ((smime_config.operation == SMIME_SIGN) && | 993 | if ((cfg.operation == SMIME_SIGN) && | 
| 994 | !(smime_config.flags & PKCS7_STREAM)) { | 994 | !(cfg.flags & PKCS7_STREAM)) { | 
| 995 | if (!PKCS7_final(p7, in, smime_config.flags)) | 995 | if (!PKCS7_final(p7, in, cfg.flags)) | 
| 996 | goto end; | 996 | goto end; | 
| 997 | } | 997 | } | 
| 998 | } | 998 | } | 
| @@ -1002,58 +1002,58 @@ smime_main(int argc, char **argv) | |||
| 1002 | } | 1002 | } | 
| 1003 | ret = 4; | 1003 | ret = 4; | 
| 1004 | 1004 | ||
| 1005 | if (smime_config.operation == SMIME_DECRYPT) { | 1005 | if (cfg.operation == SMIME_DECRYPT) { | 
| 1006 | if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) { | 1006 | if (!PKCS7_decrypt(p7, key, recip, out, cfg.flags)) { | 
| 1007 | BIO_printf(bio_err, | 1007 | BIO_printf(bio_err, | 
| 1008 | "Error decrypting PKCS#7 structure\n"); | 1008 | "Error decrypting PKCS#7 structure\n"); | 
| 1009 | goto end; | 1009 | goto end; | 
| 1010 | } | 1010 | } | 
| 1011 | } else if (smime_config.operation == SMIME_VERIFY) { | 1011 | } else if (cfg.operation == SMIME_VERIFY) { | 
| 1012 | STACK_OF(X509) *signers; | 1012 | STACK_OF(X509) *signers; | 
| 1013 | if (PKCS7_verify(p7, other, store, indata, out, | 1013 | if (PKCS7_verify(p7, other, store, indata, out, | 
| 1014 | smime_config.flags)) { | 1014 | cfg.flags)) { | 
| 1015 | BIO_printf(bio_err, "Verification successful\n"); | 1015 | BIO_printf(bio_err, "Verification successful\n"); | 
| 1016 | } else { | 1016 | } else { | 
| 1017 | BIO_printf(bio_err, "Verification failure\n"); | 1017 | BIO_printf(bio_err, "Verification failure\n"); | 
| 1018 | goto end; | 1018 | goto end; | 
| 1019 | } | 1019 | } | 
| 1020 | if ((signers = PKCS7_get0_signers(p7, other, | 1020 | if ((signers = PKCS7_get0_signers(p7, other, | 
| 1021 | smime_config.flags)) == NULL) | 1021 | cfg.flags)) == NULL) | 
| 1022 | goto end; | 1022 | goto end; | 
| 1023 | if (!save_certs(smime_config.signerfile, signers)) { | 1023 | if (!save_certs(cfg.signerfile, signers)) { | 
| 1024 | BIO_printf(bio_err, "Error writing signers to %s\n", | 1024 | BIO_printf(bio_err, "Error writing signers to %s\n", | 
| 1025 | smime_config.signerfile); | 1025 | cfg.signerfile); | 
| 1026 | sk_X509_free(signers); | 1026 | sk_X509_free(signers); | 
| 1027 | ret = 5; | 1027 | ret = 5; | 
| 1028 | goto end; | 1028 | goto end; | 
| 1029 | } | 1029 | } | 
| 1030 | sk_X509_free(signers); | 1030 | sk_X509_free(signers); | 
| 1031 | } else if (smime_config.operation == SMIME_PK7OUT) { | 1031 | } else if (cfg.operation == SMIME_PK7OUT) { | 
| 1032 | PEM_write_bio_PKCS7(out, p7); | 1032 | PEM_write_bio_PKCS7(out, p7); | 
| 1033 | } else { | 1033 | } else { | 
| 1034 | if (smime_config.to != NULL) | 1034 | if (cfg.to != NULL) | 
| 1035 | BIO_printf(out, "To: %s\n", smime_config.to); | 1035 | BIO_printf(out, "To: %s\n", cfg.to); | 
| 1036 | if (smime_config.from != NULL) | 1036 | if (cfg.from != NULL) | 
| 1037 | BIO_printf(out, "From: %s\n", smime_config.from); | 1037 | BIO_printf(out, "From: %s\n", cfg.from); | 
| 1038 | if (smime_config.subject != NULL) | 1038 | if (cfg.subject != NULL) | 
| 1039 | BIO_printf(out, "Subject: %s\n", smime_config.subject); | 1039 | BIO_printf(out, "Subject: %s\n", cfg.subject); | 
| 1040 | if (smime_config.outformat == FORMAT_SMIME) { | 1040 | if (cfg.outformat == FORMAT_SMIME) { | 
| 1041 | if (smime_config.operation == SMIME_RESIGN) { | 1041 | if (cfg.operation == SMIME_RESIGN) { | 
| 1042 | if (!SMIME_write_PKCS7(out, p7, indata, | 1042 | if (!SMIME_write_PKCS7(out, p7, indata, | 
| 1043 | smime_config.flags)) | 1043 | cfg.flags)) | 
| 1044 | goto end; | 1044 | goto end; | 
| 1045 | } else { | 1045 | } else { | 
| 1046 | if (!SMIME_write_PKCS7(out, p7, in, | 1046 | if (!SMIME_write_PKCS7(out, p7, in, | 
| 1047 | smime_config.flags)) | 1047 | cfg.flags)) | 
| 1048 | goto end; | 1048 | goto end; | 
| 1049 | } | 1049 | } | 
| 1050 | } else if (smime_config.outformat == FORMAT_PEM) { | 1050 | } else if (cfg.outformat == FORMAT_PEM) { | 
| 1051 | if (!PEM_write_bio_PKCS7_stream(out, p7, in, | 1051 | if (!PEM_write_bio_PKCS7_stream(out, p7, in, | 
| 1052 | smime_config.flags)) | 1052 | cfg.flags)) | 
| 1053 | goto end; | 1053 | goto end; | 
| 1054 | } else if (smime_config.outformat == FORMAT_ASN1) { | 1054 | } else if (cfg.outformat == FORMAT_ASN1) { | 
| 1055 | if (!i2d_PKCS7_bio_stream(out, p7, in, | 1055 | if (!i2d_PKCS7_bio_stream(out, p7, in, | 
| 1056 | smime_config.flags)) | 1056 | cfg.flags)) | 
| 1057 | goto end; | 1057 | goto end; | 
| 1058 | } else { | 1058 | } else { | 
| 1059 | BIO_printf(bio_err, | 1059 | BIO_printf(bio_err, | 
| @@ -1069,9 +1069,9 @@ smime_main(int argc, char **argv) | |||
| 1069 | ERR_print_errors(bio_err); | 1069 | ERR_print_errors(bio_err); | 
| 1070 | sk_X509_pop_free(encerts, X509_free); | 1070 | sk_X509_pop_free(encerts, X509_free); | 
| 1071 | sk_X509_pop_free(other, X509_free); | 1071 | sk_X509_pop_free(other, X509_free); | 
| 1072 | X509_VERIFY_PARAM_free(smime_config.vpm); | 1072 | X509_VERIFY_PARAM_free(cfg.vpm); | 
| 1073 | sk_OPENSSL_STRING_free(smime_config.sksigners); | 1073 | sk_OPENSSL_STRING_free(cfg.sksigners); | 
| 1074 | sk_OPENSSL_STRING_free(smime_config.skkeys); | 1074 | sk_OPENSSL_STRING_free(cfg.skkeys); | 
| 1075 | X509_STORE_free(store); | 1075 | X509_STORE_free(store); | 
| 1076 | X509_free(cert); | 1076 | X509_free(cert); | 
| 1077 | X509_free(recip); | 1077 | X509_free(recip); | 
| diff --git a/src/usr.bin/openssl/spkac.c b/src/usr.bin/openssl/spkac.c index 3a45d5d4bc..12d530e3cf 100644 --- a/src/usr.bin/openssl/spkac.c +++ b/src/usr.bin/openssl/spkac.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: spkac.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: spkac.c,v 1.13 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 1999. Based on an original idea by Massimiliano Pala | 3 | * project 1999. Based on an original idea by Massimiliano Pala | 
| 4 | * (madwolf@openca.org). | 4 | * (madwolf@openca.org). | 
| @@ -84,7 +84,7 @@ static struct { | |||
| 84 | char *spkac; | 84 | char *spkac; | 
| 85 | char *spksect; | 85 | char *spksect; | 
| 86 | int verify; | 86 | int verify; | 
| 87 | } spkac_config; | 87 | } cfg; | 
| 88 | 88 | ||
| 89 | static const struct option spkac_options[] = { | 89 | static const struct option spkac_options[] = { | 
| 90 | { | 90 | { | 
| @@ -92,54 +92,54 @@ static const struct option spkac_options[] = { | |||
| 92 | .argname = "string", | 92 | .argname = "string", | 
| 93 | .desc = "Specify challenge string if SPKAC is generated", | 93 | .desc = "Specify challenge string if SPKAC is generated", | 
| 94 | .type = OPTION_ARG, | 94 | .type = OPTION_ARG, | 
| 95 | .opt.arg = &spkac_config.challenge, | 95 | .opt.arg = &cfg.challenge, | 
| 96 | }, | 96 | }, | 
| 97 | { | 97 | { | 
| 98 | .name = "in", | 98 | .name = "in", | 
| 99 | .argname = "file", | 99 | .argname = "file", | 
| 100 | .desc = "Input file (default stdin)", | 100 | .desc = "Input file (default stdin)", | 
| 101 | .type = OPTION_ARG, | 101 | .type = OPTION_ARG, | 
| 102 | .opt.arg = &spkac_config.infile, | 102 | .opt.arg = &cfg.infile, | 
| 103 | }, | 103 | }, | 
| 104 | { | 104 | { | 
| 105 | .name = "key", | 105 | .name = "key", | 
| 106 | .argname = "file", | 106 | .argname = "file", | 
| 107 | .desc = "Create SPKAC using private key file", | 107 | .desc = "Create SPKAC using private key file", | 
| 108 | .type = OPTION_ARG, | 108 | .type = OPTION_ARG, | 
| 109 | .opt.arg = &spkac_config.keyfile, | 109 | .opt.arg = &cfg.keyfile, | 
| 110 | }, | 110 | }, | 
| 111 | { | 111 | { | 
| 112 | .name = "noout", | 112 | .name = "noout", | 
| 113 | .desc = "Do not print text version of SPKAC", | 113 | .desc = "Do not print text version of SPKAC", | 
| 114 | .type = OPTION_FLAG, | 114 | .type = OPTION_FLAG, | 
| 115 | .opt.flag = &spkac_config.noout, | 115 | .opt.flag = &cfg.noout, | 
| 116 | }, | 116 | }, | 
| 117 | { | 117 | { | 
| 118 | .name = "out", | 118 | .name = "out", | 
| 119 | .argname = "file", | 119 | .argname = "file", | 
| 120 | .desc = "Output file (default stdout)", | 120 | .desc = "Output file (default stdout)", | 
| 121 | .type = OPTION_ARG, | 121 | .type = OPTION_ARG, | 
| 122 | .opt.arg = &spkac_config.outfile, | 122 | .opt.arg = &cfg.outfile, | 
| 123 | }, | 123 | }, | 
| 124 | { | 124 | { | 
| 125 | .name = "passin", | 125 | .name = "passin", | 
| 126 | .argname = "src", | 126 | .argname = "src", | 
| 127 | .desc = "Input file passphrase source", | 127 | .desc = "Input file passphrase source", | 
| 128 | .type = OPTION_ARG, | 128 | .type = OPTION_ARG, | 
| 129 | .opt.arg = &spkac_config.passargin, | 129 | .opt.arg = &cfg.passargin, | 
| 130 | }, | 130 | }, | 
| 131 | { | 131 | { | 
| 132 | .name = "pubkey", | 132 | .name = "pubkey", | 
| 133 | .desc = "Output public key of an SPKAC (not used if creating)", | 133 | .desc = "Output public key of an SPKAC (not used if creating)", | 
| 134 | .type = OPTION_FLAG, | 134 | .type = OPTION_FLAG, | 
| 135 | .opt.flag = &spkac_config.pubkey, | 135 | .opt.flag = &cfg.pubkey, | 
| 136 | }, | 136 | }, | 
| 137 | { | 137 | { | 
| 138 | .name = "spkac", | 138 | .name = "spkac", | 
| 139 | .argname = "name", | 139 | .argname = "name", | 
| 140 | .desc = "SPKAC name (default \"SPKAC\")", | 140 | .desc = "SPKAC name (default \"SPKAC\")", | 
| 141 | .type = OPTION_ARG, | 141 | .type = OPTION_ARG, | 
| 142 | .opt.arg = &spkac_config.spkac, | 142 | .opt.arg = &cfg.spkac, | 
| 143 | }, | 143 | }, | 
| 144 | { | 144 | { | 
| 145 | .name = "spksect", | 145 | .name = "spksect", | 
| @@ -147,13 +147,13 @@ static const struct option spkac_options[] = { | |||
| 147 | .desc = "Name of the section containing SPKAC (default" | 147 | .desc = "Name of the section containing SPKAC (default" | 
| 148 | " \"default\")", | 148 | " \"default\")", | 
| 149 | .type = OPTION_ARG, | 149 | .type = OPTION_ARG, | 
| 150 | .opt.arg = &spkac_config.spksect, | 150 | .opt.arg = &cfg.spksect, | 
| 151 | }, | 151 | }, | 
| 152 | { | 152 | { | 
| 153 | .name = "verify", | 153 | .name = "verify", | 
| 154 | .desc = "Verify digital signature on supplied SPKAC", | 154 | .desc = "Verify digital signature on supplied SPKAC", | 
| 155 | .type = OPTION_FLAG, | 155 | .type = OPTION_FLAG, | 
| 156 | .opt.flag = &spkac_config.verify, | 156 | .opt.flag = &cfg.verify, | 
| 157 | }, | 157 | }, | 
| 158 | { NULL } | 158 | { NULL } | 
| 159 | }; | 159 | }; | 
| @@ -186,32 +186,32 @@ spkac_main(int argc, char **argv) | |||
| 186 | exit(1); | 186 | exit(1); | 
| 187 | } | 187 | } | 
| 188 | 188 | ||
| 189 | memset(&spkac_config, 0, sizeof(spkac_config)); | 189 | memset(&cfg, 0, sizeof(cfg)); | 
| 190 | spkac_config.spkac = "SPKAC"; | 190 | cfg.spkac = "SPKAC"; | 
| 191 | spkac_config.spksect = "default"; | 191 | cfg.spksect = "default"; | 
| 192 | 192 | ||
| 193 | if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) { | 193 | if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) { | 
| 194 | spkac_usage(); | 194 | spkac_usage(); | 
| 195 | return (1); | 195 | return (1); | 
| 196 | } | 196 | } | 
| 197 | 197 | ||
| 198 | if (!app_passwd(bio_err, spkac_config.passargin, NULL, &passin, NULL)) { | 198 | if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { | 
| 199 | BIO_printf(bio_err, "Error getting password\n"); | 199 | BIO_printf(bio_err, "Error getting password\n"); | 
| 200 | goto end; | 200 | goto end; | 
| 201 | } | 201 | } | 
| 202 | 202 | ||
| 203 | if (spkac_config.keyfile) { | 203 | if (cfg.keyfile) { | 
| 204 | pkey = load_key(bio_err, | 204 | pkey = load_key(bio_err, | 
| 205 | strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile | 205 | strcmp(cfg.keyfile, "-") ? cfg.keyfile | 
| 206 | : NULL, FORMAT_PEM, 1, passin, "private key"); | 206 | : NULL, FORMAT_PEM, 1, passin, "private key"); | 
| 207 | if (!pkey) { | 207 | if (!pkey) { | 
| 208 | goto end; | 208 | goto end; | 
| 209 | } | 209 | } | 
| 210 | spki = NETSCAPE_SPKI_new(); | 210 | spki = NETSCAPE_SPKI_new(); | 
| 211 | if (spkac_config.challenge) | 211 | if (cfg.challenge) | 
| 212 | ASN1_STRING_set(spki->spkac->challenge, | 212 | ASN1_STRING_set(spki->spkac->challenge, | 
| 213 | spkac_config.challenge, | 213 | cfg.challenge, | 
| 214 | (int) strlen(spkac_config.challenge)); | 214 | (int) strlen(cfg.challenge)); | 
| 215 | NETSCAPE_SPKI_set_pubkey(spki, pkey); | 215 | NETSCAPE_SPKI_set_pubkey(spki, pkey); | 
| 216 | NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); | 216 | NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); | 
| 217 | spkstr = NETSCAPE_SPKI_b64_encode(spki); | 217 | spkstr = NETSCAPE_SPKI_b64_encode(spki); | 
| @@ -221,8 +221,8 @@ spkac_main(int argc, char **argv) | |||
| 221 | goto end; | 221 | goto end; | 
| 222 | } | 222 | } | 
| 223 | 223 | ||
| 224 | if (spkac_config.outfile) | 224 | if (cfg.outfile) | 
| 225 | out = BIO_new_file(spkac_config.outfile, "w"); | 225 | out = BIO_new_file(cfg.outfile, "w"); | 
| 226 | else | 226 | else | 
| 227 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 227 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 228 | 228 | ||
| @@ -236,8 +236,8 @@ spkac_main(int argc, char **argv) | |||
| 236 | free(spkstr); | 236 | free(spkstr); | 
| 237 | goto end; | 237 | goto end; | 
| 238 | } | 238 | } | 
| 239 | if (spkac_config.infile) | 239 | if (cfg.infile) | 
| 240 | in = BIO_new_file(spkac_config.infile, "r"); | 240 | in = BIO_new_file(cfg.infile, "r"); | 
| 241 | else | 241 | else | 
| 242 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 242 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | 
| 243 | 243 | ||
| @@ -254,12 +254,12 @@ spkac_main(int argc, char **argv) | |||
| 254 | ERR_print_errors(bio_err); | 254 | ERR_print_errors(bio_err); | 
| 255 | goto end; | 255 | goto end; | 
| 256 | } | 256 | } | 
| 257 | spkstr = NCONF_get_string(conf, spkac_config.spksect, | 257 | spkstr = NCONF_get_string(conf, cfg.spksect, | 
| 258 | spkac_config.spkac); | 258 | cfg.spkac); | 
| 259 | 259 | ||
| 260 | if (!spkstr) { | 260 | if (!spkstr) { | 
| 261 | BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", | 261 | BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", | 
| 262 | spkac_config.spkac); | 262 | cfg.spkac); | 
| 263 | ERR_print_errors(bio_err); | 263 | ERR_print_errors(bio_err); | 
| 264 | goto end; | 264 | goto end; | 
| 265 | } | 265 | } | 
| @@ -270,8 +270,8 @@ spkac_main(int argc, char **argv) | |||
| 270 | ERR_print_errors(bio_err); | 270 | ERR_print_errors(bio_err); | 
| 271 | goto end; | 271 | goto end; | 
| 272 | } | 272 | } | 
| 273 | if (spkac_config.outfile) | 273 | if (cfg.outfile) | 
| 274 | out = BIO_new_file(spkac_config.outfile, "w"); | 274 | out = BIO_new_file(cfg.outfile, "w"); | 
| 275 | else { | 275 | else { | 
| 276 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 276 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 277 | } | 277 | } | 
| @@ -281,10 +281,10 @@ spkac_main(int argc, char **argv) | |||
| 281 | ERR_print_errors(bio_err); | 281 | ERR_print_errors(bio_err); | 
| 282 | goto end; | 282 | goto end; | 
| 283 | } | 283 | } | 
| 284 | if (!spkac_config.noout) | 284 | if (!cfg.noout) | 
| 285 | NETSCAPE_SPKI_print(out, spki); | 285 | NETSCAPE_SPKI_print(out, spki); | 
| 286 | pkey = NETSCAPE_SPKI_get_pubkey(spki); | 286 | pkey = NETSCAPE_SPKI_get_pubkey(spki); | 
| 287 | if (spkac_config.verify) { | 287 | if (cfg.verify) { | 
| 288 | i = NETSCAPE_SPKI_verify(spki, pkey); | 288 | i = NETSCAPE_SPKI_verify(spki, pkey); | 
| 289 | if (i > 0) | 289 | if (i > 0) | 
| 290 | BIO_printf(bio_err, "Signature OK\n"); | 290 | BIO_printf(bio_err, "Signature OK\n"); | 
| @@ -294,7 +294,7 @@ spkac_main(int argc, char **argv) | |||
| 294 | goto end; | 294 | goto end; | 
| 295 | } | 295 | } | 
| 296 | } | 296 | } | 
| 297 | if (spkac_config.pubkey) | 297 | if (cfg.pubkey) | 
| 298 | PEM_write_bio_PUBKEY(out, pkey); | 298 | PEM_write_bio_PUBKEY(out, pkey); | 
| 299 | 299 | ||
| 300 | ret = 0; | 300 | ret = 0; | 
| diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c index 05387de130..84008183e7 100644 --- a/src/usr.bin/openssl/ts.c +++ b/src/usr.bin/openssl/ts.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ts.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: ts.c,v 1.26 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | 
| 3 | * project 2002. | 3 | * project 2002. | 
| 4 | */ | 4 | */ | 
| @@ -138,7 +138,7 @@ static struct { | |||
| 138 | int token_in; | 138 | int token_in; | 
| 139 | int token_out; | 139 | int token_out; | 
| 140 | char *untrusted; | 140 | char *untrusted; | 
| 141 | } ts_config; | 141 | } cfg; | 
| 142 | 142 | ||
| 143 | static int | 143 | static int | 
| 144 | ts_opt_md(int argc, char **argv, int *argsused) | 144 | ts_opt_md(int argc, char **argv, int *argsused) | 
| @@ -148,7 +148,7 @@ ts_opt_md(int argc, char **argv, int *argsused) | |||
| 148 | if (*name++ != '-') | 148 | if (*name++ != '-') | 
| 149 | return (1); | 149 | return (1); | 
| 150 | 150 | ||
| 151 | if ((ts_config.md = EVP_get_digestbyname(name)) == NULL) | 151 | if ((cfg.md = EVP_get_digestbyname(name)) == NULL) | 
| 152 | return (1); | 152 | return (1); | 
| 153 | 153 | ||
| 154 | *argsused = 1; | 154 | *argsused = 1; | 
| @@ -158,27 +158,27 @@ ts_opt_md(int argc, char **argv, int *argsused) | |||
| 158 | static int | 158 | static int | 
| 159 | ts_opt_query(void) | 159 | ts_opt_query(void) | 
| 160 | { | 160 | { | 
| 161 | if (ts_config.mode != CMD_NONE) | 161 | if (cfg.mode != CMD_NONE) | 
| 162 | return (1); | 162 | return (1); | 
| 163 | ts_config.mode = CMD_QUERY; | 163 | cfg.mode = CMD_QUERY; | 
| 164 | return (0); | 164 | return (0); | 
| 165 | } | 165 | } | 
| 166 | 166 | ||
| 167 | static int | 167 | static int | 
| 168 | ts_opt_reply(void) | 168 | ts_opt_reply(void) | 
| 169 | { | 169 | { | 
| 170 | if (ts_config.mode != CMD_NONE) | 170 | if (cfg.mode != CMD_NONE) | 
| 171 | return (1); | 171 | return (1); | 
| 172 | ts_config.mode = CMD_REPLY; | 172 | cfg.mode = CMD_REPLY; | 
| 173 | return (0); | 173 | return (0); | 
| 174 | } | 174 | } | 
| 175 | 175 | ||
| 176 | static int | 176 | static int | 
| 177 | ts_opt_verify(void) | 177 | ts_opt_verify(void) | 
| 178 | { | 178 | { | 
| 179 | if (ts_config.mode != CMD_NONE) | 179 | if (cfg.mode != CMD_NONE) | 
| 180 | return (1); | 180 | return (1); | 
| 181 | ts_config.mode = CMD_VERIFY; | 181 | cfg.mode = CMD_VERIFY; | 
| 182 | return (0); | 182 | return (0); | 
| 183 | } | 183 | } | 
| 184 | 184 | ||
| @@ -188,89 +188,89 @@ static const struct option ts_options[] = { | |||
| 188 | .argname = "file", | 188 | .argname = "file", | 
| 189 | .desc = "Certificate Authority file", | 189 | .desc = "Certificate Authority file", | 
| 190 | .type = OPTION_ARG, | 190 | .type = OPTION_ARG, | 
| 191 | .opt.arg = &ts_config.ca_file, | 191 | .opt.arg = &cfg.ca_file, | 
| 192 | }, | 192 | }, | 
| 193 | { | 193 | { | 
| 194 | .name = "CApath", | 194 | .name = "CApath", | 
| 195 | .argname = "path", | 195 | .argname = "path", | 
| 196 | .desc = "Certificate Authority path", | 196 | .desc = "Certificate Authority path", | 
| 197 | .type = OPTION_ARG, | 197 | .type = OPTION_ARG, | 
| 198 | .opt.arg = &ts_config.ca_path, | 198 | .opt.arg = &cfg.ca_path, | 
| 199 | }, | 199 | }, | 
| 200 | { | 200 | { | 
| 201 | .name = "cert", | 201 | .name = "cert", | 
| 202 | .desc = "Include signing certificate in the response", | 202 | .desc = "Include signing certificate in the response", | 
| 203 | .type = OPTION_FLAG, | 203 | .type = OPTION_FLAG, | 
| 204 | .opt.flag = &ts_config.cert, | 204 | .opt.flag = &cfg.cert, | 
| 205 | }, | 205 | }, | 
| 206 | { | 206 | { | 
| 207 | .name = "chain", | 207 | .name = "chain", | 
| 208 | .argname = "file", | 208 | .argname = "file", | 
| 209 | .desc = "PEM certificates that will be included in the response", | 209 | .desc = "PEM certificates that will be included in the response", | 
| 210 | .type = OPTION_ARG, | 210 | .type = OPTION_ARG, | 
| 211 | .opt.arg = &ts_config.chain, | 211 | .opt.arg = &cfg.chain, | 
| 212 | }, | 212 | }, | 
| 213 | { | 213 | { | 
| 214 | .name = "config", | 214 | .name = "config", | 
| 215 | .argname = "file", | 215 | .argname = "file", | 
| 216 | .desc = "Specify an alternative configuration file", | 216 | .desc = "Specify an alternative configuration file", | 
| 217 | .type = OPTION_ARG, | 217 | .type = OPTION_ARG, | 
| 218 | .opt.arg = &ts_config.configfile, | 218 | .opt.arg = &cfg.configfile, | 
| 219 | }, | 219 | }, | 
| 220 | { | 220 | { | 
| 221 | .name = "data", | 221 | .name = "data", | 
| 222 | .argname = "file", | 222 | .argname = "file", | 
| 223 | .desc = "Data file for which the time stamp request needs to be created", | 223 | .desc = "Data file for which the time stamp request needs to be created", | 
| 224 | .type = OPTION_ARG, | 224 | .type = OPTION_ARG, | 
| 225 | .opt.arg = &ts_config.data, | 225 | .opt.arg = &cfg.data, | 
| 226 | }, | 226 | }, | 
| 227 | { | 227 | { | 
| 228 | .name = "digest", | 228 | .name = "digest", | 
| 229 | .argname = "arg", | 229 | .argname = "arg", | 
| 230 | .desc = "Specify the message imprint explicitly without the data file", | 230 | .desc = "Specify the message imprint explicitly without the data file", | 
| 231 | .type = OPTION_ARG, | 231 | .type = OPTION_ARG, | 
| 232 | .opt.arg = &ts_config.digest, | 232 | .opt.arg = &cfg.digest, | 
| 233 | }, | 233 | }, | 
| 234 | { | 234 | { | 
| 235 | .name = "in", | 235 | .name = "in", | 
| 236 | .argname = "file", | 236 | .argname = "file", | 
| 237 | .desc = "Input file", | 237 | .desc = "Input file", | 
| 238 | .type = OPTION_ARG, | 238 | .type = OPTION_ARG, | 
| 239 | .opt.arg = &ts_config.in, | 239 | .opt.arg = &cfg.in, | 
| 240 | }, | 240 | }, | 
| 241 | { | 241 | { | 
| 242 | .name = "inkey", | 242 | .name = "inkey", | 
| 243 | .argname = "file", | 243 | .argname = "file", | 
| 244 | .desc = "Input key file", | 244 | .desc = "Input key file", | 
| 245 | .type = OPTION_ARG, | 245 | .type = OPTION_ARG, | 
| 246 | .opt.arg = &ts_config.inkey, | 246 | .opt.arg = &cfg.inkey, | 
| 247 | }, | 247 | }, | 
| 248 | { | 248 | { | 
| 249 | .name = "no_nonce", | 249 | .name = "no_nonce", | 
| 250 | .desc = "Specify no nonce in the request", | 250 | .desc = "Specify no nonce in the request", | 
| 251 | .type = OPTION_FLAG, | 251 | .type = OPTION_FLAG, | 
| 252 | .opt.flag = &ts_config.no_nonce, | 252 | .opt.flag = &cfg.no_nonce, | 
| 253 | }, | 253 | }, | 
| 254 | { | 254 | { | 
| 255 | .name = "out", | 255 | .name = "out", | 
| 256 | .argname = "file", | 256 | .argname = "file", | 
| 257 | .desc = "Output file", | 257 | .desc = "Output file", | 
| 258 | .type = OPTION_ARG, | 258 | .type = OPTION_ARG, | 
| 259 | .opt.arg = &ts_config.out, | 259 | .opt.arg = &cfg.out, | 
| 260 | }, | 260 | }, | 
| 261 | { | 261 | { | 
| 262 | .name = "passin", | 262 | .name = "passin", | 
| 263 | .argname = "src", | 263 | .argname = "src", | 
| 264 | .desc = "Private key password source", | 264 | .desc = "Private key password source", | 
| 265 | .type = OPTION_ARG, | 265 | .type = OPTION_ARG, | 
| 266 | .opt.arg = &ts_config.passin, | 266 | .opt.arg = &cfg.passin, | 
| 267 | }, | 267 | }, | 
| 268 | { | 268 | { | 
| 269 | .name = "policy", | 269 | .name = "policy", | 
| 270 | .argname = "object_id", | 270 | .argname = "object_id", | 
| 271 | .desc = "Policy for the TSA to use when creating the time stamp token", | 271 | .desc = "Policy for the TSA to use when creating the time stamp token", | 
| 272 | .type = OPTION_ARG, | 272 | .type = OPTION_ARG, | 
| 273 | .opt.arg = &ts_config.policy, | 273 | .opt.arg = &cfg.policy, | 
| 274 | }, | 274 | }, | 
| 275 | { | 275 | { | 
| 276 | .name = "query", | 276 | .name = "query", | 
| @@ -283,7 +283,7 @@ static const struct option ts_options[] = { | |||
| 283 | .argname = "file", | 283 | .argname = "file", | 
| 284 | .desc = "File containing a DER-encoded time stamp request", | 284 | .desc = "File containing a DER-encoded time stamp request", | 
| 285 | .type = OPTION_ARG, | 285 | .type = OPTION_ARG, | 
| 286 | .opt.arg = &ts_config.queryfile, | 286 | .opt.arg = &cfg.queryfile, | 
| 287 | }, | 287 | }, | 
| 288 | { | 288 | { | 
| 289 | .name = "reply", | 289 | .name = "reply", | 
| @@ -296,39 +296,39 @@ static const struct option ts_options[] = { | |||
| 296 | .argname = "arg", | 296 | .argname = "arg", | 
| 297 | .desc = "TSA section containing the settings for response generation", | 297 | .desc = "TSA section containing the settings for response generation", | 
| 298 | .type = OPTION_ARG, | 298 | .type = OPTION_ARG, | 
| 299 | .opt.arg = &ts_config.section, | 299 | .opt.arg = &cfg.section, | 
| 300 | }, | 300 | }, | 
| 301 | { | 301 | { | 
| 302 | .name = "signer", | 302 | .name = "signer", | 
| 303 | .argname = "file", | 303 | .argname = "file", | 
| 304 | .desc = "Signer certificate file", | 304 | .desc = "Signer certificate file", | 
| 305 | .type = OPTION_ARG, | 305 | .type = OPTION_ARG, | 
| 306 | .opt.arg = &ts_config.signer, | 306 | .opt.arg = &cfg.signer, | 
| 307 | }, | 307 | }, | 
| 308 | { | 308 | { | 
| 309 | .name = "text", | 309 | .name = "text", | 
| 310 | .desc = "Output in human-readable text format", | 310 | .desc = "Output in human-readable text format", | 
| 311 | .type = OPTION_FLAG, | 311 | .type = OPTION_FLAG, | 
| 312 | .opt.flag = &ts_config.text, | 312 | .opt.flag = &cfg.text, | 
| 313 | }, | 313 | }, | 
| 314 | { | 314 | { | 
| 315 | .name = "token_in", | 315 | .name = "token_in", | 
| 316 | .desc = "Input is a DER-encoded time stamp token", | 316 | .desc = "Input is a DER-encoded time stamp token", | 
| 317 | .type = OPTION_FLAG, | 317 | .type = OPTION_FLAG, | 
| 318 | .opt.flag = &ts_config.token_in, | 318 | .opt.flag = &cfg.token_in, | 
| 319 | }, | 319 | }, | 
| 320 | { | 320 | { | 
| 321 | .name = "token_out", | 321 | .name = "token_out", | 
| 322 | .desc = "Output is a DER-encoded time stamp token", | 322 | .desc = "Output is a DER-encoded time stamp token", | 
| 323 | .type = OPTION_FLAG, | 323 | .type = OPTION_FLAG, | 
| 324 | .opt.flag = &ts_config.token_out, | 324 | .opt.flag = &cfg.token_out, | 
| 325 | }, | 325 | }, | 
| 326 | { | 326 | { | 
| 327 | .name = "untrusted", | 327 | .name = "untrusted", | 
| 328 | .argname = "file", | 328 | .argname = "file", | 
| 329 | .desc = "File containing untrusted certificates", | 329 | .desc = "File containing untrusted certificates", | 
| 330 | .type = OPTION_ARG, | 330 | .type = OPTION_ARG, | 
| 331 | .opt.arg = &ts_config.untrusted, | 331 | .opt.arg = &cfg.untrusted, | 
| 332 | }, | 332 | }, | 
| 333 | { | 333 | { | 
| 334 | .name = "verify", | 334 | .name = "verify", | 
| @@ -382,15 +382,15 @@ ts_main(int argc, char **argv) | |||
| 382 | exit(1); | 382 | exit(1); | 
| 383 | } | 383 | } | 
| 384 | 384 | ||
| 385 | memset(&ts_config, 0, sizeof(ts_config)); | 385 | memset(&cfg, 0, sizeof(cfg)); | 
| 386 | ts_config.mode = CMD_NONE; | 386 | cfg.mode = CMD_NONE; | 
| 387 | 387 | ||
| 388 | if (options_parse(argc, argv, ts_options, NULL, NULL) != 0) | 388 | if (options_parse(argc, argv, ts_options, NULL, NULL) != 0) | 
| 389 | goto usage; | 389 | goto usage; | 
| 390 | 390 | ||
| 391 | /* Get the password if required. */ | 391 | /* Get the password if required. */ | 
| 392 | if (ts_config.mode == CMD_REPLY && ts_config.passin != NULL && | 392 | if (cfg.mode == CMD_REPLY && cfg.passin != NULL && | 
| 393 | !app_passwd(bio_err, ts_config.passin, NULL, &password, NULL)) { | 393 | !app_passwd(bio_err, cfg.passin, NULL, &password, NULL)) { | 
| 394 | BIO_printf(bio_err, "Error getting password.\n"); | 394 | BIO_printf(bio_err, "Error getting password.\n"); | 
| 395 | goto cleanup; | 395 | goto cleanup; | 
| 396 | } | 396 | } | 
| @@ -398,7 +398,7 @@ ts_main(int argc, char **argv) | |||
| 398 | * Check consistency of parameters and execute the appropriate | 398 | * Check consistency of parameters and execute the appropriate | 
| 399 | * function. | 399 | * function. | 
| 400 | */ | 400 | */ | 
| 401 | switch (ts_config.mode) { | 401 | switch (cfg.mode) { | 
| 402 | case CMD_NONE: | 402 | case CMD_NONE: | 
| 403 | goto usage; | 403 | goto usage; | 
| 404 | case CMD_QUERY: | 404 | case CMD_QUERY: | 
| @@ -406,50 +406,50 @@ ts_main(int argc, char **argv) | |||
| 406 | * Data file and message imprint cannot be specified at the | 406 | * Data file and message imprint cannot be specified at the | 
| 407 | * same time. | 407 | * same time. | 
| 408 | */ | 408 | */ | 
| 409 | ret = ts_config.data != NULL && ts_config.digest != NULL; | 409 | ret = cfg.data != NULL && cfg.digest != NULL; | 
| 410 | if (ret) | 410 | if (ret) | 
| 411 | goto usage; | 411 | goto usage; | 
| 412 | /* Load the config file for possible policy OIDs. */ | 412 | /* Load the config file for possible policy OIDs. */ | 
| 413 | conf = load_config_file(ts_config.configfile); | 413 | conf = load_config_file(cfg.configfile); | 
| 414 | ret = !query_command(ts_config.data, ts_config.digest, | 414 | ret = !query_command(cfg.data, cfg.digest, | 
| 415 | ts_config.md, ts_config.policy, ts_config.no_nonce, | 415 | cfg.md, cfg.policy, cfg.no_nonce, | 
| 416 | ts_config.cert, ts_config.in, ts_config.out, | 416 | cfg.cert, cfg.in, cfg.out, | 
| 417 | ts_config.text); | 417 | cfg.text); | 
| 418 | break; | 418 | break; | 
| 419 | case CMD_REPLY: | 419 | case CMD_REPLY: | 
| 420 | conf = load_config_file(ts_config.configfile); | 420 | conf = load_config_file(cfg.configfile); | 
| 421 | if (ts_config.in == NULL) { | 421 | if (cfg.in == NULL) { | 
| 422 | ret = !(ts_config.queryfile != NULL && conf != NULL && | 422 | ret = !(cfg.queryfile != NULL && conf != NULL && | 
| 423 | !ts_config.token_in); | 423 | !cfg.token_in); | 
| 424 | if (ret) | 424 | if (ret) | 
| 425 | goto usage; | 425 | goto usage; | 
| 426 | } else { | 426 | } else { | 
| 427 | /* 'in' and 'queryfile' are exclusive. */ | 427 | /* 'in' and 'queryfile' are exclusive. */ | 
| 428 | ret = !(ts_config.queryfile == NULL); | 428 | ret = !(cfg.queryfile == NULL); | 
| 429 | if (ret) | 429 | if (ret) | 
| 430 | goto usage; | 430 | goto usage; | 
| 431 | } | 431 | } | 
| 432 | 432 | ||
| 433 | ret = !reply_command(conf, ts_config.section, | 433 | ret = !reply_command(conf, cfg.section, | 
| 434 | ts_config.queryfile, password, ts_config.inkey, | 434 | cfg.queryfile, password, cfg.inkey, | 
| 435 | ts_config.signer, ts_config.chain, ts_config.policy, | 435 | cfg.signer, cfg.chain, cfg.policy, | 
| 436 | ts_config.in, ts_config.token_in, ts_config.out, | 436 | cfg.in, cfg.token_in, cfg.out, | 
| 437 | ts_config.token_out, ts_config.text); | 437 | cfg.token_out, cfg.text); | 
| 438 | break; | 438 | break; | 
| 439 | case CMD_VERIFY: | 439 | case CMD_VERIFY: | 
| 440 | ret = !(((ts_config.queryfile != NULL && ts_config.data == NULL && | 440 | ret = !(((cfg.queryfile != NULL && cfg.data == NULL && | 
| 441 | ts_config.digest == NULL) || | 441 | cfg.digest == NULL) || | 
| 442 | (ts_config.queryfile == NULL && ts_config.data != NULL && | 442 | (cfg.queryfile == NULL && cfg.data != NULL && | 
| 443 | ts_config.digest == NULL) || | 443 | cfg.digest == NULL) || | 
| 444 | (ts_config.queryfile == NULL && ts_config.data == NULL && | 444 | (cfg.queryfile == NULL && cfg.data == NULL && | 
| 445 | ts_config.digest != NULL)) && | 445 | cfg.digest != NULL)) && | 
| 446 | ts_config.in != NULL); | 446 | cfg.in != NULL); | 
| 447 | if (ret) | 447 | if (ret) | 
| 448 | goto usage; | 448 | goto usage; | 
| 449 | 449 | ||
| 450 | ret = !verify_command(ts_config.data, ts_config.digest, | 450 | ret = !verify_command(cfg.data, cfg.digest, | 
| 451 | ts_config.queryfile, ts_config.in, ts_config.token_in, | 451 | cfg.queryfile, cfg.in, cfg.token_in, | 
| 452 | ts_config.ca_path, ts_config.ca_file, ts_config.untrusted); | 452 | cfg.ca_path, cfg.ca_file, cfg.untrusted); | 
| 453 | } | 453 | } | 
| 454 | 454 | ||
| 455 | goto cleanup; | 455 | goto cleanup; | 
| diff --git a/src/usr.bin/openssl/verify.c b/src/usr.bin/openssl/verify.c index b42dd2f243..b412623991 100644 --- a/src/usr.bin/openssl/verify.c +++ b/src/usr.bin/openssl/verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: verify.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: verify.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -81,7 +81,7 @@ static struct { | |||
| 81 | char *untfile; | 81 | char *untfile; | 
| 82 | int verbose; | 82 | int verbose; | 
| 83 | X509_VERIFY_PARAM *vpm; | 83 | X509_VERIFY_PARAM *vpm; | 
| 84 | } verify_config; | 84 | } cfg; | 
| 85 | 85 | ||
| 86 | static int | 86 | static int | 
| 87 | verify_opt_args(int argc, char **argv, int *argsused) | 87 | verify_opt_args(int argc, char **argv, int *argsused) | 
| @@ -89,7 +89,7 @@ verify_opt_args(int argc, char **argv, int *argsused) | |||
| 89 | int oargc = argc; | 89 | int oargc = argc; | 
| 90 | int badarg = 0; | 90 | int badarg = 0; | 
| 91 | 91 | ||
| 92 | if (!args_verify(&argv, &argc, &badarg, bio_err, &verify_config.vpm)) | 92 | if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm)) | 
| 93 | return (1); | 93 | return (1); | 
| 94 | if (badarg) | 94 | if (badarg) | 
| 95 | return (1); | 95 | return (1); | 
| @@ -105,41 +105,41 @@ static const struct option verify_options[] = { | |||
| 105 | .argname = "file", | 105 | .argname = "file", | 
| 106 | .desc = "Certificate Authority file", | 106 | .desc = "Certificate Authority file", | 
| 107 | .type = OPTION_ARG, | 107 | .type = OPTION_ARG, | 
| 108 | .opt.arg = &verify_config.CAfile, | 108 | .opt.arg = &cfg.CAfile, | 
| 109 | }, | 109 | }, | 
| 110 | { | 110 | { | 
| 111 | .name = "CApath", | 111 | .name = "CApath", | 
| 112 | .argname = "path", | 112 | .argname = "path", | 
| 113 | .desc = "Certificate Authority path", | 113 | .desc = "Certificate Authority path", | 
| 114 | .type = OPTION_ARG, | 114 | .type = OPTION_ARG, | 
| 115 | .opt.arg = &verify_config.CApath, | 115 | .opt.arg = &cfg.CApath, | 
| 116 | }, | 116 | }, | 
| 117 | { | 117 | { | 
| 118 | .name = "CRLfile", | 118 | .name = "CRLfile", | 
| 119 | .argname = "file", | 119 | .argname = "file", | 
| 120 | .desc = "Certificate Revocation List file", | 120 | .desc = "Certificate Revocation List file", | 
| 121 | .type = OPTION_ARG, | 121 | .type = OPTION_ARG, | 
| 122 | .opt.arg = &verify_config.crlfile, | 122 | .opt.arg = &cfg.crlfile, | 
| 123 | }, | 123 | }, | 
| 124 | { | 124 | { | 
| 125 | .name = "trusted", | 125 | .name = "trusted", | 
| 126 | .argname = "file", | 126 | .argname = "file", | 
| 127 | .desc = "Trusted certificates file", | 127 | .desc = "Trusted certificates file", | 
| 128 | .type = OPTION_ARG, | 128 | .type = OPTION_ARG, | 
| 129 | .opt.arg = &verify_config.trustfile, | 129 | .opt.arg = &cfg.trustfile, | 
| 130 | }, | 130 | }, | 
| 131 | { | 131 | { | 
| 132 | .name = "untrusted", | 132 | .name = "untrusted", | 
| 133 | .argname = "file", | 133 | .argname = "file", | 
| 134 | .desc = "Untrusted certificates file", | 134 | .desc = "Untrusted certificates file", | 
| 135 | .type = OPTION_ARG, | 135 | .type = OPTION_ARG, | 
| 136 | .opt.arg = &verify_config.untfile, | 136 | .opt.arg = &cfg.untfile, | 
| 137 | }, | 137 | }, | 
| 138 | { | 138 | { | 
| 139 | .name = "verbose", | 139 | .name = "verbose", | 
| 140 | .desc = "Verbose", | 140 | .desc = "Verbose", | 
| 141 | .type = OPTION_FLAG, | 141 | .type = OPTION_FLAG, | 
| 142 | .opt.flag = &verify_config.verbose, | 142 | .opt.flag = &cfg.verbose, | 
| 143 | }, | 143 | }, | 
| 144 | { | 144 | { | 
| 145 | .name = NULL, | 145 | .name = NULL, | 
| @@ -273,7 +273,7 @@ verify_main(int argc, char **argv) | |||
| 273 | exit(1); | 273 | exit(1); | 
| 274 | } | 274 | } | 
| 275 | 275 | ||
| 276 | memset(&verify_config, 0, sizeof(verify_config)); | 276 | memset(&cfg, 0, sizeof(cfg)); | 
| 277 | 277 | ||
| 278 | if (options_parse(argc, argv, verify_options, NULL, &argsused) != 0) { | 278 | if (options_parse(argc, argv, verify_options, NULL, &argsused) != 0) { | 
| 279 | verify_usage(); | 279 | verify_usage(); | 
| @@ -288,17 +288,17 @@ verify_main(int argc, char **argv) | |||
| 288 | goto end; | 288 | goto end; | 
| 289 | X509_STORE_set_verify_cb(cert_ctx, cb); | 289 | X509_STORE_set_verify_cb(cert_ctx, cb); | 
| 290 | 290 | ||
| 291 | if (verify_config.vpm) | 291 | if (cfg.vpm) | 
| 292 | X509_STORE_set1_param(cert_ctx, verify_config.vpm); | 292 | X509_STORE_set1_param(cert_ctx, cfg.vpm); | 
| 293 | 293 | ||
| 294 | lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); | 294 | lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); | 
| 295 | if (lookup == NULL) | 295 | if (lookup == NULL) | 
| 296 | abort(); /* XXX */ | 296 | abort(); /* XXX */ | 
| 297 | if (verify_config.CAfile) { | 297 | if (cfg.CAfile) { | 
| 298 | if (!X509_LOOKUP_load_file(lookup, verify_config.CAfile, | 298 | if (!X509_LOOKUP_load_file(lookup, cfg.CAfile, | 
| 299 | X509_FILETYPE_PEM)) { | 299 | X509_FILETYPE_PEM)) { | 
| 300 | BIO_printf(bio_err, "Error loading file %s\n", | 300 | BIO_printf(bio_err, "Error loading file %s\n", | 
| 301 | verify_config.CAfile); | 301 | cfg.CAfile); | 
| 302 | ERR_print_errors(bio_err); | 302 | ERR_print_errors(bio_err); | 
| 303 | goto end; | 303 | goto end; | 
| 304 | } | 304 | } | 
| @@ -308,11 +308,11 @@ verify_main(int argc, char **argv) | |||
| 308 | lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); | 308 | lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); | 
| 309 | if (lookup == NULL) | 309 | if (lookup == NULL) | 
| 310 | abort(); /* XXX */ | 310 | abort(); /* XXX */ | 
| 311 | if (verify_config.CApath) { | 311 | if (cfg.CApath) { | 
| 312 | if (!X509_LOOKUP_add_dir(lookup, verify_config.CApath, | 312 | if (!X509_LOOKUP_add_dir(lookup, cfg.CApath, | 
| 313 | X509_FILETYPE_PEM)) { | 313 | X509_FILETYPE_PEM)) { | 
| 314 | BIO_printf(bio_err, "Error loading directory %s\n", | 314 | BIO_printf(bio_err, "Error loading directory %s\n", | 
| 315 | verify_config.CApath); | 315 | cfg.CApath); | 
| 316 | ERR_print_errors(bio_err); | 316 | ERR_print_errors(bio_err); | 
| 317 | goto end; | 317 | goto end; | 
| 318 | } | 318 | } | 
| @@ -321,20 +321,20 @@ verify_main(int argc, char **argv) | |||
| 321 | 321 | ||
| 322 | ERR_clear_error(); | 322 | ERR_clear_error(); | 
| 323 | 323 | ||
| 324 | if (verify_config.untfile) { | 324 | if (cfg.untfile) { | 
| 325 | untrusted = load_certs(bio_err, verify_config.untfile, | 325 | untrusted = load_certs(bio_err, cfg.untfile, | 
| 326 | FORMAT_PEM, NULL, "untrusted certificates"); | 326 | FORMAT_PEM, NULL, "untrusted certificates"); | 
| 327 | if (!untrusted) | 327 | if (!untrusted) | 
| 328 | goto end; | 328 | goto end; | 
| 329 | } | 329 | } | 
| 330 | if (verify_config.trustfile) { | 330 | if (cfg.trustfile) { | 
| 331 | trusted = load_certs(bio_err, verify_config.trustfile, | 331 | trusted = load_certs(bio_err, cfg.trustfile, | 
| 332 | FORMAT_PEM, NULL, "trusted certificates"); | 332 | FORMAT_PEM, NULL, "trusted certificates"); | 
| 333 | if (!trusted) | 333 | if (!trusted) | 
| 334 | goto end; | 334 | goto end; | 
| 335 | } | 335 | } | 
| 336 | if (verify_config.crlfile) { | 336 | if (cfg.crlfile) { | 
| 337 | crls = load_crls(bio_err, verify_config.crlfile, FORMAT_PEM, | 337 | crls = load_crls(bio_err, cfg.crlfile, FORMAT_PEM, | 
| 338 | NULL, "other CRLs"); | 338 | NULL, "other CRLs"); | 
| 339 | if (!crls) | 339 | if (!crls) | 
| 340 | goto end; | 340 | goto end; | 
| @@ -352,8 +352,8 @@ verify_main(int argc, char **argv) | |||
| 352 | } | 352 | } | 
| 353 | 353 | ||
| 354 | end: | 354 | end: | 
| 355 | if (verify_config.vpm) | 355 | if (cfg.vpm) | 
| 356 | X509_VERIFY_PARAM_free(verify_config.vpm); | 356 | X509_VERIFY_PARAM_free(cfg.vpm); | 
| 357 | if (cert_ctx != NULL) | 357 | if (cert_ctx != NULL) | 
| 358 | X509_STORE_free(cert_ctx); | 358 | X509_STORE_free(cert_ctx); | 
| 359 | sk_X509_pop_free(untrusted, X509_free); | 359 | sk_X509_pop_free(untrusted, X509_free); | 
| @@ -454,7 +454,7 @@ cb(int ok, X509_STORE_CTX *ctx) | |||
| 454 | } | 454 | } | 
| 455 | if (cert_error == X509_V_OK && ok == 2) | 455 | if (cert_error == X509_V_OK && ok == 2) | 
| 456 | policies_print(NULL, ctx); | 456 | policies_print(NULL, ctx); | 
| 457 | if (!verify_config.verbose) | 457 | if (!cfg.verbose) | 
| 458 | ERR_clear_error(); | 458 | ERR_clear_error(); | 
| 459 | return (ok); | 459 | return (ok); | 
| 460 | } | 460 | } | 
| diff --git a/src/usr.bin/openssl/version.c b/src/usr.bin/openssl/version.c index 038774ad0c..6ff1860ead 100644 --- a/src/usr.bin/openssl/version.c +++ b/src/usr.bin/openssl/version.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: version.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: version.c,v 1.11 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -142,17 +142,17 @@ static struct { | |||
| 142 | int options; | 142 | int options; | 
| 143 | int platform; | 143 | int platform; | 
| 144 | int version; | 144 | int version; | 
| 145 | } version_config; | 145 | } cfg; | 
| 146 | 146 | ||
| 147 | static int | 147 | static int | 
| 148 | version_all_opts(void) | 148 | version_all_opts(void) | 
| 149 | { | 149 | { | 
| 150 | version_config.cflags = 1; | 150 | cfg.cflags = 1; | 
| 151 | version_config.date = 1; | 151 | cfg.date = 1; | 
| 152 | version_config.dir= 1; | 152 | cfg.dir= 1; | 
| 153 | version_config.options = 1; | 153 | cfg.options = 1; | 
| 154 | version_config.platform = 1; | 154 | cfg.platform = 1; | 
| 155 | version_config.version = 1; | 155 | cfg.version = 1; | 
| 156 | 156 | ||
| 157 | return (0); | 157 | return (0); | 
| 158 | } | 158 | } | 
| @@ -168,37 +168,37 @@ static const struct option version_options[] = { | |||
| 168 | .name = "b", | 168 | .name = "b", | 
| 169 | .desc = "Date the current version of OpenSSL was built", | 169 | .desc = "Date the current version of OpenSSL was built", | 
| 170 | .type = OPTION_FLAG, | 170 | .type = OPTION_FLAG, | 
| 171 | .opt.flag = &version_config.date, | 171 | .opt.flag = &cfg.date, | 
| 172 | }, | 172 | }, | 
| 173 | { | 173 | { | 
| 174 | .name = "d", | 174 | .name = "d", | 
| 175 | .desc = "OPENSSLDIR value", | 175 | .desc = "OPENSSLDIR value", | 
| 176 | .type = OPTION_FLAG, | 176 | .type = OPTION_FLAG, | 
| 177 | .opt.flag = &version_config.dir, | 177 | .opt.flag = &cfg.dir, | 
| 178 | }, | 178 | }, | 
| 179 | { | 179 | { | 
| 180 | .name = "f", | 180 | .name = "f", | 
| 181 | .desc = "Compilation flags", | 181 | .desc = "Compilation flags", | 
| 182 | .type = OPTION_FLAG, | 182 | .type = OPTION_FLAG, | 
| 183 | .opt.flag = &version_config.cflags, | 183 | .opt.flag = &cfg.cflags, | 
| 184 | }, | 184 | }, | 
| 185 | { | 185 | { | 
| 186 | .name = "o", | 186 | .name = "o", | 
| 187 | .desc = "Option information", | 187 | .desc = "Option information", | 
| 188 | .type = OPTION_FLAG, | 188 | .type = OPTION_FLAG, | 
| 189 | .opt.flag = &version_config.options, | 189 | .opt.flag = &cfg.options, | 
| 190 | }, | 190 | }, | 
| 191 | { | 191 | { | 
| 192 | .name = "p", | 192 | .name = "p", | 
| 193 | .desc = "Platform settings", | 193 | .desc = "Platform settings", | 
| 194 | .type = OPTION_FLAG, | 194 | .type = OPTION_FLAG, | 
| 195 | .opt.flag = &version_config.platform, | 195 | .opt.flag = &cfg.platform, | 
| 196 | }, | 196 | }, | 
| 197 | { | 197 | { | 
| 198 | .name = "v", | 198 | .name = "v", | 
| 199 | .desc = "Current OpenSSL version", | 199 | .desc = "Current OpenSSL version", | 
| 200 | .type = OPTION_FLAG, | 200 | .type = OPTION_FLAG, | 
| 201 | .opt.flag = &version_config.version, | 201 | .opt.flag = &cfg.version, | 
| 202 | }, | 202 | }, | 
| 203 | {NULL}, | 203 | {NULL}, | 
| 204 | }; | 204 | }; | 
| @@ -218,7 +218,7 @@ version_main(int argc, char **argv) | |||
| 218 | exit(1); | 218 | exit(1); | 
| 219 | } | 219 | } | 
| 220 | 220 | ||
| 221 | memset(&version_config, 0, sizeof(version_config)); | 221 | memset(&cfg, 0, sizeof(cfg)); | 
| 222 | 222 | ||
| 223 | if (options_parse(argc, argv, version_options, NULL, NULL) != 0) { | 223 | if (options_parse(argc, argv, version_options, NULL, NULL) != 0) { | 
| 224 | version_usage(); | 224 | version_usage(); | 
| @@ -226,9 +226,9 @@ version_main(int argc, char **argv) | |||
| 226 | } | 226 | } | 
| 227 | 227 | ||
| 228 | if (argc == 1) | 228 | if (argc == 1) | 
| 229 | version_config.version = 1; | 229 | cfg.version = 1; | 
| 230 | 230 | ||
| 231 | if (version_config.version) { | 231 | if (cfg.version) { | 
| 232 | if (SSLeay() == SSLEAY_VERSION_NUMBER) { | 232 | if (SSLeay() == SSLEAY_VERSION_NUMBER) { | 
| 233 | printf("%s\n", SSLeay_version(SSLEAY_VERSION)); | 233 | printf("%s\n", SSLeay_version(SSLEAY_VERSION)); | 
| 234 | } else { | 234 | } else { | 
| @@ -237,11 +237,11 @@ version_main(int argc, char **argv) | |||
| 237 | SSLeay_version(SSLEAY_VERSION)); | 237 | SSLeay_version(SSLEAY_VERSION)); | 
| 238 | } | 238 | } | 
| 239 | } | 239 | } | 
| 240 | if (version_config.date) | 240 | if (cfg.date) | 
| 241 | printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON)); | 241 | printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON)); | 
| 242 | if (version_config.platform) | 242 | if (cfg.platform) | 
| 243 | printf("%s\n", SSLeay_version(SSLEAY_PLATFORM)); | 243 | printf("%s\n", SSLeay_version(SSLEAY_PLATFORM)); | 
| 244 | if (version_config.options) { | 244 | if (cfg.options) { | 
| 245 | printf("options: "); | 245 | printf("options: "); | 
| 246 | printf("%s ", BN_options()); | 246 | printf("%s ", BN_options()); | 
| 247 | #ifndef OPENSSL_NO_RC4 | 247 | #ifndef OPENSSL_NO_RC4 | 
| @@ -258,9 +258,9 @@ version_main(int argc, char **argv) | |||
| 258 | #endif | 258 | #endif | 
| 259 | printf("\n"); | 259 | printf("\n"); | 
| 260 | } | 260 | } | 
| 261 | if (version_config.cflags) | 261 | if (cfg.cflags) | 
| 262 | printf("%s\n", SSLeay_version(SSLEAY_CFLAGS)); | 262 | printf("%s\n", SSLeay_version(SSLEAY_CFLAGS)); | 
| 263 | if (version_config.dir) | 263 | if (cfg.dir) | 
| 264 | printf("%s\n", SSLeay_version(SSLEAY_DIR)); | 264 | printf("%s\n", SSLeay_version(SSLEAY_DIR)); | 
| 265 | 265 | ||
| 266 | return (0); | 266 | return (0); | 
| diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c index e1c69c6798..66cad3ab2c 100644 --- a/src/usr.bin/openssl/x509.c +++ b/src/usr.bin/openssl/x509.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.c,v 1.30 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: x509.c,v 1.31 2023/03/06 14:32:06 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -152,58 +152,58 @@ static struct { | |||
| 152 | STACK_OF(ASN1_OBJECT) *trust; | 152 | STACK_OF(ASN1_OBJECT) *trust; | 
| 153 | int trustout; | 153 | int trustout; | 
| 154 | int x509req; | 154 | int x509req; | 
| 155 | } x509_config; | 155 | } cfg; | 
| 156 | 156 | ||
| 157 | static int | 157 | static int | 
| 158 | x509_opt_addreject(char *arg) | 158 | x509_opt_addreject(char *arg) | 
| 159 | { | 159 | { | 
| 160 | if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { | 160 | if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { | 
| 161 | BIO_printf(bio_err, "Invalid reject object value %s\n", arg); | 161 | BIO_printf(bio_err, "Invalid reject object value %s\n", arg); | 
| 162 | return (1); | 162 | return (1); | 
| 163 | } | 163 | } | 
| 164 | 164 | ||
| 165 | if (x509_config.reject == NULL && | 165 | if (cfg.reject == NULL && | 
| 166 | (x509_config.reject = sk_ASN1_OBJECT_new_null()) == NULL) | 166 | (cfg.reject = sk_ASN1_OBJECT_new_null()) == NULL) | 
| 167 | return (1); | 167 | return (1); | 
| 168 | 168 | ||
| 169 | if (!sk_ASN1_OBJECT_push(x509_config.reject, x509_config.objtmp)) | 169 | if (!sk_ASN1_OBJECT_push(cfg.reject, cfg.objtmp)) | 
| 170 | return (1); | 170 | return (1); | 
| 171 | 171 | ||
| 172 | x509_config.trustout = 1; | 172 | cfg.trustout = 1; | 
| 173 | return (0); | 173 | return (0); | 
| 174 | } | 174 | } | 
| 175 | 175 | ||
| 176 | static int | 176 | static int | 
| 177 | x509_opt_addtrust(char *arg) | 177 | x509_opt_addtrust(char *arg) | 
| 178 | { | 178 | { | 
| 179 | if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { | 179 | if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { | 
| 180 | BIO_printf(bio_err, "Invalid trust object value %s\n", arg); | 180 | BIO_printf(bio_err, "Invalid trust object value %s\n", arg); | 
| 181 | return (1); | 181 | return (1); | 
| 182 | } | 182 | } | 
| 183 | 183 | ||
| 184 | if (x509_config.trust == NULL && | 184 | if (cfg.trust == NULL && | 
| 185 | (x509_config.trust = sk_ASN1_OBJECT_new_null()) == NULL) | 185 | (cfg.trust = sk_ASN1_OBJECT_new_null()) == NULL) | 
| 186 | return (1); | 186 | return (1); | 
| 187 | 187 | ||
| 188 | if (!sk_ASN1_OBJECT_push(x509_config.trust, x509_config.objtmp)) | 188 | if (!sk_ASN1_OBJECT_push(cfg.trust, cfg.objtmp)) | 
| 189 | return (1); | 189 | return (1); | 
| 190 | 190 | ||
| 191 | x509_config.trustout = 1; | 191 | cfg.trustout = 1; | 
| 192 | return (0); | 192 | return (0); | 
| 193 | } | 193 | } | 
| 194 | 194 | ||
| 195 | static int | 195 | static int | 
| 196 | x509_opt_ca(char *arg) | 196 | x509_opt_ca(char *arg) | 
| 197 | { | 197 | { | 
| 198 | x509_config.CAfile = arg; | 198 | cfg.CAfile = arg; | 
| 199 | x509_config.CA_flag = ++x509_config.num; | 199 | cfg.CA_flag = ++cfg.num; | 
| 200 | return (0); | 200 | return (0); | 
| 201 | } | 201 | } | 
| 202 | 202 | ||
| 203 | static int | 203 | static int | 
| 204 | x509_opt_certopt(char *arg) | 204 | x509_opt_certopt(char *arg) | 
| 205 | { | 205 | { | 
| 206 | if (!set_cert_ex(&x509_config.certflag, arg)) | 206 | if (!set_cert_ex(&cfg.certflag, arg)) | 
| 207 | return (1); | 207 | return (1); | 
| 208 | 208 | ||
| 209 | return (0); | 209 | return (0); | 
| @@ -214,20 +214,20 @@ x509_opt_checkend(char *arg) | |||
| 214 | { | 214 | { | 
| 215 | const char *errstr; | 215 | const char *errstr; | 
| 216 | 216 | ||
| 217 | x509_config.checkoffset = strtonum(arg, 0, INT_MAX, &errstr); | 217 | cfg.checkoffset = strtonum(arg, 0, INT_MAX, &errstr); | 
| 218 | if (errstr != NULL) { | 218 | if (errstr != NULL) { | 
| 219 | BIO_printf(bio_err, "checkend unusable: %s\n", errstr); | 219 | BIO_printf(bio_err, "checkend unusable: %s\n", errstr); | 
| 220 | return (1); | 220 | return (1); | 
| 221 | } | 221 | } | 
| 222 | x509_config.checkend = 1; | 222 | cfg.checkend = 1; | 
| 223 | return (0); | 223 | return (0); | 
| 224 | } | 224 | } | 
| 225 | 225 | ||
| 226 | static int | 226 | static int | 
| 227 | x509_opt_dates(void) | 227 | x509_opt_dates(void) | 
| 228 | { | 228 | { | 
| 229 | x509_config.startdate = ++x509_config.num; | 229 | cfg.startdate = ++cfg.num; | 
| 230 | x509_config.enddate = ++x509_config.num; | 230 | cfg.enddate = ++cfg.num; | 
| 231 | return (0); | 231 | return (0); | 
| 232 | } | 232 | } | 
| 233 | 233 | ||
| @@ -236,7 +236,7 @@ x509_opt_days(char *arg) | |||
| 236 | { | 236 | { | 
| 237 | const char *errstr; | 237 | const char *errstr; | 
| 238 | 238 | ||
| 239 | x509_config.days = strtonum(arg, 1, INT_MAX, &errstr); | 239 | cfg.days = strtonum(arg, 1, INT_MAX, &errstr); | 
| 240 | if (errstr != NULL) { | 240 | if (errstr != NULL) { | 
| 241 | BIO_printf(bio_err, "bad number of days: %s\n", errstr); | 241 | BIO_printf(bio_err, "bad number of days: %s\n", errstr); | 
| 242 | return (1); | 242 | return (1); | 
| @@ -252,11 +252,11 @@ x509_opt_digest(int argc, char **argv, int *argsused) | |||
| 252 | if (*name++ != '-') | 252 | if (*name++ != '-') | 
| 253 | return (1); | 253 | return (1); | 
| 254 | 254 | ||
| 255 | if ((x509_config.md_alg = EVP_get_digestbyname(name)) != NULL) { | 255 | if ((cfg.md_alg = EVP_get_digestbyname(name)) != NULL) { | 
| 256 | x509_config.digest = x509_config.md_alg; | 256 | cfg.digest = cfg.md_alg; | 
| 257 | } else { | 257 | } else { | 
| 258 | BIO_printf(bio_err, "unknown option %s\n", *argv); | 258 | BIO_printf(bio_err, "unknown option %s\n", *argv); | 
| 259 | x509_config.badops = 1; | 259 | cfg.badops = 1; | 
| 260 | return (1); | 260 | return (1); | 
| 261 | } | 261 | } | 
| 262 | 262 | ||
| @@ -267,7 +267,7 @@ x509_opt_digest(int argc, char **argv, int *argsused) | |||
| 267 | static int | 267 | static int | 
| 268 | x509_opt_nameopt(char *arg) | 268 | x509_opt_nameopt(char *arg) | 
| 269 | { | 269 | { | 
| 270 | if (!set_name_ex(&x509_config.nmflag, arg)) | 270 | if (!set_name_ex(&cfg.nmflag, arg)) | 
| 271 | return (1); | 271 | return (1); | 
| 272 | 272 | ||
| 273 | return (0); | 273 | return (0); | 
| @@ -276,8 +276,8 @@ x509_opt_nameopt(char *arg) | |||
| 276 | static int | 276 | static int | 
| 277 | x509_opt_set_serial(char *arg) | 277 | x509_opt_set_serial(char *arg) | 
| 278 | { | 278 | { | 
| 279 | ASN1_INTEGER_free(x509_config.sno); | 279 | ASN1_INTEGER_free(cfg.sno); | 
| 280 | if ((x509_config.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL) | 280 | if ((cfg.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL) | 
| 281 | return (1); | 281 | return (1); | 
| 282 | 282 | ||
| 283 | return (0); | 283 | return (0); | 
| @@ -286,27 +286,27 @@ x509_opt_set_serial(char *arg) | |||
| 286 | static int | 286 | static int | 
| 287 | x509_opt_setalias(char *arg) | 287 | x509_opt_setalias(char *arg) | 
| 288 | { | 288 | { | 
| 289 | x509_config.alias = arg; | 289 | cfg.alias = arg; | 
| 290 | x509_config.trustout = 1; | 290 | cfg.trustout = 1; | 
| 291 | return (0); | 291 | return (0); | 
| 292 | } | 292 | } | 
| 293 | 293 | ||
| 294 | static int | 294 | static int | 
| 295 | x509_opt_signkey(char *arg) | 295 | x509_opt_signkey(char *arg) | 
| 296 | { | 296 | { | 
| 297 | x509_config.keyfile = arg; | 297 | cfg.keyfile = arg; | 
| 298 | x509_config.sign_flag = ++x509_config.num; | 298 | cfg.sign_flag = ++cfg.num; | 
| 299 | return (0); | 299 | return (0); | 
| 300 | } | 300 | } | 
| 301 | 301 | ||
| 302 | static int | 302 | static int | 
| 303 | x509_opt_sigopt(char *arg) | 303 | x509_opt_sigopt(char *arg) | 
| 304 | { | 304 | { | 
| 305 | if (x509_config.sigopts == NULL && | 305 | if (cfg.sigopts == NULL && | 
| 306 | (x509_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) | 306 | (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) | 
| 307 | return (1); | 307 | return (1); | 
| 308 | 308 | ||
| 309 | if (!sk_OPENSSL_STRING_push(x509_config.sigopts, arg)) | 309 | if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) | 
| 310 | return (1); | 310 | return (1); | 
| 311 | 311 | ||
| 312 | return (0); | 312 | return (0); | 
| @@ -317,8 +317,8 @@ static const struct option x509_options[] = { | |||
| 317 | .name = "C", | 317 | .name = "C", | 
| 318 | .desc = "Convert the certificate into C code", | 318 | .desc = "Convert the certificate into C code", | 
| 319 | .type = OPTION_ORDER, | 319 | .type = OPTION_ORDER, | 
| 320 | .opt.order = &x509_config.C, | 320 | .opt.order = &cfg.C, | 
| 321 | .order = &x509_config.num, | 321 | .order = &cfg.num, | 
| 322 | }, | 322 | }, | 
| 323 | { | 323 | { | 
| 324 | .name = "addreject", | 324 | .name = "addreject", | 
| @@ -338,8 +338,8 @@ static const struct option x509_options[] = { | |||
| 338 | .name = "alias", | 338 | .name = "alias", | 
| 339 | .desc = "Output certificate alias", | 339 | .desc = "Output certificate alias", | 
| 340 | .type = OPTION_ORDER, | 340 | .type = OPTION_ORDER, | 
| 341 | .opt.order = &x509_config.aliasout, | 341 | .opt.order = &cfg.aliasout, | 
| 342 | .order = &x509_config.num, | 342 | .order = &cfg.num, | 
| 343 | }, | 343 | }, | 
| 344 | { | 344 | { | 
| 345 | .name = "CA", | 345 | .name = "CA", | 
| @@ -352,15 +352,15 @@ static const struct option x509_options[] = { | |||
| 352 | .name = "CAcreateserial", | 352 | .name = "CAcreateserial", | 
| 353 | .desc = "Create serial number file if it does not exist", | 353 | .desc = "Create serial number file if it does not exist", | 
| 354 | .type = OPTION_ORDER, | 354 | .type = OPTION_ORDER, | 
| 355 | .opt.order = &x509_config.CA_createserial, | 355 | .opt.order = &cfg.CA_createserial, | 
| 356 | .order = &x509_config.num, | 356 | .order = &cfg.num, | 
| 357 | }, | 357 | }, | 
| 358 | { | 358 | { | 
| 359 | .name = "CAform", | 359 | .name = "CAform", | 
| 360 | .argname = "fmt", | 360 | .argname = "fmt", | 
| 361 | .desc = "CA format - default PEM", | 361 | .desc = "CA format - default PEM", | 
| 362 | .type = OPTION_ARG_FORMAT, | 362 | .type = OPTION_ARG_FORMAT, | 
| 363 | .opt.value = &x509_config.CAformat, | 363 | .opt.value = &cfg.CAformat, | 
| 364 | }, | 364 | }, | 
| 365 | { | 365 | { | 
| 366 | .name = "CAkey", | 366 | .name = "CAkey", | 
| @@ -368,21 +368,21 @@ static const struct option x509_options[] = { | |||
| 368 | .desc = "CA key in PEM format unless -CAkeyform is specified\n" | 368 | .desc = "CA key in PEM format unless -CAkeyform is specified\n" | 
| 369 | "if omitted, the key is assumed to be in the CA file", | 369 | "if omitted, the key is assumed to be in the CA file", | 
| 370 | .type = OPTION_ARG, | 370 | .type = OPTION_ARG, | 
| 371 | .opt.arg = &x509_config.CAkeyfile, | 371 | .opt.arg = &cfg.CAkeyfile, | 
| 372 | }, | 372 | }, | 
| 373 | { | 373 | { | 
| 374 | .name = "CAkeyform", | 374 | .name = "CAkeyform", | 
| 375 | .argname = "fmt", | 375 | .argname = "fmt", | 
| 376 | .desc = "CA key format - default PEM", | 376 | .desc = "CA key format - default PEM", | 
| 377 | .type = OPTION_ARG_FORMAT, | 377 | .type = OPTION_ARG_FORMAT, | 
| 378 | .opt.value = &x509_config.CAkeyformat, | 378 | .opt.value = &cfg.CAkeyformat, | 
| 379 | }, | 379 | }, | 
| 380 | { | 380 | { | 
| 381 | .name = "CAserial", | 381 | .name = "CAserial", | 
| 382 | .argname = "file", | 382 | .argname = "file", | 
| 383 | .desc = "Serial file", | 383 | .desc = "Serial file", | 
| 384 | .type = OPTION_ARG, | 384 | .type = OPTION_ARG, | 
| 385 | .opt.arg = &x509_config.CAserial, | 385 | .opt.arg = &cfg.CAserial, | 
| 386 | }, | 386 | }, | 
| 387 | { | 387 | { | 
| 388 | .name = "certopt", | 388 | .name = "certopt", | 
| @@ -403,21 +403,21 @@ static const struct option x509_options[] = { | |||
| 403 | .name = "clrext", | 403 | .name = "clrext", | 
| 404 | .desc = "Clear all extensions", | 404 | .desc = "Clear all extensions", | 
| 405 | .type = OPTION_FLAG, | 405 | .type = OPTION_FLAG, | 
| 406 | .opt.flag = &x509_config.clrext, | 406 | .opt.flag = &cfg.clrext, | 
| 407 | }, | 407 | }, | 
| 408 | { | 408 | { | 
| 409 | .name = "clrreject", | 409 | .name = "clrreject", | 
| 410 | .desc = "Clear all rejected purposes", | 410 | .desc = "Clear all rejected purposes", | 
| 411 | .type = OPTION_ORDER, | 411 | .type = OPTION_ORDER, | 
| 412 | .opt.order = &x509_config.clrreject, | 412 | .opt.order = &cfg.clrreject, | 
| 413 | .order = &x509_config.num, | 413 | .order = &cfg.num, | 
| 414 | }, | 414 | }, | 
| 415 | { | 415 | { | 
| 416 | .name = "clrtrust", | 416 | .name = "clrtrust", | 
| 417 | .desc = "Clear all trusted purposes", | 417 | .desc = "Clear all trusted purposes", | 
| 418 | .type = OPTION_ORDER, | 418 | .type = OPTION_ORDER, | 
| 419 | .opt.order = &x509_config.clrtrust, | 419 | .opt.order = &cfg.clrtrust, | 
| 420 | .order = &x509_config.num, | 420 | .order = &cfg.num, | 
| 421 | }, | 421 | }, | 
| 422 | { | 422 | { | 
| 423 | .name = "dates", | 423 | .name = "dates", | 
| @@ -436,79 +436,79 @@ static const struct option x509_options[] = { | |||
| 436 | .name = "email", | 436 | .name = "email", | 
| 437 | .desc = "Print email address(es)", | 437 | .desc = "Print email address(es)", | 
| 438 | .type = OPTION_ORDER, | 438 | .type = OPTION_ORDER, | 
| 439 | .opt.order = &x509_config.email, | 439 | .opt.order = &cfg.email, | 
| 440 | .order = &x509_config.num, | 440 | .order = &cfg.num, | 
| 441 | }, | 441 | }, | 
| 442 | { | 442 | { | 
| 443 | .name = "enddate", | 443 | .name = "enddate", | 
| 444 | .desc = "Print notAfter field", | 444 | .desc = "Print notAfter field", | 
| 445 | .type = OPTION_ORDER, | 445 | .type = OPTION_ORDER, | 
| 446 | .opt.order = &x509_config.enddate, | 446 | .opt.order = &cfg.enddate, | 
| 447 | .order = &x509_config.num, | 447 | .order = &cfg.num, | 
| 448 | }, | 448 | }, | 
| 449 | { | 449 | { | 
| 450 | .name = "extensions", | 450 | .name = "extensions", | 
| 451 | .argname = "section", | 451 | .argname = "section", | 
| 452 | .desc = "Section from config file with X509V3 extensions to add", | 452 | .desc = "Section from config file with X509V3 extensions to add", | 
| 453 | .type = OPTION_ARG, | 453 | .type = OPTION_ARG, | 
| 454 | .opt.arg = &x509_config.extsect, | 454 | .opt.arg = &cfg.extsect, | 
| 455 | }, | 455 | }, | 
| 456 | { | 456 | { | 
| 457 | .name = "extfile", | 457 | .name = "extfile", | 
| 458 | .argname = "file", | 458 | .argname = "file", | 
| 459 | .desc = "Configuration file with X509V3 extensions to add", | 459 | .desc = "Configuration file with X509V3 extensions to add", | 
| 460 | .type = OPTION_ARG, | 460 | .type = OPTION_ARG, | 
| 461 | .opt.arg = &x509_config.extfile, | 461 | .opt.arg = &cfg.extfile, | 
| 462 | }, | 462 | }, | 
| 463 | { | 463 | { | 
| 464 | .name = "fingerprint", | 464 | .name = "fingerprint", | 
| 465 | .desc = "Print the certificate fingerprint", | 465 | .desc = "Print the certificate fingerprint", | 
| 466 | .type = OPTION_ORDER, | 466 | .type = OPTION_ORDER, | 
| 467 | .opt.order = &x509_config.fingerprint, | 467 | .opt.order = &cfg.fingerprint, | 
| 468 | .order = &x509_config.num, | 468 | .order = &cfg.num, | 
| 469 | }, | 469 | }, | 
| 470 | { | 470 | { | 
| 471 | .name = "hash", | 471 | .name = "hash", | 
| 472 | .desc = "Synonym for -subject_hash", | 472 | .desc = "Synonym for -subject_hash", | 
| 473 | .type = OPTION_ORDER, | 473 | .type = OPTION_ORDER, | 
| 474 | .opt.order = &x509_config.subject_hash, | 474 | .opt.order = &cfg.subject_hash, | 
| 475 | .order = &x509_config.num, | 475 | .order = &cfg.num, | 
| 476 | }, | 476 | }, | 
| 477 | { | 477 | { | 
| 478 | .name = "in", | 478 | .name = "in", | 
| 479 | .argname = "file", | 479 | .argname = "file", | 
| 480 | .desc = "Input file - default stdin", | 480 | .desc = "Input file - default stdin", | 
| 481 | .type = OPTION_ARG, | 481 | .type = OPTION_ARG, | 
| 482 | .opt.arg = &x509_config.infile, | 482 | .opt.arg = &cfg.infile, | 
| 483 | }, | 483 | }, | 
| 484 | { | 484 | { | 
| 485 | .name = "inform", | 485 | .name = "inform", | 
| 486 | .argname = "fmt", | 486 | .argname = "fmt", | 
| 487 | .desc = "Input format - default PEM (one of DER, NET or PEM)", | 487 | .desc = "Input format - default PEM (one of DER, NET or PEM)", | 
| 488 | .type = OPTION_ARG_FORMAT, | 488 | .type = OPTION_ARG_FORMAT, | 
| 489 | .opt.value = &x509_config.informat, | 489 | .opt.value = &cfg.informat, | 
| 490 | }, | 490 | }, | 
| 491 | { | 491 | { | 
| 492 | .name = "issuer", | 492 | .name = "issuer", | 
| 493 | .desc = "Print issuer name", | 493 | .desc = "Print issuer name", | 
| 494 | .type = OPTION_ORDER, | 494 | .type = OPTION_ORDER, | 
| 495 | .opt.order = &x509_config.issuer, | 495 | .opt.order = &cfg.issuer, | 
| 496 | .order = &x509_config.num, | 496 | .order = &cfg.num, | 
| 497 | }, | 497 | }, | 
| 498 | { | 498 | { | 
| 499 | .name = "issuer_hash", | 499 | .name = "issuer_hash", | 
| 500 | .desc = "Print issuer hash value", | 500 | .desc = "Print issuer hash value", | 
| 501 | .type = OPTION_ORDER, | 501 | .type = OPTION_ORDER, | 
| 502 | .opt.order = &x509_config.issuer_hash, | 502 | .opt.order = &cfg.issuer_hash, | 
| 503 | .order = &x509_config.num, | 503 | .order = &cfg.num, | 
| 504 | }, | 504 | }, | 
| 505 | #ifndef OPENSSL_NO_MD5 | 505 | #ifndef OPENSSL_NO_MD5 | 
| 506 | { | 506 | { | 
| 507 | .name = "issuer_hash_old", | 507 | .name = "issuer_hash_old", | 
| 508 | .desc = "Print old-style (MD5) issuer hash value", | 508 | .desc = "Print old-style (MD5) issuer hash value", | 
| 509 | .type = OPTION_ORDER, | 509 | .type = OPTION_ORDER, | 
| 510 | .opt.order = &x509_config.issuer_hash_old, | 510 | .opt.order = &cfg.issuer_hash_old, | 
| 511 | .order = &x509_config.num, | 511 | .order = &cfg.num, | 
| 512 | }, | 512 | }, | 
| 513 | #endif | 513 | #endif | 
| 514 | { | 514 | { | 
| @@ -516,14 +516,14 @@ static const struct option x509_options[] = { | |||
| 516 | .argname = "fmt", | 516 | .argname = "fmt", | 
| 517 | .desc = "Private key format - default PEM", | 517 | .desc = "Private key format - default PEM", | 
| 518 | .type = OPTION_ARG_FORMAT, | 518 | .type = OPTION_ARG_FORMAT, | 
| 519 | .opt.value = &x509_config.keyformat, | 519 | .opt.value = &cfg.keyformat, | 
| 520 | }, | 520 | }, | 
| 521 | { | 521 | { | 
| 522 | .name = "modulus", | 522 | .name = "modulus", | 
| 523 | .desc = "Print the RSA key modulus", | 523 | .desc = "Print the RSA key modulus", | 
| 524 | .type = OPTION_ORDER, | 524 | .type = OPTION_ORDER, | 
| 525 | .opt.order = &x509_config.modulus, | 525 | .opt.order = &cfg.modulus, | 
| 526 | .order = &x509_config.num, | 526 | .order = &cfg.num, | 
| 527 | }, | 527 | }, | 
| 528 | { | 528 | { | 
| 529 | .name = "nameopt", | 529 | .name = "nameopt", | 
| @@ -536,77 +536,77 @@ static const struct option x509_options[] = { | |||
| 536 | .name = "next_serial", | 536 | .name = "next_serial", | 
| 537 | .desc = "Print the next serial number", | 537 | .desc = "Print the next serial number", | 
| 538 | .type = OPTION_ORDER, | 538 | .type = OPTION_ORDER, | 
| 539 | .opt.order = &x509_config.next_serial, | 539 | .opt.order = &cfg.next_serial, | 
| 540 | .order = &x509_config.num, | 540 | .order = &cfg.num, | 
| 541 | }, | 541 | }, | 
| 542 | { | 542 | { | 
| 543 | .name = "noout", | 543 | .name = "noout", | 
| 544 | .desc = "No certificate output", | 544 | .desc = "No certificate output", | 
| 545 | .type = OPTION_ORDER, | 545 | .type = OPTION_ORDER, | 
| 546 | .opt.order = &x509_config.noout, | 546 | .opt.order = &cfg.noout, | 
| 547 | .order = &x509_config.num, | 547 | .order = &cfg.num, | 
| 548 | }, | 548 | }, | 
| 549 | { | 549 | { | 
| 550 | .name = "ocsp_uri", | 550 | .name = "ocsp_uri", | 
| 551 | .desc = "Print OCSP Responder URL(s)", | 551 | .desc = "Print OCSP Responder URL(s)", | 
| 552 | .type = OPTION_ORDER, | 552 | .type = OPTION_ORDER, | 
| 553 | .opt.order = &x509_config.ocsp_uri, | 553 | .opt.order = &cfg.ocsp_uri, | 
| 554 | .order = &x509_config.num, | 554 | .order = &cfg.num, | 
| 555 | }, | 555 | }, | 
| 556 | { | 556 | { | 
| 557 | .name = "ocspid", | 557 | .name = "ocspid", | 
| 558 | .desc = "Print OCSP hash values for the subject name and public key", | 558 | .desc = "Print OCSP hash values for the subject name and public key", | 
| 559 | .type = OPTION_ORDER, | 559 | .type = OPTION_ORDER, | 
| 560 | .opt.order = &x509_config.ocspid, | 560 | .opt.order = &cfg.ocspid, | 
| 561 | .order = &x509_config.num, | 561 | .order = &cfg.num, | 
| 562 | }, | 562 | }, | 
| 563 | { | 563 | { | 
| 564 | .name = "out", | 564 | .name = "out", | 
| 565 | .argname = "file", | 565 | .argname = "file", | 
| 566 | .desc = "Output file - default stdout", | 566 | .desc = "Output file - default stdout", | 
| 567 | .type = OPTION_ARG, | 567 | .type = OPTION_ARG, | 
| 568 | .opt.arg = &x509_config.outfile, | 568 | .opt.arg = &cfg.outfile, | 
| 569 | }, | 569 | }, | 
| 570 | { | 570 | { | 
| 571 | .name = "outform", | 571 | .name = "outform", | 
| 572 | .argname = "fmt", | 572 | .argname = "fmt", | 
| 573 | .desc = "Output format - default PEM (one of DER, NET or PEM)", | 573 | .desc = "Output format - default PEM (one of DER, NET or PEM)", | 
| 574 | .type = OPTION_ARG_FORMAT, | 574 | .type = OPTION_ARG_FORMAT, | 
| 575 | .opt.value = &x509_config.outformat, | 575 | .opt.value = &cfg.outformat, | 
| 576 | }, | 576 | }, | 
| 577 | { | 577 | { | 
| 578 | .name = "passin", | 578 | .name = "passin", | 
| 579 | .argname = "src", | 579 | .argname = "src", | 
| 580 | .desc = "Private key password source", | 580 | .desc = "Private key password source", | 
| 581 | .type = OPTION_ARG, | 581 | .type = OPTION_ARG, | 
| 582 | .opt.arg = &x509_config.passargin, | 582 | .opt.arg = &cfg.passargin, | 
| 583 | }, | 583 | }, | 
| 584 | { | 584 | { | 
| 585 | .name = "pubkey", | 585 | .name = "pubkey", | 
| 586 | .desc = "Output the public key", | 586 | .desc = "Output the public key", | 
| 587 | .type = OPTION_ORDER, | 587 | .type = OPTION_ORDER, | 
| 588 | .opt.order = &x509_config.pubkey, | 588 | .opt.order = &cfg.pubkey, | 
| 589 | .order = &x509_config.num, | 589 | .order = &cfg.num, | 
| 590 | }, | 590 | }, | 
| 591 | { | 591 | { | 
| 592 | .name = "purpose", | 592 | .name = "purpose", | 
| 593 | .desc = "Print out certificate purposes", | 593 | .desc = "Print out certificate purposes", | 
| 594 | .type = OPTION_ORDER, | 594 | .type = OPTION_ORDER, | 
| 595 | .opt.order = &x509_config.pprint, | 595 | .opt.order = &cfg.pprint, | 
| 596 | .order = &x509_config.num, | 596 | .order = &cfg.num, | 
| 597 | }, | 597 | }, | 
| 598 | { | 598 | { | 
| 599 | .name = "req", | 599 | .name = "req", | 
| 600 | .desc = "Input is a certificate request, sign and output", | 600 | .desc = "Input is a certificate request, sign and output", | 
| 601 | .type = OPTION_FLAG, | 601 | .type = OPTION_FLAG, | 
| 602 | .opt.flag = &x509_config.reqfile, | 602 | .opt.flag = &cfg.reqfile, | 
| 603 | }, | 603 | }, | 
| 604 | { | 604 | { | 
| 605 | .name = "serial", | 605 | .name = "serial", | 
| 606 | .desc = "Print serial number value", | 606 | .desc = "Print serial number value", | 
| 607 | .type = OPTION_ORDER, | 607 | .type = OPTION_ORDER, | 
| 608 | .opt.order = &x509_config.serial, | 608 | .opt.order = &cfg.serial, | 
| 609 | .order = &x509_config.num, | 609 | .order = &cfg.num, | 
| 610 | }, | 610 | }, | 
| 611 | { | 611 | { | 
| 612 | .name = "set_serial", | 612 | .name = "set_serial", | 
| @@ -640,51 +640,51 @@ static const struct option x509_options[] = { | |||
| 640 | .name = "startdate", | 640 | .name = "startdate", | 
| 641 | .desc = "Print notBefore field", | 641 | .desc = "Print notBefore field", | 
| 642 | .type = OPTION_ORDER, | 642 | .type = OPTION_ORDER, | 
| 643 | .opt.order = &x509_config.startdate, | 643 | .opt.order = &cfg.startdate, | 
| 644 | .order = &x509_config.num, | 644 | .order = &cfg.num, | 
| 645 | }, | 645 | }, | 
| 646 | { | 646 | { | 
| 647 | .name = "subject", | 647 | .name = "subject", | 
| 648 | .desc = "Print subject name", | 648 | .desc = "Print subject name", | 
| 649 | .type = OPTION_ORDER, | 649 | .type = OPTION_ORDER, | 
| 650 | .opt.order = &x509_config.subject, | 650 | .opt.order = &cfg.subject, | 
| 651 | .order = &x509_config.num, | 651 | .order = &cfg.num, | 
| 652 | }, | 652 | }, | 
| 653 | { | 653 | { | 
| 654 | .name = "subject_hash", | 654 | .name = "subject_hash", | 
| 655 | .desc = "Print subject hash value", | 655 | .desc = "Print subject hash value", | 
| 656 | .type = OPTION_ORDER, | 656 | .type = OPTION_ORDER, | 
| 657 | .opt.order = &x509_config.subject_hash, | 657 | .opt.order = &cfg.subject_hash, | 
| 658 | .order = &x509_config.num, | 658 | .order = &cfg.num, | 
| 659 | }, | 659 | }, | 
| 660 | #ifndef OPENSSL_NO_MD5 | 660 | #ifndef OPENSSL_NO_MD5 | 
| 661 | { | 661 | { | 
| 662 | .name = "subject_hash_old", | 662 | .name = "subject_hash_old", | 
| 663 | .desc = "Print old-style (MD5) subject hash value", | 663 | .desc = "Print old-style (MD5) subject hash value", | 
| 664 | .type = OPTION_ORDER, | 664 | .type = OPTION_ORDER, | 
| 665 | .opt.order = &x509_config.subject_hash_old, | 665 | .opt.order = &cfg.subject_hash_old, | 
| 666 | .order = &x509_config.num, | 666 | .order = &cfg.num, | 
| 667 | }, | 667 | }, | 
| 668 | #endif | 668 | #endif | 
| 669 | { | 669 | { | 
| 670 | .name = "text", | 670 | .name = "text", | 
| 671 | .desc = "Print the certificate in text form", | 671 | .desc = "Print the certificate in text form", | 
| 672 | .type = OPTION_ORDER, | 672 | .type = OPTION_ORDER, | 
| 673 | .opt.order = &x509_config.text, | 673 | .opt.order = &cfg.text, | 
| 674 | .order = &x509_config.num, | 674 | .order = &cfg.num, | 
| 675 | }, | 675 | }, | 
| 676 | { | 676 | { | 
| 677 | .name = "trustout", | 677 | .name = "trustout", | 
| 678 | .desc = "Output a trusted certificate", | 678 | .desc = "Output a trusted certificate", | 
| 679 | .type = OPTION_FLAG, | 679 | .type = OPTION_FLAG, | 
| 680 | .opt.flag = &x509_config.trustout, | 680 | .opt.flag = &cfg.trustout, | 
| 681 | }, | 681 | }, | 
| 682 | { | 682 | { | 
| 683 | .name = "x509toreq", | 683 | .name = "x509toreq", | 
| 684 | .desc = "Output a certification request object", | 684 | .desc = "Output a certification request object", | 
| 685 | .type = OPTION_ORDER, | 685 | .type = OPTION_ORDER, | 
| 686 | .opt.order = &x509_config.x509req, | 686 | .opt.order = &cfg.x509req, | 
| 687 | .order = &x509_config.num, | 687 | .order = &cfg.num, | 
| 688 | }, | 688 | }, | 
| 689 | { | 689 | { | 
| 690 | .name = NULL, | 690 | .name = NULL, | 
| @@ -740,13 +740,13 @@ x509_main(int argc, char **argv) | |||
| 740 | exit(1); | 740 | exit(1); | 
| 741 | } | 741 | } | 
| 742 | 742 | ||
| 743 | memset(&x509_config, 0, sizeof(x509_config)); | 743 | memset(&cfg, 0, sizeof(cfg)); | 
| 744 | x509_config.days = DEF_DAYS; | 744 | cfg.days = DEF_DAYS; | 
| 745 | x509_config.informat = FORMAT_PEM; | 745 | cfg.informat = FORMAT_PEM; | 
| 746 | x509_config.outformat = FORMAT_PEM; | 746 | cfg.outformat = FORMAT_PEM; | 
| 747 | x509_config.keyformat = FORMAT_PEM; | 747 | cfg.keyformat = FORMAT_PEM; | 
| 748 | x509_config.CAformat = FORMAT_PEM; | 748 | cfg.CAformat = FORMAT_PEM; | 
| 749 | x509_config.CAkeyformat = FORMAT_PEM; | 749 | cfg.CAkeyformat = FORMAT_PEM; | 
| 750 | 750 | ||
| 751 | STDout = BIO_new_fp(stdout, BIO_NOCLOSE); | 751 | STDout = BIO_new_fp(stdout, BIO_NOCLOSE); | 
| 752 | 752 | ||
| @@ -758,13 +758,13 @@ x509_main(int argc, char **argv) | |||
| 758 | if (options_parse(argc, argv, x509_options, NULL, NULL) != 0) | 758 | if (options_parse(argc, argv, x509_options, NULL, NULL) != 0) | 
| 759 | goto bad; | 759 | goto bad; | 
| 760 | 760 | ||
| 761 | if (x509_config.badops) { | 761 | if (cfg.badops) { | 
| 762 | bad: | 762 | bad: | 
| 763 | x509_usage(); | 763 | x509_usage(); | 
| 764 | goto end; | 764 | goto end; | 
| 765 | } | 765 | } | 
| 766 | 766 | ||
| 767 | if (!app_passwd(bio_err, x509_config.passargin, NULL, &passin, NULL)) { | 767 | if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { | 
| 768 | BIO_printf(bio_err, "Error getting password\n"); | 768 | BIO_printf(bio_err, "Error getting password\n"); | 
| 769 | goto end; | 769 | goto end; | 
| 770 | } | 770 | } | 
| @@ -772,53 +772,53 @@ x509_main(int argc, char **argv) | |||
| 772 | ERR_print_errors(bio_err); | 772 | ERR_print_errors(bio_err); | 
| 773 | goto end; | 773 | goto end; | 
| 774 | } | 774 | } | 
| 775 | if ((x509_config.CAkeyfile == NULL) && (x509_config.CA_flag) && | 775 | if ((cfg.CAkeyfile == NULL) && (cfg.CA_flag) && | 
| 776 | (x509_config.CAformat == FORMAT_PEM)) { | 776 | (cfg.CAformat == FORMAT_PEM)) { | 
| 777 | x509_config.CAkeyfile = x509_config.CAfile; | 777 | cfg.CAkeyfile = cfg.CAfile; | 
| 778 | } else if ((x509_config.CA_flag) && (x509_config.CAkeyfile == NULL)) { | 778 | } else if ((cfg.CA_flag) && (cfg.CAkeyfile == NULL)) { | 
| 779 | BIO_printf(bio_err, | 779 | BIO_printf(bio_err, | 
| 780 | "need to specify a CAkey if using the CA command\n"); | 780 | "need to specify a CAkey if using the CA command\n"); | 
| 781 | goto end; | 781 | goto end; | 
| 782 | } | 782 | } | 
| 783 | if (x509_config.extfile != NULL) { | 783 | if (cfg.extfile != NULL) { | 
| 784 | long errorline = -1; | 784 | long errorline = -1; | 
| 785 | X509V3_CTX ctx2; | 785 | X509V3_CTX ctx2; | 
| 786 | extconf = NCONF_new(NULL); | 786 | extconf = NCONF_new(NULL); | 
| 787 | if (!NCONF_load(extconf, x509_config.extfile, &errorline)) { | 787 | if (!NCONF_load(extconf, cfg.extfile, &errorline)) { | 
| 788 | if (errorline <= 0) | 788 | if (errorline <= 0) | 
| 789 | BIO_printf(bio_err, | 789 | BIO_printf(bio_err, | 
| 790 | "error loading the config file '%s'\n", | 790 | "error loading the config file '%s'\n", | 
| 791 | x509_config.extfile); | 791 | cfg.extfile); | 
| 792 | else | 792 | else | 
| 793 | BIO_printf(bio_err, | 793 | BIO_printf(bio_err, | 
| 794 | "error on line %ld of config file '%s'\n", | 794 | "error on line %ld of config file '%s'\n", | 
| 795 | errorline, x509_config.extfile); | 795 | errorline, cfg.extfile); | 
| 796 | goto end; | 796 | goto end; | 
| 797 | } | 797 | } | 
| 798 | if (x509_config.extsect == NULL) { | 798 | if (cfg.extsect == NULL) { | 
| 799 | x509_config.extsect = NCONF_get_string(extconf, | 799 | cfg.extsect = NCONF_get_string(extconf, | 
| 800 | "default", "extensions"); | 800 | "default", "extensions"); | 
| 801 | if (x509_config.extsect == NULL) { | 801 | if (cfg.extsect == NULL) { | 
| 802 | ERR_clear_error(); | 802 | ERR_clear_error(); | 
| 803 | x509_config.extsect = "default"; | 803 | cfg.extsect = "default"; | 
| 804 | } | 804 | } | 
| 805 | } | 805 | } | 
| 806 | X509V3_set_ctx_test(&ctx2); | 806 | X509V3_set_ctx_test(&ctx2); | 
| 807 | X509V3_set_nconf(&ctx2, extconf); | 807 | X509V3_set_nconf(&ctx2, extconf); | 
| 808 | if (!X509V3_EXT_add_nconf(extconf, &ctx2, x509_config.extsect, | 808 | if (!X509V3_EXT_add_nconf(extconf, &ctx2, cfg.extsect, | 
| 809 | NULL)) { | 809 | NULL)) { | 
| 810 | BIO_printf(bio_err, | 810 | BIO_printf(bio_err, | 
| 811 | "Error Loading extension section %s\n", | 811 | "Error Loading extension section %s\n", | 
| 812 | x509_config.extsect); | 812 | cfg.extsect); | 
| 813 | ERR_print_errors(bio_err); | 813 | ERR_print_errors(bio_err); | 
| 814 | goto end; | 814 | goto end; | 
| 815 | } | 815 | } | 
| 816 | } | 816 | } | 
| 817 | if (x509_config.reqfile) { | 817 | if (cfg.reqfile) { | 
| 818 | EVP_PKEY *pkey; | 818 | EVP_PKEY *pkey; | 
| 819 | BIO *in; | 819 | BIO *in; | 
| 820 | 820 | ||
| 821 | if (!x509_config.sign_flag && !x509_config.CA_flag) { | 821 | if (!cfg.sign_flag && !cfg.CA_flag) { | 
| 822 | BIO_printf(bio_err, | 822 | BIO_printf(bio_err, | 
| 823 | "We need a private key to sign with\n"); | 823 | "We need a private key to sign with\n"); | 
| 824 | goto end; | 824 | goto end; | 
| @@ -828,11 +828,11 @@ x509_main(int argc, char **argv) | |||
| 828 | ERR_print_errors(bio_err); | 828 | ERR_print_errors(bio_err); | 
| 829 | goto end; | 829 | goto end; | 
| 830 | } | 830 | } | 
| 831 | if (x509_config.infile == NULL) | 831 | if (cfg.infile == NULL) | 
| 832 | BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT); | 832 | BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT); | 
| 833 | else { | 833 | else { | 
| 834 | if (BIO_read_filename(in, x509_config.infile) <= 0) { | 834 | if (BIO_read_filename(in, cfg.infile) <= 0) { | 
| 835 | perror(x509_config.infile); | 835 | perror(cfg.infile); | 
| 836 | BIO_free(in); | 836 | BIO_free(in); | 
| 837 | goto end; | 837 | goto end; | 
| 838 | } | 838 | } | 
| @@ -862,21 +862,21 @@ x509_main(int argc, char **argv) | |||
| 862 | BIO_printf(bio_err, "Signature ok\n"); | 862 | BIO_printf(bio_err, "Signature ok\n"); | 
| 863 | 863 | ||
| 864 | print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), | 864 | print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), | 
| 865 | x509_config.nmflag); | 865 | cfg.nmflag); | 
| 866 | 866 | ||
| 867 | if ((x = X509_new()) == NULL) | 867 | if ((x = X509_new()) == NULL) | 
| 868 | goto end; | 868 | goto end; | 
| 869 | 869 | ||
| 870 | if (x509_config.sno == NULL) { | 870 | if (cfg.sno == NULL) { | 
| 871 | x509_config.sno = ASN1_INTEGER_new(); | 871 | cfg.sno = ASN1_INTEGER_new(); | 
| 872 | if (x509_config.sno == NULL || | 872 | if (cfg.sno == NULL || | 
| 873 | !rand_serial(NULL, x509_config.sno)) | 873 | !rand_serial(NULL, cfg.sno)) | 
| 874 | goto end; | 874 | goto end; | 
| 875 | if (!X509_set_serialNumber(x, x509_config.sno)) | 875 | if (!X509_set_serialNumber(x, cfg.sno)) | 
| 876 | goto end; | 876 | goto end; | 
| 877 | ASN1_INTEGER_free(x509_config.sno); | 877 | ASN1_INTEGER_free(cfg.sno); | 
| 878 | x509_config.sno = NULL; | 878 | cfg.sno = NULL; | 
| 879 | } else if (!X509_set_serialNumber(x, x509_config.sno)) | 879 | } else if (!X509_set_serialNumber(x, cfg.sno)) | 
| 880 | goto end; | 880 | goto end; | 
| 881 | 881 | ||
| 882 | if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) | 882 | if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) | 
| @@ -886,7 +886,7 @@ x509_main(int argc, char **argv) | |||
| 886 | 886 | ||
| 887 | if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) | 887 | if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) | 
| 888 | goto end; | 888 | goto end; | 
| 889 | if (X509_time_adj_ex(X509_get_notAfter(x), x509_config.days, 0, | 889 | if (X509_time_adj_ex(X509_get_notAfter(x), cfg.days, 0, | 
| 890 | NULL) == NULL) | 890 | NULL) == NULL) | 
| 891 | goto end; | 891 | goto end; | 
| 892 | 892 | ||
| @@ -897,19 +897,19 @@ x509_main(int argc, char **argv) | |||
| 897 | goto end; | 897 | goto end; | 
| 898 | } | 898 | } | 
| 899 | } else { | 899 | } else { | 
| 900 | x = load_cert(bio_err, x509_config.infile, x509_config.informat, | 900 | x = load_cert(bio_err, cfg.infile, cfg.informat, | 
| 901 | NULL, "Certificate"); | 901 | NULL, "Certificate"); | 
| 902 | } | 902 | } | 
| 903 | if (x == NULL) | 903 | if (x == NULL) | 
| 904 | goto end; | 904 | goto end; | 
| 905 | 905 | ||
| 906 | if (x509_config.CA_flag) { | 906 | if (cfg.CA_flag) { | 
| 907 | xca = load_cert(bio_err, x509_config.CAfile, | 907 | xca = load_cert(bio_err, cfg.CAfile, | 
| 908 | x509_config.CAformat, NULL, "CA Certificate"); | 908 | cfg.CAformat, NULL, "CA Certificate"); | 
| 909 | if (xca == NULL) | 909 | if (xca == NULL) | 
| 910 | goto end; | 910 | goto end; | 
| 911 | } | 911 | } | 
| 912 | if (!x509_config.noout || x509_config.text || x509_config.next_serial) { | 912 | if (!cfg.noout || cfg.text || cfg.next_serial) { | 
| 913 | OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); | 913 | OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); | 
| 914 | 914 | ||
| 915 | out = BIO_new(BIO_s_file()); | 915 | out = BIO_new(BIO_s_file()); | 
| @@ -917,57 +917,57 @@ x509_main(int argc, char **argv) | |||
| 917 | ERR_print_errors(bio_err); | 917 | ERR_print_errors(bio_err); | 
| 918 | goto end; | 918 | goto end; | 
| 919 | } | 919 | } | 
| 920 | if (x509_config.outfile == NULL) { | 920 | if (cfg.outfile == NULL) { | 
| 921 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 921 | BIO_set_fp(out, stdout, BIO_NOCLOSE); | 
| 922 | } else { | 922 | } else { | 
| 923 | if (BIO_write_filename(out, x509_config.outfile) <= 0) { | 923 | if (BIO_write_filename(out, cfg.outfile) <= 0) { | 
| 924 | perror(x509_config.outfile); | 924 | perror(cfg.outfile); | 
| 925 | goto end; | 925 | goto end; | 
| 926 | } | 926 | } | 
| 927 | } | 927 | } | 
| 928 | } | 928 | } | 
| 929 | if (x509_config.alias != NULL) { | 929 | if (cfg.alias != NULL) { | 
| 930 | if (!X509_alias_set1(x, (unsigned char *)x509_config.alias, -1)) | 930 | if (!X509_alias_set1(x, (unsigned char *)cfg.alias, -1)) | 
| 931 | goto end; | 931 | goto end; | 
| 932 | } | 932 | } | 
| 933 | 933 | ||
| 934 | if (x509_config.clrtrust) | 934 | if (cfg.clrtrust) | 
| 935 | X509_trust_clear(x); | 935 | X509_trust_clear(x); | 
| 936 | if (x509_config.clrreject) | 936 | if (cfg.clrreject) | 
| 937 | X509_reject_clear(x); | 937 | X509_reject_clear(x); | 
| 938 | 938 | ||
| 939 | if (x509_config.trust != NULL) { | 939 | if (cfg.trust != NULL) { | 
| 940 | for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) { | 940 | for (i = 0; i < sk_ASN1_OBJECT_num(cfg.trust); i++) { | 
| 941 | x509_config.objtmp = sk_ASN1_OBJECT_value( | 941 | cfg.objtmp = sk_ASN1_OBJECT_value( | 
| 942 | x509_config.trust, i); | 942 | cfg.trust, i); | 
| 943 | if (!X509_add1_trust_object(x, x509_config.objtmp)) | 943 | if (!X509_add1_trust_object(x, cfg.objtmp)) | 
| 944 | goto end; | 944 | goto end; | 
| 945 | } | 945 | } | 
| 946 | } | 946 | } | 
| 947 | if (x509_config.reject != NULL) { | 947 | if (cfg.reject != NULL) { | 
| 948 | for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) { | 948 | for (i = 0; i < sk_ASN1_OBJECT_num(cfg.reject); i++) { | 
| 949 | x509_config.objtmp = sk_ASN1_OBJECT_value( | 949 | cfg.objtmp = sk_ASN1_OBJECT_value( | 
| 950 | x509_config.reject, i); | 950 | cfg.reject, i); | 
| 951 | if (!X509_add1_reject_object(x, x509_config.objtmp)) | 951 | if (!X509_add1_reject_object(x, cfg.objtmp)) | 
| 952 | goto end; | 952 | goto end; | 
| 953 | } | 953 | } | 
| 954 | } | 954 | } | 
| 955 | if (x509_config.num) { | 955 | if (cfg.num) { | 
| 956 | for (i = 1; i <= x509_config.num; i++) { | 956 | for (i = 1; i <= cfg.num; i++) { | 
| 957 | if (x509_config.issuer == i) { | 957 | if (cfg.issuer == i) { | 
| 958 | print_name(STDout, "issuer= ", | 958 | print_name(STDout, "issuer= ", | 
| 959 | X509_get_issuer_name(x), | 959 | X509_get_issuer_name(x), | 
| 960 | x509_config.nmflag); | 960 | cfg.nmflag); | 
| 961 | } else if (x509_config.subject == i) { | 961 | } else if (cfg.subject == i) { | 
| 962 | print_name(STDout, "subject= ", | 962 | print_name(STDout, "subject= ", | 
| 963 | X509_get_subject_name(x), | 963 | X509_get_subject_name(x), | 
| 964 | x509_config.nmflag); | 964 | cfg.nmflag); | 
| 965 | } else if (x509_config.serial == i) { | 965 | } else if (cfg.serial == i) { | 
| 966 | BIO_printf(STDout, "serial="); | 966 | BIO_printf(STDout, "serial="); | 
| 967 | i2a_ASN1_INTEGER(STDout, | 967 | i2a_ASN1_INTEGER(STDout, | 
| 968 | X509_get_serialNumber(x)); | 968 | X509_get_serialNumber(x)); | 
| 969 | BIO_printf(STDout, "\n"); | 969 | BIO_printf(STDout, "\n"); | 
| 970 | } else if (x509_config.next_serial == i) { | 970 | } else if (cfg.next_serial == i) { | 
| 971 | BIGNUM *bnser; | 971 | BIGNUM *bnser; | 
| 972 | ASN1_INTEGER *ser; | 972 | ASN1_INTEGER *ser; | 
| 973 | ser = X509_get_serialNumber(x); | 973 | ser = X509_get_serialNumber(x); | 
| @@ -989,11 +989,11 @@ x509_main(int argc, char **argv) | |||
| 989 | i2a_ASN1_INTEGER(out, ser); | 989 | i2a_ASN1_INTEGER(out, ser); | 
| 990 | ASN1_INTEGER_free(ser); | 990 | ASN1_INTEGER_free(ser); | 
| 991 | BIO_puts(out, "\n"); | 991 | BIO_puts(out, "\n"); | 
| 992 | } else if ((x509_config.email == i) || | 992 | } else if ((cfg.email == i) || | 
| 993 | (x509_config.ocsp_uri == i)) { | 993 | (cfg.ocsp_uri == i)) { | 
| 994 | int j; | 994 | int j; | 
| 995 | STACK_OF(OPENSSL_STRING) *emlst; | 995 | STACK_OF(OPENSSL_STRING) *emlst; | 
| 996 | if (x509_config.email == i) | 996 | if (cfg.email == i) | 
| 997 | emlst = X509_get1_email(x); | 997 | emlst = X509_get1_email(x); | 
| 998 | else | 998 | else | 
| 999 | emlst = X509_get1_ocsp(x); | 999 | emlst = X509_get1_ocsp(x); | 
| @@ -1001,7 +1001,7 @@ x509_main(int argc, char **argv) | |||
| 1001 | BIO_printf(STDout, "%s\n", | 1001 | BIO_printf(STDout, "%s\n", | 
| 1002 | sk_OPENSSL_STRING_value(emlst, j)); | 1002 | sk_OPENSSL_STRING_value(emlst, j)); | 
| 1003 | X509_email_free(emlst); | 1003 | X509_email_free(emlst); | 
| 1004 | } else if (x509_config.aliasout == i) { | 1004 | } else if (cfg.aliasout == i) { | 
| 1005 | unsigned char *albuf; | 1005 | unsigned char *albuf; | 
| 1006 | int buflen; | 1006 | int buflen; | 
| 1007 | albuf = X509_alias_get0(x, &buflen); | 1007 | albuf = X509_alias_get0(x, &buflen); | 
| @@ -1010,27 +1010,27 @@ x509_main(int argc, char **argv) | |||
| 1010 | buflen, albuf); | 1010 | buflen, albuf); | 
| 1011 | else | 1011 | else | 
| 1012 | BIO_puts(STDout, "<No Alias>\n"); | 1012 | BIO_puts(STDout, "<No Alias>\n"); | 
| 1013 | } else if (x509_config.subject_hash == i) { | 1013 | } else if (cfg.subject_hash == i) { | 
| 1014 | BIO_printf(STDout, "%08lx\n", | 1014 | BIO_printf(STDout, "%08lx\n", | 
| 1015 | X509_subject_name_hash(x)); | 1015 | X509_subject_name_hash(x)); | 
| 1016 | } | 1016 | } | 
| 1017 | #ifndef OPENSSL_NO_MD5 | 1017 | #ifndef OPENSSL_NO_MD5 | 
| 1018 | else if (x509_config.subject_hash_old == i) { | 1018 | else if (cfg.subject_hash_old == i) { | 
| 1019 | BIO_printf(STDout, "%08lx\n", | 1019 | BIO_printf(STDout, "%08lx\n", | 
| 1020 | X509_subject_name_hash_old(x)); | 1020 | X509_subject_name_hash_old(x)); | 
| 1021 | } | 1021 | } | 
| 1022 | #endif | 1022 | #endif | 
| 1023 | else if (x509_config.issuer_hash == i) { | 1023 | else if (cfg.issuer_hash == i) { | 
| 1024 | BIO_printf(STDout, "%08lx\n", | 1024 | BIO_printf(STDout, "%08lx\n", | 
| 1025 | X509_issuer_name_hash(x)); | 1025 | X509_issuer_name_hash(x)); | 
| 1026 | } | 1026 | } | 
| 1027 | #ifndef OPENSSL_NO_MD5 | 1027 | #ifndef OPENSSL_NO_MD5 | 
| 1028 | else if (x509_config.issuer_hash_old == i) { | 1028 | else if (cfg.issuer_hash_old == i) { | 
| 1029 | BIO_printf(STDout, "%08lx\n", | 1029 | BIO_printf(STDout, "%08lx\n", | 
| 1030 | X509_issuer_name_hash_old(x)); | 1030 | X509_issuer_name_hash_old(x)); | 
| 1031 | } | 1031 | } | 
| 1032 | #endif | 1032 | #endif | 
| 1033 | else if (x509_config.pprint == i) { | 1033 | else if (cfg.pprint == i) { | 
| 1034 | X509_PURPOSE *ptmp; | 1034 | X509_PURPOSE *ptmp; | 
| 1035 | int j; | 1035 | int j; | 
| 1036 | BIO_printf(STDout, "Certificate purposes:\n"); | 1036 | BIO_printf(STDout, "Certificate purposes:\n"); | 
| @@ -1038,7 +1038,7 @@ x509_main(int argc, char **argv) | |||
| 1038 | ptmp = X509_PURPOSE_get0(j); | 1038 | ptmp = X509_PURPOSE_get0(j); | 
| 1039 | purpose_print(STDout, x, ptmp); | 1039 | purpose_print(STDout, x, ptmp); | 
| 1040 | } | 1040 | } | 
| 1041 | } else if (x509_config.modulus == i) { | 1041 | } else if (cfg.modulus == i) { | 
| 1042 | EVP_PKEY *pkey; | 1042 | EVP_PKEY *pkey; | 
| 1043 | 1043 | ||
| 1044 | pkey = X509_get0_pubkey(x); | 1044 | pkey = X509_get0_pubkey(x); | 
| @@ -1066,7 +1066,7 @@ x509_main(int argc, char **argv) | |||
| 1066 | BIO_printf(STDout, | 1066 | BIO_printf(STDout, | 
| 1067 | "Wrong Algorithm type"); | 1067 | "Wrong Algorithm type"); | 
| 1068 | BIO_printf(STDout, "\n"); | 1068 | BIO_printf(STDout, "\n"); | 
| 1069 | } else if (x509_config.pubkey == i) { | 1069 | } else if (cfg.pubkey == i) { | 
| 1070 | EVP_PKEY *pkey; | 1070 | EVP_PKEY *pkey; | 
| 1071 | 1071 | ||
| 1072 | pkey = X509_get0_pubkey(x); | 1072 | pkey = X509_get0_pubkey(x); | 
| @@ -1077,7 +1077,7 @@ x509_main(int argc, char **argv) | |||
| 1077 | goto end; | 1077 | goto end; | 
| 1078 | } | 1078 | } | 
| 1079 | PEM_write_bio_PUBKEY(STDout, pkey); | 1079 | PEM_write_bio_PUBKEY(STDout, pkey); | 
| 1080 | } else if (x509_config.C == i) { | 1080 | } else if (cfg.C == i) { | 
| 1081 | unsigned char *d; | 1081 | unsigned char *d; | 
| 1082 | char *m; | 1082 | char *m; | 
| 1083 | int y, z; | 1083 | int y, z; | 
| @@ -1156,11 +1156,11 @@ x509_main(int argc, char **argv) | |||
| 1156 | BIO_printf(STDout, "};\n"); | 1156 | BIO_printf(STDout, "};\n"); | 
| 1157 | 1157 | ||
| 1158 | free(m); | 1158 | free(m); | 
| 1159 | } else if (x509_config.text == i) { | 1159 | } else if (cfg.text == i) { | 
| 1160 | if(!X509_print_ex(STDout, x, x509_config.nmflag, | 1160 | if(!X509_print_ex(STDout, x, cfg.nmflag, | 
| 1161 | x509_config.certflag)) | 1161 | cfg.certflag)) | 
| 1162 | goto end; | 1162 | goto end; | 
| 1163 | } else if (x509_config.startdate == i) { | 1163 | } else if (cfg.startdate == i) { | 
| 1164 | ASN1_TIME *nB = X509_get_notBefore(x); | 1164 | ASN1_TIME *nB = X509_get_notBefore(x); | 
| 1165 | BIO_puts(STDout, "notBefore="); | 1165 | BIO_puts(STDout, "notBefore="); | 
| 1166 | if (ASN1_time_parse(nB->data, nB->length, NULL, | 1166 | if (ASN1_time_parse(nB->data, nB->length, NULL, | 
| @@ -1170,7 +1170,7 @@ x509_main(int argc, char **argv) | |||
| 1170 | else | 1170 | else | 
| 1171 | ASN1_TIME_print(STDout, nB); | 1171 | ASN1_TIME_print(STDout, nB); | 
| 1172 | BIO_puts(STDout, "\n"); | 1172 | BIO_puts(STDout, "\n"); | 
| 1173 | } else if (x509_config.enddate == i) { | 1173 | } else if (cfg.enddate == i) { | 
| 1174 | ASN1_TIME *nA = X509_get_notAfter(x); | 1174 | ASN1_TIME *nA = X509_get_notAfter(x); | 
| 1175 | BIO_puts(STDout, "notAfter="); | 1175 | BIO_puts(STDout, "notAfter="); | 
| 1176 | if (ASN1_time_parse(nA->data, nA->length, NULL, | 1176 | if (ASN1_time_parse(nA->data, nA->length, NULL, | 
| @@ -1180,11 +1180,11 @@ x509_main(int argc, char **argv) | |||
| 1180 | else | 1180 | else | 
| 1181 | ASN1_TIME_print(STDout, nA); | 1181 | ASN1_TIME_print(STDout, nA); | 
| 1182 | BIO_puts(STDout, "\n"); | 1182 | BIO_puts(STDout, "\n"); | 
| 1183 | } else if (x509_config.fingerprint == i) { | 1183 | } else if (cfg.fingerprint == i) { | 
| 1184 | int j; | 1184 | int j; | 
| 1185 | unsigned int n; | 1185 | unsigned int n; | 
| 1186 | unsigned char md[EVP_MAX_MD_SIZE]; | 1186 | unsigned char md[EVP_MAX_MD_SIZE]; | 
| 1187 | const EVP_MD *fdig = x509_config.digest; | 1187 | const EVP_MD *fdig = cfg.digest; | 
| 1188 | 1188 | ||
| 1189 | if (fdig == NULL) | 1189 | if (fdig == NULL) | 
| 1190 | fdig = EVP_sha256(); | 1190 | fdig = EVP_sha256(); | 
| @@ -1201,52 +1201,52 @@ x509_main(int argc, char **argv) | |||
| 1201 | } | 1201 | } | 
| 1202 | 1202 | ||
| 1203 | /* should be in the library */ | 1203 | /* should be in the library */ | 
| 1204 | } else if ((x509_config.sign_flag == i) && | 1204 | } else if ((cfg.sign_flag == i) && | 
| 1205 | (x509_config.x509req == 0)) { | 1205 | (cfg.x509req == 0)) { | 
| 1206 | BIO_printf(bio_err, "Getting Private key\n"); | 1206 | BIO_printf(bio_err, "Getting Private key\n"); | 
| 1207 | if (Upkey == NULL) { | 1207 | if (Upkey == NULL) { | 
| 1208 | Upkey = load_key(bio_err, | 1208 | Upkey = load_key(bio_err, | 
| 1209 | x509_config.keyfile, | 1209 | cfg.keyfile, | 
| 1210 | x509_config.keyformat, 0, passin, | 1210 | cfg.keyformat, 0, passin, | 
| 1211 | "Private key"); | 1211 | "Private key"); | 
| 1212 | if (Upkey == NULL) | 1212 | if (Upkey == NULL) | 
| 1213 | goto end; | 1213 | goto end; | 
| 1214 | } | 1214 | } | 
| 1215 | if (!sign(x, Upkey, x509_config.days, | 1215 | if (!sign(x, Upkey, cfg.days, | 
| 1216 | x509_config.clrext, x509_config.digest, | 1216 | cfg.clrext, cfg.digest, | 
| 1217 | extconf, x509_config.extsect)) | 1217 | extconf, cfg.extsect)) | 
| 1218 | goto end; | 1218 | goto end; | 
| 1219 | } else if (x509_config.CA_flag == i) { | 1219 | } else if (cfg.CA_flag == i) { | 
| 1220 | BIO_printf(bio_err, "Getting CA Private Key\n"); | 1220 | BIO_printf(bio_err, "Getting CA Private Key\n"); | 
| 1221 | if (x509_config.CAkeyfile != NULL) { | 1221 | if (cfg.CAkeyfile != NULL) { | 
| 1222 | CApkey = load_key(bio_err, | 1222 | CApkey = load_key(bio_err, | 
| 1223 | x509_config.CAkeyfile, | 1223 | cfg.CAkeyfile, | 
| 1224 | x509_config.CAkeyformat, 0, passin, | 1224 | cfg.CAkeyformat, 0, passin, | 
| 1225 | "CA Private Key"); | 1225 | "CA Private Key"); | 
| 1226 | if (CApkey == NULL) | 1226 | if (CApkey == NULL) | 
| 1227 | goto end; | 1227 | goto end; | 
| 1228 | } | 1228 | } | 
| 1229 | if (!x509_certify(ctx, x509_config.CAfile, | 1229 | if (!x509_certify(ctx, cfg.CAfile, | 
| 1230 | x509_config.digest, x, xca, CApkey, | 1230 | cfg.digest, x, xca, CApkey, | 
| 1231 | x509_config.sigopts, x509_config.CAserial, | 1231 | cfg.sigopts, cfg.CAserial, | 
| 1232 | x509_config.CA_createserial, | 1232 | cfg.CA_createserial, | 
| 1233 | x509_config.days, x509_config.clrext, | 1233 | cfg.days, cfg.clrext, | 
| 1234 | extconf, x509_config.extsect, | 1234 | extconf, cfg.extsect, | 
| 1235 | x509_config.sno)) | 1235 | cfg.sno)) | 
| 1236 | goto end; | 1236 | goto end; | 
| 1237 | } else if (x509_config.x509req == i) { | 1237 | } else if (cfg.x509req == i) { | 
| 1238 | EVP_PKEY *pk; | 1238 | EVP_PKEY *pk; | 
| 1239 | 1239 | ||
| 1240 | BIO_printf(bio_err, | 1240 | BIO_printf(bio_err, | 
| 1241 | "Getting request Private Key\n"); | 1241 | "Getting request Private Key\n"); | 
| 1242 | if (x509_config.keyfile == NULL) { | 1242 | if (cfg.keyfile == NULL) { | 
| 1243 | BIO_printf(bio_err, | 1243 | BIO_printf(bio_err, | 
| 1244 | "no request key file specified\n"); | 1244 | "no request key file specified\n"); | 
| 1245 | goto end; | 1245 | goto end; | 
| 1246 | } else { | 1246 | } else { | 
| 1247 | pk = load_key(bio_err, | 1247 | pk = load_key(bio_err, | 
| 1248 | x509_config.keyfile, | 1248 | cfg.keyfile, | 
| 1249 | x509_config.keyformat, 0, passin, | 1249 | cfg.keyformat, 0, passin, | 
| 1250 | "request key"); | 1250 | "request key"); | 
| 1251 | if (pk == NULL) | 1251 | if (pk == NULL) | 
| 1252 | goto end; | 1252 | goto end; | 
| @@ -1255,27 +1255,27 @@ x509_main(int argc, char **argv) | |||
| 1255 | BIO_printf(bio_err, | 1255 | BIO_printf(bio_err, | 
| 1256 | "Generating certificate request\n"); | 1256 | "Generating certificate request\n"); | 
| 1257 | 1257 | ||
| 1258 | rq = X509_to_X509_REQ(x, pk, x509_config.digest); | 1258 | rq = X509_to_X509_REQ(x, pk, cfg.digest); | 
| 1259 | EVP_PKEY_free(pk); | 1259 | EVP_PKEY_free(pk); | 
| 1260 | if (rq == NULL) { | 1260 | if (rq == NULL) { | 
| 1261 | ERR_print_errors(bio_err); | 1261 | ERR_print_errors(bio_err); | 
| 1262 | goto end; | 1262 | goto end; | 
| 1263 | } | 1263 | } | 
| 1264 | if (!x509_config.noout) { | 1264 | if (!cfg.noout) { | 
| 1265 | if (!X509_REQ_print(out, rq)) | 1265 | if (!X509_REQ_print(out, rq)) | 
| 1266 | goto end; | 1266 | goto end; | 
| 1267 | if (!PEM_write_bio_X509_REQ(out, rq)) | 1267 | if (!PEM_write_bio_X509_REQ(out, rq)) | 
| 1268 | goto end; | 1268 | goto end; | 
| 1269 | } | 1269 | } | 
| 1270 | x509_config.noout = 1; | 1270 | cfg.noout = 1; | 
| 1271 | } else if (x509_config.ocspid == i) { | 1271 | } else if (cfg.ocspid == i) { | 
| 1272 | if (!X509_ocspid_print(out, x)) | 1272 | if (!X509_ocspid_print(out, x)) | 
| 1273 | goto end; | 1273 | goto end; | 
| 1274 | } | 1274 | } | 
| 1275 | } | 1275 | } | 
| 1276 | } | 1276 | } | 
| 1277 | if (x509_config.checkend) { | 1277 | if (cfg.checkend) { | 
| 1278 | time_t tcheck = time(NULL) + x509_config.checkoffset; | 1278 | time_t tcheck = time(NULL) + cfg.checkoffset; | 
| 1279 | int timecheck = X509_cmp_time(X509_get_notAfter(x), &tcheck); | 1279 | int timecheck = X509_cmp_time(X509_get_notAfter(x), &tcheck); | 
| 1280 | if (timecheck == 0) { | 1280 | if (timecheck == 0) { | 
| 1281 | BIO_printf(out, "Certificate expiry time is invalid\n"); | 1281 | BIO_printf(out, "Certificate expiry time is invalid\n"); | 
| @@ -1289,14 +1289,14 @@ x509_main(int argc, char **argv) | |||
| 1289 | } | 1289 | } | 
| 1290 | goto end; | 1290 | goto end; | 
| 1291 | } | 1291 | } | 
| 1292 | if (x509_config.noout) { | 1292 | if (cfg.noout) { | 
| 1293 | ret = 0; | 1293 | ret = 0; | 
| 1294 | goto end; | 1294 | goto end; | 
| 1295 | } | 1295 | } | 
| 1296 | if (x509_config.outformat == FORMAT_ASN1) | 1296 | if (cfg.outformat == FORMAT_ASN1) | 
| 1297 | i = i2d_X509_bio(out, x); | 1297 | i = i2d_X509_bio(out, x); | 
| 1298 | else if (x509_config.outformat == FORMAT_PEM) { | 1298 | else if (cfg.outformat == FORMAT_PEM) { | 
| 1299 | if (x509_config.trustout) | 1299 | if (cfg.trustout) | 
| 1300 | i = PEM_write_bio_X509_AUX(out, x); | 1300 | i = PEM_write_bio_X509_AUX(out, x); | 
| 1301 | else | 1301 | else | 
| 1302 | i = PEM_write_bio_X509(out, x); | 1302 | i = PEM_write_bio_X509(out, x); | 
| @@ -1323,11 +1323,11 @@ x509_main(int argc, char **argv) | |||
| 1323 | X509_free(xca); | 1323 | X509_free(xca); | 
| 1324 | EVP_PKEY_free(Upkey); | 1324 | EVP_PKEY_free(Upkey); | 
| 1325 | EVP_PKEY_free(CApkey); | 1325 | EVP_PKEY_free(CApkey); | 
| 1326 | sk_OPENSSL_STRING_free(x509_config.sigopts); | 1326 | sk_OPENSSL_STRING_free(cfg.sigopts); | 
| 1327 | X509_REQ_free(rq); | 1327 | X509_REQ_free(rq); | 
| 1328 | ASN1_INTEGER_free(x509_config.sno); | 1328 | ASN1_INTEGER_free(cfg.sno); | 
| 1329 | sk_ASN1_OBJECT_pop_free(x509_config.trust, ASN1_OBJECT_free); | 1329 | sk_ASN1_OBJECT_pop_free(cfg.trust, ASN1_OBJECT_free); | 
| 1330 | sk_ASN1_OBJECT_pop_free(x509_config.reject, ASN1_OBJECT_free); | 1330 | sk_ASN1_OBJECT_pop_free(cfg.reject, ASN1_OBJECT_free); | 
| 1331 | free(passin); | 1331 | free(passin); | 
| 1332 | 1332 | ||
| 1333 | return (ret); | 1333 | return (ret); | 
| @@ -1412,7 +1412,7 @@ x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, | |||
| 1412 | */ | 1412 | */ | 
| 1413 | X509_STORE_CTX_set_cert(xsc, x); | 1413 | X509_STORE_CTX_set_cert(xsc, x); | 
| 1414 | X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); | 1414 | X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); | 
| 1415 | if (!x509_config.reqfile && X509_verify_cert(xsc) <= 0) | 1415 | if (!cfg.reqfile && X509_verify_cert(xsc) <= 0) | 
| 1416 | goto end; | 1416 | goto end; | 
| 1417 | 1417 | ||
| 1418 | if (!X509_check_private_key(xca, pkey)) { | 1418 | if (!X509_check_private_key(xca, pkey)) { | 
